We're having trouble externally accessing an internal remote desktop from our RD gateway 2012 setup with a password prompt loop after clicking the icon (remote app is published as "mstsc.exe /v rdwebsh.testdomain.com". The OS splash screen window comes up so a TCP 3389 connection is defiantly being made to the RD session host (reflects in OS firewall log), but then a 'windows security' prompt comes up with the 'domain\username' hardcoded and asking for the user password again. If I enter in the correct password, the below error is triggered in the security event log on the RD session host and repeats the prompt again and again.
It seems like the password is not being forwarded from the RD gateway to the RD session host, even though the setting is configured in the RD Gateway deployment properties of the collection.
The valid SSL cert is for the RD gateway FQDN and has SAN's for the separate broker/session host.
RD Gateway server:
rdweb.testdomain.com
Connection Broker / Session Host:
rdwebrds.testdomain.com
rdwebsh.testdomain.com
If it make the "Remote App" parameter point to the internal hostname of the RD session host, i only get one additional password prompt but then it allows the desktop to open. Using the external name of the RD session host and no additional password prompt is the obvious preference.
any guidance would be appreciated.
thanks
An account failed to log on.Subject:
Security ID: NULL SID
Account Name: -
Account Domain:-
Logon ID: 0x0
Logon Type:3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: testuser
Account Domain:testdomain
Failure Information:
Failure Reason:An Error occured during Logon.
Status: 0xC000006D
Sub Status: 0x0
Process Information:
Caller Process ID:0x0
Caller Process Name:-