Hi All,
I’m currently deploying RDS to our network, I’ve installed and configured the RD Gateway role – accessing https://remote.external.com/RDWeb internally works fine but not externally. Externally https://remote.external.com reaches the servers default IIS page but once I put /RDWeb I get the error 404 – File or directory not found.
I’m not sure what’s not configured properly but below is the setup – keep in mind that the internal domain is different to the external FQDN i.e. the server name of the GD Gateway is Server4.internal.pri and the FQDN to access RDS externally is remote.external.com
- Server1.internal.priInternal NetworkRD Session Host
- Server2.internal.priInternal NetworkRD Session Host
- Server3.internal.priInternal NetworkRD Connection Broker, RD Licensing, RD Web Access
- Server4.internal.priDMZ NetworkRD GatewayDMZ IP/ Internal IP
- Certificate for all servers is a wildcard *.external.com
In the RDS Deployment Properties
Deployment Properties> Certificates> all certificates are configured with a wildcard certificate e.g. *.external.com
Deployment Properties> RD Web Access server= server3.internal.pri URL = https:// server3.internal.pri/RDWeb
Deployment Properties> RD Gateway> Server name = remote.external.com – I’ve understood that this is the URL (FQDN) to access RDS and not the RD Gateway servername itself
RD Gateway Manager Properties
Browse and import certificate> *.external.com
Transport Settings> IP address for HTTPS = 192.168.x.x (DMZ IP)
Transport Settings> IP address for UDP = 192.168.x.x (DMZ IP)
IIS
Both the RD Gateway and the Connection Broker have https certificate as *.external.com and in the site bindings https is * for ip addresses, specifying the DMZ IP on the RD Gateway doesn’t fix the issue
DNS, Network, Domain etc..
remote.external.com points the Public IP in DNS with an A record – Public IP is NATed to the RD Gateways DMZ IP on the firewall – RD Gateway is joined to the domain – RD Gateway has another NIC with an internal IP
Firewall
Port 80, 443, 3391 is open from the internet to the RD Gateways DMZ IP, RD Gateway also has an internal IP with full access to the other RDS roles
Errors I receive with the MS Best Practice Analyzer
Problem:
The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name.
Impact:
If the RD Gateway server is configured to use an SSL certificate with a certificate subject name that is not valid, users cannot connect to internal network resources (computers) through the RD Gateway server.
Resolution:
Use the RD Gateway Manager tool to select a valid SSL certificate for the RD Gateway server to use.
Even though I did configure this… seems like it might be from the split DNS
Other
I can access RDS from the RD Gateway box https://remote.external.com and client machines
no certificate errors internally, either externally when I reach the default IIS page of the RD Gateway i.e. https://remote.external.com
Any help is much appreciated!
I’m currently deploying RDS to our network, I’ve installed and configured the RD Gateway role – accessing https://remote.external.com/RDWeb internally works fine but not externally. Externally https://remote.external.com reaches the servers default IIS page but once I put /RDWeb I get the error 404 – File or directory not found.
I’m not sure what’s not configured properly but below is the setup – keep in mind that the internal domain is different to the external FQDN i.e. the server name of the GD Gateway is Server4.internal.pri and the FQDN to access RDS externally is remote.external.com
- Server1.internal.priInternal NetworkRD Session Host
- Server2.internal.priInternal NetworkRD Session Host
- Server3.internal.priInternal NetworkRD Connection Broker, RD Licensing, RD Web Access
- Server4.internal.priDMZ NetworkRD GatewayDMZ IP/ Internal IP
- Certificate for all servers is a wildcard *.external.com
In the RDS Deployment Properties
Deployment Properties> Certificates> all certificates are configured with a wildcard certificate e.g. *.external.com
Deployment Properties> RD Web Access server= server3.internal.pri URL = https:// server3.internal.pri/RDWeb
Deployment Properties> RD Gateway> Server name = remote.external.com – I’ve understood that this is the URL (FQDN) to access RDS and not the RD Gateway servername itself
RD Gateway Manager Properties
Browse and import certificate> *.external.com
Transport Settings> IP address for HTTPS = 192.168.x.x (DMZ IP)
Transport Settings> IP address for UDP = 192.168.x.x (DMZ IP)
IIS
Both the RD Gateway and the Connection Broker have https certificate as *.external.com and in the site bindings https is * for ip addresses, specifying the DMZ IP on the RD Gateway doesn’t fix the issue
DNS, Network, Domain etc..
remote.external.com points the Public IP in DNS with an A record – Public IP is NATed to the RD Gateways DMZ IP on the firewall – RD Gateway is joined to the domain – RD Gateway has another NIC with an internal IP
Firewall
Port 80, 443, 3391 is open from the internet to the RD Gateways DMZ IP, RD Gateway also has an internal IP with full access to the other RDS roles
Errors I receive with the MS Best Practice Analyzer
Problem:
The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name.
Impact:
If the RD Gateway server is configured to use an SSL certificate with a certificate subject name that is not valid, users cannot connect to internal network resources (computers) through the RD Gateway server.
Resolution:
Use the RD Gateway Manager tool to select a valid SSL certificate for the RD Gateway server to use.
Even though I did configure this… seems like it might be from the split DNS
Other
I can access RDS from the RD Gateway box https://remote.external.com and client machines
no certificate errors internally, either externally when I reach the default IIS page of the RD Gateway i.e. https://remote.external.com
Any help is much appreciated!