Quantcast
Channel: Remote Desktop Services (Terminal Services) forum
Viewing all articles
Browse latest Browse all 7220

SRV2012R2 - SSO with RD-Gateway // Bypass RD Gateway Problems

$
0
0

Hello together,

we are using Server 2012 R2 Technology to provide Session Based Desktops and RemoteApps.
Servers are as following:
s05 - Profileserver 10.5.0.5
s06 - RDWeb + RDGateway (Local + DMZ IP) 10.5.0.6
s10 - RDBroker 10.5.0.10
s12 - RD Licensing 10.5.0.12
s13-15 - Session Hosts 10.5.0.13-15
s20-21 - RemoteApp Hosts 10.5.0.20-21

We mostly use the published Desktop. All Clients are Windows 7 Clients.
We configured SSO according to this Article (link) and it works like a charm.

However, we are also using RemoteApp Technology to provide external partners access to some internal ressources. This should also be done by RemoteApp. We have the external way working, but some partners can't access, they are getting prompted for passwords when connecting to an App. We figured out that this is related to the Deployment Property"Bypass RD Gateway server for local addresses" .

The Partner is currently blocking the access to his internal 10.5.x.x network as this is a internal reserved network on their side.
Users get an ICMP Response "administratively prohibited" and it seems that the RD Connection Client can't handle this reply and crashes with endless password prompts.

We deactivated "Bypass RD Gateway server for local addresses" and then - of course - the connection worked.
But, now all my internal clients must enter their passwords again in order to connect to session hosts. Single Sign on is no longer working.

We do not have deep knowledge in RDS / TS Gateway so any help is appreciated...

SSO GPO:
Allow delegating default credentials / NTLM only / saved credentials / saved NTLM -> FQDN of the Broker

RemoteApp Host GPO
Always prompt for password - disabled

Deployment Properties:
Use RD Gateway credentials for remote computers (checked)


Viewing all articles
Browse latest Browse all 7220

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>