Hello World,
Today again, we will speak a little bit about RDS and RemoteApp technology. If you are a regular reader of this blog, you might know that we have been recently working on a heavy RDS and RemoteApp infrastructure for a customer. This project was really time consuming and have discovered small tips and tricks on how to make RemoteApp works smoothly.
Connect to a Remote PC Option
In the RemoteApp web interface, you might see the option “Connect to a Remote PC”. This option basically allows a user to perform a remote desktop connection to a remote server. When using this option, it has to be clear that the remote desktop client on the machine from which the web interface is accessed will be used. (This will not call the remote desktop client on the RDS servers !).
Click on Picture for Better Resolution
By default, this option is visible to all the users. You can decide to hide this option or to leave it visible. This is up to you. As long as you have the right to use the Remote Desktop client and as long as you do not have firewall blocking the port 3389 to the remote server, you could use this option to connect to a remote server.
However, what will happen if are located on one segment of the network and that the servers you want to connect to is located on a different segment where port 3389 might be blocked. While using the published remoteapp applications, you can configure your RDS Farm to use a RD Gateway servers. The Gateway server will be listening on port 443 and proxy request to the target RDS server. This would be the standard approach to allow remote desktop traffic between different network segments where firewall would only allow port 443.
DefaultTSGateway Value
By default, if you use the web interface and use this option “Connect to a remote pc”, no RD Gateway server is specified. The connection will be performed directly from the requester to the final destination server.
Is it possible to specify a RD Gateway on the Web Interface ? Actually, it is possible (see https://technet.microsoft.com/en-us/library/cc730673.aspx – check section Configure Remote Desktop Web Connection behavior)
To be honest with you, I wasn’t aware of such option. So, we decided to give it a try….
With No DefaultTSGateway Value Set
By default,the Remote Desktop Web connection will not use any RD Gateway server. If you open internet Manager Console on the RD Web Server, and browse Sites>Default Web Sites>rdweb>Pages, in the right pane, click on the applications Settings
Click on Picture for Better Resolution
This will open the applications settings configuration page. If you look at the DefaultTsGateway option, you will see that nothing has been specified yet.
Click on Picture for Better Resolution
If you go to the RDweb interface, click on the Connect to a remote pc option and try to perform a connection, there is a highly chance that you will see such dialog box displayed on your screen. Using this popup, you can check that no RD Gateway server information is provided and that a direct connection will be performed.
Click on Picture for Better Resolution
With DefaultTSGateway Value Set
Now, if you want to use a Default Gateway while using the Remote Desktop web Interface (aka Connect to a Remote PC option), you can populate the DefaultTSGateway with the name of your RD Gateway server or RD Gateway server farm name.
Click on Picture for Better Resolution
Based on the documentation, the changes should be applied immediately and there is no need to perform an iisreset
Go back to your RD Web server, refresh the web page and try to perform again a connection. This time will also be prompted with a dialog box (see below). From the dialog box, you can see that you will be using a RD Gateway server.
Click on Picture for Better Resolution
Because I was performing the connection from a computer not being part of the domain of the RDS Farm servers, I was prompted for the credentials to access the RD Gateway Server.
Click on Picture for Better Resolution
After authenticating successfully to the RD Gateway server, I received again the authentication prompt for the final server.
Click on Picture for Better Resolution
After that, I was able to connect via the port 443 using the RD Gateway server into my target machine using the web interface and using the connect to a remote pc option.
You can check that your are indeed connected throug the RD Gateway, by opening the RD Gateway management console > Monitoring Node, and you should see your connections information from there. As you can see in the screenshot below, I’m effectively going through the RD Gateway server.
Click on Picture for Better Resolution
Remote Desktop can’t find the computer Error
If this option (DefaultTSGateway) is not enabled, and if your machines are located on different network segement, you might end up receiving an error similar to the following “Remote Desktop can’t find the computer…” while trying to connect to a remote server.
Click on Picture for Better Resolution
The first step to resolve this issue would be again to populate the DefaultTSGateway field and see if this is working. The next step if this is still blocked is to contact your firewall team and see if a firewall might not be blocking access to the target server.
Connect to a Remote PC & Brower Flavour
A final note about the Connect to a Remote PC option is about the type of the browser you are using. If you are using Internet explorer, you will see the link as visible (and this is configured like this by default). If you are using Firefox or Chrome, you might not see the option. This is simply due to the fact that the web page is using a ActiveX component. So, to use this option, you should preferably use Internet Explorer over other Browser.
Click on Picture for Better Resolution
This is the way Microsoft enforce usage of its own product. RDS 2012 R2 and Internet Explorer work better together. However, remoteapp can be used with other browsers as well but might not offer the same user experience….
Final Notes
This is it for this post. In the next post, we will quickly explain how to hide this connect to remote pc option. Instead of using this option, you could simply publish the remote desktop client as a remoteapp application and let users connect to other servers through this remoteapp. This will ensure that you are using the RD Gateway as well
Till next time
See ya
Hello,
I have no issue connecting externally. When i try to connect internally with a split DNS setup, I get the landing page of Rdweb access. I sign in. I able to select my rdp app to connect to my farm. but it fails initiating connection. i need to be able to connect internally as well.
thank you
Edward Perrier
@Edward Perrier,
As we do not have a full view of the architecture, cannot really help…
Where are the Gateway servers located, in DMZ, internally ? are you using reverse proxy technology to publish your RDWeb farm
Are the necessary firewall port opened between the different server roles
What about authentication/authorization rules on the Gateway…
Problem could be anywhere (and we cannot tell because no view on the infra)
Till next time
See ya
Hi Griffon,
I have followed your guide and succesful to built a testlab RDS, but still have confuse one thing about RemoteApp / RDSH . Here my server
server 1 running roles Remote Desktop Connection Broker , RD Sessions Host
server 2 running role RDWEB , RD Gateway
All is worked fine, RemoteApp can access from internal / external .
but if i add 1 more server to running RDSH , and create collection for this server. All new RemoteApp visible on RDWEB , but cannot run with information: “your computer cannot connect to the remote computer because a error occurred on the remote computer that you want to connect to…”
Do i miss somthing to config on RDWEB ? or anything else ?
Please help.
Thuan
@nguyen,
multiple reasons for that, is the server has different patch level ? if this is true, you have to find the update that create the issue and see if a workaround exist or not
Need also to check that certificates in your farm are valid and applied correctly. finally, the best way to move forward would be to look into the log file and see if you can get more information about the error
Sorry for delay but was working abroad and just came back….
Hope this help
Till next time
See ya