2012 R2 RDS Gateway server rpoblem from external network (Network Steve Forum)

2012 R2 RDS Gateway server rpoblem from external network

I am having problem with Windows remote desktop gateway service from external network.

My Scenarios are as:

I am using self-sign certificate.

Rdweb acess :

DNS entry for Vdi.abctest.com.au external network is resolving ok DNS entry for Vdi.abctest.com.au internal network is 192.168.30.51 which resolving ok for internal network.

Ad01.abctest.local = = 192.168.30.40 Ad02.abctest.local = = 192.168.30.40

System01.abctest.local = 192.168.30.50 Broker01.abctest.local = 192.168.30.51 [ RDweb and Gateway]

All server gateway is : 192.168.30.1

MY ASA Firewall entry:

object network vid host 192.168.30.51

object network vdi-tcp host 192.168.30.51

access-list outside_access_in extended permit tcp any object vdi eq 443 access-list outside_access_in extended permit udp any object vdi-tcp eq 3391

object network vdi nat (inside,outside) static interface service udp 3391 3391

object network vdi-tcp nat (inside,outside) static interface service tcp https https

I could access RDweb from local network through https://Vdi.abctest.com.au/Rdweb and use all publish application without any problem.

I could access Rdweb from external network through https://Vdi.abctest.com.au/Rdweb. I could able to login

To check with my configuration: I updated DefaultTSGwatway to web URL:

Anyone could point me out what I am missing?

According to my understanding with windows 2012 R2 gateway service I dont need to open 3389 port.

Only 443 and 3391 [UDP] should be ok.

Thank you all in advance.

Edited by Mohammad Salaque Friday, August 21, 2015 12:40 AM

August 20th, 2015 11:09pm

Just to add My AD functional level is 2008 R2 . Will this could be a problem ?

Thanks
Mohammad Salaque

Free Windows Admin Tool Kit Click here and download it now

August 22nd, 2015 2:07am

Hi Mohammad,

Just to add My AD functional level is 2008 R2 . Will this could be a problem?

Functional level should have no effect regarding RDS deployment.

DNS entry for Vdi.abctest.com.au external network is resolving ok DNS entry for Vdi.abctest.com.au internal network is 192.168.30.51 which resolving ok for internal network.

On your internal DNS server, please ensure that the public FQDN (Vdi.abctest.com.au in your case) also has a Host record which points to the RD Connection Brokers internal IP address.

Ad01.abctest.local = = 192.168.30.40 Ad02.abctest.local = = 192.168.30.40

Not sure why two different FQDNs point to the same IP address.

Please check TPs suggestions from these related threads below:

Configuring RD web access for public/external access

https://social.technet.microsoft.com/Forums/en-US/4396d3e9-2ac5-4d0b-baba-25471498a349/configuring-rd-web-access-for-publicexternal-access?forum=winserverTS

RDS 2012 deployment public access points

https://social.technet.microsoft.com/Forums/windowsserver/en-US/0d9af0db-90b7-4b4e-8d46-5804f9b9b6e7/rds-2012-deployment-public-access-points?forum=winserverTS

Setting up RD Gateway / RD Web Access

https://social.technet.microsoft.com/Forums/windowsserver/en-US/b653c49b-eaf4-420f-9a49-32db15a8c076/setting-up-rd-gateway-rd-web-access

RDS 2012 R2 RD Gateway connect on port 3390 for external users

https://social.technet.microsoft.com/Forums/windowsserver/en-US/3420bcbb-db79-41e5-8373-62fe8f730dc7/rds-2012-r2-rd-gateway-connect-on-port-3390-for-external-users?forum=winserverTS

Best Regards,