I'm trying to verify if DNS is configured properly.

I have a customer with two 2012 R2 servers with RDS installed. Server1 has all roles but gateway. Server 2 has all roles but licensing. A public certificate is in place for remote.domain.com.

Public DNS points remote.domain.com to IP 74.xx.xx.xx. Shouldn't the firewall translate that public IP to the private IP of Server2 which is the gateway?

Private DNS and an A record for remote which points to Server1, not the gateway which is Server2.

Server2, the gateway, has the Resource Authorization policy set with a group that includes Server1's private IP, NetBIOS name, FQDN, and remote.domain.com.

In the RD client I have the Access Anywhere configured as remote.domain.com. On the General tab I have the name as Server1 and I can connect to it. If I put remote.domain.com on the General tab my connection attempt is rejected. I thought I would be able to connect to either computer name as the gateway has that in the RAP.

Any ideas if private DNS is configured incorrectly and if so, how it should be configured? Also why can't I connect to Server1 by using remote.domain.com as the computer name instead of Server1 in my RD client?

Hi Jonathan,

Based on my research, the published FQDN remote.domain.com needs to have a DNS record on the internal DNS server, which points to the RD Connection Broker.

For more detailed DNS and firewall configuration, please refer to TPs reply in this thread below:

Error after changing published FQDN: Remoteapp program is not in the list of authorized programs
https://social.technet.microsoft.com/Forums/windowsserver/en-US/7f749b8e-81a5-4748-ade5-97a74044ec45/error-after-changing-published-fqdn-remoteapp-program-is-not-in-the-list-of-authorized-programs?forum=winserverTS

Best Regards,

Amy