RDS 2012 deployment public access points

I have quick deployed RDS 2012R2 on one box, all the RDS rols on it,

- RDS gateway role
-RDCB - connection broker role

-RDWeb - RD web access role

-RDSH - rd session host role

-RDlic - rd lic server

But now, I meet a issue about the external users access RDWeb, my intranet domain name is abc.local, but out public DNS name is 123.com,  i am consused on this situation, how I need to buy the certificate, i saw some MS kb mentioned, they need have the same on certificate, but now this two name is totally different, how i need to fix it.

Thanks.

May 23rd, 2015 2:41am

Hi,

Based on my research, you may enroll a public certificate which contains the external name 123.com as subject name, then request an internal certificate with the name abc.local.

More information for you:

Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services

http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx

Best Regards,

Amy

Free Windows Admin Tool Kit Click here and download it now
May 25th, 2015 9:55am

Hi,

Since you have everything on the same server you can use a single-name certificate from a trusted public authority such as DigiCert, Thawte, GoDaddy, GeoTrust, Symantec, etc.  For example, you could have a name similar to rds.domain.com as the subject on the certificate.  Please follow the instructions below:

1. Obtain the single-name certificate and apply it to all RDS purposes in Server Manager -- RDS -- Overview -- Deployment Overview -- Tasks -- Edit Deployment Properties -- Certificates tab.

2. Set the FQDN for your RD Gateway server to the name (rds.domain.com) on your certificate in Server Manager -- RDS -- Overview -- Deployment Overview -- Tasks -- Edit Deployment Properties -- RD Gateway tab.

3. In RD Gateway Manager, Properties of Remote Desktop Resource Authorization Policy (RD RAP), Network Resource tab, select Allow users to connect to any network resource.  Later if you want you can create a RDG local group with the required names and select it instead.

4. Change the published FQDN for the RDS deployment to match the name (rds.domain.com) on your certificate using this cmdlet:

Change published FQDN for Server 2012 or 2012 R2 RDS Deployment

https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80

I would appreciate it if you would rate the above cmdlet (hopefully 4-5 stars).  I created it to help with your specific scenario.

5. On the public Internet, please make sure there is a DNS A record for your FQDN (rds.domain.com) that points to the public ip address of your router.  On your internal network, please make sure there is a DNS A record for your FQDN (rds.domain.com) that points to the private ip address of your server.

6. On your public firewall, please make sure TCP port 443 and UDP port 3391 are forwarded to your server.  Please also make sure that incoming TCP port 3389 is blocked on your public firewall.

7. In IIS Manager, left pane, please navigate to and select Sites\ Default Web Site\ RDWeb\ Pages.  In the middle pane, double-click Application Settings.  Modify DefaultTSGateway and set it to the FQDN (rds.domain.com) of your RD Gateway.

After completing all of the above steps please test.

Thanks.

-TP

May 25th, 2015 10:06am

@TP, thanks for you help, I do the setps, but finally when I connect the VDI vm the RDP stop at this step:

Estimating Connection quality..

After servel second it pop error:

Your computer can't connect to the remote computer because an error occured on the remte computer that you want to connect to. Contact your network administrator for assistance.

I have even tried to restart RDS server, but the problem still exist, please help again.

Best Regards,



Free Windows Admin Tool Kit Click here and download it now
May 29th, 2015 3:25pm

Hi,

Which version of RDC installed on the client? If it is not the latest version, please update RDC version.

In addition, please fully patch terminal server, and since some antivirus software could block firewall ports, please disable third party antivirus software on the server to test.

Doe the issue occur on all clients?

If the issue only occurs on Windows 7 clients, please refer to this thread below:

Remote Desktop Gateway, can't connect from RDP 8.0 (Server 2012)

https://social.technet.microsoft.com/Forums/windowsserver/en-US/3842a844-46c4-4943-9cc7-a88bcfa9119a/remote-desktop-gateway-cant-connect-from-rdp-80-server-2012

More references below for you:

RDP8+, "Your computer can't connect to the remote computer because an error occurred"

https://social.technet.microsoft.com/Forums/windowsserver/en-US/0c0d7c4a-e422-4a6c-99eb-66df26a1ffc6/rdp8-your-computer-cant-connect-to-the-remote-computer-because-an-error-occurred?forum=winserverTS

Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to

http://clintboessen.blogspot.com/2013/02/your-computer-cant-connect-to-remote.html

Remote Desktop Protocol (RDP) 8.0 update for Windows 7 and Windows Server 2008 R2

https://support.microsoft.com/en-us/kb/2592687

Best Regards,

June 1st, 2015 3:14am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics