SRV2012R2 - SSO with RD-Gateway // Bypass RD Gateway Problems

Hello together,

we are using Server 2012 R2 Technology to provide Session Based Desktops and RemoteApps.
Servers are as following:
s05 - Profileserver 10.5.0.5
s06 - RDWeb + RDGateway (Local + DMZ IP) 10.5.0.6
s10 - RDBroker 10.5.0.10
s12 - RD Licensing 10.5.0.12
s13-15 - Session Hosts 10.5.0.13-15
s20-21 - RemoteApp Hosts 10.5.0.20-21

We mostly use the published Desktop. All Clients are Windows 7 Clients.
We configured SSO according to this Article (link) and it works like a charm.

However, we are also using RemoteApp Technology to provide external partners access to some internal ressources. This should also be done by RemoteApp. We have the external way working, but some partners can't access, they are getting prompted for passwords when connecting to an App. We figured out that this is related to the Deployment Property "Bypass RD Gateway server for local addresses" .

The Partner is currently blocking the access to his internal 10.5.x.x network as this is a internal reserved network on their side.
Users get an ICMP Response "administratively prohibited" and it seems that the RD Connection Client can't handle this reply and crashes with endless password prompts.

We deactivated "Bypass RD Gateway server for local addresses" and then - of course - the connection worked.
But, now all my internal clients must enter their passwords again in order to connect to session hosts. Single Sign on is no longer working.

We do not have deep knowledge in RDS / TS Gateway so any help is appreciated...

SSO GPO:
Allow delegating default credentials / NTLM only / saved credentials / saved NTLM -> FQDN of the Broker

RemoteApp Host GPO
Always prompt for password - disabled

Deployment Properties:
Use RD Gateway credentials for remote computers (checked)

April 22nd, 2015 2:24am

Hi,

In a GPO that applies to the domain accounts that are used to log on to your internal client PCs, please Enable the following:

User Configuration\ Policies\ Administrative Templates\ Windows Components\ Remote Desktop Services\ RD Gateway

Set RD Gateway authentication method     Enabled

Use locally logged-on credentials

After making the above change please run gpupdate as needed and then test.  Please reply back here with your results, whether positive or negative.

Thanks.

-TP

Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2015 2:40am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics