RDS and Gateway issues: Cannot get remoteapps to run without opening port 3389 on firewall

I am testing the setup of a small RDweb server to host QuickBooks for some remote sales users (4 users). For the most part, I have everything installed on one virtual server (using 2012r2 "Quick Start" session host deployment with the additional
Licensing and Gateway server roles added to the same server).
Everything works excellent with one exception. External clients cannot launch published apps without having port 3389 open on the firewall, even with the gateway role installed and the 'Deployment Properties' set to use the gateway. They can properly connect
to the RDweb site and view the published apps. The only way it works is open the firewall port (at which time I can disable the gateway or leave it configured and it works either way). Internally, everything works accordingly. I have followed the steps outlined
on many sites and have combed though the forum here to no avail.
Error received (summarized but is a well documented error):
remote desktop can't connect to the remote computer: 1- Your user account is not listed (it actually is) or 2- You might have specified the remote computer in NetBios format . . etc.
This is an existing SBS 2011 environment with additional virtual servers setup to host QuickBooks as outlined below:
Current setup:
Used Quick Start to install Remote Desktop Services in hosted sessions mode
Installed the additional roles for Licensing and Gateway server on same server
Configured wild card public certificates on all four services (Connection Broker(2), Web Access and Gateway)
Configured internal DNS to properly lookup our external FQDN of this server (ex. quickbooks.contoso.com points to quickbooks.contoso.local
One thing I noticed (just now) when I launch a published app and the firewall has port 3389 closed, a dialog box pops up directly after launching the app that warns about running a RemoteApp program and mentions the Remote Computer and the Gateway Server
as both the same (which it is); however, I would have assumed one would have listed the internal server's name while, instead, both are listed as the external FQDN. Either way, internal DNS should still allow it to properly route . . no? I don't know . . I'm
sure I am just missing something in a routing configurations somewhere. The gateway service is not properly looking up the RDweb service and then seeming not routing the encapsulated RDP session through HTTPS. . .. is my guess . .
I was reading about the "set published name" commandlet; however, I am not experiencing a certificate name mismatch; however, the certificate name does show up as *.contoso.com versus the actual name. I may just be grasping as straws now . . :)

Ok, while I was in the server and looking over the BPA scans: "The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name." This may be due to it showing up as *.companyname.com
versus quickbooks.companyname.com. Anyhow. .. on to the list of actions above:
Changed RD RAP from "Select Active Directory" group to "Allow any network resource" and tested with port 3389 closed on firewall:
Worked. Initially it did not as I had used a custom shortcut created from earlier; however, after logging into the RDweb site again, the application loaded fine now (after the RD RAP change)
No error message appeared; however, I did notice that for a split second, the word Error did appear in the browser's tab title, but only very shortly. The app launch does take a bit longer too now (about 10-15 seconds, up from about 4 seconds with the port
open). This, I could care less about so long as we are properly forwarding the traffic through the gateway.
As for log entries, I had spend quite a bit of time in there and only had minor issues with loading user profile setting taking too long and policy settings preventing the redirection of USB devices. Looking again, no issues still. Just a bunch of informational
entries where I would connect before (and disconnect) but only with the port on the firewall open; otherwise, there was not an entry corrolating to when I would receive an error before. Now though, I am connecting after the RD RAP change and logs are showing
connections even with the port closed. These are in "operational", the "admin" log only shows the update to the RD RAP configuration.
Yes, the LAN's DNS server does relay the lookup information for my public FQDN as the local LAN address. No need for a local host record.
I have now added a new rule in our firewall to allow and forward UDP port 3391 traffic to the internal server hosting remote services
Thank you very much for your assistance on this matter. The RD RAP rule was default built during the creation of this services. Why is the resource not cross-referencing AD security groups? I could have sworn I created a group for that . . .

Similar Messages

  • HT5569 i had the ipad reset all factory settings and now I cannot get on wifi please help

    I reset the factory settings and now I cannot get onto the wifi

    Hello Lionsroar1988,
    Thank you for the details of the issue you are experiencing with Wi-Fi after restoring your iPad.  I recommend the following article:
    iOS: Troubleshooting Wi-Fi networks and connections
    http://support.apple.com/kb/ts1398
    Thank you for posting in the Apple Support Communities.
    Best,
    Sheila M.

  • HT4623 i updated to 601.3 and now I cannot get my wifi

    i updated to 6.0.3 and now I cannot get wifi

    Hello Katski23,
    Thank you for using Apple Support Communities!
    If you are having issues connecting to your Wifi network, check out this article named iOS: Troubleshooting Wi-Fi networks and connections http://support.apple.com/kb/TS1398.
    If the Wifi option is grayed out, then I would recommend takign a look at this article:
    iOS: Wi-Fi settings grayed out or dim
    http://support.apple.com/kb/ts1559
    All the very best,
    Sterling

  • I have created an iMovie but cannot share it. I have looked at the help menu and have tried to follow these instructions but cannot get the sharing button to open anything.

    I have created an iMovie but cannot share it. I have looked at the help menu and have tried to follow these instructions but cannot get the sharing button to open anything.

    Do you have MacKeeper installed? If so, you need to uninstall it. There is a known issue where MacKeeper disables all the sharing functions from the new iMovie.
    Uninstall MacKeeper, then re-install iMovie.
    Keep MacKeeper uninstalled.

  • I cannot get my Acrobat Pro to open. I already uninstalled it and re installed it. But still does not open. The program pops to ask for permission to open the program, but it never actually opens.  I  trouble shoot it and it says incompatible application.

    I cannot get my Acrobat Pro to open. I already uninstalled it and re installed it. But still does not open. The program pops to ask for permission to open the program, but it never actually opens.  I  trouble shoot it and it says incompatible application.

    It sounds like an issue of trying to run XI on VISTA. That combination does not work. Info on both the Acrobat full version (including sub-version) and OS would help. It might also be an issue of running 11.0.0 on a system that needs the updates to work.

  • I have a Mac Pro Intel Xeon 3.2 Ghz Quad core (mid 2012) using OSX 10.7.5) and cannot get iDVD to run.

    I have a Mac Pro Intel Xeon 3.2 Ghz Quad core (mid 2012) using OSX 10.7.5) and cannot get iDVD to run. I tried 7.0.4 and 7.1.2, both from Apple software update and both crash during "loading themes". I am reluctant to upgrade OSX from 10.7.5 because I do not want to loose Final Cut Express 4.0.1. Apple Care no longer supports iDVD. I want a version if iDVD that supports Chapter markers as in iDVD 7.?.? that i used with my old (now deceased) Apple Power PC Mac Pro.

    iDVD 7 should work fine with 10.7.5.  Try this basic troubleshooting fix:
    1 - delete the IDVD preference file, com.apple.iDVD.plist, that resides in your
    User/Home/Library/ Preferences folder.
    2 - delete IDVD'S cache file, Cache.db, that is located in your
    User/Home/Library/Caches/com.apple.iDVD folder. 
    3 - launch IDVD and try again.
    NOTE: In Lion and Mountain Lion the Home/Library folder is now invisible. To make it permanently visible enter the following in the Terminal application window: chflags nohidden ~/Library and press the Return key - 10.7: Un-hide the User Library folder.
    OT

  • Reloaded Firefox and now I cannot get Outlook calendar to give me "Notifications" when tasks/appts come due. Please help as I need this function badly!

    Not much more to add. I did a restore to an earlier time and still no joy. I am at a loss. I am not a totally savvy computer person at all, just know enough to get into trbl. That is why I stay away from most things that require me to make judgement calls. However this was a black/white decision and now I cannot get an important aspect of my Outlook calendar to work----Help please!

    Please check if all your plugins are up-to-date. To do this, go to the [http://mozilla.com/plugincheck Mozilla Plugin Check site].
    Once you're there, the site will check if all your plugins have the latest versions.
    If you see plugins in the list that have a yellow ''Update'' button or a red ''Update now'' button, please update these immediately.
    To do so, please click each red or yellow button. Then you should see a site that allows you to download the latest version. Double-click the downloaded file to start the installation and follow the steps mentioned in the installation procedure.

  • Installed latest update and now i cannot get itunes to load

    installed latest update and now i cannot get itunes to load

    I was having major problems too. I ended up completely uninstalling itunes then downloaded it again from http://www.apple.com/itunes/.   If you're using firefox, for some reason itunes will not download and  I  don't know if using googlechrome will also have problems,so just to  be  sure that it will work on your first try, use internet  explorer  when you download itunes. Hope this helps...

  • I installed the new 7.0 on my ipad and now I cannot get my internet connection to work. Any ideas, I have already tried rebooting but no luck. Another useless apple update that doesnt work?

    I installed the new 7.0 on my ipad and now I cannot get my internet connection to work. Any ideas, I have already tried rebooting but no luck. Another useless apple update that doesnt work?

    1. Turn router off for 30 seconds and on again.
    2. Settings>General>Reset>Reset Network Settings.

  • I lost my internet last night and now i cannot get my airport express to work

    i lost my internet last night and now i cannot get my airport express to work it is blanking yellow on /off

    Have you tried AirPort Utility it the Utility folder? If so, what was the result?

  • Installed, but cannot get Firefox to run. When I try, it crashes. Report contents give adapterdevice id - 0x0a3c and adaptervendorid - 0x10de

    Installed, but cannot get Firefox to run. When I try, it crashes. Report contents give adapterdevice id - 0x0a3c and adaptervendorid - 0x10de
    Have tried to uninstall and reinstall.

    Certain Firefox problems can be solved by performing a ''Clean reinstall''. This means you remove Firefox program files and then reinstall Firefox. Please follow these steps:
    '''Note:''' You might want to print these steps or view them in another browser.
    #Download the latest Desktop version of Firefox from http://www.mozilla.org and save the setup file to your computer.
    #After the download finishes, close all Firefox windows (click Exit from the Firefox or File menu).
    #Delete the Firefox installation folder, which is located in one of these locations, by default:
    #*'''Windows:'''
    #**C:\Program Files\Mozilla Firefox
    #**C:\Program Files (x86)\Mozilla Firefox
    #*'''Mac:''' Delete Firefox from the Applications folder.
    #*'''Linux:''' If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see [[Installing Firefox on Linux]]. If you downloaded and installed the binary package from the [http://www.mozilla.org/firefox#desktop Firefox download page], simply remove the folder ''firefox'' in your home directory.
    #Now, go ahead and reinstall Firefox:
    ##Double-click the downloaded installation file and go through the steps of the installation wizard.
    ##Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
    Please report back to see if this helped you!

  • My mom has a brand new Macbook Pro which was set up at the Apple store and now she cannot get it to accept her login.  What can she do?

    My mom has a brand new Macbook Pro which was set up at the Apple Store and now she cannot get it to accept her log in info.  What should she do next?

    Thank you sig--it seems in talking to her on the phone that she was not giving me the info correctly and she couldn't get into her bank account, NOT the computer.  The computer is fine she was just frustrated with the bank's system and feeling alone with no help handy...
    I appreciate your reply.  Thank you.

  • I recently had my Imac repaired and had snow leopard and now I cannot get Icloud?

    I recently had my Imac repaired and had snow leopard and now I cannot get Icloud?

    To use the features in iCloud you need to upgrade to 10.7.3 (Lion).

  • I changed the password because I could not remember it for my Xoom and now I cannot get any emails on my Sprint HTC. Please assist

    I changed the password because I could not remember it for my Xoom and now I cannot get any emails on my Sprint HTC. Please assist

    Your password for what?

  • Just updated to v. 10.5.2.11 and now i cannot get emails...any ideas?

    Just updated and synched version 10.5.2.11 and now I cannot get any emails.  Using Comcast and Outlook.  Please let me know how I can retrieve them.  I had no problem until now with either my iphone3 or this phone until I updated. Thanks for your help!

    After upgrading to 5.2.1 I wasn't able to view my movies or tv shows (I wasn't using homesharing).  I kept getting "can't connect to Apple store" and unable to access account errors.
    I found this thread and some others, and was a bit frustraited that there was no clean solution.   I restarted my AppleTV, but didn't want to reset if I didn't need to b/c I didn't want to re-enter all my account info.  So I tried something simple.... 
    I simply unplugged AppleTV for ~1min, and plugged it back in.  After that it worked fine.
    I'm not sure if this will work for anyone else, but it's worth a try since it's easy.

Maybe you are looking for

  • Free of Charge PO

    Hi All, Tried creating a po-line with with acc. ***. K and activated the FOC(Free of Charge) indicator.This FOC cannot be set, please explain why.??? When I try to save the PO, it is shooting error message : " Indicator for invoice receipt used not a

  • Copy of a DB in Oracle 10g Express edition

    Hi! I´m trying to copy a DB in Oracle 10g xe, bu i don´t have success. How do i can copy all the tables and the schema of a DB to other DB? Can someone help me in this task? Show me tutorials for this task can help very much. PS: My english is not so

  • Clean up AQ$_CT_capturename_P table

    I have async distributed hotlog cdc setup on 9.2 databases. There are many changes capture daily on the source database and I notice that the AQ$_CT_capturename_P in the source cdc schema is growing extremely fast. It's at 8GB with 5 millions record

  • PO Change O/P error- Maintain outgoing EDI-connection data for partner for

    Hi Experts , We are connecting our SAP ECC 6 ( Ehp 4) sytem to 3rd party system via SAP PI.  We already done all the settings..line Output detemination procedure, Partner Profile ( WE20) , Port creation , Condition Records..etc. We have PO Creation (

  • TS4001 iCloud created thousands of duplicate bookmarks

    My iCloud account created thousands of duplicate bookmarks.  I would like to delete them all.  Any thoughts on how I could go about this?