RD Gateway High Availability
Hi,
The current setup was users are able to access most of the servers using the public IP which I know is unsafe. So I have this project to setup a Remote Desktop Gateway so we can take out the NAT'ed public IP's
I already setup one RD Gateway and it's currently working. I'd like to setup a server farm for 2 RD Gateway. I added RDG-2 to RDG-1 and status shows 'unreachable' Cannot determine number of connections. Same as when I added RDG-1 to RDG-2 server farm, shows the same error message, not sure where or what I'm missing.
Thanks
- Visible to all users
- Visible to the original poster & Microsoft
- Viewable by moderators
- Viewable by moderators and the original poster
- Advanced visibility
Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.
Hey @JeffersonCo-5101
Please check the following:
1] Is the newly added gateway server linked to your Active Directory?
2] Have you add all the RD gateway servers to the server farm?
3] Does the server has RD Gateway server role installed?
I followed the instruction below to set up RDgateway HA:
//docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-rdweb-gateway-ha
The certificate needs to be re-installed.
Also this need to configured on each RD Gateway server:
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best Regards
Karlie
- Visible to all users
- Visible to the original poster & Microsoft
- Viewable by moderators
- Viewable by moderators and the original poster
- Advanced visibility
Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.
Hello@JeffersonCo-5101
Good day!
I'm just following up to make sure you received my last reply.
You can enable email notifications for a variety of different events in Microsoft Q&A:
//docs.microsoft.com/en-us/answers/articles/67444/email-notifications.html
If you have any further questions or suggestions about this case, please let me know.
If the Answer is helpful, please click "Accept Answer" and upvote it.
Best Regards
Karlie
I was able to add it to the Server Farm tab with both status as 'OK' So I went ahead and proceeded with installing Microsoft NLB to load balance the 2 RD Gateways. My new issue is I do have a cluster with a cluster IP. But everytime I used the cluster internet name, it doesn't work. Just shows me 'There was a problem connecting the remote resource'.
Hi,
Please use these 2 links to help you check the configuration steps:
How to Configure Network Load Balancing In Windows Server 2019
Step by step NLB cluster installation and configuration
If it doesn’t help, would you please provide more details and screenshots for further troubleshoot.
Thanks
Karlie
I spun up 2 VM's and my objective is to setup RD gateway HA. GW01: 192.168.2.51GW02: 192.168.2.52
Both are installed with Win Server 2019 Std. Fully patch. Installed RD Gateway role and both have been added to 'Server Farm' tab under RD Gateway properties and bot shows 'OK' status. 1. Connection Auth: enabled with domain users and domain admins groups added under 'Requirements', Device Redirection: enabled. 2. Resource Auth: added both groups domain users and domain admins, Network Resource: allow users to connect to any network resource, Allow Ports: any port. 3. under NPS > Policies > TS Gateway Auth: Authentication set to Accept users w/o validating credential. 4. under Network policies > Conditions > user groups: add both domain users and admins
Jeff
- Visible to all users
- Visible to the original poster & Microsoft
- Viewable by moderators
- Viewable by moderators and the original poster
- Advanced visibility
Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.
Both has valid certificate. Both have been install with NLB and add to a Cluster name: rdgw.domain.com with cluster IP 192.168.2.50, this cluster IP is NAT'ed outside with a WAN IP. Both RD gateways are working individually but if I use the cluster rdgw.domain.com it doesn't work, Just shows me an error msg saying:
There was a problem connecting to the remote resource. Ask your network administrator for help.
- Visible to all users
- Visible to the original poster & Microsoft
- Viewable by moderators
- Viewable by moderators and the original poster
- Advanced visibility
Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.
Hey Jeff @JeffersonCo-5101
How's everything ?
I cannot find anything wrong in your deployment. Have you find the workaround now? Hope you can share with us.
Thank you!
Karlie
Hi Karlie,
Yes thanks for the follow up and yes every thing is now working fine. So I setup the Server Farm and and it shows both 'OK' for the status. I setup NLB and both shows 'reachable'
Found out that my Remote Desktop Client is somehow broken! It works fine without an RD Gateway but every time I set an RD Gateway then it shows me an error, please refer to this article below.
//docs.microsoft.com/en-us/answers/questions/112453/weird-remote-desktop-connection-client-issue.html
After trying a different test pc then only to find out that it was already working. Thanks for the inputs and have a great day ahead.
Jeff
Hey Jeff,
Really glad to hear that!
Kindly mark useful reply as answer, which would be much more efficient for other community members to find useful information.
Have a good day ! :]
karlie
sorry had to break it into 2 replies since there's a limit to each reply
- Visible to all users
- Visible to the original poster & Microsoft
- Viewable by moderators
- Viewable by moderators and the original poster
- Advanced visibility
Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.
Question
-
0Sign in to voteHi all,
im having some issues with RD Gateway im hoping someone can offer some assistance with.
My evnironemnt consists of 2 x Windows 2008 R2 servers, which i am testing with both XP and Windows 7 clients.
My 2 RD servers are configured as a farm, using a broker called RD.company.com. Internally clients are fine. Server1 is a RD Gateway, RD Web, RD Session host etc, where-as server2 is just a RD Host
My issues are:
1] When i add server2 to the RD Gateway Farm, the status comes up as unreachable, with the "detail" of "Cannot determine number of connections" - i have no idea whats wrong here, as everything is working!
2] When connecting externally, via the RD gateway, i enter my auth, select my application, then get the "make sure that you trust the publisher" window... is there any way to get of this annoyingprompt ?
3] When iconnect, because i have two "back end" servers, i get prompted because the certname [rd.company.com] doesnt match the c omputer name [server1.company.com, server2.company.com] - i tried to get around this by using a wildcard cert [*.company.com] - but that didnt resolve the issue. I'm sure the doco says the cert name is meant to match the famr name - so any ideas whats gone wrong ?Wednesday, October 28, 2009 4:20 AM -
0Sign in to vote1] Yes, sorry, silly on my part. I thought this was for TS servers in the farm, not TS gateway servers. sorry.
2] I can make the pop up disappear by trusting the cert? Umm the certs as trusted as its going to get! As as you also point out, if the cert wasnt trusted, i'd be getting issues earlier [such as at the TSweb page] - so it not that.
3] If i issue certs with the farm name [rd.company.com] and allocate them to each node of the farm, i get that issue. What your suggesting issomething ive already done. Then i tried individual certs and a wildcard cert, they all result in the same issue.
ok. So i just started from scratch. I made sure the certificates, dns names, farm name etc were all rd.company.com everywhere. [previously there may have been some entries using the rd.company.local internally]
Now i still get prompted with the security check [where all names match] - followed by a NLA security prompt and notification that the remote server cannot be contacted.
* sigh *
Internally the session opens, but i am still prompted with the "A website wants to run a remote app program" prompt - again, the names all match.
i found if in Remote app manager, i make the App source the connection broker FQDN, no applications are available from the web interface. If i make the source the server name of the connection broker server, away we go.
I'm wondering if having rd.company.com for the name of both my external RD gateway and internal farm is causing the TSGateway issue.... but if they're not the same, the certificates obviously cannot match up.- Edited by Ben_22 Wednesday, October 28, 2009 8:46 AM
Wednesday, October 28, 2009 8:06 AM -
0Sign in to votehey Kaustbh,
Remote app is set to use RDFarm.company.local, which does match farm name.
I double checked by creating an rdp file andchecking it, and it definately matches the farm name.Friday, October 30, 2009 7:27 AM -
0Sign in to voteKaustubh,
The name of the RD Gateway is rd.company.com, The name of the Farm and CN on the cert is RDFarm.company.local
I incorrectly said broker above when i meant gateway - sorry for the confusion.Monday, November 2, 2009 6:34 AMChủ Đề