Share via

Your computer can't connect to the remote computer because authentication to the firewall failed due to missing credentials

MK2023 0 Reputation points
2023-06-20T07:03:04.6666667+00:00

Hello, I have setup a bare metal server with a AD Domain on it synchronised with Azure AD Connect to my tenant 365. I installed a RDS solution on this server to publish an On prem application in RemoteApp (my application is already publish in the collection). The Broker, Gateway, RDWeb, and Licensing are on the same server.

To avoid exposing my servur to Internet, i installed the Application Proxy Azure to publish my application. The Proxy Azure is correctly installed and configure from my 365 tenant.

Here the settings and configuration :

The permissions to acces the Rdweb URL are correctly set (Group and permissions are correct).

In Azure proxy : Configure internal URL for the application (this is the URL of the RDweb page, example : https://hostnameofserver.mycustomdomain.com/rdweb/).

In Azure proxy : The external URL using a custom domain with certificate (I also try with the domain msappproxy.net but the issue still the same) (example : https://myapplicationame.mycustomdomain.com/rdweb/).

In Azure proxy : Pre-authentication with Azure Active Directory.

The communication from server to/from Application Proxy are Open (443 and 80).

The policies with the RD Gateway Manager are also configured (Connection authorization policies and Ressource Authorization Policies).

Configure CNAME in DNS to redirect to msappproxy domain. I have configured the RD Gateway server settings with the take over with this URL : myapplicationame-mycustomdomain.msappproxy.net and tried also with custom domain : myapplication.mycustomdomain.be

And also configure the settings for the downloaded RDP file with this Powershell command :Set-RDSessionCollectionConfiguration -CollectionName "XXX" -CustomRdpProperty "pre-authentication server address:s:https://myapplicationame-mycustomdomain.msappproxy.net/`nrequire pre-authentication:i:1"The URL from application Proxy

https://myapplicationame.mycustomdomain.com/rdweb/ is reachable from Internet and it redirect to 365 authentication portal (azure authentication), here I enter the correct credentials and it correctly redirect to the Rdweb Portal (rdweb) from IIS (On Prem server), here I enter the credentials in this RemoteApp portal and i'm connected on the Remote App Web page IIS and with this page, i'm able to download the RDP file. But the issue is the following, after downloading the RDP file, when it launch, the following message are display :

"Your computer can't connect to the remote computer because authentication to the firewall failed due to missing credentials, etc)".

The settings populated in the RDP file are correct :- Gatewayserver => Try with custom domaine and try with domain *.msappproxy.net- RemoteComputer name => The hostname of the On prem machine.I tried without custom domain (using only the msappproxy.net) domain but the issue still the same.

Change : I try with HTML5 and the issue is not present (URL with rdweb/webclient/) because we don't launch an RDP file wich redirect to the gateway server. The issue is only present when downloading the RDP file and executing it.

May we hope some help with this issue ? Best regards.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,624 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,402 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. JamesTran-MSFT 36,651 Reputation points Microsoft Employee
    2023-06-23T22:14:30.9+00:00

    @MK2023

    Thank you for your detailed post! To ensure I fully understand your issue, I'll share a summary below.

    Error Message:

    User's image

    Configuration:

    Remote Desktop Solution is installed on your Azure AD Connect server to publish your on-prem application in RemoteApp - your Broker, Gateway, RDWeb, and Licensing are on this server as well.

    • Permissions to access the RDWeb URL are correctly set
    • In Azure proxy : Configure internal URL for the application (this is the URL of the RDweb page, example : https://hostnameofserver.mycustomdomain.com/rdweb/).
    • In Azure proxy : The external URL using a custom domain with certificate (example : https://myapplicationame.mycustomdomain.com/rdweb/).
    • In Azure proxy : Pre-authentication with Azure Active Directory.
    • The communication from server to/from Application Proxy are Open (443 and 80).
    • The policies with the RD Gateway Manager are also configured (Connection authorization policies and Ressource Authorization Policies).
    • Configure CNAME in DNS to redirect to msappproxy domain. I have configured the RD Gateway server settings with the take over with this URL : myapplicationame-mycustomdomain.msappproxy.net and tried also with custom domain : myapplication.mycustomdomain.be
    • Settings for the downloaded RDP file with this Powershell command: Set-RDSessionCollectionConfiguration -CollectionName "XXX" -CustomRdpProperty "pre-authentication server address:s:https://myapplicationame-mycustomdomain.msappproxy.net/`nrequire pre-authentication:i:1"

    Issue:

    After installing and configuring the Azure Application Proxy to publish your application, you ran into the error message above. You've ensured the settings populated within the RDP file are correct and when trying with HTML5, you didn't run into this issue since the RDP file isn't launched which doesn't redirect to the Gateway server. The issue seems to only be occurring when downloading the RDP file and executing / launching the file.

    Troubleshooting:
    To hopefully help point you in the right direction since your error message is related to a firewall credential issue:

    Since troubleshooting RDS with the Azure AD App proxy requires deeper troubleshooting, if you'd like to work with our support team through a one-time free technical support request, please let me know.

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.