Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, March 31, 2018 9:54 PM
Hi everyone,
My problem started when I renewed my SSL Certificate (can't understand why) and I could no longer log into my domain workstation from outside the network (i.e. when I travel). I have my certificate and my RDG domain with GoDaddy and after verifying with them that the certificate was properly installed, I was still unable to log in. A "tracert" cmd showed that the final hop from my ISP to my router was timing out, so I contacted my ISP who ran numerous tests and diagnostics and determined that the problem wasn't theirs. I then contacted Dell Tech Support who, after more tests couldn't find anything amiss with my server.
I then, as a shot in the dark, checked the port forwarding in my router and found that Port 443 (the secure RDG port) was forwarded to internal port 113, which, when I attempted to log in gave me an error message saying the Remote Gateway server was temporarily down.
So I changed it internal port to 3389 since that's the RDP port, but that gave me an error saying, "This computer can't verify the identitfy the identity of the RD Gateway "Averihire.us". It's not safe to connect to servers that can't be identified."
Since that didn't work, I tried setting the internal port to 443 also, and that gave me another error, "Remote Desktop can't connect to the remote computer "Averi01" for one of these reasons:
1) Your user account is not listed in the RD Gatewa's permission list.
2) You might have specified the remote computer in NetBIOS format (for example, computer 1), but the RD Gateway is expectin an FQDN or IP address format (For example, computer 1.fabrikam.com or 157.60.0.1)"s
I'd be very grateful if anyone can tell me what the correct internal port should be, and/or if there's something besides the port forwarding that could be the cause of this. We have to travel frequently and have to be able to access our business workstation while we're away.
What I'm really confused about is why this just happened when I renewed my SSL Certificate.
Capt. Dinosaur
All replies (2)
Monday, April 2, 2018 1:54 AM
Firstly, try to specify port 446 on RDP client for connection.
In RD Gateway Manager, make sure that the RD CAP has a group that the user is a member of, for example, Domain Users. Please make sure that Client Computer Group membership is blank.
In Active Directory Users and Computers, properties of user account, Account tab. Confirm that Log On To... is set to All Computers. Make sure that the full user name (domain\username) is being used when connecting.
On your RD Connection Broker, use the PowerShell commands below to change the published gateway to include your custom port:
import-module RemoteDesktop
Set-RDSessionCollectionConfiguration –CollectionName "YourCollectionName" –CustomRdpProperty "gatewayhostname:s:rdg.yourdomain.com:1443"
After making the above change please refresh the client PC so that it retrieves the latest version of the webfeed, and then test to see if it is able to connect. Additionally, your firewall needs to forward UDP traffic to the same custom port.
Similar case:
RDS Gateway Port Configuration
Regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, April 3, 2018 2:53 PM
Hi Teemo, and thank you for your reply.
**"Firstly, try to specify port 446 on RDP client for connection" ** Are you saying to forward EXTERNAL 443 (the port that RDG uses) to INTERNAL 446? What is 446, I can't find any definitive information on that port?
So far the problem seems to lie with the SSL Certificate. I've removed, re-downloaded and reinstalled it 5 times, but when I try to connect to a remote computer I get the error message**,** "This computer can't verify the identity of the RD Gateway "Averihire.us". It's not safe to connect to servers that can't be identified.", with a "View Certificate" button. When I click on that, it displays a certificate that has been removed and replaced 5 times over. I can't find that bogus certificate anywhere in my server; I've looked in the Certificate snap-in on mmc, the RD Gateway Manager, and the IIS, but it simply doesn't show up anywhere.
Capt. Dinosaur