question

BenMackay-3823 avatar image
0 Votes"
BenMackay-3823 asked BenMackay-3823 answered

RD Web Access cannot connect

Hey All,

So i have setup a small RDS setup with 1 RD Web Access, Gateway and Licensing Services on 1 Server and 2 Session Hosts.
Web Access works fine when internal no issues. even works over our VPN.

But i want to allow access from non work machines without VPN.
I'm using Azure Application Proxy to allow the internal Web Access link to be accessed external with o365 login.
I can login to the Web Access main page page fine but when i click on the RDP Session and Type in my username and password i get The Login Attempt Failed.
I have tried some stuff i found when googling.
Setting Authentication on the RPC is IIS to Windows Login Only
Setting the HTTP Redirection on the RDWeb to (Not Subdirectories)

I'm not sure what else to try if anyone can help i would be hugely greatful.

Thanks.

remote-desktop-services
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JennyYan-MSFT avatar image
0 Votes"
JennyYan-MSFT answered

Hi,
In normal RDS deployment, it is the Gateway role that provide users to securely access the remote computers from external network.

In your deployment, have you unchecked the "Bypass Gateway server for local addresses" ? (Step 7)
https://docs.microsoft.com/en-us/azure/active-directory/app-proxy/application-proxy-integrate-with-remote-desktop-services#direct-rds-traffic-to-application-proxy

Moreover, it is worthy to test by directly remoting through RD gateway via mstsc instead of RD web access and check the event logs on both client and server side:
Event log checking:

TerminalServices-RemoteConnectionManager and TerminalServices-LocalSessionManager logs to view information about connections.

Step 1: Press Windows+R to open the Run dialog, enter eventvwr (or eventvwr.msc) and hit OK.

Step 2: Navigate to Event Viewer\ Applications and Services Logs\ Microsoft\ Windows\ TerminalServices-*

At last, based on my research, one use also shared his resolution of checking RAP on the RD gateway manager.
https://community.spiceworks.com/topic/2093837-unable-to-authenticate-any-users

Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.



If the Answer is helpful, please click Accept Answer and upvote it.

Best Regards,
Jenny



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BenMackay-3823 avatar image
0 Votes"
BenMackay-3823 answered

Hey Jenny,

Thanks for the reply.
I have tried the steps in the provided links still does not work. Got an another error but fixed that and now back to the original issue or The Login Attempt Failed.
Added the Session Hosts to the RAP Policies did not work either.
I cannot see anything in the event logs on the Gateway or Session Host machines that would indicate why the login attempt failed.

Regards,
Ben

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.