Hi folks, once again hello. Today I would like to discuss a case where I was trying to fix web single sign-on (SSO) externally. SSO was working well internally, but when we were trying to make it work outside the environment (by using Remote Desktop Gateway), it was not working and resulted in continuous logon attempt failed error messages:
After exhausting all the methods I could think of, I configured another server basically the same (I only included the Remote Desktop Services role services though). I figured that I could compare configurations and see the differential.
I started looking at the possibility of a corrupted web.config or host file as the error suggested, but the cause turned out to be defining an HTTP redirect for the default website in IIS.
To start working on this issue, first test to see if you are being redirected by going to the following website in a browser: https://<servername>/rpc
After entering your credentials, if everything is working fine you should see a blank screen with the URL https://<servername>/rpc. However, in my case, I saw Page cannot be displayed, which told me that something was not good and I needed to troubleshoot the issue.
Finally, after some research, I found the resolution, which was simpler than I expected (as I was thinking it could be a certificate-binding or broken-binding issue, which could have caused me hours to troubleshoot).
To resolve this issue, locate the HTTP redirection setting and disable it:
After completing this, single sign-on was working externally as well, but the question remained: “How can I enable the redirection?” I didn’t want to manually type in http://contoso.com/rdweb because I wanted to use http://contoso.com/ instead. After doing some research and getting help from my colleagues, I found that it could be done by just making a small change, detailed in the following steps.
To redirect HTTP:
1. Open IIS Manager.
2. Go to the RD Web Access website (by default, it’s the “Default Web Site”).
3. In the middle pane, click HTTP redirect.
4. Select the Redirect requests to this destination check box, and type the address for your website; for example: http://contoso.com/rdweb.
5. In the Redirect Behavior section, select the Only redirect requests to content in this directory (not subdirectories) check box.
6. Apply settings.
You are now all set for HTTP redirection from http://contoso.com/ to http://contoso.com/rdweb without breaking RD Gateway connectivity.
Thank you for the post. However, I have not been able to resolve my issue with the post information.
I experience a similar problem, but my username is in Russian locale. When trying to log on to a Terminal Server (Windows Server 2008 R2 SP1) from a workstation (Windows 7) without TS gateway - everything works. At the same time, a log on via TS Gateway fails, and DC security event log gets a new event stating that a user account DEMO\???????? was not found. Basically, the account name gets garbled either by RDC or y TS Gateway.
Did anyone else experienced this issue before?
Any help is really appreciated.
I'm having a problem connecting to a Windows Server 2012 RC install via an existing 2008 R2 RD Gateway. I can connecto to other 2008 servers via the same RD Gateway but not the 2012 one, so I assume there's a compatibility issue with 2012 and the 2008 R2 RD Gateway?
Cheers for now
Thank you!! solved my problem. In my case only some users had problem for some reason. If only I had found this article earlier.....
You nailed it, thank you so much for this!!
This was exactly what I was looking for, and solved my problem with external access on our RDS 2008r2 cluster.