RdWeb, Remote App: Windows Server 2016 issues

Hello everyone,

On a Windows Server 2016 we can access internally the Remote App/RdWeb feature, but not externally, with the error:

Remote Desktop can’t connect to the remove computer “SERVER.LOCALDOMAIN.LOCAL” for one of these reasons:

  1. Your user account is not authorized to access the RD Gateway “remote.domain.com
  2. Your computer is not authorizes to access the RD Gateway “remote.domain.com
  3. You are using an incompatible authentication mehtod (for example, the RD Gateway might be expecting a smart card but you provided a password)

Best Practices Analizes for this server points just one warning:

Problem:
The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name.

Impact:
If the RD Gateway server is configured to use an SSL certificate with a certificate subject name that is not valid, users cannot connect to internal network resources (computers) through the RD Gateway server.

Resolution:
Use the RD Gateway Manager tool to select a valid SSL certificate for the RD Gateway server to use.

BPA model version: 2.0

Any help will be greatly appreciated! We are stuck on this issue for quite some time know.

I can’t help too much on this unfortunately however anything that using a ‘.local’ hostname is most definitely not covered by a certificate issued using Certify The Web, this is because Let’s Encrypt (the certificate authority we use) will only validate and issue certificates for public domains (like remote.example.com), so local and intranet hostnames won’t work. I’d check to see if you can use the external name for everything (as long as your local DNS can resolve remote.domain.com to the correct IP it should be fine).

Hello webprofusion and thanks for the reply,

It doesn’t seem to be related with the server.localdomain as we have deployed the exact same Certify The Web public domain certificate on all possible places:

RD Connection Broker - Enable single sign on
RD Connection Broker - Publishing
RD Web Access
RD Gateway (is this needed on external RD Web / Remote App access?)

The BPA warning isn’t making sense:

The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name
(it’s using the public domain)

This is now an issue for months and any help will by highly appreciated!

Sorry, I’m not an RD Gateway admin so that’s as far as I can help, the issue isn’t with Certify The Web so you need to investigate the wider topic of why your server/computer is trying to use the .local version of your computer name as your certificate can’t cover that name and so you should remote that from RD configuration if you can. Seems a common RD config issue: https://social.technet.microsoft.com/Forums/ie/en-US/cfa7d283-4b1b-4da6-8589-82059b31d258/local-fqdn-shown-when-connecting-to-session-host-through-rdgateway?forum=winserverTS

1 Like

Your reply guided me to new directions.

Solved by using the following steps:

https://social.technet.microsoft.com/Forums/ie/en-US/cfa7d283-4b1b-4da6-8589-82059b31d258/local-fqdn-shown-when-connecting-to-session-host-through-rdgateway?forum=winserverTS

And setting Deployment properties > RD Gateway > Automatically detect RD Gateway server settings.

I hope that this could help who is having the same or similar issues.

(By the number of problems on RDS/RDWeb/RemoteApp, the whole feature could get a new approach from Microsoft)

Thank you for all the help here, webprofusion!

1 Like