App Proxy Gateway Error on RD WebAccess

Parveen Singh 1 Reputation point
2020-10-19T17:37:17.373+00:00

Hi all,

I'm trying to set up a Remote Desktop Server and publish it using Azure App Proxy. Been through the whole setup process but now stuck at " Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance. " when trying to access the resource from App Proxy External URL.

Here's my setup scenario: Server01 -> AD Domain Controller with Proxy Connectory, RD Web Access, RD Gateway, RD Connection Broker (Self Signed Certificate installed for all 4 roles in RD Gateway configuration)Server02 (Remote server) -> RD Licensing and RD Session host. (I want to publish this server as a remote desktop)

I tested the setup on the local network and it worked fine. As soon as I changed the Gateway address for RD Gateway to point to Azure App Proxy (https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-integrate-with-remote-desktop-services#direct-rds-traffic-to-application-proxy), it started giving me the Gateway Server error.

I've confirmed that the Certificate didn't expire and the IIS "Default TS Gateway" also points to Azure App Proxy gateway app (rdsgtw-<tenant>.msappproxy.net)
I've also added the registry change as pointed here(https://serverfault.com/questions/828693/cant-connect-to-the-remote-desktop-gateway-server) as well.

Any help would be appreciated!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,684 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Marilee Turscak-MSFT 32,546 Reputation points Microsoft Employee
    2020-10-20T23:16:08.8+00:00

    Hi @Parveen Singh ,

    A few things to check:

    • Check that “Remote Desktop Gateway Service ”is running and restart it.
    • Go to IIS > Application Pools > DefaultAppPool > Advanced Settings > Enable 32-Bit Application > if it's True , change it to False.
    • Please check that the communication of the SSH tunnel is set properly and that you are not using a port that is already busy

    33901-image.png


  2. Parveen Singh 1 Reputation point
    2020-10-21T02:21:46.833+00:00

    @MarileeTurscak

    Hi Marilee,
    I performed the basic service troubleshooting already but that didn't turn out to be the issue.
    The official documentation page - "**https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-integrate-with-remote-desktop-services#publish-the-rd-host-endpoint**" does not cover deploying a gateway proxy for RDWeb. Client needs to register 2 applications proxies in the portal instead of one. There were some minor changes required to IIS Server "application settings" to update the new gateway address for it to communicate effectively.
    I published the full tutorial out of the whole learning and troubleshooting process on my blog site:
    https://parveensingh.com/publish-rds-environment-with-azure-ad-application-proxy/

    It'd great if you can verify the steps internally with experts on this topic so that the Docs website article can be updated as well with relevant information. I've seen tons of subreddit posts and discussion forums on this issue.
    Let me know if you have any questions or need assistance with updating the docs for this.

    Cheers!

    0 comments No comments

  3. Parveen Singh 1 Reputation point
    2020-10-21T02:38:36.167+00:00

    I've opened an issue on github for Docs update as well.
    https://github.com/MicrosoftDocs/azure-docs/issues/64719

    0 comments No comments