RDS Gateway Connection Error

KB ID 0001623

Problem

I had to deploy a Remote Desktop Gateway Server into an existing RDS farm for a client this week, the RDS farm was presenting Windows Desktops (VDI) from Hyper-V. All went well until I tested the Gateway Server Externally, this is the error I got.

RD Gateway Permission List

Remote Desktop can’t connect to the remote computer ‘server/farm-name} for one of these reasons.

1) Your user account is not listed in the RD Gateway’s permission list.
2) You might have specified the remote computer in NetBIOS format (for example Computer1), but the RD Gateway is expecting an FQDN or IP address format (for example, computer1.fabrikam.com or 157.60.0.1).

Contact your network administrator for assistance.

Solution

This was perplexing because, on the Gateway Servers RAP (Remote Authorization Policy) it was set to allow access to ‘Domain Computers” and allow access for “Domain Users”. Also I was feeding the gateway server the correct FQDN of the internal server farm (farm-name.domain-name.local).

I did TWO things and the problem went away;

Firstly, you might not realise this, but your RD Gateway policies are actually controlled by NPS (Network Policy Server). From administrative tools open the Network Policy Server, management snap-in. Right click the NPS (Local) entry > ‘Register server in Active Directory‘ > OK > OK.

RD Gateway Connection error

(I agree the following makes no sense, but it worked!) Open the RD Gateway Manager console > Policies > Remote Authorisation Policy > Right click the RDG policy > Properties > Network Resource > I changed the option to ‘Allow users to connect to any network resource‘ > OK.

RD Gateway RAP Allow to Any

I then rebooted the server and all worked correctly.

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

6 Comments

  1. Thank you – had same issues, was a head scratcher, but the above steps worked for me as well…

    Post a Reply
  2. I was able to create a new gateway group and put the public/external FQDN of my collection, and that worked. Feels slightly more secure than “any” resource. But I would have never gotten there without this. Thank you!

    Post a Reply
  3. Muchas gracias me funciono!

    Un saludo desde Argentina

    Post a Reply
  4. Thank you for posting this solution! It helped resolve the problem.

    Post a Reply
  5. Thx it was the register of NPS in AD.

    Post a Reply

Leave a Reply to Veijo Jones Cancel reply

Your email address will not be published. Required fields are marked *