Welcome to Ryan Mangan’s IT blog

A hands on technical professional who has had a passion for technology since the early age of 6. Ryan currently works for Systech IT Solutions and is always looking to create new innovative solutions and is a keen contributor to technical forums & communities.

Ryan enjoys working with various technologies including Virtualisation, Cloud Services, Networks and all things Microsoft.
Ryan’s main focus is on Microsoft & VMware Virtualisation and enjoys creating articles on deployments, best practices and new products and solutions. Ryan’s favourite subject area is Remote Desktop Services 2012 (RDS) and hopes to achieve MVP for RDS in years to come.

twitterbigLinkedIn-Logo-02

3 thoughts on “About

  1. Hi Ryan,

    I have a situation to run by you, hopefully you can help.

    I am setting up an RDS 2012 session based deployment. It’s main use will be for staff working from home to run RemoteApp’s on their own kit. It’s secondary use will be for staff using Direct Access enabled company laptops to run RemoteApp’s where the locally installed app’ does not run over DA, (for example IPv6 issues). During a small trial we noticed quickly that the web page & webfeed access were so simple to create they were a gimme and gave us a nice workaround for the app’s unhappy over DA!

    For production I have set up the following RDS servers, (all are Server 2012 domain members): 2 x RD Web Access/RD Gateway, 1 x RD Connection Broker (there will be another but I think it is best to get past the issue I am about to describe before adding it), 4 x RD Session Hosts. In trial and live I followed the Microsoft article, ‘Test Lab Guide: Remote Desktop Services Session Virtualization Standard Deployment’ – http://technet.microsoft.com/en-us/library/hh831610 to get me started with three separate servers, then added the others steadily testing access and session balancing etc through each as I went.

    At this point the web page and webfeed access were working a charm, (and continued to do so until last week). I followed your article about Kemp load balancers to get access to the two Web servers balanced via the one virtual IP. This also worked fine barring the expected certificate warnings. Certificates were sorted by using our public wildcard certificate – *.abc.org, deployed to the Kemp and the deployment properties certificates section. Our internal AD domain is called abc-network.org. Our external domain name is abc.org. We already have an internal DNS zone called abc.org for adding entries for local resolution where required. I added an A record here called xyz.abc.org which points to the internal virtual IP the Kemp listens on before forwarding to the least loaded RD WA server. Internal clients reference https://xyz.abc.org/rdweb, xyz.abc.org is the Gateway FQDN defined in the deployment. As stated this was tested fully and worked.

    I then moved onto publishing the scenario to the internet via TMG. The rules I had in place from the trial only needed minor tweaks, basically a host file entry for xyz.abc.org needed ammending to the virtual IP of the Kemp. I had some issues with TMG deciding it did not want to talk to our internal RADIUS server, but fixed this and hey presto, external publishing using TMG, RADIUS and SafeWord tokens allows me to run my single published app Notepad.

    Now here is where it gets wierd! I tried to run Notepad from my webfeed.aspx link, it does not work! It also does not work if I login to the RDWeb page. (RDWeb page does not work if I login to https://xyz.abc.org/rdweb or the same site on the web servers individually). The error I get is as follows, “Remote Desktop Connection cannot connect to the remote computer. The remote computer that you are trying to connect is redirecting you to another remote computer named . Remote Desktop Connection cannot verify that the computers belong to the same RD Session Host server farm. You must use the farm name, not the computer name, when you connect to an RD Session Host server farm.”

    After a bit of serious Googling I am none the wiser, there really is not a lot out there for RDS 2012, and my thoughts are that this error message is a hangover from RDS 2008 where the concept of a server farm was valid. We are dealing with Session Collections in RDS 2012. You don’t get to configure a farm name, its not required as it all happens magically in the background courtesy of the fairly simple wizards. The re-direction from the Connection Broker to the Session Host is meant to happen, I have screen shots of when it was working!

    So the situation is that the same RemoteApp will work from the internet via TMG – Web Access – Gateway, but will not internally directly to the same address https://xyz.abc.com/rdweb! (Regardless of whether the traffic comes from internal clients or TMG it hits the Kemp and is distributed to one of the two web servers.) Outside of the wizards all I have done config’ wise is to use PowerShell to i) Change the web page name from ‘Work Resources’ to something more corporate & ii) Added the required extra pre-authentication stuff for external access as follows – Set-RDSessionCollectionConfiguration -CollectionName “” -CustomRdpProperty “authentication level:i:0 pre-authentication server address:s:https://xyz.abc.org/rdweb require pre-authentication:i:1 use redirection server name:i:1″. All of this was done to the trial set up too with no adverse effects – it worked fine internally and externally then stopped…honestly!!! However I fully accept that I must have done something which has had this adverse effect. It seems to me that there is still plenty of scope for tinkering in REGEDIT and IIS etc, which was more essential in RDS 2008 and earlier. I have not done any tinkering, but my guess is that a setting somewhere has somehow got messed up, hence my current internal access woes!

    I have read your posts with interest and it strikes me you are a very good person to ask on this subject. So where should I be looking to track this down? (My best guess right now is that the dynamically created RDP files you get on the web page/feed are slightly different when accessed internally and externally, but why?)

    Thanks in advance,

    Ashley Cooper.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s