cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

RDP via App Tunnel

ecce
Cirrostratus
Cirrostratus

I cannot get Remote Desktop via App Tunnels to work. I have set it up before, years ago, and had no problem then. I'm wondering if something changed in the way it works or if I am doing something wrong.

 

I have set up a basic Webtop that has RA-VPN that works fine, and a VDI/RDP link to a Windows 2012 R2 server on the inside. Clicking the link, it downloads an RDP file and runs it, opening it in the associated application. On Mac, it is Microsofts own Remote Desktop client app. It shows Error code: 0x3000064 and I have found a few community posts from other people noticing the same behaviour, but not a solution. On Windows, it just says "Your computer cant connect to the Remote Desktop Gateway server, please contact an Administrator". Not very helpful error message.

 

I'm no Microsoft guy at all, but isn't a RDP gateway some kind of connection broker? I have no such thing, it is just a plain Windows Server. I have tried looking around in Event Viewer, but I find it confusing and it's like looking for a needle in a haystack.

 

I've done a bit of troubleshooting:

  • If I establish VPN and connect RDP manually to the same IP address, it works. So it responds to RDP on the given IP address, no host firewall issues.
  • If I establish VPN and connect RDP using the generated rdp file, it does not work.
  • Using an AppTunnel for SSH to a Linux host in the same subnet works. Probably irrelevant.
  • Using TCPDUMP, I cannot se a single packet going out on the VLAN towards the Windows Server (with regular RA-VPN established and manually connecting I see lots of packets)

 

Network Access is SNATed and the BIGIP is directly connected to the VLAN that hosts the Windows Server.

 

I get the feeling that the generated .rdp file has some setting in it that is wrong. This is the content:

 

full address:s:10.1.20.61

gatewayaccesstoken:s:pBHDxY4zbajFk77dn3m0cQ

gatewaycredentialssource:i:5

gatewayhostname:s:webtop.acme.com

gatewayprofileusagemethod:i:1

gatewayusagemethod:i:1

server port:i:3389

signature:s:AQABAAEAAABXD<snipped>xkzrg7AiPeizGG64ZD54Q==

signscope:s:Full Address,Server Port,GatewayHostname,GatewayUsageMethod,GatewayProfileUsageMethod,GatewayCredentialsSource

 

BIGIP is a VE running 15.1, running standalone.

 

0 REPLIES 0