Connecting to a Windows 2012 R2 RD Gateway server when you are behind a proxy server, especially one requiring authentication, may fail with the following errors:
‘Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to.’
‘Remote Desktop can’t connect to the remote computer for one of these reasons:
- Remote access to the server is not enabled
- The remote computer is turned off
- The remote computer is not available on the network’
Additionally, you will see the following event ID 4625 in the security log on the gateway server.
Log Name: Security
Date: 8/5/2013 4:20:00 PM
Event ID: 4625
Task Category: Logon
Keywords: Audit Failure
An account failed to log on.
This issue is documented here:
To fix it, set the EnforceChannelBinding registry value to 0 (zero) to ignore missing channel bindings on the Gateway server.
Value: 0 (Decimal)
Note By default, the EnforceChannelBinding value does not exist on the Gateway server. You must create this value. When you are done, reboot the server and it should work behind your proxy server.
How to install OneDrive on Windows Server 2012 R2. Unlike it’s desktop counterpart, Windows 8.1, Windows Server 2012 R2 does not include the OneDrive client. But, you can install it manually. This is useful for a remote desktop (terminal server) environment where users may want to save their files online. Admittedly this is not a very secure option for most organisations, but could be acceptable for small businesses. I run this at home for the family on a small RDS farm, with OneDrive and Office installed, although Office 2013 does of course allow saving natively as well.
To install OneDrive on Window Server 2012 R2:
- Disable Internet Explorer Enhanced Security Configuration from the Server Manager, Local Server page, if you have it enabled. This will allow you to sign in.- Install the .NET Framework 3.5 feature
- Download Windows Live Essentials 2012 from http://windows.microsoft.com/en-us/windows-live/essentials
- Install just OneDrive
You will then need to sign into the app.
Note that this does give the inferior Windows 7 style Onedrive sync, i.e. you have to choose which files and folders will be available on the server. It does not use the placeholders like in Windows 8, unfortunately, since this is basically the same Onedrive client that you can install on Windows 7.
This outlines the customisation options with the default RDWeb page in Microsoft Server 2012, when using Remote Desktop Services with RDWeb. You can easily replace the logon and text at the top of the page.
As an example, you can change the default:
To something like this:
Replaceable Company Logo Image
Add the new Icon into the image folder
- Add the new icon into the images folder located in:
Modify the site.xsl file
To e.g. C:\Windows\Web\RDWeb\Pages\Site.xsl.bak
The word Replaceable appears 3 times in this file. Do a find for this word to find the sections below:
Run notepad as admin and open. I find the easiest way to do this is to run Powershell as admin, and then launch notepad from there. That way if you close down notepad, you quickly launch as admin again without finding notepad.
Edit the file:
Replaceable Company Logo Image
<img src=”../images/logo_02.png” width=”48″ height=”48″/>
<img src=”../images/donkey_blue.png” width=”58″ height=”34″/>
Replaceable Company Logo Text and Application Type
<td class=”headingCompanyName”><xsl:value-of select=”@workspacename”/></td>
<td class=”headingCompanyName”>msdonkey remote access</td>
<xsl:value-of select=”$strings[@id = ‘HeadingApplicationName’]”/>
RemoteApps and Desktops
The Remote Desktop web site, which is a component of Remote Desktop Services in Windows Server 2012 and 2008, has a page called ‘Connect to a remote PC’.
This page will allow you to connect to servers or computers behind your Remote Desktop Gateway server, which is a handy feature if users need to connect to a full remote desktop behind the gateway, rather than just a remote app. This will also allow you to connect to your servers on an internal network directly, even if you are behind a web proxy server, so can be useful for remote management purposes when connected to a corporate network.
However, by default, this page will only allow you to connect to local resources, and will not use the gateway server.
To fix this, you need to make a change in IIS:
- On your RD Web Access server, open IIS Manager
- In the left pane, navigate to and Sites\Default Web Site\RDWeb\Pages
- In the middle pane, double-click on Application Settings
- Double-click on DefaultTSGateway and enter the external FQDN of your RD Gateway
- Refresh the RDWeb page on the client and then test using an external client
Now, to connect to other machines on your network other than ones already in your RDSH farm, you also need to modify the RD Gateway policies to allow you to connect to those other resources. You probably already have an AD group configured in your RD Gateway policies, and you can just add to this group, but in case you don’t then can configure this as follows:
- Create a new group in AD called e.g. SERVERNAME RD Gateway allowed servers, where SERVERNAME is the name of your RD Gateway server.
- Add all the servers that you want to be able to connect to into this group. For a start this should include all of your RDSH servers, but you can also add other Windows servers on the network.
- Open RD Gateway Manger (in the Tools/Terminal Services menu in the Server Manager in 2012), expand Policies, and click on the Resource Authorization Policy
- On the Network Resource tab, change the AD group to SERVERNAME RD Gateway allowed servers
- Note that you could also do this using an RD Gateway-managed group if you are using that feature
You will now be able to connect to any servers that are a member of this group using the ‘Connect to a remote PC’ page in RDWeb. You should be able to use the internal NETBIOS name of the servers, no need to use the FQDN.