Using the following setup (2012r2):
SRV1:
- RD Web Access
- Connection Broker
- Gateway
SRV2:
- Session host (part of test collection)
SRV3:
- Session host (part of test collection)
Without the RD Gateway everything works fine when I try to open a remote app or the session collection from the Remote Web Access site, but with the RD gateway enabled it just doesn't work. In the Terminalservices-gateway it records the event:
The user "contoso\administrator", on client computer "53.57.174.113", met connection authorization policy and resource authorization policy requirements, but could not connect to resource "rd.contoso.com". Connection protocol used: "HTTP". The following error occurred: "23005".
So from what I understand it was able to establish a connection with the RD Gateway server and it met the health requirements. But the strange this: Connection Protocol used: HTTP???
In the security log it shows:
An account was logged off.
Perhaps I've made a mistake? I've created a single DNS record (rd.contoso.com), so it's being used for clients establishing a session using port 3389 and for the remote gateway.
Under deployment options I've set the 'Use these RD Gateway settings' to: rd.contoso.com and assigned a wildcard certificate *.contoso.com
If I open the RDP connection it shows:
prompt for credentials on client:i:1
span monitors:i:1
use multimon:i:1
remoteapplicationmode:i:1
server port:i:3389
allow font smoothing:i:1
promptcredentialonce:i:1
gatewayusagemethod:i:2
gatewayprofileusagemethod:i:1
gatewaycredentialssource:i:0
full address:s:rd.contoso.com
alternate shell:s:||OMNIS7
remoteapplicationprogram:s:||application
gatewayhostname:s:rd.contoso.com
remoteapplicationname:s:application
workspace id:s:srv1.domain.local
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.Collection_Vakme
alternate full address:s:rd.contoso.com
Also disabled the firewall on all hosts participating