Forum Discussion
Reverse Connect failed
Hey,
I have deployed two RDS Session Hosts and they are reported as being available. The vNet has a site-to-site vpn connection to my on-prem network. Firewall rules to allow outbound traffic to "rdgateway-c001-weu-r1.wvd.microsoft.com" for both the vNet and my client are configured. However I can't connect to a session using the webclient. These are the error details:
ActivityId 8ff6a237-a452-471a-b56b-e7a404620000
ErrorSource : RDStack
ErrorOperation : SendReverseConnectRequestToStack
ErrorCode : -2147001841
ErrorCodeSymbolic : ConnectionFailedReverseConnectStackTransportError
ErrorMessage : Reverse Connect to 'rdgateway-c001-weu-r1.wvd.microsoft.com' failed with error 0x80075A0F 2147965455. Make sure it is reachable from your network. 'Unknown error (0x80075a0f)'
ErrorInternal : True
ReportedBy : RDGateway
Time : 15.10.2019 12:13:59
ErrorSource : RDStack
ErrorOperation : TransportConnecting
ErrorCode : 40
ErrorCodeSymbolic : ReverseConnectTimeout
ErrorMessage : Reverse connect to the gateway has timed out.
ErrorInternal : False
ReportedBy : RDStack
Time : 15.10.2019 12:14:00
What inbound / outbound traffic do I have to allow for both the client and vNet with the session hosts?
Best regards
Jonathan
jonathan-b your firewall rules should allow TLS connections over TCP port 443 to the hosts with url matching the wildcard *.wvd.microsoft.com. We don't recommend whitelisting just individual hosts that are resolved by DNS because their names and IPs are dynamic.
Alternatively, you can enable Service Endpoint for Microsoft.Web service on the VM subnet
- fdwlMicrosoft
jonathan-b your firewall rules should allow TLS connections over TCP port 443 to the hosts with url matching the wildcard *.wvd.microsoft.com. We don't recommend whitelisting just individual hosts that are resolved by DNS because their names and IPs are dynamic.
Alternatively, you can enable Service Endpoint for Microsoft.Web service on the VM subnet
- jonathan-bCopper Contributor
fdwl thanks for the clarification, unfortunately this did not resolve the issue.
What I did:
- Added a Service endpoint for Microsoft.Web to the vNet
- Turned off the first Session Host, in order to eliminate the host as error source
The error message was the same, but the error details are different now:
ActivityId 123f1cab-6112-4159-baab-a5da77d70000
ErrorSource : RDStack
ErrorOperation : SendReverseConnectRequestToStack
ErrorCode : -2147001841
ErrorCodeSymbolic : ConnectionFailedReverseConnectStackServerUnreachable
ErrorMessage : Reverse Connect to 'rdgateway-c001-weu-r1.wvd.microsoft.com' failed with error 0x80075A0F 2147965455. Make sure it is reachable from your network. 'Unknown error (0x80075a0f)'
ErrorInternal : False
ReportedBy : RDGateway
Time : 28.10.2019 15:09:32ErrorSource : RDGateway
ErrorOperation : GatewayConnectionActive
ErrorCode : -2146233083
ErrorCodeSymbolic : ConnectionFailedClientDidNotConnect
ErrorMessage : Client did not start websocket connection
ErrorInternal : False
ReportedBy : RDGateway
Time : 28.10.2019 15:14:52ErrorSource : RDStack
ErrorOperation : TransportConnecting
ErrorCode : 40
ErrorCodeSymbolic : ReverseConnectTimeout
ErrorMessage : Reverse connect to the gateway has timed out.
ErrorInternal : False
ReportedBy : RDStack
Time : 28.10.2019 15:09:34I don't see why there should be any connection problems. There is no Firewall in the vNet and the Windows Firewall on the machines is turned off.
- fdwlMicrosoftTry to open https://rdgateway.wvd.microsoft.com from the vm. You should get error 404. If it times out, then something is wrong with routing.