Forum Discussion
Windows Virtual Desktop - Your computer can't connect to Remote Desktop Gateway server
I think I may have worked out my problem, I have been testing with a user account I setup in Azure AD. I have only just setup the tenant and AD domain to test WVD. I have just tested with an account I had created on the AD Server (Still in Azure but with AD Connect installed to sync to AAD) and this has worked fine. I have also created another AAD account and tried to connect to the desktop but this failed with the same error.
Interestingly I am getting prompted to enter my credentials again upon connection, not sure if I have missed something with the SSO settings?
I'm now seeing this same issue with a test account I created in Azure AD. We have Azure AD Domain Services set-up, and I am able to log-in from my own account. One of our employees is also able to log-in fine, but the test account I created is not.
The test account has been added to the app group, and I'm able to log-in with that test user to the "Remote Desktop" application for Windows. But every time I try to connect, I keep getting the "Your computer can't connect to the Remote Desktop Gateway server" message.
Here's the detailed output:
ActivityId : 985a50ab-9cfc-4b24-a4fa-1526673c0000
ActivityType : Connection
StartTime : 6/13/2019 8:32:26 AM
EndTime : 6/13/2019 8:32:39 AM
UserName : test.user@REDACTED.com
RoleInstances : GP-WIN10-52325B;mrs-eus2r1c002-rdgateway-prod-staging::RD0003FF81D9F2;mrs-eus2r1c001-rdbroker-prod-
staging::RD2818780AFB61;<inv-vdi-0.cloud.REDACTED.com>;mrs-cusr1c002-rdbroker-prod-staging::RD0003F
F648FBF
Outcome : Failure
Status : Completed
Details : {[ClientOS, WINDOWS 10.0.17763], [ClientVersion, 1.2.155.18898], [ClientType, MSRDC],
[PredecessorConnectionId, ]...}
LastHeartbeatTime : 6/13/2019 8:34:10 AM
Checkpoints : {TransportConnected, RdpStackDisconnect, RdpStackDisconnect, LoadBalancedNewConnection}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo,
Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo,
Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}
GuyPaddock Did you get anywhere with this? I have setup a host pool and when i try to connect to the remote desktop i see "opening remote port" then "We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help."
I see the same error as you did
ActivityId : 893b0a57-6f19-4e15-90b4-1950fabb0000
ActivityType : Connection
StartTime : 08/08/2019 14:31:50
EndTime : 08/08/2019 14:31:54
RoleInstances : rdwebclient;mrs-eus2r1c002-rdgateway-prod-staging::RD0003FF459018;mrs-eus2r1c002-rdbroker-prod-staging::RD0003FF45E902;≤dtwvd-0.DTWVD.local≥
Outcome : Failure
Status : Completed
Details : {[ClientOS, Win32 Chrome 75.0.3770.142], [ClientVersion, 1.0.18.5], [ClientType, HTML], [PredecessorConnectionId, ]...}
LastHeartbeatTime : 08/08/2019 14:31:55
Checkpoints : {LoadBalancedNewConnection, TransportConnecting, TransportConnected}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}- Same here.
- Yes; apologies for not updating with a follow-up. It turned out that we had a role that only users in our "employees" group sync with AADDS. The test account wasn't in that group so they couldn't authenticate with the machine even though I had granted the account access to Azure VDI. I added the user to the employees group, changed the account password, waited about 5 mins to ensure the account synced, and got in.
- Thanks for getting back so quick, ill take a look into this
whitelines I have the same issue. A user account source from on-premises AD synchronised to Azure AD can not connect. The account can login to the VM locally. But if we try via the Web Client the "Open connection" fails. This is a sample error:
PS C:\Users\joakim.westin> Get-RdsDiagnosticActivities -ActivityId 221789b4-3a84-4384-a25d-7040583f0000 ActivityId : 221789b4-3a84-4384-a25d-7040583f0000 ActivityType : Connection StartTime : 2019-09-18 09:24:17 EndTime : 2019-09-18 09:24:23 UserName : joakim.westin@x5music.com RoleInstances : rdwebclient;mrs-eus2r1c002-rdgateway-prod::RD0003FFF895CE;mrs-eus2r1c002-rdbroker-prod::RD0003FF45DB51;≤xsh-0.x5music.com≥ Outcome : Failure Status : Completed Details : LastHeartbeatTime : 2019-09-18 09:25:54 Checkpoints : Errors :what I see in the detailed logs is that the users SID is not the same as expected.
PS C:\Users\joakim.westin> (Get-RdsDiagnosticActivities -ActivityId 221789b4-3a84-4384-a25d-7040583f0000 -Detailed).Errors ErrorSource : RDBroker ErrorOperation : OrchestrateSessionHost ErrorCode : -2146233088 ErrorCodeSymbolic : ConnectionFailedUserSIDInformationMismatch ErrorMessage : User joakim.westin@x5music.com: SID information in the database 'S-1-5-21-266129286-189420813-3044514089-5660' does not match S ID information returned by agent 'S-1-5-21-1829173068-3133025792-290102247-1262' in the orchestration reply.. This scenario is not supported - we will not be able to redirect the user session. ErrorInternal : False ReportedBy : RDGateway Time : 2019-09-18 09:24:22So the question then becomes: What could be causing this? We have a local AD that is synchronizing to Azure AD. And we also have Azure AD Domain Services.... Anyone have any ideas?
Joakim Westin I spent some time on this a couple weeks ago and wrote a blog post about it. Basically, per MS documentation, only Azure AD sourced users are supported if the Session Host is Azure AD Domain Services joined. If users are sourced from Windows AD, the Session Host must be Windows AD joined.
