SOLVED
Home

Reverse Connect failed

%3CLINGO-SUB%20id%3D%22lingo-sub-915153%22%20slang%3D%22en-US%22%3EReverse%20Connect%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-915153%22%20slang%3D%22en-US%22%3E%3CP%3EHey%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20deployed%20two%20RDS%20Session%20Hosts%20and%20they%20are%20reported%20as%20being%20available.%20The%20vNet%20has%20a%20site-to-site%20vpn%20connection%20to%20my%20on-prem%20network.%20Firewall%20rules%20to%20allow%20outbound%20traffic%20to%20%22rdgateway-c001-weu-r1.wvd.microsoft.com%22%20for%20both%20the%20vNet%20and%20my%20client%20are%20configured.%20However%20I%20can't%20connect%20to%20a%20session%20using%20the%20webclient.%20These%20are%20the%20error%20details%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EActivityId%208ff6a237-a452-471a-b56b-e7a404620000%3C%2FP%3E%3CP%3EErrorSource%20%3A%20RDStack%3CBR%20%2F%3EErrorOperation%20%3A%20SendReverseConnectRequestToStack%3CBR%20%2F%3EErrorCode%20%3A%20-2147001841%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ConnectionFailedReverseConnectStackTransportError%3CBR%20%2F%3EErrorMessage%20%3A%20Reverse%20Connect%20to%20'rdgateway-c001-weu-r1.wvd.microsoft.com'%20failed%20with%20error%200x80075A0F%202147965455.%20Make%20sure%20it%20is%20reachable%20from%20your%20network.%20'Unknown%20error%20(0x80075a0f)'%3CBR%20%2F%3EErrorInternal%20%3A%20True%3CBR%20%2F%3EReportedBy%20%3A%20RDGateway%3CBR%20%2F%3ETime%20%3A%2015.10.2019%2012%3A13%3A59%3C%2FP%3E%3CP%3EErrorSource%20%3A%20RDStack%3CBR%20%2F%3EErrorOperation%20%3A%20TransportConnecting%3CBR%20%2F%3EErrorCode%20%3A%2040%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ReverseConnectTimeout%3CBR%20%2F%3EErrorMessage%20%3A%20Reverse%20connect%20to%20the%20gateway%20has%20timed%20out.%3CBR%20%2F%3EErrorInternal%20%3A%20False%3CBR%20%2F%3EReportedBy%20%3A%20RDStack%3CBR%20%2F%3ETime%20%3A%2015.10.2019%2012%3A14%3A00%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20inbound%20%2F%20outbound%20traffic%20do%20I%20have%20to%20allow%20for%20both%20the%20client%20and%20vNet%20with%20the%20session%20hosts%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBest%20regards%3C%2FP%3E%3CP%3EJonathan%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-956209%22%20slang%3D%22en-US%22%3ERe%3A%20Reverse%20Connect%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-956209%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308827%22%20target%3D%22_blank%22%3E%40jonathan-b%3C%2FA%3E%26nbsp%3Byour%20firewall%20rules%20should%20allow%20TLS%20connections%20over%20TCP%20port%20443%20to%20the%20hosts%20with%20url%20matching%20the%20wildcard%20*.wvd.microsoft.com.%20We%20don't%20recommend%20whitelisting%20just%20individual%20hosts%20that%20are%20resolved%20by%20DNS%20because%20their%20names%20and%20IPs%20are%20dynamic.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlternatively%2C%20you%20can%20enable%20Service%20Endpoint%20for%20Microsoft.Web%20service%20on%20the%20VM%20subnet%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-959206%22%20slang%3D%22en-US%22%3ERe%3A%20Reverse%20Connect%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-959206%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F283712%22%20target%3D%22_blank%22%3E%40denisgun%3C%2FA%3E%26nbsp%3Bthanks%20for%20the%20clarification%2C%20unfortunately%20this%20did%20not%20resolve%20the%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20I%20did%3A%3C%2FP%3E%3CUL%3E%3CLI%3EAdded%20a%20Service%20endpoint%20for%20Microsoft.Web%20to%20the%20vNet%3C%2FLI%3E%3CLI%3ETurned%20off%20the%20first%20Session%20Host%2C%20in%20order%20to%20eliminate%20the%20host%20as%20error%20source%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThe%20error%20message%20was%20the%20same%2C%20but%20the%20error%20details%20are%20different%20now%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EActivityId%20123f1cab-6112-4159-baab-a5da77d70000%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EErrorSource%20%3A%20RDStack%3CBR%20%2F%3EErrorOperation%20%3A%20SendReverseConnectRequestToStack%3CBR%20%2F%3EErrorCode%20%3A%20-2147001841%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ConnectionFailedReverseConnectStackServerUnreachable%3CBR%20%2F%3EErrorMessage%20%3A%20Reverse%20Connect%20to%20'rdgateway-c001-weu-r1.wvd.microsoft.com'%20failed%20with%20error%200x80075A0F%202147965455.%20Make%20sure%20it%20is%20reachable%20from%20your%20network.%20'Unknown%20error%20(0x80075a0f)'%3CBR%20%2F%3EErrorInternal%20%3A%20False%3CBR%20%2F%3EReportedBy%20%3A%20RDGateway%3CBR%20%2F%3ETime%20%3A%2028.10.2019%2015%3A09%3A32%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EErrorSource%20%3A%20RDGateway%3CBR%20%2F%3EErrorOperation%20%3A%20GatewayConnectionActive%3CBR%20%2F%3EErrorCode%20%3A%20-2146233083%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ConnectionFailedClientDidNotConnect%3CBR%20%2F%3EErrorMessage%20%3A%20Client%20did%20not%20start%20websocket%20connection%3CBR%20%2F%3EErrorInternal%20%3A%20False%3CBR%20%2F%3EReportedBy%20%3A%20RDGateway%3CBR%20%2F%3ETime%20%3A%2028.10.2019%2015%3A14%3A52%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EErrorSource%20%3A%20RDStack%3CBR%20%2F%3EErrorOperation%20%3A%20TransportConnecting%3CBR%20%2F%3EErrorCode%20%3A%2040%3CBR%20%2F%3EErrorCodeSymbolic%20%3A%20ReverseConnectTimeout%3CBR%20%2F%3EErrorMessage%20%3A%20Reverse%20connect%20to%20the%20gateway%20has%20timed%20out.%3CBR%20%2F%3EErrorInternal%20%3A%20False%3CBR%20%2F%3EReportedBy%20%3A%20RDStack%3CBR%20%2F%3ETime%20%3A%2028.10.2019%2015%3A09%3A34%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20see%20why%20there%20should%20be%20any%20connection%20problems.%20There%20is%20no%20Firewall%20in%20the%20vNet%20and%20the%20Windows%20Firewall%20on%20the%20machines%20is%20turned%20off.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-959376%22%20slang%3D%22en-US%22%3ERe%3A%20Reverse%20Connect%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-959376%22%20slang%3D%22en-US%22%3ETry%20to%20open%20%3CA%20href%3D%22https%3A%2F%2Frdgateway.wvd.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Frdgateway.wvd.microsoft.com%3C%2FA%3E%20from%20the%20vm.%20You%20should%20get%20error%20404.%20If%20it%20times%20out%2C%20then%20something%20is%20wrong%20with%20routing.%20%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-961617%22%20slang%3D%22en-US%22%3ERe%3A%20Reverse%20Connect%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-961617%22%20slang%3D%22en-US%22%3EI%20get%20the%20expected%20error%20404%20and%20no%20timeout%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-963129%22%20slang%3D%22en-US%22%3ERe%3A%20Reverse%20Connect%20failed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-963129%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308827%22%20target%3D%22_blank%22%3E%40jonathan-b%3C%2FA%3E%26nbsp%3BPlease%20open%20a%20support%20ticket%20to%20investigate%20this%20issue%3C%2FP%3E%3C%2FLINGO-BODY%3E
jonathan-b
New Contributor

Hey,

 

I have deployed two RDS Session Hosts and they are reported as being available. The vNet has a site-to-site vpn connection to my on-prem network. Firewall rules to allow outbound traffic to "rdgateway-c001-weu-r1.wvd.microsoft.com" for both the vNet and my client are configured. However I can't connect to a session using the webclient. These are the error details:

 

ActivityId 8ff6a237-a452-471a-b56b-e7a404620000

ErrorSource : RDStack
ErrorOperation : SendReverseConnectRequestToStack
ErrorCode : -2147001841
ErrorCodeSymbolic : ConnectionFailedReverseConnectStackTransportError
ErrorMessage : Reverse Connect to 'rdgateway-c001-weu-r1.wvd.microsoft.com' failed with error 0x80075A0F 2147965455. Make sure it is reachable from your network. 'Unknown error (0x80075a0f)'
ErrorInternal : True
ReportedBy : RDGateway
Time : 15.10.2019 12:13:59

ErrorSource : RDStack
ErrorOperation : TransportConnecting
ErrorCode : 40
ErrorCodeSymbolic : ReverseConnectTimeout
ErrorMessage : Reverse connect to the gateway has timed out.
ErrorInternal : False
ReportedBy : RDStack
Time : 15.10.2019 12:14:00

 

What inbound / outbound traffic do I have to allow for both the client and vNet with the session hosts?

 

Best regards

Jonathan

5 Replies
Solution

@jonathan-b your firewall rules should allow TLS connections over TCP port 443 to the hosts with url matching the wildcard *.wvd.microsoft.com. We don't recommend whitelisting just individual hosts that are resolved by DNS because their names and IPs are dynamic.

 

Alternatively, you can enable Service Endpoint for Microsoft.Web service on the VM subnet

@denisgun thanks for the clarification, unfortunately this did not resolve the issue.

 

What I did:

  • Added a Service endpoint for Microsoft.Web to the vNet
  • Turned off the first Session Host, in order to eliminate the host as error source

The error message was the same, but the error details are different now:

 

ActivityId 123f1cab-6112-4159-baab-a5da77d70000

 

ErrorSource : RDStack
ErrorOperation : SendReverseConnectRequestToStack
ErrorCode : -2147001841
ErrorCodeSymbolic : ConnectionFailedReverseConnectStackServerUnreachable
ErrorMessage : Reverse Connect to 'rdgateway-c001-weu-r1.wvd.microsoft.com' failed with error 0x80075A0F 2147965455. Make sure it is reachable from your network. 'Unknown error (0x80075a0f)'
ErrorInternal : False
ReportedBy : RDGateway
Time : 28.10.2019 15:09:32

 

ErrorSource : RDGateway
ErrorOperation : GatewayConnectionActive
ErrorCode : -2146233083
ErrorCodeSymbolic : ConnectionFailedClientDidNotConnect
ErrorMessage : Client did not start websocket connection
ErrorInternal : False
ReportedBy : RDGateway
Time : 28.10.2019 15:14:52

 

ErrorSource : RDStack
ErrorOperation : TransportConnecting
ErrorCode : 40
ErrorCodeSymbolic : ReverseConnectTimeout
ErrorMessage : Reverse connect to the gateway has timed out.
ErrorInternal : False
ReportedBy : RDStack
Time : 28.10.2019 15:09:34

 

I don't see why there should be any connection problems. There is no Firewall in the vNet and the Windows Firewall on the machines is turned off.

Try to open https://rdgateway.wvd.microsoft.com from the vm. You should get error 404. If it times out, then something is wrong with routing.
I get the expected error 404 and no timeout

@jonathan-b Please open a support ticket to investigate this issue

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies