SOLVED

Reverse Connect failed

Copper Contributor

Hey,

 

I have deployed two RDS Session Hosts and they are reported as being available. The vNet has a site-to-site vpn connection to my on-prem network. Firewall rules to allow outbound traffic to "rdgateway-c001-weu-r1.wvd.microsoft.com" for both the vNet and my client are configured. However I can't connect to a session using the webclient. These are the error details:

 

ActivityId 8ff6a237-a452-471a-b56b-e7a404620000

ErrorSource : RDStack
ErrorOperation : SendReverseConnectRequestToStack
ErrorCode : -2147001841
ErrorCodeSymbolic : ConnectionFailedReverseConnectStackTransportError
ErrorMessage : Reverse Connect to 'rdgateway-c001-weu-r1.wvd.microsoft.com' failed with error 0x80075A0F 2147965455. Make sure it is reachable from your network. 'Unknown error (0x80075a0f)'
ErrorInternal : True
ReportedBy : RDGateway
Time : 15.10.2019 12:13:59

ErrorSource : RDStack
ErrorOperation : TransportConnecting
ErrorCode : 40
ErrorCodeSymbolic : ReverseConnectTimeout
ErrorMessage : Reverse connect to the gateway has timed out.
ErrorInternal : False
ReportedBy : RDStack
Time : 15.10.2019 12:14:00

 

What inbound / outbound traffic do I have to allow for both the client and vNet with the session hosts?

 

Best regards

Jonathan

6 Replies
best response confirmed by evasse (Microsoft)
Solution

@jonathan-b your firewall rules should allow TLS connections over TCP port 443 to the hosts with url matching the wildcard *.wvd.microsoft.com. We don't recommend whitelisting just individual hosts that are resolved by DNS because their names and IPs are dynamic.

 

Alternatively, you can enable Service Endpoint for Microsoft.Web service on the VM subnet

@fdwl thanks for the clarification, unfortunately this did not resolve the issue.

 

What I did:

  • Added a Service endpoint for Microsoft.Web to the vNet
  • Turned off the first Session Host, in order to eliminate the host as error source

The error message was the same, but the error details are different now:

 

ActivityId 123f1cab-6112-4159-baab-a5da77d70000

 

ErrorSource : RDStack
ErrorOperation : SendReverseConnectRequestToStack
ErrorCode : -2147001841
ErrorCodeSymbolic : ConnectionFailedReverseConnectStackServerUnreachable
ErrorMessage : Reverse Connect to 'rdgateway-c001-weu-r1.wvd.microsoft.com' failed with error 0x80075A0F 2147965455. Make sure it is reachable from your network. 'Unknown error (0x80075a0f)'
ErrorInternal : False
ReportedBy : RDGateway
Time : 28.10.2019 15:09:32

 

ErrorSource : RDGateway
ErrorOperation : GatewayConnectionActive
ErrorCode : -2146233083
ErrorCodeSymbolic : ConnectionFailedClientDidNotConnect
ErrorMessage : Client did not start websocket connection
ErrorInternal : False
ReportedBy : RDGateway
Time : 28.10.2019 15:14:52

 

ErrorSource : RDStack
ErrorOperation : TransportConnecting
ErrorCode : 40
ErrorCodeSymbolic : ReverseConnectTimeout
ErrorMessage : Reverse connect to the gateway has timed out.
ErrorInternal : False
ReportedBy : RDStack
Time : 28.10.2019 15:09:34

 

I don't see why there should be any connection problems. There is no Firewall in the vNet and the Windows Firewall on the machines is turned off.

Try to open https://rdgateway.wvd.microsoft.com from the vm. You should get error 404. If it times out, then something is wrong with routing.
I get the expected error 404 and no timeout

@jonathan-b Please open a support ticket to investigate this issue

What was the solution to this please?
1 best response

Accepted Solutions
best response confirmed by evasse (Microsoft)
Solution

@jonathan-b your firewall rules should allow TLS connections over TCP port 443 to the hosts with url matching the wildcard *.wvd.microsoft.com. We don't recommend whitelisting just individual hosts that are resolved by DNS because their names and IPs are dynamic.

 

Alternatively, you can enable Service Endpoint for Microsoft.Web service on the VM subnet

View solution in original post