SOLVED

We couldn't connect to the gateway because of an error

Copper Contributor

My test account can see the VD in the web browser but I get this error every time I try to connect, it says "opening remote port" and fails. If I try to connect through the app I get told I do not have permission. 

 

I can remote into the VD while I am controlling the server but I cannot access the VD as my admin account that I used to join the VD. 

Ideas? 

12 Replies

HI@ian11230 

 

I had the same problem, and to solve it I raise the word complix
As a :

o minimum length 12 characters
o Capital letters of European languages (A to Z, with diacritics, Greek and Cyrillic characters)
o Tiny letters from European languages (a to z, sharp-s, with diacritics, Greek and Cyrillic characters)
o Figures in base 10 (0 to 9)
o Non-alphanumeric characters (special characters): (~! @ # $% ^ & * _- + = '| \ () {} \ [] :; »» <>,.? /) currency symbols such as l Euro or a British pound are not considered special characters for this policy setting.
o The password should not be in a dictionary (dictionary attack)
o The password should not be a subject known as Christmas, Easter, Carnival, etc.

@Mcinf2000 

You mean raise the password complexity yeah? Cause both my test account and the account I used for the UPN have the same password and it is over 12 characters and does contain a + but azure never complained about it while making the WVD.

@ian11230 

 

Hello,

 

Is there any new info regarding this issue? Or increasing password complexity is solution?

 

Regards,

Changing the password complexity did not help.

@ian11230 

I'm having the same issue. Managed to create a tenant and deploy, but can't login. I've added 3 users via Powershell to the user list, none of them are able to open a desktop session.

 

Using the client (not the web app) just keeps giving me credential prompts until it locks out the account. The web app just gives me an error for all 3 users.

 

Also keep having random issues with powershell giving me "User is not authorized to query the management service" when I'm signed in with the account I created everything in, which is also the subscription admin.

Have you managed to get any further?

best response confirmed by ian11230 (Copper Contributor)
Solution

@ian11230 If you're using Azure Active Directory Domain Services, you need to make sure the deployed servers are in the "AADDC Computers" OU and you log in using an admin account that is in the "AADDC Users" OU.  Make sure the admin user is a member of the "AAD DC Administrators" group in Azure Active Directory.

 

When I did this, I was finally able to Remote Desktop directly into the deployed VM's in the hostgroup.

What about if we have on-premise AD with AD Connect instead Azure ADDS?
Also, one of DCs is in Azure as VM, and HostPool machines are joined to AD.

 

Regards,

@Conrad AgramontI wouldn't want to make the users any sort of admin  - I don't think that there should be a need to. The service should be secure by design, so elevating a user must surely be working around a problem, rather than fixing it's cause?

@Conrad Agramont 

Can you help me check/do that? I am still getting used to Azure.

@vstefanovic Yes, we are in the same scenario. The error message we get when using the desktop client or the web link is:

"Oops, we couldn’t connect to “USSPA-RDSH”. We couldn’t connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help.”

 

Any ideas?

@ian11230 We had the same error message as you. Our solution was to start an Azure P2 trial for our tenant. So I'm guessing it was a licensing issue, but I can't find exactly what license is required, as maybe a cheaper license would have sufficed.

Password complexity didn't help here, any other workaround to solve the gateway error?
1 best response

Accepted Solutions
best response confirmed by ian11230 (Copper Contributor)
Solution

@ian11230 If you're using Azure Active Directory Domain Services, you need to make sure the deployed servers are in the "AADDC Computers" OU and you log in using an admin account that is in the "AADDC Users" OU.  Make sure the admin user is a member of the "AAD DC Administrators" group in Azure Active Directory.

 

When I did this, I was finally able to Remote Desktop directly into the deployed VM's in the hostgroup.

View solution in original post