SOLVED

Windows Virtual Desktop - Your computer can't connect to Remote Desktop Gateway server

Copper Contributor

I have successfully deployed WVD to my MSDN tenant following the steps 1 and 2 in https://docs.microsoft.com/en-gb/azure/virtual-desktop/tenant-setup-azure-active-directory and https://docs.microsoft.com/en-gb/azure/virtual-desktop/create-host-pools-azure-marketplace - I stopped during Step 2 at the optional components.  

 

I have deployed a Windows 10 Multi User desktop and when I login with the user that I gave access to during the setup I see the Icon for my "Session desktop" but when I try to launch I get the following error message.  "Your computer can't connect to Remote Desktop Gateway server.  Contact your network administrator for assistance."

32 Replies

@ray077 

 

Are you using a proxy server?  If so, WVD doesn't yet support a proxy configuration.

Hi @anthonyschneider365 

 

That is good to know, but no I have do not have a proxy configured I am connected direct to my home broadband and not connected to my company VPN either.


Cheers

@ray077 

 

Is your SessionHost marked as available?  You can check using the following PowerShell command:

 

Get-RdsSessionHost -TenantName "[your_tennat_name]" -HostPoolName "[your_hostpool_name]"

Hi @anthonyschneider365 

 

Yes showing as Available - see output below.  I have also tested from another laptop with the same result.

 

SessionHostName : vmWVDMW-0.domainname.org.uk
TenantName      : MyWorkplace
TenantGroupName : Default Tenant Group
HostPoolName    : My Workplace HP1
AllowNewSession : True
Sessions        : 0
LastHeartBeat   : 28/03/2019 11:52:08
AgentVersion    : 1.0.1.8
AssignedUser    :
Status          : Available
StatusTimestamp : 28/03/2019 11:52:08

 

Cheers

@ray077 

 

Ok - that's good.  Have you taken a look at what's being reported in the Diagnostic Activities?

 

Get-RdsDiagnosticActivities -TenantName ",tenant." -Detailed

 

https://docs.microsoft.com/en-us/azure/virtual-desktop/diagnostics-role-service

Just run the log, I think this is the entry that relates to the connection failure, but it doesn't mean much to me I am afraid. (I have changed the username and domain name btw)
ActivityId : 84bbffaa-7304-4c9e-8905-0d7e7f4a0000
ActivityType : Connection
StartTime : 28/03/2019 11:57:52
EndTime : 28/03/2019 11:59:11
UserName : user@myworkplace.org.uk
RoleInstances : rdwebclient;mrs-eus2r1c002-rdbroker-prod-staging::RD0003FF45DF76;mrs-eus2r1c002-rdgateway-prod-stag
ing::RD0003FF45E716;≤vmWVDMW-0.myworkplace.org.uk≥;mrs-eus2r1c001-rdbroker-prod::RD0004FFA4B301
Outcome : Failure
Status : Completed
Details : {[ClientOS, Win32 Edge 18.17763], [ClientVersion, 1.0.13-wvd], [ClientType, HTML],
[PredecessorConnectionId, ]...}
LastHeartbeatTime : 28/03/2019 12:00:39
Checkpoints : {LoadBalancedNewConnection, RdpStackDisconnect}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo,
Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}
best response confirmed by Rick_Jen (Microsoft)
Solution

@anthonyschneider365 

I think I may have worked out my problem, I have been testing with a user account I setup in Azure AD.  I have only just setup the tenant and AD domain to test WVD.  I have just tested with an account I had created on the AD Server (Still in Azure but with AD Connect installed to sync to AAD) and this has worked fine.  I have also created another AAD account and tried to connect to the desktop but this failed with the same error.

 

Interestingly I am getting prompted to enter my credentials again upon connection, not sure if I have missed something with the SSO settings?

@ray077 : Unfortunately, we don't have that true "single sign-on" just through Azure AD. This is primarily because Windows logon requires username/password or smartcard still. We are finalizing our flow for single sign-on when federating your Azure AD to ADFS, so you would only ever get the Azure AD credential prompt (not a Windows credential prompt). We should have that document up later in the Preview.

 

Thanks for all your testing!

Thanks for the info, can you confirm that the behaviour I was seeing with an Azure AD only account (User was not defined in the "On-Premise" AD") was expected.

@ray077 : Yes, confirming that the issue is that the user must exist both in Azure AD and the Windows Server (on-prem) AD, so this was an expected error.

@ray077 Yes, confirmed need to install Azure AD Connect and sync users to AAD. Add that user with Add-RdsAppGroupUser and sign in with that user. Confirmed working.

@Christian_Montoya 

 

I am experiencing the same issue and the users are sync from my On-premise AD with AD connect.
This worked initially and then stop working for the same users is no longer working.

 

Any ideas?

@hdsit : Can you run the diagnostics command here to get the errors for the connection: https://docs.microsoft.com/azure/virtual-desktop/diagnostics-role-service#filter-diagnostic-activiti... ? You may also want to run it with the -Detailed parameter, then you can see the Errors for the activity. That should be a good start.

Did you guys have to install anymore options in powershell to get the RdsSessionHost command to work? @anthonyschneider365 

I'm now seeing this same issue with a test account I created in Azure AD. We have Azure AD Domain Services set-up, and I am able to log-in from my own account. One of our employees is also able to log-in fine, but the test account I created is not.

 

The test account has been added to the app group, and I'm able to log-in with that test user to the "Remote Desktop" application for Windows. But every time I try to connect, I keep getting the "Your computer can't connect to the Remote Desktop Gateway server" message. 

 

Here's the detailed output:

 

ActivityId : 985a50ab-9cfc-4b24-a4fa-1526673c0000
ActivityType : Connection
StartTime : 6/13/2019 8:32:26 AM
EndTime : 6/13/2019 8:32:39 AM
UserName : test.user@REDACTED.com
RoleInstances : GP-WIN10-52325B;mrs-eus2r1c002-rdgateway-prod-staging::RD0003FF81D9F2;mrs-eus2r1c001-rdbroker-prod-
staging::RD2818780AFB61;<inv-vdi-0.cloud.REDACTED.com>;mrs-cusr1c002-rdbroker-prod-staging::RD0003F
F648FBF
Outcome : Failure
Status : Completed
Details : {[ClientOS, WINDOWS 10.0.17763], [ClientVersion, 1.2.155.18898], [ClientType, MSRDC],
[PredecessorConnectionId, ]...}
LastHeartbeatTime : 6/13/2019 8:34:10 AM
Checkpoints : {TransportConnected, RdpStackDisconnect, RdpStackDisconnect, LoadBalancedNewConnection}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo,
Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo,
Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}

@GuyPaddock Did you get anywhere with this? I have setup a host pool and when i try to connect to the remote desktop i see "opening remote port" then "We couldn't connect to the gateway because of an error. If this keeps happening, ask your admin or tech support for help."

 

I see the same error as you did

 

ActivityId : 893b0a57-6f19-4e15-90b4-1950fabb0000
ActivityType : Connection
StartTime : 08/08/2019 14:31:50
EndTime : 08/08/2019 14:31:54
RoleInstances : rdwebclient;mrs-eus2r1c002-rdgateway-prod-staging::RD0003FF459018;mrs-eus2r1c002-rdbroker-prod-staging::RD0003FF45E902;≤dtwvd-0.DTWVD.local≥
Outcome : Failure
Status : Completed
Details : {[ClientOS, Win32 Chrome 75.0.3770.142], [ClientVersion, 1.0.18.5], [ClientType, HTML], [PredecessorConnectionId, ]...}
LastHeartbeatTime : 08/08/2019 14:31:55
Checkpoints : {LoadBalancedNewConnection, TransportConnecting, TransportConnected}
Errors : {Microsoft.RDInfra.Diagnostics.Common.DiagnosticsErrorInfo}

 

Yes; apologies for not updating with a follow-up. It turned out that we had a role that only users in our "employees" group sync with AADDS. The test account wasn't in that group so they couldn't authenticate with the machine even though I had granted the account access to Azure VDI. I added the user to the employees group, changed the account password, waited about 5 mins to ensure the account synced, and got in.
Thanks for getting back so quick, ill take a look into this
1 best response

Accepted Solutions
best response confirmed by Rick_Jen (Microsoft)
Solution

@anthonyschneider365 

I think I may have worked out my problem, I have been testing with a user account I setup in Azure AD.  I have only just setup the tenant and AD domain to test WVD.  I have just tested with an account I had created on the AD Server (Still in Azure but with AD Connect installed to sync to AAD) and this has worked fine.  I have also created another AAD account and tried to connect to the desktop but this failed with the same error.

 

Interestingly I am getting prompted to enter my credentials again upon connection, not sure if I have missed something with the SSO settings?

View solution in original post