Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
How to troubleshoot Logon Attempt Failed messages when connecting through RD Gateway
Published Sep 07 2018 08:10 PM 5,058 Views
First published on CloudBlogs on Sep, 07 2011

Hi folks, once again hello. Today I would like to discuss a case where I was trying to fix web single sign-on (SSO) externally. SSO was working well internally, but when we were trying to make it work outside the environment (by using Remote Desktop Gateway), it was not working and resulted in continuous logon attempt failed error messages:

After exhausting all the methods I could think of, I configured another server basically the same (I only included the Remote Desktop Services role services though). I figured that I could compare configurations and see the differential.

I started looking at the possibility of a corrupted web.config or host file as the error suggested, but the cause turned out to be defining an HTTP redirect for the default website in IIS.

To start working on this issue, first test to see if you are being redirected by going to the following website in a browser: https://<servername>/rpc

After entering your credentials, if everything is working fine you should see a blank screen with the URL https://<servername>/rpc . However, in my case, I saw Page cannot be displayed , which told me that something was not good and I needed to troubleshoot the issue.

Finally, after some research, I found the resolution, which was simpler than I expected (as I was thinking it could be a certificate-binding or broken-binding issue, which could have caused me hours to troubleshoot).

To resolve this issue, locate the HTTP redirection setting and disable it:

  1. In Server Manager, on the RD Gateway server , open Internet Information Services (IIS) Manager.
  2. In the IIS navigation tree, expand the server and the sites, and then select Default Web Site .
  3. In the middle pane (the settings area), double-click HTTP Redirect .
  4. Clear the Redirect requests to this destination check box.

After completing this, single sign-on was working externally as well, but the question remained: “How can I enable the redirection?” I didn’t want to manually type in because I wanted to use instead. After doing some research and getting help from my colleagues, I found that it could be done by just making a small change, detailed in the following steps.

To redirect HTTP:

1. Open IIS Manager.

2. Go to the RD Web Access website (by default, it’s the “Default Web Site”).

3. In the middle pane, click HTTP redirect .

4. Select the Redirect requests to this destination check box, and type the address for your website; for example: .

5. In the Redirect Behavior section, select the Only redirect requests to content in this directory (not subdirectories) check box.

6. Apply settings.

You are now all set for HTTP redirection from to without breaking RD Gateway connectivity.

Version history
Last update:
‎Sep 07 2018 08:10 PM