Server 2019 RDS HTML5 Webclient with Azure Application Proxy - Web Socket Error
Hi all, I have a small Server 2019 RDS environment running on-prem consisting of three servers. 1 x RDS Gateway/Web Access/Broker 2 x RDS Session Hosts I am using Azure Application Proxy to enable remote working. I have installed the new webclient (/rdweb/webclient/) and if I connect via the App proxy, the setup works perfectly for accessign remote apps and full desktop while making use of the RDP file option, however if I switch to the HTML5 browser option, connections fail and I receive a websocket error (pasted below) Both RDP and HTML5 browser options work perfectly if I access /rdweb/webclient from an on-prem machine. Does anyone have any advice with regards RDS webclient via App Proxy? PD websockettransport.cpp(304): OnErrorFromJS() at Object.Logger.a.errorWithoutTimestamp (https://domain.com/RDWeb/webclient/js/client.93f1e024.js:1:2848),at Function.<anonymous> (https://domain.com/RDWeb/webclient/js/client.93f1e024.js:5:15934),at methodCaller_emscripten$$val_$emscripten$$val_emscripten$$val$ (eval at new_ (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:86:1501056), <anonymous>:6:26),at __emval_call_method (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:86:1522590),at S$a (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:126:82431),at Djd (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:134:115033),at invoke_viiiii (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:86:1574347),at R$a (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:126:80844),at Bjd (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:134:114867),at invoke_viii (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:86:1573937),at H0a (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:126:120009),at Rfb (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:116:167461),at zjd (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:134:114736),at invoke_vii (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:86:1573548),at C1a (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:126:157205),at zjd (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:134:114736),at invoke_vii (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:86:1573548),at D1a (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:126:158017),at Bjd (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:134:114867),at dynCall_viii_472 (eval at makeDynCaller (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:86:1497203), <anonymous>:4:12),at OnMessageCallback$Invoke [as Invoke] (eval at new_ (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:86:1501056), <anonymous>:9:1),at Worker.<anonymous> (https://domain.com/RDWeb/webclient/js/rdcore.eb28ca45.js:86:106254) 2020-12-20T15:06:53.340Z WebSocketTransport(NORM): WebSocket closed, url=wss://domain.com:443/remoteDesktopGateway?CorId=%7Bac79013d-72f2-4a53-bfc0-6b6bf31e0000%7D&ConId=%7B539f728e-ab48-4fe8-91fd-32cd49afa8a1%7D&ClGen=HTML%3D1&ClBld=Type%3DRdClient%3B%20Build%3Dprivate&AuthS=SSPI_NTLM, wasClean=false, code=1006, reason="" 2020-12-20T15:06:53.516Z Connection(ERR): The connection generated an internal exception with disconnect code=ConnectionBroken(8), extended code=<null>, reason=WebSocket closed with code: 1006 reason: Thrown in thread 399652 at: websockettransport.cpp(335) Call Stack: at imb at fmb at Tp at Djd
Azure Application Proxy - B2B Users, No SSO
Hi all, We have an onsite website. We have a requirement to allow some external people access the site. I was thinking of using Azure Application Proxy, which we've used to great success with internal users. However, while I think the website supports SAML, my understanding is that when the users log on, they will be required to enter a username and password on the website anyway, so no SSO. I've been reading https://docs.microsoft.com/en-us/azure/active-directory/external-identities/hybrid-cloud-to-on-premises but I'm confused if we have to create a shadow account on our onsite AD if they won't be using SSO? I.e., will AAP authenticate their guest account to the point they can see the web page?