Common issues when publishing RemoteApp and Remote Desktop through UAG

  • Article

I have started seeing people asking various questions about RemoteApp or Remote Desktop (User defined ) or Remote desktop (Pre-defined) issues. Its quite a complex combo of technologiese through RDG (UAG) and involves various bits and pieces. If you do see a problem in any of the the above scnerios then its important to first isolate where the problem is. Is it RDS (backend TS server), is it session broker , is it DNS Round Robin for RDS farm etc, so first isolate that before you jump to UAG.

If RDS bit looks fine then lets focus on RDG (UAG) and see what we can see there.

Extract the RDP part from the TSPub file and try to run it from the UAG machine. If it doesn’t work it might be that:

There are problems with the TS server

Bad connectivity to this server (TMG, Networking, etc)

If step 1 looks good then:

Check the Remote Desktop Services status in its console:

RDG Common Problems:

· RDG service is down

· It’s certificate is tampered

· It’s IIS binding is removed

Get the screenshot of the error and the OS version , MSTSC client version from where you are testing.

 Also ensure that Active X control is not disabled in IE as we need RDS Active X control on end point to initiate the connection.

If After clicking the remoteApp you get the following error:

 "This computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator."

The above error points to RD client not supporting RDP client verion 6.1.7600.

If you get the following error popup:

 "Your computer cant connect to the remote computer because no certificate was configured to use at the Remote Desktop Gateway server. Contact your network administrator for assistance".

The above error points to RDG certificate is not valid so open the RDG console and change the certificate.

You also need to ensure that TS settings are not changed after RDG is configured . if you have changed anything on TS then on UAG (RDG) you need to update the corresponding settings. Another reason as why you cant login is due to access policy that you fail to meet.

Please ensure that manual URL replacement setting on UAG is removed so ensure its there.

"/rcp/rpcproxy.dll\?localhost.*" ,<without quotes>

One more common reason I came across is:

When using a certificate (i.e. the site’s certificate), not derived from a trusted CA on the client’s side (e.g. a self-signed certificate or a certificate from internal CRL). The browser warns but permits to continue; the MSTSC just does not accept such a signature. A resolution: the user should update the trusted root CA’s list accordingly.

Bad certificates are the main cause of the failures. You might reach to this stage and when you try to launch the App , you see the following prompt before launch:

 

 Once launched you might the see the following pop up :

 "This computer cant verify the identity of RD Gateway www.abc.com. It's not safe to connect to server that cant't be identified. Contact your network administrator for assistance".

So if you come across the above two popups then fix the cert , they indicate bad certificate issue and RemoteApp will never launch.

If you have configured your RemoteApp for single Sign on (SSO) then ensure the end user allows the RemoteApp activeX control else functionality wont work on end point.

this is the interface on UAg server where you set up the RemoteApp for SSO:

 

Windows XP/Vista might require upgrading the RDP client by visiting the following KB article https://support.microsoft.com/kb/969084 .

 

If you suspect RD host connectivity the worth trying to verify the TMG settings if rule allows connectivity to RD host. also try accessing from RDG server it sefl to ensure you dont run in to connectiviy problems.

1- Session Monitor will give you details about each session.

2- Event viewer on both client server would be good to look at.

3- there is no client side tracing , you can use fiddler or httpwatch to see the RDP traffic but its windows Native implementation of RDP. UAG doesnt have a code involved on this end so RDP support could help on any RDP issues.

4- On UAG server side you can enable the following tracing for Microsoft support to assist:

Please launch UAG Bits tracing hta file from c:\Program Files\Microsoft Forefront UAG\common\bin\tracing --> launch <trace.hta>

here are the components you probably want to turn tracing on for: UAGRDPSVC, WHLTSGAUTH, WHLTSGCONF, WHLFILT_CORE, WHLFILTSECUREREMOTE_BASE, WHLGENLIB, WHLGENLIB_GENERAL

Please enable all levels Error,Warn,Info,Func,Noise for all these components.

 Hit the Go button when ready to repro.

 Stop the tracing as soon as issue is reproduced.

Give it 30 seconds before you collect the bin file from c:\Windows \debug.