none
Azure Application Proxy Pre-authentication with RDS 2019 not working RRS feed

  • Question

  • Tried to publish RD GW and Web through a Azure Application Proxy using this Microsoft article: https://docs.microsoft.com/bs-latn-ba/azure/active-directory/manage-apps/application-proxy-integrate-with-remote-desktop-services

    Pass-through authentication is working, however with Pre-authentication it can't connect. After a while it shows the error message below:

    I've tried several things but i'm unable to get it working. It should be possible to use pre-authentication according to the documentation (single app for RD Gateway and RD Web Acces):
    Both the RD Web and RD Gateway endpoints must be located on the same machine, and with a common root. RD Web and RD Gateway are published as a single application with Application Proxy so that you can have a single sign-on experience between the two applications.

    This is my setup:
    SRV-GW-01  (192.168.1.50)   = Connection Broker / Gateway / Web Access
    SRV-RDS-01 (192.168.1.51)   = Session Host
    SRV-RDS-02 (192.168.1.52)   = Session Host

    Connectionbroker publishedname = rd.contoso.com

    RD Gateway settings:
    Use these RD Gateway settings: rd.contoso.com
    Logon method: password authentication
    enabled: Use RD Gateway credentials for remote computers


    Certificate:
    wildcard *.contoso.com bound to role services:
    - RD Connection Broker - enable SSO
    - RD Connection Broker - publishing
    - RD Web Access
    - RD Gateway

    DNS records Internal
    Type: A-record
    Host: rd.contoso.com
    IP:192.168.1.50


    DNS records External
    Type: Cname record
    Host: rd.contoso.com
    Points to: rd-contoso.msappproxy.net

    The Web Application Proxy settings:

    The SSO settings:

    And Kerberos Delegation in AD

    IIS





    Friday, January 17, 2020 5:34 PM