IIS8 and RDS 2012

M

MavsX

[H]ard|Gawd
Joined
Jan 4, 2007
Messages
1,086
I know nothing about IIS, but this should be pretty straightforward.

We have setup and deployed Remote Desktop Services on Windows Server 2012. That is working great, internally. I am trying to set it up so we can access this externally.

I've got the firewall allowing incoming connections to that IP with https

I've got a static map that maps the public static IP with the internal private IP of that server

I've got an a record on network solutions that shows the public IP correctly when pinged

When I put that name into a browser (externally), I am presented with the default IIS 8 splash page, and it does show SSL as working.

So with all that said, I think something simple needs to be redirected or changed in IIS so that we can pull up the RDWeb Gateway page, that will have a link/download to an RDP file so they can then use remote desktop.

Can one of you please show me and tell me where to go in IIS?

Externall, When i type in the name in a browser, i am only seeing the IIS 8 default splash page, I should be seeing the RDS web access page, that either hosts public apps, or remote desktop profiles, which can be downloaded, and then they load up remote desktop. So where do i go in IIS to enable that website, and get rid of the iss 8 default page.
 
more info as well -

MY RDS servers are as follows: RDS01-web access/connection broker RDS02-rd gateway RDS03-remote session host Where do i make this change at? I'm thinking i need to do it on RDS01 since that is the web access, right? Additionally, internally i can get to the web access via RDS01.domain.com/RDWeb/Pages/en-US/Default.aspx there it shows the RDP file, that i can download or open and fire up remote desktop. It seemed like whenever i made changes to RDS01, nothing happened externally

When i was trying it on my home computer, since it's external. Nothing was changing when i was messing with RDS01. I started messing with the same http redirects on RDS02, and then when i would go to that public name of remote-gw.domain.com it would forward me to rds02-domain.com/RDWeb. So it's like i think i am supposed to make changes on RDS01, but am confused because i'm only seeing these external changes when i mess with RDS02.


RDS all works internally, just not externally. Which is why im having issues with iis. Again, i have no idea about iis, but that is where the problem is. Getting the service to show up publicly in iis as simple as messing with the http redirects? and i think what i was wondering is on RDS01 in iis there is a default website and an RDweb, which one, or both do i mess with the http redirects? No one mentions that in any of the articles/blogs. Secondly, on RDS02 in iis, i see default web site, and rpc and rpcwithCert. So again, i think i need to be messing with RDS01 and not 02.
 
Have you tried going to "https://---FQD---/rdweb"?

If that lands you on the remote desktop gateway page, then you probably just need to make an IIS redirect from the default web site that points to the rdweb entry. If you haven't installed IIS redirect capability on that server, you'll need to do the following:

Open Server Manager -> Roles -> Web Server -> Add Role Services -> Common HTTP Features -> HTTP Redirection.

Once you've done that, open IIS, select the default web site, and then in the features view pane select "http redirect" and then configure the redirect to target the rdweb location.
 
cortexodus said:
Have you tried going to "https://---FQD---/rdweb"?

If that lands you on the remote desktop gateway page, then you probably just need to make an IIS redirect from the default web site that points to the rdweb entry. If you haven't installed IIS redirect capability on that server, you'll need to do the following:

Open Server Manager -> Roles -> Web Server -> Add Role Services -> Common HTTP Features -> HTTP Redirection.

Once you've done that, open IIS, select the default web site, and then in the features view pane select "http redirect" and then configure the redirect to target the rdweb location.
Click to expand...

before i went on hard forum, i was messing with http redirects based on what i was reading online. I think when i would go to "https://---FQD---/rdweb" in IE externally..i think i could get to the IIS default page, now when i do that i get a 404 directory not found page..

Is there a way to sort of reset the http redirects there?, since obviously i screwed something up.

Or should i just add that role and follow those your directions and see if that resolves the issue anyway.

thanks man
 
Can you explain how it is that you were "messing with http redirects based on what i was reading online"?

If you don't actually have the http redirection feature installed for IIS, I'm not sure how you'd be doing redirects in the first place. As-is, since you're indicating 404s now, I'm thinking you may have borked your site bindings. If you right click on the Default Web Site in the IIS Manager and select "Edit Bindings" it should have some entries that correspond to those shown on this support page (note that page isn't entirely relevant to your issue but the Default Web Site's out-of-box settings are listed there)
 
cortexodus said:
Can you explain how it is that you were "messing with http redirects based on what i was reading online"?

If you don't actually have the http redirection feature installed for IIS, I'm not sure how you'd be doing redirects in the first place. As-is, since you're indicating 404s now, I'm thinking you may have borked your site bindings. If you right click on the Default Web Site in the IIS Manager and select "Edit Bindings" it should have some entries that correspond to those shown on this support page (note that page isn't entirely relevant to your issue but the Default Web Site's out-of-box settings are listed there)
Click to expand...

I think you are right about the bindings. Mainly i started messing with with http redirects by clicking on both default web site and also RDWeb, then double clicking the http redirect icons in this picture..I did it on RDS01 first..



When that did nothing, i put them back to their default states(i think), which was..



Since i wasn't seeing any changes by messing with RDS01, i started messing with RDS02, i think i just messed with default web site and again clicked on http redirect icon..



I believe RDS02 was blank before i did anything..



So basically RDS01 has the /RDWeb/Pages on it, and RDS02 was blank before i started changing anything.

I'll take a look at that link you sent me. and see if i can maybe verify that everything is back to their default settings. Another thing is, internally from my workstation i can pull up everything and it looks fine, including ssl. From the server when i click on Browse Website *.443 on the far right side, it opens up IE and says there is a certificate mismatch, and i swear before i started changing shit, that the web access site appeared with no issues, so that is why i agree about the bindings..(whatever those are)




Edit: Just checked both RDS01 and RDS02 and both already have HTTP redirection installed already..




thanks for your help, i really appreciate it.
 
Last edited:
little update:

internally going to https://servername.domain/rdweb/pages works..like it always has. On RDS01 which is the web access and connection broker, i did this.



This now makes the site appear from within the server, so that is good. Is the redirect behavior settings good?
 
Alright another update.

I started doing some more reading and it looked like you could have the web access and the gateway on the perimeter(sort of), but i think the gateway needs to be outside and the web access is still internal, if that makes any sense. Now that rds is accessible from inside, as well as from the server, i think we are back where we need to be, so now i am trying to figure out how to get it working externally. From everything i am reading, all you need to do is change the http redirects. When i would mess with them on RDS01, nothing changed when opening it up at home, When i started messing with RDS02(which is the gateway), i would go to https://remote-gw.domain.com and it would forward me to https://RDS02.domain/rdweb/pages, but that directory is on RDS01, so i thought maybe i could set RDS02 to forward to RDS01, and that way they are still hitting the gateway first, and then being fowarded to RDS01, So when i did that, i was at home and i typed in https://remote-gw.domain.com, and it then displayed https://RDS01.domian/rdweb/pages. This was awesome i thought, but then it said SSL connection error, so i feel like i'm getting somewhere, just not quite right.

RDS01



RDS02



Viewing remote-gw.domain.com from home



so remote.gw.domain.com points to public IP, public ip is allowing 443 in on that IP. static entry for that ip forwarding to RDS02 internal IP, i then http redirect in IIS on RDS02, so when at home you type in remote.gw.domain.com you then are seeing http://servername.domain/RDWeb/Pages but there is a SSL error...
 
Last edited:
Seems like you're coming along nicely :)

I'm not really all that familiar with certificate stuff, but I think what's happening with the SSL connection error is a lacking certificate. Maybe this helps?
 
cortexodus said:
Seems like you're coming along nicely :)

I'm not really all that familiar with certificate stuff, but I think what's happening with the SSL connection error is a lacking certificate. Maybe this helps?
Click to expand...

...and get this. Finally got ahold of my boss and turns out he doesn't want to display the web portal anyway. Instead we want to use the gateway, and the special rdp file that we already have. We just need to distribute the special rdp file and everything is good to go. I sent the rdp to my home desktop via dropbox, double clicked it, logged and and that was it. Don't need to do anything...Spent like 15 hours with this since wednesday...i hate myself.

thanks for your time though man.
 
MavsX said:
...and get this. Finally got ahold of my boss and turns out he doesn't want to display the web portal anyway. Instead we want to use the gateway, and the special rdp file that we already have. We just need to distribute the special rdp file and everything is good to go. I sent the rdp to my home desktop via dropbox, double clicked it, logged and and that was it. Don't need to do anything...Spent like 15 hours with this since wednesday...i hate myself.

thanks for your time though man.
Click to expand...

¯\_(ツ)_/¯ glad it worked out :D
 
You must log in or register to reply here.
Back
Top