Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 10 subscribers
  • Views 20094 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF: Unable to publish Remote Desktop Gateway 2016

Gatt

I am running UTM 9.506-2 and RD 2016, but cannot get clients to connect to the RD Gateway
I've tried using the RDG template for Server 2008 but this no longer seems to be compatible.

Followed various walkthru's online to no avail..

A few of the WAF errors:

  • AH01614: client used wrong authentication scheme: /remoteDesktopGateway/  
  • Failed to sync Outlook Session & The registered Outlook Session is in unexpected state 'BROKEN'
  • Errors on RDG_IN_DATA and RDG_OUT_DATA  (401, 503, 502, 503 codes)

Closest I got was greeted with this WEV error message:

  •  "The user user@domain, on client computer "xxx.xxx.xxx.xxx:xxxx", has initiated an outbound connection. This connection may not be authenticated yet."

I have tried following the advice at the end of this article, but it does not seem to work either now

Wondering if there has been a change in how the RDG works in 2016 or if UTM just doesn't support it correctly



This thread was automatically locked due to age.
Parents
  • 0

    Same here.

    Only RD gateway on Windows 2008 was working through WAF.

    Windows 2012 and newer has something different and WAF cannot be used to publish RD gateway.

    I tryied Sophos XG too and same result.

    Predefined policy is for RDgateway 2008 and it is useless.

     

    Only way to get it work is to use DNAT, not WAF. So port 443 on one public IP address is gone for this.

Reply
  • 0

    Same here.

    Only RD gateway on Windows 2008 was working through WAF.

    Windows 2012 and newer has something different and WAF cannot be used to publish RD gateway.

    I tryied Sophos XG too and same result.

    Predefined policy is for RDgateway 2008 and it is useless.

     

    Only way to get it work is to use DNAT, not WAF. So port 443 on one public IP address is gone for this.

Children
  • 0 in reply to MartinBozko

    I did find a workaround that does get it working

    Login to the UTM over SSH and, as root:

    cd /var/storage/chroot-reverseproxy/usr/apache/conf/

    vi reverseproxy.conf

    Find your WAF rule 

    eg:

    <VirtualHost x.x.x.x:443>

    ServerrName  rdgateway.fqdn.here

    Go down to the </Location> tag 

    and enter the following lines underneath:

    <Location "/remoteDesktopGateway">

         ProxyPass "wss://rdgateway.fqdn.here/remoteDesktopGateway"

    </Location>

     

    Save the files and run:

    /var/mdw/scripts/reverseproxy restart

     

    This should then get irt working again  (Works for me - especially with the new HTML Remote Desktop Web Client

     

    Down side?
    Any future WAF changes or system restart will REMOVE the above code, so will need to be repeated after every reboot or WAF change

Unfiltered HTML