Symptoms
Consider the following scenario:
-
You install the Remote Desktop Gateway [RD Gateway] service on a computer that is running Windows Server 2008 R2.
-
There are multiple certificate bindings on the port 443 of this computer.
In this scenario, the RD Gateway may not work correctly. The incorrect behavior depends on the certificate store name of the selected certificate binding. The following two values of the certificate store name for the binding causes different issues:
-
Certificate store name is not NULL for the binding
In this case, all connections go through except in the following scenarios:-
Smart card authentication is configured on the RD Gateway-side.
-
Network Access Protection health checks are enforced on the client-side.
-
-
Certificate store name is NULL for the binding
In this case, all connections fail together, and you receive the following error message:Your computer can't connect to the remote computer because no certificate was configured to use at the Remote Desktop Gateway server. Contact your network administrator for assistance.
At the same time, the following TerminalServices-Gateway event that has the ID 306 is added to the TerminalServices-Gateway log:
Note To check whether the certificate store name is NULL, follow these steps:-
At the command prompt, type the following command, and then press ENTER:
netsh http show sslcert
-
Check the value for Certificate Store Name of the first binding that is listening on port 443. A value of [null] indicates that the certificate store name is NULL for that particular binding.
-
11 Replies
· · ·
Mace
OP
Aug 23, 2017 at 22:40 UTC
Its public or internal use?
Have you added A record forcertificate link or rdgateway name
Are you able to open the certificate link or rdgateway name from browser like
//rd.domain.com/rdweb
2
· · ·
Mace
OP
Aug 23, 2017 at 22:47 UTC
Microsoft Remote Desktop Services expert
50 Best Answers
207 Helpful Votes
Does it work from inside your network?
From outside your network, can you go to //public_IP/rdweband get the login page?
2
· · ·
Pure Capsaicin
OP
Aug 23, 2017 at 22:48 UTC
Also, in the RDP client [MSTSC] maybe try to manually specify the RD Gateway settings
1
· · ·
Anaheim
OP
Aug 24, 2017 at 02:45 UTC
@JitenSh
It is for public use. The A record is not yet added but in the meantime, we are using public IP instead of FQDN. Yes, we are able to open the certificate link or rdgateway name via the browser but internally only.
0
· · ·
Anaheim
OP
Aug 24, 2017 at 03:01 UTC
@Da_Schmoo,
Only the rdgateway name [name.domain.local] on the browser works and that also internally. From outside, I am not able to login via //public_IP/rdweb.
0
· · ·
Mace
OP
Best Answer
Aug 24, 2017 at 03:11 UTC
Microsoft Remote Desktop Services expert
50 Best Answers
207 Helpful Votes
That would indicate an issue with your firewall config.
2
· · ·
Anaheim
OP
Aug 24, 2017 at 03:35 UTC
@Neally,
I have also tried the manual RD Gateway settings as well without any results.
0
· · ·
Mace
OP
Aug 24, 2017 at 03:39 UTC
Microsoft Remote Desktop Services expert
50 Best Answers
207 Helpful Votes
From outside your network, telnet to port 443 on your public ip address. If nothing answers that's more indication that the problem is with your firewall config.
1
· · ·
Anaheim
OP
Aug 24, 2017 at 03:57 UTC
I am able to telnet to port 443 using our public IP from outside our network.
0
· · ·
Mace
OP
Aug 24, 2017 at 08:11 UTC
so the RD gateway name is not FDQN its ip so how you have assigned Certificate? if you are using public ip you need to create an A record from public ip and assign certificate so that when you remote desktop you can set a gateway name.alee786 wrote:
@JitenSh
It is for public use. The A record is not yet added but in the meantime, we are using public IP instead of FQDN. Yes, we are able to open the certificate link or rdgateway name via the browser but internally only.
0
· · ·
Anaheim
OP
Aug 24, 2017 at 19:46 UTC
I appreciate every one's feedback and especially Da_Schmoo's. Basically, the issue was indeed with firewall configuration and more specifically, the security policy rule. Once that was resolved, I could ping the public IP as well as use RDP [mstsc] to get connected to network resources from outside.
2
This topic has been locked by an administrator and is no longer open for commenting.
To continue this discussion, please ask a new question.
Below is not an exhaustive list of connection errors, it’s just a some things that have tripped me up. If you have a nasty error that you have fixed, feel free to drop me a line, send me some screenshots and the fix, and I’ll add them as well.
Question: Q: Microsoft RDP client for Mac receiving "Unable to connect" error code 0x5000007 from Microsoft RD Gateway
We have an RD Gateway server setup and running well. All of our Windows clients can use MS RDP client from outside of the LAN, but Mac users continue to receive and error; "Unable to connect Your session ended because of a protocol error while communicating with the Remote Desktop Gateway. If this keeps happening, contact your network administrator for assistance."
I can successfully connect a Mac running MS RDP client to computers on the network, but fail when accessing from outside of the firewall, through the gateway server.
i'm so so so stuck. help please.
More Less
Posted on Apr 2, 2020 5:10 PM
Reply I have this question too[54] I have this question too Me too[54] Me too
Apr 3, 2020 4:17 AM in response to RichardVisageMe In response to RichardVisageMe
This forum is for Apple's Remote Desktop and therefore not for you. Microsoft's Remote Desktop forum is here:
//remotedesktop.uservoice.com/forums/287834-remote-desktop-client-for-mac
You should have a word with your network administrator and ask them the question. FWIW I think there's a certificate or a protocol setting that needs to be configured somewhere that will allow your Mac to 'pass-through'. This could be something built-in on a PC or pre-configured when your IT department roll out the setting to their PC clients. Be patient and persistent and don't let them fob you off simply because you're on a Mac and not a PC. They should be supporting you properly irrespective of platform. It's their job after all
More Less
Apr 3, 2020 4:17 AM
Reply Helpful
Thread reply - more options
- Link to this Post
Apr 3, 2020 1:43 PM in response to RichardVisageMe In response to RichardVisageMe
If you have a good rapport with your IT support team then ask them if you need to install an SSL certificate on your Mac. My understanding is the RD Gateway requires this for RD clients to connect successfully. The other aspect of this is whether you have to establish a VPN first. Now this may or may not be a requirement prior to using MRD but its worth asking.
I've had another look and found this:
//remotedesktop.uservoice.com/forums/925639-remote-desktop-beta-client-for-ios/suggestions/39205006-rd-gateway-error-0x3000066
Ask if TLS v1.2 is enabled and make sure you're on the latest macOS. Worth a try?
Good luck!
More Less
Apr 3, 2020 1:43 PM
Reply Helpful
Thread reply - more options
- Link to this Post