Remote Desktop Gateway is temporarily unavailable Mac
18 Replies
Show
· · ·
Ghost Chili OP
Jono Jan 20, 2020 at 03:58 UTC
Check the default TSGateway
https://www.concurrency.com/blog/w/remote-desktop-can%E2%80%99t-find-the-computer-through-rdw
0
· · ·
Mace OP
Justin1250
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
The only port needed externally should be 443. You don't want to expose 3389 publicly. What does the event viewer say when people try to connect? 2
· · ·
Mace OP
kevinmhsieh
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
First of all, stop forwarding everything to your RD gateway except for 443. You have a major security issue. Also be sure your RD gateway got the January 2020 security patch, as there is a critical TD Gateway remote code execution bug that can be remotely exploited by an unauthenticated attacker. To start, try manually connecting to your TD s wnssion host from outside and manually specify your RD Gateway server. If this doesn't work then you have a problem with RD gateway. If it does work, then your problem could be with RD Web, etc. 0
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
to jono that replied that was initially checked before the post. thanks. to justin1250 i understand that is a security risk and will be addressing that as soon as i get it working. there will be firewall rules only allowing certain sites to connect. thanks. to kevinmhsieh the january security patch has been installed. i'm not sure what your request is regarding the TD s wnssion. the connections are being made from the browser and the remote desktop app will not be used in this application but i need to make sure all is working before i turn it off. 0
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
i tried using remote desktop to connect instead of the web browser and got the same message stating that the remote desktop gateway server was unavailable. i tried changing the remote desktop server name several different ways with no success. 0
· · ·
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
0
· · ·
Mace OP
kevinmhsieh
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
I meant to manually connect to RD session host via RD gateway. Autocorrect can really suck on my device. Honestly I have never tried RD Web and RD gateway on same machine. I do know that it has to be done correctly, or the two services, which use the same listening port, will conflict. 0
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
kevinmhsieh thanks for clarifying on the autocorrect. i understand. i'm not sure if i'm following your lead though and it's probably because i don't understand. i can open a web browser on the rdweb server, go to the urlhttps://publicserver.publicdomain.com/rdwebget a login screen, login, see apps, and open the apps with one additional AD credentials prompt that i think shouldn't be there but with no errors through the process. 0
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
So after still working on the issue for quite some time i decided to just uninstall RD Web services and reinstall it. All of the errors have gone away but i'm still getting an extra authentication prompt when i go to launch the application that is published. Can anyone tell me how to get rid of the extra domain authentication credentials prompt when clicking on the published application. I've already supplied my domain credentials at the RD Web splash page and would think that it wouldn't be necessary again. Maybe that's the way the stupid thing works but if someone knows please let me know. 0
· · ·
Mace OP
Best Answer
Justin1250
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Here is a great set of guides for RDS:
https://ryanmangansitblog.com/2015/03/02/rds-2012-deployment-and-configuration-guides/
Run through the SSO guide to get rid of the prompts 0
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
justin1250 that's a lot of great information on your page! Thanks so much for your assistance. I don't think i would have ever found this in such detail although i'm still having a little bit of trouble. I worked my way thru your SSO article and got to the end of the GPO section and decided to test it so far. I ran a gpupdate/force from the AD and RD server but I'm not getting the message regarding trusting the app's publisher and i'm still getting the prompt again for the credentials. I have another GPO related to mapped drives just above this policy with the same setup of users so I think it's assigned correctly. Can you explain what the TERMSRV/ requirement is in front of the server name? I am using the .local name there also which is what made sense to me. I'm posting a pic of the policy to see if you see anything i might have done incorrectly. Thanks! 0
· · ·
Mace OP
Justin1250
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Ryan's guides are great! I believe it is an SPN. Makes the account or the terminal server trusted for delegation and allows the credentials to pass. 0
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
I've made the changes but still keep getting the request for credentials when i launch the app. I'm not sure what i'm missing. 0
· · ·
Mace OP
Justin1250
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Where are you applying the SSO GPO? Have you checked the event logs on the servers for anything credential related? 0
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
i setup the GPO on the domain controller and assigned it to a small group of users that i am using as test users. i am seeing logon events in the domain controller security log but it doesn't show the user that logged in as it does when a user logs in locally. 0
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
So i was reading back through Ryan's guide on SSO and noticed this statement: "SSO works only in the domain environment: Active Directory user accounts must be used, the RDS servers and user’s workstations must be included in the AD domain" The remote users workstations are not part of the domain as they are remote. The RD Server and user accounts are part of the domain. Is this my problem? 0
· · ·
Anaheim OP
klpconsulting
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
GOT IT! I found this in another one of Ryan's blogs: https://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/ This is the piece i was missing:
Add the Certificates created above to the .rdp trusted publishers using GPO:(Computer Configuration -> Administrative Templates -> Windows Desktop Services -> Remote Desktop Connection Client). Specify SHA1 thumbprints of certificates representing RDP publishers
Ryan's path wasn't correct but after correcting the path in the GPO and pasting the thumbprint in the policy it worked. Only one authentication for the user at the splash page. 0
· · ·
Pimiento OP
spicehead-nziny Apr 29, 2020 at 21:24 UTC
1st Post
How did you managed to change untrusted to trusted? I am unable to do so. 0
· · ·
This topic has been locked by an administrator and is no longer open for commenting. To continue this discussion, please ask a new question.
Cannot connect from Macbook to Mac Pro using Microsoft Remote Desktop for Mac.
Archived Forums >Remote Desktop clients
All replies
Question: Q: Microsoft Remote Desktop can't connect to Windows 10 computer (can connect fine from Windows)I'm using the Microsoft Remote Desktop 10 app to try to connect to a Windows 10 computer via RD Gateway. If I try to initiate the connection from a Windows 10 computer with exactly the same settings, it works fine. It will not connect via a brand new MacBook Pro, it fails with the following error: "We couldn't connect to the remote PC because the Remote Desktop Gateway is temporarily unavailable. Try connecting later or contact your network administrator for assistance.Error code: 0x3000061" I even exported the connection from the Mac, copied and pasted across to a Windows 10 machine, double clicked on the exported RD connection and it works, so it's something with the Mac. If I ping the RD Gateway from the mac it resolves to the correct IP Address, I'm out of ideas. I've deleted and recreated the connection and RD Gateway that many times. I tried the older Microsoft Remote Desktop 8 app and it doesn’t work either. Googling this error for Mac basically turns up nothing. More Less MacBook Pro Posted on Aug 11, 2019 7:06 PM Reply I have this question too(23) I have this question too Me too(23) Me too Aug 15, 2019 8:04 PM in response to bac80 In response to bac80 It’d probably be better to ask some Microsoft folks or the Microsoft support folks about this Microsoft product. (Asking Apple users in a semi-related forum for a completely different product just isn’t the best spot for assistance.) I hadn’t heard about RD Gateway until you’ve mentioned it. (I’d probably use a VPN for that purpose, too.) Based on a few searches, I see documentation of using this product with the RD gateway. If that’s what you’re using and if it’s not working, then I’d check with the folks in a Microsoft forum or with Microsoft support. More Less Aug 15, 2019 8:04 PM Reply Helpful Thread reply - more options
Question: Q: Microsoft Remote Desktop can't connect to Windows 10 computer (can connect fine from Windows)I'm using the Microsoft Remote Desktop 10 app to try to connect to a Windows 10 computer via RD Gateway. If I try to initiate the connection from a Windows 10 computer with exactly the same settings, it works fine. It will not connect via a brand new MacBook Pro, it fails with the following error: "We couldn't connect to the remote PC because the Remote Desktop Gateway is temporarily unavailable. Try connecting later or contact your network administrator for assistance.Error code: 0x3000061" I even exported the connection from the Mac, copied and pasted across to a Windows 10 machine, double clicked on the exported RD connection and it works, so it's something with the Mac. If I ping the RD Gateway from the mac it resolves to the correct IP Address, I'm out of ideas. I've deleted and recreated the connection and RD Gateway that many times. I tried the older Microsoft Remote Desktop 8 app and it doesn’t work either. Googling this error for Mac basically turns up nothing. More Less MacBook Pro Posted on Aug 11, 2019 7:06 PM Reply I have this question too(23) I have this question too Me too(23) Me too Below is not an exhaustive list of connection errors, it’s just a some things that have tripped me up. If you have a nasty error that you have fixed, feel free to drop me a line, send me some screenshots and the fix, and I’ll add them as well. |