Recently I ran into a problem with an existing Remote Desktop Services 2012 R2 at a client site. The error occurred intermittently and after a number of retries, client could establish connection normally making the issue not always reproducible. This blog summarises the process of identifying the symptoms, possible causes, and the resolution steps.
The RDS farm consisted of two connection broker servers and two session hosts. The Remote Desktop Connection Broker is configured in HA mode using two DNS records pointing to two broker nodes for round robin. The session hosts are 2012 R2 based machines. The broker nodes also host the RD Web Access and RD gateway with one of the nodes assuming the RD Licensing role.
The end user encountered the following error when trying to connect:
Your computer can’t connect to the remote computer because the Connection Broker couldn’t validate the settings specified in your RDP file. Contact your network administrator for assistance.
After further digging, I found the error below (Event ID 802) on the second broker node:
RD Connection Broker failed to process the connection request for user <userID>.
Farm name specified in user’s RDP file (hints) could not be found.
Error: The farm specified for the connection is not present.
Additional errors encountered were:
Remote Desktop Connection Broker Client failed while getting redirection packet from Connection Broker.
User : <userID>
Error: Element not found.
Remote Desktop Connection Broker Client failed to redirect the user <userID>
One aspect I discovered was that the same error didn’t occur on the other broker server. This led me to investigate the RDS configuration: the RDCB was setup in HA mode with a SQL backend however it only has one node configured. We got somewhere. To isolate the issue, we had decided to operate the RDS on a one node configuration to confirm suspicion that whenever a user gets redirected to the broker that’s not configured it would cause a redirection failure (RDCB uses Round Robin DNS for HA).
In the server manager console, the following tasks were done:
- Removed DNS RR record of the second broker node
- Removed the second gateway
- Removed the RD Web Access of the second node
Connecting to the remote desktop farm from internal network worked fine after we have made this change – tested this multiple times and from different machines to confirm that it’s stable. However we received a different error when connecting from external network – but this time the end user’s error was different:
Remote Desktop can’t connect to the remote computer for one of these reasons:
1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network
Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.
The next port of call was to check RD gateway and we found that the second gateway was still part of the RD gateway farm. From Windows Server 2012, RDS is administered in the Server Manager console which included configuration for Session Collections, RD Web Access, Broker Deployment, and RD Licensing. One aspect that is not fully managed via the console is Remote Desktop Gateway. One key takeaway is after adding or removing RD gateway from the server manager console check if the RD gateway server has been removed from the RD gateway manager.
*Further investigation showed that the configuration had “Bypass RD Gateway server for local addresses” checked resulting in a different outcome when connecting from local networks as it bypasses the RD gateway. Unhecking this enforces all connections through the RD gateway.