WS2016 RDS Gateway, Connects Internally not Externally

Question

Here is what I have done so far -

1. Configured Remote Desktop Services
2. Purchased a domain "domain.com"
3. Purchased a wild card ssl certificate, the thought is that I want to use "rds.domain.com" to access the RDS Server.

RDS Deployment Properties -

RD Gateway:

Server name: rds.domain.com

RD Web Access:

RD Web Access Server= RDS.DOMAIN.LOCAL URL: = RDS.DOMAIN.LOCAL/RdWeb

Certificates

The certs have been installed and the Green Bar is showing up when I go to rds.domain.com

IP Setup

In the domain controller I set up a new Forward Lookup Zone called domain.com, then created a Host (A) Record with the name rds, and pointed it to my RDS server.

I then forwarded ports 443, 3391.

Within my Domain Host, I configured two (A) records, @ XX.XX.XX.XX and * XX.XX.XX.XX - the public ip addresses are the same for both.

I can connected perfectly fine internally, but externally it does not seem to work.

Thank you in advance for any help someone can provide.

Answer 1

When you attempt the connection from outside does the rds machine hear you knocking on the door? Are you getting through to it and it ignores you, or are you not reaching it at all? A few things to throw out there: If you are trying to connect using the Microsoft rdp client (mstsc) then you should be forwarding port 3389. You can use the client on other ports but 3389 is the default. The rds machine should log your attempted connections from outside so see if it mentions anything when you try to connect. If it doesn't log anything then you aren't reaching it. So check the router/firewall(s) and make sure you are forwarding the packets. If it does log something that will usually tell you why the connection failed. if the outside machine you are using to make the connection is not a domain member then your login credentials could be the problem. you would need to login with "domain name slash username" not just username. Just thinking out loud here, HTH.