That sounds like the gateway service either isn't working or isn't configured to deliver the correct links.
The .RDP file is downloadable, save it somewhere and edit it with a text editor. Verify your connection string is something that publicly resolves.
The Sonicwall doesn't need the certificate, but it does need to forward TCP 443 to the RDP Gateway.
Hey,
@Sky-Knight - I'm still fighting with this, and I'm having trouble finding the problem. Here's where I am:
1. If I'm inside the network, I can RDP to the IP address of the gateway/connection broker server, and it works. I get a session on the RDSH host.
2. If I'm outside the network, but VPN into the firewall, I can do the same thing. RDP to the IP address of the gateway/connection broker server, and it works. Because, if I have a VPN session, I'm not actually outside the network - duh.
3. If I try without the VPN to RDP to the FQDM (rds.mydomain.com) I'm using, it doesn't work. I get the message that the 'remote resource cannot be reached'.
4. If, from outside the network, I browse to
https://rds.mydomain.com, I get the IIS screen on the gateway/connection broker server. This tells me my firewall rule is working as desired.
5. If, from outside the network, I browse to
https://rds.mydomain.com/rdweb, I get the RDWebAccess login page, on which I can use a domain username and credential to successfully log in and see the RDP shortcut to the collection. If I download this, it doesn't work, producing the message that the 'remote resource cannot be reached'.
6. If I open that RDP shortcut in notepad, there is more than one line that refers to the server. Here is the relevant section:
=============
full address:s:LAB-APPSVR.HCHLAB.LOCAL
gatewayhostname:s:LAB-APPSVR.HCHLAB.local
workspace id:s:Lab-AppSvr.HCHLAB.local
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.LAB_Collection
use multimon:i:1
alternate full address:s:LAB-APPSVR.HCHLAB.LOCAL
=============
I have tried changing one and all of those lines, but I'm not sure what it is looking for, and I cannot find error messages in the logs anywhere that point me to the solution.
PLUS - if it think about this logically, If I'm using RDP to come in from outside, then that traffic is going to be on 3389, isn't it? My firewall rule is blocking everything except for 443, so how could that ever work? As a test, I tried allowing all traffic in the firewall rule, but that didn't help, because I think the lines in the RDP are wrong. I just don't know what the right answer is, so I'm stuck.
FURTHER, if the collective wisdom is that outside access should be over VPN anyway, then why don't I just use the IP address, which works, and skip the domain name and certificate altogether? I'd like to keep using the domain name even over the VPN, but that isn't working and I can't seem to find the salient clue about exactly where the failure point is.
I'm working on this whole thing off hours, and after a couple weeks of spinning my wheels, I'm losing the motivation to continue on that path. I guess I'm having trouble understanding why modifications to the RDP shortcut are even necessary, given proper setup of this whole thing. Considering outside access is the primary function being supported here, why doesn't it work out of the box? It strikes me like if you bought a new car and it wouldn't work until you hand-made your own ignition key!