Tagged: RODC User Cache
- Mon, May 18 2020 at 2:41 pm #1556209Darryl Baker, CISSPParticipantMember Points: 382Rank: 2
I have a remote desktop service deployment consisting of 2 servers; a remote desktop gateway (with the RD gateway and RD webaccess roles), and host server (with the session host, broker, licensing, and web access roles). I am using remoteapp to publish rdp connections to specified computers. Initially, both of these servers were in our internal network and internal AD site and everything worked perfectly. I recently moved the the gateway server to our DMZ and our AD DMZ site. Now I am not longer able to configure the RD Connection Authorization Policy or the Resource Authorization Policy; I can access remote desktop management and open the CAP RAP wizard, but after I select the AD security group, it does not save into the box. The box just stays blank.
The remoteapp solution works from within the our network (because it bypasses the gateway), but for remote users, they can navigate to the page and login. When they select one of the published RDP connections a prompt to access the Session host server appears and the username/passwords are denied.
Looking at my firewall logs, it looks like the rd gateway is trying to connect to my internal DC’s and not my RODC in the DMZ. The server is on the DMZ subnet with a static IP and RODC’s chosen for DNS (they are the DMZ DNS servers as well). I have changed the HK local machine netlogon parameters for SiteName and DynamicSite to our DMZ site…..What am I missing here? Why is this server still trying to use my internal DC’s for the RDS deployment? Any help would be great! Thanks
- Tue, May 19 2020 at 9:46 am #1556222Joel TboParticipantMember Points: 97Rank: 1
Sounds like an issue I have seen before when the users or computers are not in the Precached group on the RODC. If the users can not be found on the RODC it will redirect the user login to the writeable DC.
Here is a reference to confirm users are setup correctly. https://www.itprotoday.com/windows-8/pre-populate-users-passwords-read-only-domain-controller-rodc
- Thu, May 21 2020 at 9:27 am #1556278Joel TboParticipantMember Points: 97Rank: 1
Your welcome. Glad it worked out.
- You must be logged in to reply to this topic.