Hello.

I was recently fiddling with my new WHS2011 box (running on an HP ProLiant MicroServer N36L). I attempted to create a VPN using a tutorial on the internet. It didn't work. I thought at the time I had broken my RDP service as I couldn't connect to the dashboard. This was solved with a quick reboot, removing the power-plug after shutdown to ensure server was fully powered down. Before this I though why-not and installed the Remote Access Services role. I fiddled with it and it didn't solve my problem. I uninstalled the role.

Now when I attempt to RDP to any computer on my network from outside using either the RemoteApp via the RA Dashboard or TSG through Remote Desktop on an external computer, I get this error: 'Your computer can't connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.' I didn't try to RDP before fiddling so I have no way of knowing whether it is a config error, but I managed to get to the Certificate Acceptance message (yellow band) and just clicked cancel as I didn't want to connect at the time, so this makes me think I have messed it up.

I would rather not reinstall WHS2011, but I fear there is no alternative, and was wondering if you might be able to shed any light on the situation.

Many Thanks. (and sorry for the long post)

Did you happen to setup a backup drive for the OS on your WHS2011 server? If you did then you can always recover the server from the backup to the point before your started trying to create a VPN. This process takes less then 1 hour so keep that in mind should you need to do this.

The other thing I am curious about is and its not really clear on what you were able to do and not able to do before. The RDP connection may work fine but you may be being blocked from using it from the location your trying to make the connection from. The other thing is to make sure the ports are properly being forwarded to your server and the best way to do this is to reserve and IP number for the server with your router then forward the following ports to that IP 80, 443, 4125 and there is one more I believe its 3389. Ports 4125 and 3389 are for RDP connections.

Here is some additional info on setting up various routers: http://social.technet.microsoft.com/wik ... setup.aspx

The last thing I will mention is to try to make an RDP connection using a client which you did not attempt to setup the VPN on just to rule out the client end if at all possible. If the other client works but the one you attempted to set the VPN up on does not then you have to correct the client. So you have to address the issue on both the client and server side.

Good Luck & I do not blame you for wanting to get a VPN working because once you have it working its very addictive. Its one of the nicer things that WS2012E does for you that WHS2011 doesn't.

_________________
Exploring the possibilities!

Migrated from WHS2011 to WS2012E: HIGHLANDER

~ Norco 4220 Enclosure
~ Gigabyte GA-990FXA-UD5
~ AMD Phenom II X4 995 3.2 GHz
~ 8 GB Corsair Vengeance DDR3 1600 (PC3 12800)
~ 3 Supermicro AOC-SASLP-MV8

Hi, thanks for your fast response!

Mr. Idiot over here didn't set up a backup before fiddling as my hard drive that I was planning to use for the backup is currently in a PC who's primary hard drive is at the menders, so I can't rescue the data off it easily, it is the only tower PC we have, minus the server.

The location I am attempting to connect from uses a TS Gateway to connect to their infrastructure providers site, and so do not block those ports. The same error is visible when connecting locally through RemoteApp or TSG.

My router has a reputation for poor port forwarding and so this may be a culprit. The port 4125 is reported as closed on canyouseeme.com, but some say it only opens on demand. Also, the fact I'm getting this error suggests the server is being reached, if I enter an incorrect password the client tells me it is incorrect.

Due to company policy at the location of the PC I was trying from I didn't attempt to set up VPN on said PC.

Ahh, if only I didn't have to fork out £300 for WS2012E, life would be bliss.

If you were able to make the connections before then the issue may not be with the router but if not then quit possibly the router could be the issue. You need to look back and figure out what you could do before that you can not do now to determine where the problem is be it with the router or with a configuration in the server or client. I do know that routers can be a big pain and are often overlooked as the cause of a problem

_________________
Exploring the possibilities!

Migrated from WHS2011 to WS2012E: HIGHLANDER

~ Norco 4220 Enclosure
~ Gigabyte GA-990FXA-UD5
~ AMD Phenom II X4 995 3.2 GHz
~ 8 GB Corsair Vengeance DDR3 1600 (PC3 12800)
~ 3 Supermicro AOC-SASLP-MV8

I believe I could connect, I can recall (as previously mentioned) getting to the certificate acceptance error, and just hitting No as I din't want to connect at the time. I have doubts as to the status of port 4125, but I believe I read somewhere it is only opened on demand, and if I could get through before then I believe it isn't the port to blame.

I am so annoyed at myself for fiddling, the VPN side of things wasn't too damaging, but this Remote Desktop Services role has really caused some problems. I remember encountering an error about the creation of CALs failing during the configuration process of RDS, so maybe when I uninstalled the role it removed my CALs given by Microsoft.

I believe if you could do it before then the router would not be the issue. Can you make an RDP connection within your network where the server is actually located?

Thing about Remote Desktop is WHS uses it to also make a Dashboard Connection so if you can fully use it within your network it would be a good sign.

Then the next question is can you make a connection to the server itself from outside your network to verify RWA or Remote Web Access is functional and that you can get on the servers Dashboard as this will be a good sign.

_________________
Exploring the possibilities!

Migrated from WHS2011 to WS2012E: HIGHLANDER

~ Norco 4220 Enclosure
~ Gigabyte GA-990FXA-UD5
~ AMD Phenom II X4 995 3.2 GHz
~ 8 GB Corsair Vengeance DDR3 1600 (PC3 12800)
~ 3 Supermicro AOC-SASLP-MV8

Hi again,

I can RDP direct to the server and connect to the dashboard, although this broke when I was fiddling with the VPN, at least until I hard rebooted the server.

I can access the Remote Access page, and sign in with no bother.

The problem comes when I try to connect to a computer through the computer tab (in IE of course) or using the TS Gateway feature of newer versions of MSTSC (Remote Desktop).

Thanks.

I assume from the lack of response it looks as if I'll need to re-install WHS2011.

Sorry I missed the previous post but at this point I do not have an answer to the problem but I will give it some thought but its not something I actually do meaning connect to my clients through the server although I have done so a couple times in the past but typically I will shut my primary computer off but I do have a couple clients I can try connecting to next time I am at work but that will not help solve your issue because I can't actually see what you see on your end.

I will tell you this much if you do reinstall WHS2011, after you get it fully updated and configured I would setup a backup drive for the OS and let the server backup the OS twice per day that way if you ever have to perform a recovery you can do it from a backup and there will be no need to have to go through all the setup and driver hassle and it only takes about 1 hour to perform a recovery so its fairly quick.

_________________
Exploring the possibilities!

Migrated from WHS2011 to WS2012E: HIGHLANDER

~ Norco 4220 Enclosure
~ Gigabyte GA-990FXA-UD5
~ AMD Phenom II X4 995 3.2 GHz
~ 8 GB Corsair Vengeance DDR3 1600 (PC3 12800)
~ 3 Supermicro AOC-SASLP-MV8

Hmm. I followed a MS tutorial on fixing the RDP system which worked to an extent. I now no longer get the terminal error message, but a different one complaining that:

Remote Desktop Gateway can't connect to the remote computer "XXX" for one of these reasons:

1) Your user account is not authorised to access the RD Gateway "yyy.homeserver.com"
2) Your computer is not authorised to access the RD Gateway "yyy.homeserver.com"
3) You are using an incompatible authentication method (for example, the RD Gateway might be expecting a smart card but you provided a password)

Contact your network administrator for assistance. (Typical MS, I AM the Net Admin, so who do I contact?

That happens when connecting through the TSG function of MSTSC, if I try and connect via RWA the RemoteApp launcher for the Dashboard, or the "Connecting to:" screen for any non-server PC, just hangs are the loading point and doesn't complete the connection.

How infuriating.

Breaking news!

I have managed to get the TSG function working by adding some policies in the management interface of RAS in the Server Manager (after enabling it through the Command Prompt). This solves the TSG access problem.

The issue now is that I still cannot access any computers from RWA, and I have a feeling that this is due to the somewhat quirky form of authentication that WHS2011 (and for that matter presumably SBS2011 and SS2011) uses for its RWA RDP function. I read somewhere that it uses cookie-based authentication, which obviously won't work with the spit-and-duck-tape setup I currently employ.

I was wondering if any of you might have some bright ideas. It isn't important, as arguably the TSG system is more compatible than the RWA system, but for convenience and ease of use it would be useful to have the RWA feature working too.

Many thanks for your help so far.

I am not able to test an RWA connection to my WS2011 server because its not actually setup for that. I did however perform a test from WS2012E and was able to make the connection no problem. Now I could be wrong on this part but I believe somewhere along the way when the Connect Software was being installed it may have asked if you want to allow a remote connection to the client. It you did not allow it then that would make sense.

Now if you can get to just one client I believe you should be able to make an RDP Connection from that client to another client. I forget why I did this and it may have to do with a camera server not showing up properly with a LogMeIn connection so I went around in this manor hopping on one client to access the video camera server at work but I believe I have done this at home. Its what happens when you have too many toys to play with you try things.

At least your making progress on this issue and hopefully you will get things just where you need them to be very soon going forward.

As for MS's help messaging my favorite is when you run into an error and it tells you to click here for help and then you do so and it tells you it has no idea about the issue and WHS2011 and WS2012E is full of things like that. Very annoying and why even bother......

_________________
Exploring the possibilities!

Migrated from WHS2011 to WS2012E: HIGHLANDER

~ Norco 4220 Enclosure
~ Gigabyte GA-990FXA-UD5
~ AMD Phenom II X4 995 3.2 GHz
~ 8 GB Corsair Vengeance DDR3 1600 (PC3 12800)
~ 3 Supermicro AOC-SASLP-MV8