FIX: Errors may occur when a user cannot connect to an RD Virtualization Host server after you publish Remote Desktop Services or RemoteApps through Forefront Unified Access Gateway 2010

Article translations Article translations
Article ID: 2702989 - View products that this article applies to.
Expand all | Collapse all

Symptoms

As an administrator, you publish Remote Desktop Services or RemoteApps through Microsoft Forefront Unified Access Gateway 2010 so that users can connect to a Remote Desktop Virtualization Host (RD Virtualization Host) server. This process is also known as publishing a personal virtual desktop or virtual desktop pool that is hosted on a Hyper-V server. However, when a user cannot connect to the RD Virtualization Host server, you may find the following errors logged in the Windows Terminal Services Gateway operation event log:

The user "\UserA", on client computer "127.0.0.1", did not meet resource authorization policy requirements and was therefore not authorized to resource "IPv4:IPv6 address". The following error occurred: "23002".


Additionally, the user may receive the following error message at the same time:

Remote Desktop can't connect to the remote computer rdshost.contoso.com for one of the following reasons:

1) Your user account is not listed in the RD Gateway's permission list
2) You might have specified the remote computer in NetBIOS format
(for example, computer1), but the RD Gateway is expecting an FQDN or
IP address format (for example, computer1.fabrikam.com or 157.60.0.1).

Contact your network administrator for assistance.

Cause

This problem may occur because Forefront United Access Gateway 2010 does not support publishing Windows 7 Personal Virtual Desktops or a Virtual desktop pool.

Resolution

To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
2710791 Description of Service Pack 2 for Forefront Unified Access Gateway 2010
After you apply Service Pack 2, follow these steps on the Unified Access Gateway 2010 server to enable Virtual Desktop Infrastructure (VDI) functionality:
  1. Locate the following registry subkey, and create the following new value:
    HKEY_LOCAL_MACHINE\Software\WhaleCom\e-Gap\Common

    DWORD Value: TSDontCheckResources
    Value data: 1
  2. Apply the Unified Access Gateway 2010 configuration.
  3. Restart the IIS services, or restart the Unified Access Gateway 2010 server.
  4. Create a new Remote Desktop application for VDI in Unified Access Gateway 2010, and then apply the configuration.
  5. If VDI desktop pool is configured on the back-end, you can add certain parameters to the rd-template.txt file. This file is located in the following folder:
    drive:\Microsoft Forefront Unified Access Gateway\common\conf
    Save a copy of the file in the Custom Update folder. For example, the file should be saved in the following path:
    drive:\Microsoft Forefront Unified Access Gateway\common\conf\Custom Update\rd-template.txt
  6. Add the following parameters to the rd-template.txt file in the Custom Update folder:
    • use redirection server name:i:1

      The use redirection server name parameter enables you to specify the redirection server name where you want to go.

    • LoadBalanceInfo:s:tsv://vmresource.1.VMFarm

      The LoadBalanceInfo property contains the load balancing cookie. If you know your VDI Pool ID, you can change this property to the following:
      loadbalanceinfo:s:tsv://vmresource.1.PoolID

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More information

A user is connected to a personal virtual desktop in the following way:
  1. A user starts the connection to the personal virtual desktop by using RemoteApp and Desktop Connection through Forefront United Access Gateway.
  2. The request is sent to the RD Session Host server that is running in redirection mode.
  3. The RD Session Host server that is running in redirection mode forwards the request to the RD Connection Broker server.
  4. The RD Connection Broker server queries Active Directory Domain Services and retrieves the name of the virtual machine that is assigned to the requesting user account.
  5. The RD Connection Broker server sends a request to the RD Virtualization Host server to start the virtual machine.
  6. The RD Virtualization Host server returns the IP address of the fully qualified domain name to the RD Connection Broker server. The RD Connection Broker server then sends this information to the RD Session Host server that is running in redirection mode.
  7. The RD Session Host server that is running in redirection mode redirects the request to the client computer that initiated the connection.
  8. The client computer connects to the personal virtual desktops.

References

For more information about how to modify RDP parameters, go to the following Microsoft TechNet website:
Modifying RDP parameters
For more information about the Load Balance Info parameter, go to the following Microsoft TechNet website:
Load balance info
For more information about the LoadBalanceInfo property, go to the following Microsoft Developer Network (MSDN) website:
IMsRdpClientAdvancedSettings::LoadBalanceInfo property
To find your VDI Pool ID, you have to connect to your Internal Connection Broker server, and then follow these steps:
  1. Start Server Manager.
  2. Expand Roles.
  3. Expand Remote Desktop Services.
  4. Expand Remote Desktop Connection Manager.
  5. Expand RD Virtualization Host servers.
  6. Expand Pooled Virtual Desktops. You should now see all the properties, and this includes the Pool ID.

For more information about how to deploy virtual desktops, refer to the following VDI resource guides:
Deploying Personal Virtual Desktops by Using Remote Desktop Web Access Step-by-Step Guide

Deploying Virtual Desktop Pools by Using Remote Desktop Web Access Step-by-Step Guide

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2702989 - Last Review: December 7, 2012 - Revision: 3.0
Applies to
  • Microsoft Forefront Unified Access Gateway 2010 Service Pack 1
Keywords: 
kbqfe kbfix kbexpertiseinter kbbug kbsurveynew KB2702989

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com