1

Hey Spiceheads,

We’ve recently set up an RDS server with a published remote app for use by some of our team members overseas. We consistently have DNS reconciliation issues with it (at least I assume that’s the problem). The remote app is configured to be reached using the server’s FQDN (is there another way?), and we have two domain controllers which perform DNS for the network; DC1 and DC2 we’ll call them. When a user logs into the remote app, it will work for a few hours and then they will receive an error that the “computer cannot connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect”. If we switch the primary DNS from DC1 to DC2 it will immediately start working-- for a few hours until the same thing occurs. Switching it back from DC2 to DC1 and it works again for a time. Lather, rinse, repeat.

I’ve verified that the A record and associated PTR are present in DNS. I’ve also tried a number of troubleshooting items in various KB’s including making sure that IIS has the proper settings, changing settings around the Gateway, and modifying the RD Gateway Manager Resource Authorization Policies, but nothing seems to have provided a permanent fix. This is all relatively new to me, so it’s entirely possible that something is wrong in my configuration and that this isn’t [at all or entirely] DNS related.

Ideas?

4 Spice ups
2

Not something you want to deploy across the board, but it could be handy to see if it’s DNS versus something else that’s using DNS as an excuse: use the hosts file on the PC and see if you have the same issue.

3

What are you using for DNS IP’s?

You should be using DC1 and DC2. nothing else.

Are you using DC1 and then an external IP address like 8.8.8.8?

4

Yes, but the way our DNS was set up it does not resolve external addresses. Without something like 8.8.8.8 we have no DNS resolution for anything outside our network. I have tried using netsh to set up DC1 first, DC2 second, and 8.8.8.8 third, but the same issue arises until the positions for DC1 and DC2 are switched.

5

I’ll try this and see if it resolves it. I’d considered changing the hosts file, but it’s tedious given the number of computers it would need to happen on. For testing purposes however, it would be feasible on one or two machines.

6

You’re got DNS setup totally wrong then. This is going to be the route of all your issues.

I’ve said this many times, never, ever, ever, ever, EVER mix internal and external DNS. It shows a fundamental lack of understanding of how DNS works.

What you switch DNS servers you’re flushing the DNS so that’s what makes it work until it starts using the external DNS which doesn’t understand internal DNS addresses and so you’re in a world of hurt.
INTERNAL DNS IP addresses ONLY for everything. EXTERNAL DNS on DNS forwarders or root hints.

Do that and your DNS issues will go away.
I explain it all here → http://blog.gdwnet.com/2015/07/how-to-do-dns-correctly.html

3 Spice ups
7

The hosts file change offered instant fix, so I think between the two of you, this may have provided the solution needed. I’ve changed our DNS to provide external addresses as forwarders, and set our router to only give out DC1 and DC2 as the DNS servers. Verified it working on my own system before roll-out, so I think we’re all set in that regard.

Let me try out this change for those users and I’ll let you know how it goes!

8

That did the trick. Thanks guys.