Jens Ostkamp Posted August 14, 2019 Share Posted August 14, 2019 Hello everyone, so i have come to an interesting setup I have been trying to test for a couple of time now. The idea is, that I want to use NetScaler Gateway as a Gateway for an RDS Farm. Basically I want to add Bookmarks as RDP Connection which connects to the RDS Broker Server. I have found some little posts about this, i know that the RDP Proxy Feature is in general working for an RDP Session to a computer but of course i want to achieve the same with RDS Apps. The obvious problem has always been, that specific connection parameters aren't present in the RDP File the NetScaler will deliver to the Client. Researching the internet, I have found an interesting comment on a blog post of JG Spiers: https://www.jgspiers.com/rdp-proxy-netscaler-gateway/ "Lafrance July 27, 2018 Hi, you can add those special parameters to the bookmark. this allow you to publish multiple RemoteApp + RDP desktop to your users. here’s an example : add vpn url RemoteApp RemoteApp “rdp://10.10.10.10?alternate shell:s:||ServiceCenter&remoteapplicationprogram:s:||ServiceCenter&remoteapplicationname:s:ServiceCenter&remoteapplicationcmdline:s:&remoteapplicationmode:i:1” -clientlessAccess ONAll you have to do, is to open the RDP RemoteApp file within a notepad and then extract those parameters and use & to append them after the ? in the bookmarkI used those 5 parameters to make it works. Nothing to change in the RDP ClientProfile. I had RDP Redirection = Enabled in the RDP ServerProfile on NS 12.1" One user is explaining that by adding the specific connection information after the Bookmark URL itself will store them into the RDP File which then "should" correctly work as a whole. Adding the bookmark with the specific parameters worked perfectly, when I download the RDP-File I can see those parameters added succesfully but I can't establish a connection as I get the error "Connection for this computer cannot be established, because the information provided in the RDP-File couldn't get validated by the connection broker" (roughly translated from german). Within the Eventviewer of the Connection Broker Server I found the following entry: RD Connection Broker failed to process the connection request for user domain\user. User's RDP file has invalid hint format. Error: The request is not supported. Since my understanding of RDS isn't the best, I am not sure if there are some configrations missing (sounds for me like the broker doesn't "accept" the connection since the request comes from an "invalid" gateway - like if I forgot to add the Appliance to some kind of "allowed" relays, similar to Citrix Publishing where you have to add the Gateway which has to be used for this Store), but if anyone got this configuration working I'd highly appreciate any support regarding this. My NetScaler configuration is basically the same JG Spiers describes in his blogpost: -RDP Server and Client profile (same shared secret, RDP redirection enabled) -VPN vServer with ICA only unchecked -correct certificates on both sides Thanks a lot in advance and best regards! Link to comment Share on other sites More sharing options...
Sergiu-Konrad Kork Posted August 14, 2019 Share Posted August 14, 2019 what are you using the RDP server profile for ? in my deployment, i have it like this: - LB vServers for the backend RDS services. the bookmarks point to these - NSAG virtual server that does auth and has the bookmarks added; no RDS server profile configured - session profile bound to the NSAG vServer, which contains the RDS client profile (among other stuff irrelevant here) The rest is just cosmetics. Link to comment Share on other sites More sharing options...
Jens Ostkamp Posted August 14, 2019 Author Share Posted August 14, 2019 54 minutes ago, Sergiu-Konrad Kork said: what are you using the RDP server profile for ? in my deployment, i have it like this: - LB vServers for the backend RDS services. the bookmarks point to these - NSAG virtual server that does auth and has the bookmarks added; no RDS server profile configured - session profile bound to the NSAG vServer, which contains the RDS client profile (among other stuff irrelevant here) The rest is just cosmetics. hey, thanks for your response! i use the server profile to configure RDP redirection. i have read in several other posts that this is mandatory if NSGW should be able to work as rdp proxy when there is an RDS broker in the backend farm. so do you have applications and desktops as bookmarks? how do you separate them? from my understanding i have to add these mentioned parameters after my bookmark link so it is clear which application/desktop a user is trying to connect to. but i dont use lb vservers, i basically point my gateway directly to the RDS-Broker server (configured within client profile) Link to comment Share on other sites More sharing options...
Sergiu-Konrad Kork Posted August 14, 2019 Share Posted August 14, 2019 I do not remember many particularities, but i do know i am not using any RDS server profile, that only proved a problem in my setup. We don;t have any RDS apps, just desktops. Are the desktops working with no problems for you ? Link to comment Share on other sites More sharing options...
Jens Ostkamp Posted August 15, 2019 Author Share Posted August 15, 2019 Ah okay, i guess that's the difference then. We have Apps and Desktops and so my goal would be to just always point my RDP Proxy destination towards the RDS Broker Machine which will then manage the incoming connection to the correct worker server/desktop. I suppose your desktops you use the NetScaler RDP Proxy for are behind your LB vservers? Because my main problem with that setup is, that i can't differentiate between the apps/desktops when I try to establish a connection. That's what I described with putting these "special parameters" (extracted from an .rdp - file the RDSWeb Gateway would deliver) behind the bookmark, because that is what "should" work according to some comments on this JGSpiers blogpost. When I open the .rdp-file I can see that these parameters are indeed included but the connection would always fail with the error message, that the rds broker cant verify the information given in the .rdp-file (even though it is basically the same as when i would use the rds webgateway). I used server profile for "RDP Redirection" as I have read on many articles that since 12.1 this option needs to be set regarding RDP Proxy with RDS roles on the backend machines. I already tested - If i use the machines i want to establish an RDP connection to as a direct destination it will work, but I need the broker machine as a destination which then would redirect the request to the correct worker. My bookmark(s) look like this currently: rdp://fqdn-ofmybrokermachine.domain.de?alternate%20shell:s:||putty&remoteapplicationprogram:s:||putty&remoteapplicationname:s:putty&remoteapplicationcmdline:s:&remoteapplicationmode:i:1 My RDP-file delivered by NetScaler Gateway would look like this: alternate shell:s:||putty remoteapplicationprogram:s:||putty remoteapplicationname:s:putty remoteapplicationcmdline:s: remoteapplicationmode:i:1 redirectclipboard:i:1 redirectdrives:i:0 redirectprinters:i:1 redirectcomports:i:0 redirectpnpdevices:i:0 keyboardhook:i:2 audiocapturemode:i:0 videoplaybackmode:i:1 use multimon:i:1 negotiate security layer:i:1 enablecredsspsupport:i:1 authentication level:i:0 full address:s:dns-ofmygatewayserver.domain.de:443 loadbalanceinfo:s:cfc12c53dcf809adf042104f33dd410f7a1f5c1f7025458cf644c4a36dabfa9caaabd7bef383ef68cae252831c709948f05813fa19eb21aa66 Basically im trying to replace the RDSWebgateway with a NetScaler Gateway and I have read that it works with these special parameters (when you have to use apps instead of just desktops) but I somehow can't get it to work. I already thought of opening a Citrix Case but I'm afraid that this workaround isn't supported the way I want it to be, so I guess i won't get that much help. Maybe someone here already did a similar setup and can help me through with this. Thank you nonetheless so far! :) Link to comment Share on other sites More sharing options...
Ken Z Posted September 7, 2019 Share Posted September 7, 2019 Hi JOstKamp Are you using Chrome/Mozilla for testing? I had the same problem. These additional arguments only seem to work with Internet Explorer. Regards Ken Z Link to comment Share on other sites More sharing options...
Ken Z Posted September 7, 2019 Share Posted September 7, 2019 Guys just tested Chrome and Mozilla with NetScaler 13.0 Build 36.27, and RemoteApp/Seamless RDP sessions are now working... they no longer start up as a full desktop. Looks like it was a bug in Build 12.1 Regards Ken Z Link to comment Share on other sites More sharing options...
Jens Ostkamp Posted September 9, 2019 Author Share Posted September 9, 2019 On 9/7/2019 at 1:55 PM, Ken Zygmunt said: Guys just tested Chrome and Mozilla with NetScaler 13.0 Build 36.27, and RemoteApp/Seamless RDP sessions are now working... they no longer start up as a full desktop. Looks like it was a bug in Build 12.1 Regards Ken Z Hey Ken, thank you very much for your response and testing with NetScaler 13.0. Would it be possible to share your confguration, so I can test this in my environment? Thank you very much in advance! best regards Jens Link to comment Share on other sites More sharing options...
Ken Z Posted September 9, 2019 Share Posted September 9, 2019 Hi Jens Yes, can do that, but I used Carl's Stalhood's notes to do mine, which should be your first port of call for this type of information. https://www.carlstalhood.com/netscaler-gateway-12-rdp-proxy/ I'll post my settings tonight when i get back from my journey... Regards Ken Z Link to comment Share on other sites More sharing options...
Jens Ostkamp Posted September 9, 2019 Author Share Posted September 9, 2019 24 minutes ago, Ken Zygmunt said: Hi Jens Yes, can do that, but I used Carl's Stalhood's notes to do mine, which should be your first port of call for this type of information. https://www.carlstalhood.com/netscaler-gateway-12-rdp-proxy/ I'll post my settings tonight when i get back from my journey... Regards Ken Z Hi Ken, yes, I check Carls site on a regular base, it's probably the best site for ADC information :) But he is "just" describing RDP Proxy as a feature for published Desktops. In my case i specifically need not only desktops of RDS farm but also applications to work, thats what I described with these special parameters after the bookmark (and if there is more configuration needed apart from putting the special parameters after the bookmark). To be honest I can't remember if I tested it with IE as well (as you described), but I know I didn't use ADC 13.0. I will do some testing over the day, but it would be awesome if you could share your configuration steps (summarized), if you got RDS Apps via RDP Proxy working :) Thank you very much once again and best regards Jens Link to comment Share on other sites More sharing options...
Ken Z Posted September 9, 2019 Share Posted September 9, 2019 (edited) Jens firstly, i'm assuming that that you've got full desktops working through NetScaler connecting to RDS Hosts assigned to connection broker(s)? Assuming yes, then there's only one change you need to do to get RemoteApps working, and that's to edit the bookmark/add a new bookmark Also, all the testing I did assumed that only an RDWebAccess server was installed, not an RDGateway server. If you have an RDGateway server installed, log onto the Connection Broker and disable it. Firstly, use Chrome to connect to a RDS WebAccess server, log on, and click on a RemoteApp app. This will download the rdp file allowing you to save it/edit it with notepad to view the settings. Copy the following lines from it... (the example below is for a published Windows Calculator) alternate shell:s:||win32calc remoteapplicationprogram:s:||win32calc remoteapplicationname:s:Calculator remoteapplicationcmdline:s: remoteapplicationmode:i:1 The above five lines should be concatenated with an '&' and start with a '?'. i.e ?alternate shell:s:||win32calc&remoteapplicationprogram:s:||win32calc&remoteapplicationname:s:Calculator&remoteapplicationcmdline:s:&remoteapplicationmode:i:1 Next, go to Citrix Gateway/Resources/Bookmarks and add a new bookmark Name: <Anything unique> Text to display: <What you want to appear in the browser> Bookmark: rdp://<FQDN of one your your RDS Hosts>, e.g. rdshost1.comtoso.com and then add the above concatenated line Tick 'Use Citrix Gateway as a Reverse Proxy' Save Settings NOTE: the bookmark should point to one of your RDS hosts, NOT the connection broker!!!!!!!!!!!!! so, assuming your bookmark is the example above, the bookmark should have rdp://rdshost1.comtoso.com?alternate shell:s:||win32calc&remoteapplicationprogram:s:||win32calc&remoteapplicationname:s:Calculator&remoteapplicationcmdline:s:&remoteapplicationmode:i:1 NOTE: This should be all on one line - the editor split i over two... Add that bookmark to your Virtual Server. That is all the change you need to make to a working RDP Proxy to get RemoteApps working. As i said at the beginning, this is assuming that you've got full RDS desktops working through the NetScaler... Regards Ken Z Edited September 9, 2019 by kzygmun399 added an extra explanation 3 Link to comment Share on other sites More sharing options...
Jens Ostkamp Posted September 10, 2019 Author Share Posted September 10, 2019 Hey Ken, thank you VERY VERY much for this detailed explanation!! I will try to test this asap. I couldn't really test my setup with NetScaler 13.0 as I was busy yesterday, but I will surely get back to you when I have configured everything as you explained. I think the biggest mistake on my part until now was, that i pointed the bookmark to the connection broker and not one of the RDS-Hosts (probably Loadbalancing these gonna make some sense here), everything else looks pretty much the same in my lab environment. Again, thank you so much! I will reply when i tested everything :) best regards Link to comment Share on other sites More sharing options...
Jens Ostkamp Posted September 10, 2019 Author Share Posted September 10, 2019 11 hours ago, Ken Zygmunt said: Jens firstly, i'm assuming that that you've got full desktops working through NetScaler connecting to RDS Hosts assigned to connection broker(s)? Assuming yes, then there's only one change you need to do to get RemoteApps working, and that's to edit the bookmark/add a new bookmark Also, all the testing I did assumed that only an RDWebAccess server was installed, not an RDGateway server. If you have an RDGateway server installed, log onto the Connection Broker and disable it. Firstly, use Chrome to connect to a RDS WebAccess server, log on, and click on a RemoteApp app. This will download the rdp file allowing you to save it/edit it with notepad to view the settings. Copy the following lines from it... (the example below is for a published Windows Calculator) alternate shell:s:||win32calc remoteapplicationprogram:s:||win32calc remoteapplicationname:s:Calculator remoteapplicationcmdline:s: remoteapplicationmode:i:1 The above five lines should be concatenated with an '&' and start with a '?'. i.e ?alternate shell:s:||win32calc&remoteapplicationprogram:s:||win32calc&remoteapplicationname:s:Calculator&remoteapplicationcmdline:s:&remoteapplicationmode:i:1 Next, go to Citrix Gateway/Resources/Bookmarks and add a new bookmark Name: <Anything unique> Text to display: <What you want to appear in the browser> Bookmark: rdp://<FQDN of one your your RDS Hosts>, e.g. rdshost1.comtoso.com and then add the above concatenated line Tick 'Use Citrix Gateway as a Reverse Proxy' Save Settings NOTE: the bookmark should point to one of your RDS hosts, NOT the connection broker!!!!!!!!!!!!! so, assuming your bookmark is the example above, the bookmark should have rdp://rdshost1.comtoso.com?alternate shell:s:||win32calc&remoteapplicationprogram:s:||win32calc&remoteapplicationname:s:Calculator&remoteapplicationcmdline:s:&remoteapplicationmode:i:1 NOTE: This should be all on one line - the editor split i over two... Add that bookmark to your Virtual Server. That is all the change you need to make to a working RDP Proxy to get RemoteApps working. As i said at the beginning, this is assuming that you've got full RDS desktops working through the NetScaler... Regards Ken Z I could test everything now and it works perfectly. Thank you so much for your assistance and passively explaining how RDS works :D! Greatly appreciated!! Best regards Jens Link to comment Share on other sites More sharing options...
Ken Z Posted September 10, 2019 Share Posted September 10, 2019 Jens thank you, but the solution isn't mine. Someone else posted this both on Carl's website and in another discussion thread here on Citrix. Sorry, but i forgot their name but they deserve the credit. Regards Ken Z Link to comment Share on other sites More sharing options...
Kyle Maley Posted September 14, 2020 Share Posted September 14, 2020 Has anyone been able to silence or get past the remoteapp disconnected pop up when you launch 2x remote apps? https://support.citrix.com/article/CTX270543 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now