They could access the RDWeb page and successfully authenticate, but when actually attempting a connection to a VDI, the connection would hang for them. The odd thing was, I could see successful connections coming across our RD Gateway server. The sequence of events on the gateway server was as follows:
- The gateway server sees an incoming connection request, and allows the request based on the connection authorization policy.
- The client attempts to connect to our connection brokers, and the connection is allowed based on the resource authorization policy.
- The client successfully connects to the connection broker.
- About 8 seconds later, the session to the connection broker is destroyed (meaning the broker has done it's part, and forwarded an available VDI to the client).
- Another incoming connection request, this time wanting to connect to the VDI specified by the connection broker.
- The client successfully connects to the VDI (the end-user even sees a certificate error based on the VDI's self-signed RDP certificate).
- Anywhere from 0-2 seconds later, the session is disconnected. It's not an error or warning message, it's an informational message, almost like the client is gracefully disconnecting.