Connectivity issues with RD Gateway and partner organization

After several weeks of troubleshooting and scratching our heads, I just found the solution to a problem we had been having with RD Gateway. A partner organization had a direct connection into our datacenter and we were trying to utilize that connection to allow them access into our RDS-hosted virtual desktop environment. I had stood up a pair of RD Gateway/RD web access servers running on Server 2012, placed them behind a load balancer, and had our security team open the correct ports on the firewall. Everything should have been working, but apparently Murphy's law struck...

They could access the RDWeb page and successfully authenticate, but when actually attempting a connection to a VDI, the connection would hang for them. The odd thing was, I could see successful connections coming across our RD Gateway server. The sequence of events on the gateway server was as follows:

1. The gateway server sees an incoming connection request, and allows the request based on the connection authorization policy.
2. The client attempts to connect to our connection brokers, and the connection is allowed based on the resource authorization policy.
3. The client successfully connects to the connection broker.
4. About 8 seconds later, the session to the connection broker is destroyed (meaning the broker has done it's part, and forwarded an available VDI to the client).
5. Another incoming connection request, this time wanting to connect to the VDI specified by the connection broker.
6. The client successfully connects to the VDI (the end-user even sees a certificate error based on the VDI's self-signed RDP certificate).
7. Anywhere from 0-2 seconds later, the session is disconnected. It's not an error or warning message, it's an informational message, almost like the client is gracefully disconnecting.

Passed the Security+ exam

As part of my degree program, I had to take a security course that centered around the CompTIA Security+ certification. That was sure interesting... The course was based around the SY0-301 version of the exam, which is set to expire at the end of the year. I was ready early this week to take the exam, but after looking up schedules, I found out that the test center in town that I normally use did not have any openings for the remainder of the year.

After expanding my search, I had found only a single testing center with any open availabilities for the rest of the year. I ended up having to drive down to Fond du Lac, which is close to a 100 mile drive from me. I booked the exam because I was determined to get in before the test expired, and I would be forced to start over in a new version of the course.

Yesterday was the day of the test. I was not too thrilled with the test itself. There were several simulations and lots of multiple choice questions. Some of the questions were just, bad. I don't know how else to describe it. The questions were very vague, and often times I'd be presented with answers that weren't technically correct, but I had to pick the best choice. For example, one question had to do with what wireless encryption standard is the most secure. That's easy, WPA2. Except that wasn't an option. Only WPA was listed, so that was the best option from the choices presented. I struggled with that one because my study materials talked about the differences between WPA and WPA2, and WPA2 is definitely superior.

I ended up passing with a score of 856/900 points. Only 750 points were required to pass, so I did pretty well. And that meant the 100 mile drive was not a waste of time. I'm glad this exam and class are over, what a logistics nightmare at the end...

Online Resources

Just wanted to ramble off some of the online resources, blogs, and forums that I frequently utilize.

PowerShell

• Steven Murawski's Blog
• PowerShell.org
• rambling cookie monster
• Learn PowerShell
• FoxDeploy

Remote Desktop Services

• Ryan Mangan's IT Blog
• RDS Gurus

Hyper-V

• Aidan Finn - IT Pro
• Altaro Hyper-V Blog
• SavillTech's Blog

Forums

• ArsTechnica OpenForum - particularly Windows Technical Mojo, The Server Room and The Boardroom
• /r/sysadmin
• /r/PowerShell
• /r/HyperV

Introduction

Hello World!

My name is Tom Murphy. I am an IT professional from the frozen tundra of Green Bay, WI. I've decided to create a personal blog in order to document and share some of the interesting things I come across working in the fast-paced world of Information Technology. I just took a position with a new company about six months ago, and looking back, I'm amazed at how much I've learned and grown in such a short span of time. I love the fast-paced nature of IT, and I especially love learning new things, which goes hand-in-hand with IT.

A little about myself.

• Have lived in Green Bay most of my life.
• Married to my wife Tracy, with two young children.
• Associates Degree in Information Technology. Currently enrolled in an undergraduate program online, working towards a Bachelors Degree in IT Network Administration from Western Governor's University.
• Handful of certifications, including MCSA 2003/2008, Network+, and CCA XenApp 6.5.
• Have been working professionally in IT since 2007.
• Currently a Server Analyst for a Fortune 500 energy company - primary responsibilities include remote access via Citrix XenApp and Microsoft Remote Desktop Services. I also am responsible for our private cloud infrastructure, based on Microsoft Hyper-V 2012 R2. We are hosting several clusters containing over 500 virtual servers, and around 1000 virtual desktops.
• I also have a passion for PowerShell and automation. I am always trying to learn more about PowerShell, and how to utilize it to automate our workflows and support processes.

My journey in IT is still beginning, and I hope to use this blog to share some of the things I learn along the way, in hopes that others might find it useful. I'm not sure how often I will be posting, but I'll try to get an update out now and again. Also feel free to connect with me on LinkedIn. Enjoy!