I'm trying to configure a new 2012R2 RD Deployment.
I have a WAP in the DMZ (not domain joined). I read some articles about SSO and it seems not to work completely so I decided to go with pass through setup (don't habe 2nd factor authentication yet).
I have setup a rd gateway, connection broker, web instance on one server (domain joined).
For testing I added two session hosts (no remote apps yet).
I can successfully login to the rdweb (from inside and through the WAP).
When I try to open the rdp connections shown in the rdweb through the WAP I see that the client tries to RDP directly with the session broker. From inside it skips the gateway and it works fine.
I see the same behaviour in the rd gateway manager under monitoring. I added the connection broker resource to the rules. But as the user can't rdp to the broker (which is hosting the gateway and rdweb too) it never succeed.
I can use the mstsc to configure the gateway manually and connect directly to the session hosts.
What could be the issue?
DNS external: only rdgw.domain.tld to the WAP
DNS internal: rdgw.domain.tld to the IP of the server hosting alle the roles, sessionhosts.domain.tld to the session hosts.
The RDP file I get from the rdweb:
redirectclipboard:i:1 redirectprinters:i:1 redirectcomports:i:0 redirectsmartcards:i:0 devicestoredirect:s: drivestoredirect:s:* redirectdrives:i:1 session bpp:i:32 prompt for credentials on client:i:1 server port:i:3389 allow font smoothing:i:1 promptcredentialonce:i:1 videoplaybackmode:i:0 audiocapturemode:i:0 gatewayusagemethod:i:2 gatewayprofileusagemethod:i:1 gatewaycredentialssource:i:0 full address:s:rdgw.domain.tld gatewayhostname:s:rdgw.domain.tld workspace id:s:vmrdgw1.domain.tld use redirection server name:i:1 loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.SAP use multimon:i:1 alternate full address:s:rdgw.domain.tld
I found an old comment about the same issue on: http://thewolfblog.com/2014/02/02/configuring-the-rd-gateway-server-for-an-rds-farm-with-ha-enabled-for-the-rd-brokers/ (Comment #3)