Connect problem from GW in DMZ

We are currently testing latest AS version on 2 TS (total 4 TS's).

We've installed the console + gateway + publishing agent on on file server and deployed the terminal agents to both TS.

also, we have installed the gateway on a server 2000 in the DMZ.

in the firewall we've opened the following ports:
20002 form publishing agent in the LAN to the gateway in the DMZ.
3389 from the gateway in the DMZ to the TS's.

from a remote location using 2X client I connect to the gateway in the DMZ and can see the published applications icons.

When trying to run a published application I get the following error:


The following is from the log file:
Failed to get MAC address (0x0000001f) A device attached to the system is not functioning.

There is no problem connecting to the TS from the gateway in the DMZ using mstsc.

Appreciate any help.

Thanks

 

From external the clients need port 80/443 to the client gateway machine

The client gateway needs to be able to communicate with the publishing agent and on the port you have your terminal servers running on , ie 3389 ( this should match what is listed in the farm/terminal server section if the ports been changed

 

like I've wrote,

external client establish logon to gateway and can see the published icons. meaning, port 443 is opened to gateway and port 20002 from is opened from publishing agent to gateway (hence, I can see the icons).

The problem is when trying to open a published application and you can see the error message and error log line.

We haven't change the 3389 port on the TS and I'm able to connect to the TS from the gateway on this port using mstsc.

Thanks

 

perhaps you should send a diagram along with debug from the program so it can be troubleshooted more.

Is full terminal services definately running, not just admin mode?

How many terminal servers are involved and are they all identical , ie outlook published from all needs outlook on all

 

Solution found!

The problem was with the names of the terminal servers in the farm.
Changing the names to IP's solved the problem.

 

Sorry to bump an old thread!
Did you change to an internal IP or a publicly resolvable Internet IP?

 

It's got to be publicly accessible.
The IPs are use to resolve the gateways.

 

It makes sense that the web portal / gateway is public . . .

But do the terminal servers also have to be set with a public IP?

 

Not unless you work in direct mode.
In Gateway mode and SSL the gateway transports the RDP traffic over port 80 and then within the DMZ passes the traffic on to the Terminal Servers.

If you work in direct mode then the story changes, direct mode is suggested in LANs not over the internet. It works might security integrity is much harder to manage.