1

I've tried several ideas on how to get this to work, including Squid, Pound, and now HAProxy, which seems to be the closest yet, so far.

I have an NGinx server which I have set to be the primary web service public-facing, except when connecting to services MS Specific (like RDP Gateway and DirectAccess). Current setup here.

Basically this entails a connection to the MS server if (and only if) the host header matches the name manager.remote.tsaukpaetra.com, and otherwise a connection to loopback on the relevant port for everything else.

Unfortunately it doesn't seem to be working quite right, normal HTTP requests to the Manager box seem to work OK (I get to the default landing page going to https://manager.remote.tsaukpaetra.com) but anything involving RPC seems never to get through.

Of course, if I remap the DNS entry to the local equivalent IP address using the hosts file everything works just dandy! :'(

Unfortunately there isn't hardly any logging on the MS server end, whether in the IIS logs or otherwise, so I'm really clueless as to what's wrong. According to the Haproxy debug logs it makes the initial connection just fine, as an example these two lines appear every connection attempt to the RD Gateway service:

Aug 31 22:04:02 namp haproxy[3028]: 192.168.1.1:52278 [31/Aug/2014:22:04:02.891] Listener~ manager/manager 31/0/2/1/34 401 890 - - ---- 1/1/0/1/0 0/0 "RDG_OUT_DATA /remoteDesktopGateway/ HTTP/1.1"
Aug 31 22:04:02 namp haproxy[3028]: 192.168.1.1:52278 [31/Aug/2014:22:04:02.925] Listener~ manager/manager 4/0/1/-1/5 -1 0 - - SD-- 0/0/0/0/0 0/0 "RDG_OUT_DATA /remoteDesktopGateway/ HTTP/1.1"

but of course the connection fails and dies immediately.

Microsoft's way of testing this is to browse to /Rpc to see if I get an Access Denied (403.2 or something) error, which apparently is happening (to some extent, but not the right error code number/sub number).

At this point I'm at a loss on how to proceed, am I missing something in the haproxy.cfg? Sadly, google isn't of much help overall, since most posts are about Exchange and CAS, neither of which I'm attempting at all. I'm trying to keep this as dumb and simple as possible by using only a minimum amount of servers and complexity (really, how can you go wrong with only two servers?).

Tsaukpaetra
  • 221
  • 1
  • 10
  • Have you had any luck with this problem? – pdwalker Dec 28 '16 at 08:39
  • @pdwalker Unfortunately no, I gave up and just used an extra VM in the cloud that VPNs into my network, providing the extra public IP required for that crud dedicated to IIS. – Tsaukpaetra Dec 28 '16 at 17:50

0 Answers0