TS RAP - AD group & FQDN

[Andrew Meinert]

http://technet.microsoft.com/en-us/library/cc731435.aspx

That indicates that with an AD security group, both FQDN and NetBios names
will pass the connection policy. I have a bunch of desktops in a security
grup and have selected it within TS Gateway. This is the only enabled policy.

If I connect to a computer using the netbios name, fine. If it merely
append the domain name, I am rejected by the RAP. If I switch to all network
resources in the RAP, I can connect using both. Has anyone else encountred
the same thing?

 

[AndrewM]

RE: TS RAP - AD group & FQDN

Just a minor clarification; both the TS Gateway and the destination machines
are on the same internal domain.

"Andrew Meinert" wrote:

> http://technet.microsoft.com/en-us/library/cc731435.aspx
>
> That indicates that with an AD security group, both FQDN and NetBios names
> will pass the connection policy. I have a bunch of desktops in a security
> grup and have selected it within TS Gateway. This is the only enabled policy.
>
> If I connect to a computer using the netbios name, fine. If it merely
> append the domain name, I am rejected by the RAP. If I switch to all network
> resources in the RAP, I can connect using both. Has anyone else encountred
> the same thing?

 

[Ramasamy Pullappan [MSFT]]

Re: TS RAP - AD group & FQDN

Please see if your machine's FQDN is same as the netbios_name.domain_name
you used.
(See Computer-->Properties to get the FQDN)

Let's say your machine's FQDN is machinename.domainname.companyname.com,
then, machinename.domainname alone won't work.

ram.

--
This posting is provided "AS IS" with no warranties, and confers no rights.


"AndrewM" <AndrewM@discussions.microsoft.com> wrote in message
news:9ED67A64-B5B0-4420-92C6-DF4038217C93@microsoft.com...
> Just a minor clarification; both the TS Gateway and the destination
> machines
> are on the same internal domain.
>
> "Andrew Meinert" wrote:
>
>> http://technet.microsoft.com/en-us/library/cc731435.aspx
>>
>> That indicates that with an AD security group, both FQDN and NetBios
>> names
>> will pass the connection policy. I have a bunch of desktops in a
>> security
>> grup and have selected it within TS Gateway. This is the only enabled
>> policy.
>>
>> If I connect to a computer using the netbios name, fine. If it merely
>> append the domain name, I am rejected by the RAP. If I switch to all
>> network
>> resources in the RAP, I can connect using both. Has anyone else
>> encountred
>> the same thing?

 

[Andrew Meinert]

Re: TS RAP - AD group & FQDN

Yes, it is.

"Ramasamy Pullappan [MSFT]" wrote:

> Please see if your machine's FQDN is same as the netbios_name.domain_name
> you used.
> (See Computer-->Properties to get the FQDN)
>
> Let's say your machine's FQDN is machinename.domainname.companyname.com,
> then, machinename.domainname alone won't work.
>
> ram.
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "AndrewM" <AndrewM@discussions.microsoft.com> wrote in message
> news:9ED67A64-B5B0-4420-92C6-DF4038217C93@microsoft.com...
> > Just a minor clarification; both the TS Gateway and the destination
> > machines
> > are on the same internal domain.
> >
> > "Andrew Meinert" wrote:
> >
> >> http://technet.microsoft.com/en-us/library/cc731435.aspx
> >>
> >> That indicates that with an AD security group, both FQDN and NetBios
> >> names
> >> will pass the connection policy. I have a bunch of desktops in a
> >> security
> >> grup and have selected it within TS Gateway. This is the only enabled
> >> policy.
> >>
> >> If I connect to a computer using the netbios name, fine. If it merely
> >> append the domain name, I am rejected by the RAP. If I switch to all
> >> network
> >> resources in the RAP, I can connect using both. Has anyone else
> >> encountred
> >> the same thing?
>

 

[Vikash]

Re: TS RAP - AD group & FQDN

You said that you are using some security group, are u sure its an
out-of-the-box AD security group or some custom security group that you have
created on your own on the AD? Can you try adding "<Your domain>\Domain
Computers" to the AD group and see if your issue reproes?

Thanks,
Vikash

"Andrew Meinert" wrote:

> Yes, it is.
>
> "Ramasamy Pullappan [MSFT]" wrote:
>
> > Please see if your machine's FQDN is same as the netbios_name.domain_name
> > you used.
> > (See Computer-->Properties to get the FQDN)
> >
> > Let's say your machine's FQDN is machinename.domainname.companyname.com,
> > then, machinename.domainname alone won't work.
> >
> > ram.
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> >
> > "AndrewM" <AndrewM@discussions.microsoft.com> wrote in message
> > news:9ED67A64-B5B0-4420-92C6-DF4038217C93@microsoft.com...
> > > Just a minor clarification; both the TS Gateway and the destination
> > > machines
> > > are on the same internal domain.
> > >
> > > "Andrew Meinert" wrote:
> > >
> > >> http://technet.microsoft.com/en-us/library/cc731435.aspx
> > >>
> > >> That indicates that with an AD security group, both FQDN and NetBios
> > >> names
> > >> will pass the connection policy. I have a bunch of desktops in a
> > >> security
> > >> grup and have selected it within TS Gateway. This is the only enabled
> > >> policy.
> > >>
> > >> If I connect to a computer using the netbios name, fine. If it merely
> > >> append the domain name, I am rejected by the RAP. If I switch to all
> > >> network
> > >> resources in the RAP, I can connect using both. Has anyone else
> > >> encountred
> > >> the same thing?
> >