About MickBall

No. I am talking about persistence on the LB, you may know it as sticky Sessions as i don't know what you are using as LB’s. But cancel this suggestion as it works fine you say without GP.   can you confirm that when you had only server1 in the pool, all was ok, and then when you had only server2 in the pool that was also ok. Then, when you add both servers back in to 5he pool you see the same issue....? ... View more

do you have persistence set on the LB, have you tried source address for this setting.    Edit.... cancel that as works without GP.   i am going to see if i get the same issue via LB. .... ... View more

the first test i would do is remove DNS server1 form the pool.  make a few rdp connections to different hosts to check fully and then do the same with DNS server2.   does your LB NAT to the DNS servers, you may need a route back to the GP subnet.   I understand that you can connect OK without GP but thay may be coming from a different subnet.... ... View more

OK glad you got this sorted, perhaps some corruption with cert generation first time round but clutching at straws really,,,   the process for me...   generate a self signed cert with CN of interface IP and select CA.box generate another cert with CN of *.fred.com and signed by first CA and also select CA box  for this.   simply shoved *.fred.com into ssl profile and put first cert into user trusted store.   Perhaps update on your next attempt from scratch...     ... View more

@MichaelMedwid  Just as a side note here...       I was messing with self signed wild card to see how i would do the same and when i added the new cert to the ssl profile I was also getting CN name mismatch.  I found that i had not changed the ssl/tls service profile for the gateway with the same ip address.   this may be the same issue for you. ... View more

so when you are here.....   "If I put in credentials I will see the screen where I can download the GP client/agent. "   select the padlock in the browser address  window to view the certificate.   find out who it is issued to or the subject.   Our wildcard certs are not locally generated so cannot advise on best option, what document did you follow for wildcard self signed certificate. ... View more

what happens when you browse to the portal, if it allows you to continue then find out what the certificate name mismatch actually is.   is this a self signed certificate ?   are you sure it's a wildcard?  and are you sure you have applied it to the correct ssl/tls service profile and removed all others...   and also make sure the portal is using it.   cant think what else could be the problem....   as we just do the same when we change or renew... ... View more

what error do you get when you browse https:// to your portal address?   If you still get a certificate error then use this tool...   https://www.ssllabs.com/ssltest/    paste your portal address into the hostname field for the test. ... View more

They will connect to the other gateway when they make a new connection, or of their existing connection times out or you manually log them off from the firewall.   i have tried a few of the other options and this has been the smoothest and least complicated for our setup. perhaps not for others...   removing the gateway from the agent will work as suggested by @reaper  but for us with users "always on" it's quite surprising how many cannot connect to the portal on startup due to wifi or lan not ready and when GP then uses cached portal config for connection it still has the old gateway configured.   but of course,,, if you need to do this in an emergency then just shut the gateway down  and leave the phone off the hook.... ... View more

I just set the gateway tunnel to max user 1, this allows existing connections to carry on but new connections will be denied and forced to next gateway.   we have about 8k user base so upsetting 1 user is a low percentage.  you can be really clever and set the timeout to 20 days, connect yourself and stop GP service, then reduce timeout back to normal so you will be the last connected...   prob not worth the hassle though for 1 user, especially if it's someone you can't bear...    Djagetme...... ... View more

OK so ask the customer what they expect to achieve by having a wildcard in a DNS search suffix. ... View more

I don't think a wildcard in network services has ever worked.   what do you expect to gain from this wildcard. ... View more