RDS HTML5 webclient with Entra Private Connector/Azure Application Proxy help to resolve configuration issues
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 97%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Steve-N
1
Reputation point
Hi All,
I've set up RDS with all the necessary roles to use the HTML5 webclient with Entra Private Connector/Azure Application Proxy. The HTML webclient is working fine internally on the LAN. I have then attempted to set this up through Azure App proxy, using the same domain name as the internal name with a CNAME record for this. I'm using a wildcard domain certificate and all appears to be configured as documented (although, not very well documented anywhere for the HTML5 client). I have applied some conditional access policies, but these are not blocking my test access. I can get to the logon page, but when logging on, I receive the message: "Sign in failed. Check if your current environment is correctly configured".
I am configured to go through RD Gateway, but have read somewhere that maybe you can just go through the RD Broker when using Azure App Proxy, is that where I'm going wrong?
The logs of the Private App Connector, the RD Gateway, RD Broker all do not show my login attempt through Azure App Proxy at all. I've been looking into this for days, but most of the documentation talks of creating apps in Entra for RDWeb, RPC and for webclient seems to refer to the older client and websocket issues with Active X etc.
I'm hoping someone can help, please?!!!
Microsoft Security | Microsoft Defender | Microsoft Defender for Identity
Sign in to answer