I have a single physical host that I am using as a virtualization lab and a number of VM's on Hyper-V that are connected to the host via an internal network. I had it working so that the physical host acted as the Remote Desktop Gateway the router points to the gateway and all was well, I could log into my VM's over the internet.
I have since moved my Gateway to a VM on the internal network that is in my active directory's DNS at remote.example.com with a static IP address. This is so that individual VM's will perform specific roles and that I will eventually be able to use load balancing on my VM's.
At the moment with just 1 VM acting as a RDG I am able to access all my VM's on the internal network fine from my host machine, as it can see the IP address for remote.example.com. I figured I would need to add some forwarding/routing/redirection to the host machine to make the Gateway visible from "outside".
(Internet) ==1==> (Router) ==2==> [Host] ==3==> [remote.example.com] ==4==> [VM_1 | VM_2 | VM_3]
What is the correct way of getting my Host to proxy requests to my internal VM/gateway?
My current setup for ARR in my ApplicationHost.config:
<webFarms>
<webFarm name="Remote" enabled="true">
<server address="192.168.1.3" enabled="true" />
<applicationRequestRouting>
<protocol>
<cache enabled="false" />
</protocol>
</applicationRequestRouting>
</webFarm>
<applicationRequestRouting>
<hostAffinityProviderList>
<add name="Microsoft.Web.Arr.HostNameRoundRobin" />
<add name="Microsoft.Web.Arr.HostNameMemory" />
</hostAffinityProviderList>
</applicationRequestRouting>
</webFarms>
Under system.webServer/rewrite/globalRules:
<globalRules>
<rule name="ARR_Remote_loadbalance_SSL" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTPS}" pattern="on" />
<add input="{HTTP_HOST}" pattern="remote.example.com" />
</conditions>
<action type="Rewrite" url="https://Remote/{R:0}" />
</rule>
<rule name="ARR_Remote_loadbalance" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<action type="Rewrite" url="http://Remote/{R:0}" />
<conditions>
<add input="{HTTP_HOST}" pattern="remote.example.com" />
</conditions>
</rule>
</globalRules>
Edit:
On an external device I can connect to https://remote.example.com and see the IIS landing page. When I go to https://remote.example.com/rpc I recieve
503 Must use post
When I attempt to use the Gateway server through an RDP client I recieve
The gateway failed to connect with the message: 404 not found
After a reboot of Host and VM I am able to access the site from an external device and I am able to perform a failed request trace on the RDP connection.
and it appears that the ARR is trying to handle the request itself and not forward the request to the remote VM
Best Answer
Turns out this was a simple case of slightly misconfigured settings. The pattern I have posted is for ARR routing is {HTTP_HOST} = remote.example.com. According to the failed request logs this is not being matched
I believe this is because the ARR rules will look at just the Host name i.e. remote.example as opposed to remote.example.com as various combinations such as remote.example., remote., remote* do match and are forwarded correctly, perhaps I missed some tricks with pattern matching for ARR.
For reference I have largely followed this guide: http://www.msexchange.org/articles-tutorials/exchange-server-2013/mobility-client-access/iis-application-request-routing-part1.html