I am having some difficulties in getting RDS to work in a highly restricted environment in Azure where all network traffic needs to be explicitly allowed in firewall rules.
In the configuration, the RD Brokers and RD Session Hosts are on different subnets.
I have reviewed documentation such as:
https://social.technet.microsoft.com/wiki/contents/articles/16164.rds-2012-which-ports-are-used-during-deployment.aspx
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/RD-Gateway-deployment-in-a-perimeter-network-Firewall-rules/ba-p/246873
I tried allowing outbound TCP 5985 from the RD Session hosts to the RD Brokers.
That didn't help.
The only thing that works is allowing all outbound traffic between the RD Session Hosts and the RD Broker subnets.
Azure isn't very user friendly when it comes to trying to figure out exactly what traffic is being blocked by NSGs.
Can anyone assist with exactly what traffic needs to be allowed outbound from the RD Gateway to the RD Broker?
Thanks.