What kind of MAG? UAC or SSL? Did you define resource profiles for the RDP to ensure that the access rights are correct (If SSL)... Very open ended question unless I am just not understanding your post.
Well there are some good troubleshooting tools - but I would ask - what error do you see? You can check the user log and you can also run policy trace and specify the user and type of event you are troubleshooting. You don't need to create both a resource policy and a resource profile. The resource profile will automatically build the appropriate policy for you.
Windows PC for your client? RDP works when done directly to the server inside your network? Login works, bookmark for RDP is displayed? User launches and then it fails?
It works fine as a bookmark from the webpage from the MAG but I'm more after RDP access across Junos Pulse. I have a policy in place to allow access to our servers on 3389 but can't seem to get it working. Is what I'm trying to do not possible on the MAG series?
Login to the MAG - launch the RDP client from the source PC and use it to get to the resource -- NOT use the built in RDP from the MAG. If that is correct then you can certainly do that but you will need to use SAM or enable VPN tunneling.
You said you have a policy in place. Is it a VPN tunneling Access Control policy?
What you want to do is very straighforward and the MAG can handle it. I do it daily with ours.
I have had a go at setting up VPN tunneling but had no luck with it. I have gone into Resource Policies > Network Connect > Network Connect Access Control and set it in there but still can't RDP however I can ping.
Would this suggest that I have an issue with the zone on the SRX that routes the traffic to it? I have set that up to route all traffic and haven't put any restrictions on it at the moment just to test.
I've done a packet capture and can't really see anything wrong with it.
I have double checked the policies and I have it set to permit any application, it did have on the interface a while ago that it would only allow ping on that interface. The SRX also have a VPN on it that we use for system administration, would that make a difference?
I'll play around with again tonight and see what else I can find.