Remote Desktop Gateway and WebAccess Deployment - Multiple Logon Prompts

I'm having a few issues with some multiple logon prompts using "Connect to a remote PC" via RD Web Access.
I am able to log onto the RDWeb without a problem.
Essentially once I make a connection to my end-device I first receive a logon prompt, I'm authenticated, then I'm asked again for another logon prompt. Any ideas how to resolve this?
My layout is simple:
1 VM in the DMZ that has the Remote Desktop Gateway and Remote Desktop Web Access roles installed. No connection broker, or session host.
With my deployment I have a wildcard certificate bound to the Remote Desktop Gateway and it is bound properly in IIS. Remote Desktop functionality through the RDGateway works just fine. However, the only nuisance is that I get prompted multiple times for
credentials when accessing the end-device regardless if my connection is from a domain-joined machine or a non-domain joined machine.
I've tried using Web Single Sign On via http://anandthearchitect.com/2014/01/20/rds-2012-r2single-sign-on-using-windows-authentication-for-rdweb-page/ and it still does not work.
Any ideas?
Thanks,
Dan

Hi Dan,
How many prompts are you seeing?  Expected behavior for Connect to a remote PC would be this:
1. Log on to RDWeb
2. Select Connect to a remote PC tab
3. Enter server name in Connect to box, click Connect
4. Unknown publisher warning, click Connect
5. Credentials prompt, it should say These credentials will be used to connect to the following computers: 1. rdgw.domain.com (RD Gateway server) 2. remote.domain.com (remote computer)
6. After entering credentials and clicking OK it should log you in to the remote computer.  This assumes that the destination is authenticated properly (usually via certificate) and the credentials are valid for both the RDG and the remote
computer.  Normally in a domain environment the same credentials (domain\username) would be valid for the RDG and the remote server.
-TP

Similar Messages

  • Remote desktop gateway server is unavailable

    We get this error while trying to rdp to a computer almost everyday between 6:45am-7:10AM we have confirmed that IIS pools have enable 32-bit as false. The registry key in HKLM\Software\Microsoft\Rpc\RpcProxy is set with a value of "default web
    site"  the binding to port 443 is binded to the default website 3 times using https if you can browse to the site for two of them but the third cannot browse to the site. Should I remove the binding that cannot get to the site. Why is it only around
    this time that we cannot get remote access. We have changed our back settings and scheduled tasks to not run around this time but it continues to be a problem.

    Hi,
    Regarding the current issue, would you please let me know if the issue only occurred in the time range you mentioned in the original post? If so, would you please check if the Remote Desktop
    Gateway service is running correctly during that time? Please try to restart the service to see if it works.
    To start the Remote Desktop Gateway service
    Click
    Start, click Administrative Tools, right-click
    Services, and then click Run as administrator.
    In the
    Services (Local) list, right-click Remote Desktop Gateway, and then click
    Start.
    In addition, please also check other relevant application pools for the same setting - > SBS Web Workplace AppPool or SBS Web Applications application pool. You should make sure
    that all of the pools should run with Enable 32-Bit – False.
    And please also try to run the Fix My Network wizard to repair the bindings. For details, please refer to the article below.
    http://support.microsoft.com/kb/969743
    Hope it helps.
    Best Regards,
    Andy Qi
    Andy Qi
    TechNet Community Support

  • Remote Desktop Gateway, Pluggable Authentication

    Hi,
    Where should I post questions regarding Remote Desktop Gateway and the Pluggable Authentication and Authorization (PAA) Framework? I’m trying to build a custom cookie based
    authentication module. 

    Ok, then I'd try asking them over here.
    http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?category=vslanguages&filter=alltypes&sort=lastpostdesc
    http://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/home?category=windowsdesktopdev
    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • Remote Desktop Gateway 2008 R2 - logon attempt failed

    I've already read through a lot of threads regarding this. Our RDGW has been working for approx 2 years. Suddenly now, some clients start to get the "logon attempt failed" when they are using rdgw. It does seems to be an increasing problem..
    - Redirection in IIS is OK, checked out!
    - Blank page appears when i try to logon to http://rdgw.server.com/rpc - This is OK.
    I see NO non-normal entries at all in event viewer on the gateway server.
    The only thing I get in event viewer on the client is:
    TerminalServices-ClientActiveXCore/Microsoft Windows-TerminalServices-RDPClient/Operational:
    EventID: 1026 - RDP CLientActiveX is disconnected (reason= 50331649)
    EventID: 1025 - Connection with multiple transport is disconnected(not correct - google translate from locale)
    This is the only thing I can see in the logs, it pops right after I get the: "The logon attempt failed"
    I think a certificate issue is excluded since most of my clients can connect - all certs er valid.
    We got people externally and locally that are experiencing this issue (I've forced rdgw to be sure on the local clients) So most likely this problem has nothing to do with external/internal.  
    On those computers who are unable to logon using rdgw, none accounts works(i've even tried domain admin). So the problem is not user-based either.
    Since the "the logon attempt failed" pops within a second I was'nt sure if the traffic even got to our RDGW, so I checked with wireshark, and I can see that the gw is responding in ssl back to the client. Still there is no entries in the log on the rdgw
    server..
    Any suggestions?
    thanks

    Hello all,
    Something that worked for me : 
    On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative
    Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration.
    Under Connections, right-click the name of the connection, and then click Properties.
    In the Properties dialog box for the connection, on the General tab, select the server authentication and encryption settings that are
    appropriate for your environment, based on your security requirements and the level of security that your client computers can support.
    In the Properties dialog
    box for the connection, on the Log on Settings tab,
    uncheck the box Always prompt for password
    Click OK.

  • Remote Desktop Gateway on Windows Server 2012 R2 and IPAD

    Hi guys,
    Would love some help with an issue I been struggling for a couple of days now.
    I have a RDS 2012 R2 Gateway configured and it works great with all Windows clients both internal and external communication. The problems comes now when my I want to use  IPAD
    from APPLE. I installed latest RD Client from Microsoft and it works great from the internal network but as soon the device is moved to an external network the client get an error while connecting. Gateway is located in the domain network.
    The error is “Failed to parse authorization Challenge”,
    This is what I see in the log file from the RD Client.
    [2014-Mar-06 16:53:49] RDP (0): --- BEGIN INTERFACE LIST ---
    [2014-Mar-06 16:53:49] RDP (0): lo0 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    [2014-Mar-06 16:53:49] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
    [2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
    [2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
    [2014-Mar-06 16:53:49] RDP (0): pdp_ip1 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): pdp_ip2 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): pdp_ip3 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): pdp_ip4 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): en1 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): ap1 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): en0 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): awdl0 af=18  addr= netmask=
    [2014-Mar-06 16:53:49] RDP (0): --- END INTERFACE LIST ---
    [2014-Mar-06 16:53:49] RDP (0): Not using any proxy
    [2014-Mar-06 16:53:49] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
    [2014-Mar-06 16:53:54] RDP (0): Resolved 'MB-RDS-01.contoso.LOCAL' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
    [2014-Mar-06 16:53:54] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
    [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
    [2014-Mar-06 16:53:54] RDP (0): Final rdp configuration used: {
        activeUsername = " Contoso\\User01";
        arcTimeout = 1800;
        cacheId = 12BF328DD1C8B841;
        certificatesUseRedirectName = 1;
        configurationVersion = 8;
        font = 1;
        gatewayId = F2EE288CD1C8B841;
        gatewayMode = 2;
        gwAutodetectState = kConnectionGwAutodectedForceGW;
        host = "MB-RDS-01.CONTOSO.LOCAL";
        label = "Murbiten - Terminal Server";
        loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.Contoso_-_Termi";
        mouseMode = "-1";
        port = 3389;
        temporary = 1;
        type = rdp;
        useAlt = 0;
        utilityBar = "-1";
        webFeedVersion = "Windows 2008 R2 or newer";
        connections =     (
            F4BF288CD1C8B841,
            12BF328DD1C8B841
        host = "remote.customer.com";
        id = F2EE288CD1C8B841;
        port = 443;
        temporary = 1;
        type = rdp;
        kCFProxyTypeKey = kCFProxyTypeNone;
    [2014-Mar-06 16:53:54] RDP (0): --- BEGIN INTERFACE LIST ---
    [2014-Mar-06 16:53:54] RDP (0): lo0 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    [2014-Mar-06 16:53:54] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
    [2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
    [2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
    [2014-Mar-06 16:53:54] RDP (0): pdp_ip1 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): pdp_ip2 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): pdp_ip3 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): pdp_ip4 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): en1 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): ap1 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): en0 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): awdl0 af=18  addr= netmask=
    [2014-Mar-06 16:53:54] RDP (0): --- END INTERFACE LIST ---
    [2014-Mar-06 16:53:54] RDP (0): Not using any proxy
    [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
    [2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
    [2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
    [2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
        User Message : Failed to parse authorization Challenge
    [2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
        User Message : Failed to parse authorization Challenge
    [2014-Mar-06 16:53:54] RDP (0): Error message: Failed to parse authorization Challenge(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
    [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
    [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
    [2014-Mar-06 16:53:54] RDP (0): ------ END ACTIVE CONNECTION ------
    en → en
    authorization
    Adam Bokiniec

    Hi Jeremy,
    I found a solution, thanks for you effort. The solutions is the following.
    First thing that needs to be done is either solution from options below, I did the Solution 1 in my case and added a NPS server to AD. (https://blogs.technet.com/b/networking/archive/2010/01/14/remote-desktop-gateway-client-fails-authentication-with-your-user-account-is-not-authorized-to-access-the-rd-gateway.aspx)
    Solution 1
    Register the NPS server in Active Directory:
    In Server Manager, browse to the following location: Roles\Network Policy and Access Services\NPS (Local).
    Right click on the NPS (Local) node and choose Register server in Active Directory.
    Click OK to authorize the server when prompted.
    Solution 2
    Open Active Directory Users and Computers on any Domain Controller of the same domain as the Remote Desktop Gateway.
    Add the Computer Name of the Remote Desktop Gateway to the RAS and IAS Servers group.
    Situation B
    Restart the RDS host and Gateway server.
    Secondly and the most important is to configure an alternate address that match your public certificate. My public certificate CNAME is “remote.domain.se”.
    All commands need to be run as administrator in PowerShell
    To show you current configuration run the following commands:
    CollectionName is the Collection Name you created for the RDS deployment.
    To get your collection name type
    Get-RDSessionCollection
    When you got the collection name type
    Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
    The default configuration will look like this:
    CustomRdpProperty     : use redirection server name:i:1
    No to add you public domain name that match the certificate run the following command
    Set-RDSessionCollectionConfiguration –CollectionName " RDS - Terminal Server " -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:remote.domain.se
    Run again to verify your settings
    Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
    Now it show look something like this
    CustomRdpProperty     : use redirection server name:i:1
                             alternate full address:s:remote.domain.se
    IPADs and iPhones can now connect to your environment.
    Adam Bokiniec

  • Server 2012 R2 Remote Desktop Gateway. Most Simple and Secure Design For Small Environment?

    We would like users to be able to connect remotely over the Internet from their personal devices to their primary Windows 7 workstation (a physical box on their desk) by using the Microsoft RDP Client For Windows, Mac, iOS and Android.  There is no
    plan to use RDWeb or Remote Apps, or VDI.  Just plain remote access to their desktop PC without VPN plus a third party 2nd factor authentication product that can text them back a code to enter with their AD credentials (AuthAnvil or Duosecurity)
    We do not have TMG or ISA.
    We would like to get these services all running in a single server and be as simple as possible while still being very secure.
    The recommendations I see seem to suggest putting the RDG in a DMZ with either a domain controller on a new domain with a one-way trust to your internal domain or else a read-only domain controller on your domain and then RD Session Host and License server
    located on different servers on your internal LAN.
    http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
    That sounds like a lot of separate servers and cost for not a lot of users in our environment.
    Do we even need a separate session host server if there are no RDP sessions being hosted directly on the servers because  the users are only being redirected to connect to their workstations and will never be using terminal sessions on the server?
    Can the RODC or the Domain controller on new domain with the one-way trust be the same server as the Remote Desktop Gateway server and not separate servers?
    What is the most minimalist way to set this up with good security when opening all the ports needed to authenticate with internal DC is not secure enough?

    #2 sounds like we would need 2 Essentials servers and we will not have that.
    We currently have Server 2008 R2 and have 2012 Standard licenses that are not yet used.
    We have much more than 75 users total, but 75 is more than the number of users that will probably take advantage of using RD Gateway any time soon.  It will probably take time to catch on.
    If RD Gateway usage was to get super popular and more than 75 users were depending on access to it, then we could financially justify paying to buy all the CALs needed to run RD Gateway without Essentials.  Right now, they are skeptical that it will
    be worth spending much money on this and don't want to invest a lot  of money up front.
    My understanding is that if we have 75 or fewer users using RD Gateway then we need to by no CALs, just apply a Server Standard Edition License to the server, but if we had 76, we would need to turn off Essentials and buy 76 new CALs.
    Or would we need to add 50 CALs to the 25 that automatically come with Essentials?
    Also does "turning off" Essentials mean we would have to reinstall and redeploy the RDG or is it just a matter of enabling the RD license server and adding purchased CALs?
    No, when you buy essentials you get the right to create 25 users that access the server, when you create the 26th user you will need to have 26 CAL and RDS CAL. 

  • Connecting to Remote Desktop using proxy and Remote Desktop Gateway?

    I have setup a Remote Desktop Gateway server using Windows Server 2012 R2. I am using the Remote Desktop Gateway as an intermediary between to provide the remote desktop session over 443 since 3389 is blocked at many client locations.
    However, I ran into a problem with a client who's using a web proxy.
    Is is possible to configure Remote Desktop to connect via web proxy? If so, how? If not does any one have any suggestions on how to provide a Remote Desktop session via 443 over proxy for situations where you don't control the client's PC or network? Does RemoteApps
    allow for access via web proxy when using RD Gateway?
    The error message is below:
    Your computer can't connect to the remote computer because the web proxy server requires authentication. To allow unauthenticated traffic to an RD Gateway server through your web proxy server, contact your network administrator.
    Thanks for any help!

    Hi,
    My suggestion is to setup a RD Web Access server and make it available for your clients via proxy.
    Remote Desktop Web Access (RD Web Access)
    http://technet.microsoft.com/en-us/library/cc731923.aspx
    Thanks.
    Jeremy Wu
    TechNet Community Support

  • Remote Desktop Gateway Support One Time Passwords?

    We are considering setting up a Remote Desktop Gateway server so users can remote control their office desktop PCs from home without needing VPN.
    The plan is for it to only be a secure pass-through from the Internet to their desktop PC.  There will be not be any terminal services login or web apps hosted on the server.  We have not decided if RDWeb will be available.  It is likely that
    users will just use a RDP client such as the Microsoft MSTSC.exe Remote Desktop client in Windows or similar app for iOS, Android or OSX rather than use a browser to reach their PC.
    I noticed that most RDP clients, mobile apps and web browsers have an option to remember credentials so they can log in without typing credentials the next time they connect.  This will be a security threat if their PC is stolen and not encrypted.  Is
    there any way to provide access, but prevent users from reusing saved passwords to connect to the Remote Desktop Gateway without using smart cards?
    I had that the idea of having some kind of one time password system to authenticate through the RD Gateway so saved passwords would be useless.  What does Remote Desktop Gateway support that can do this?

    Hi,
    Thanks for your posting in Windows Server Forum.
    I consider that you are trying to find the solution as per below article. Please go through carefully.
    1. Configuring the TS Gateway OTP Scenario
    2. RD Gateway deployment in a perimeter network & Firewall rules
    Hope it helps!
    Thanks,
    Dharmesh

  • Remote Web Access (remote desktop gateway) issue with WHS2011

    I have been using Remote Web Access on my Windows Home Server 2011 for several years with no problems. Over the past several weeks, though, I have been receiving an error when I try to connect to a computer through WHS's Remote Web Access:
    "...the Remote Desktop Gateway is temporarily unavailable." Interestingly, when I try to connect from a Windows 8.1 computer, I just get a dialog box that says "Initiating connection," but the connection is never established. I cannot
    find any relevant errors in any of the event logs.
    I have read numerous articles relating to WHS configuration and port forwarding, but these do not have any information that addresses my situation. I have ports 4125, 80, and 443 forwarded to my Home Server. As I said, everything has been working fine with
    this configuration until several weeks ago -- I suspect it might have something to do with a .NET Framework 4.5 update that was recently installed (and that has now been uninstalled), but that is the only change I can think of.
    Any help would be greatly appreciated! Thanks!

    Hi,
    As you have commented that after installing .Net framework you are facing this issue. So after uninstalling still you are facing the same issue. Apart from installing .Net framework 4.5, have you installed or done any other change on your server?
    Here you can check that “Remote Gateway Service” is running. Please check and restart the service if it’s stop. Apart you can check below 2 article for more detail step.
    1.  Can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable error via SBS 2011 
    2.  This computer can't connect to the remote computer because the Terminal Services Gateway server is temporarily unavailable (Try to perform the steps as suggested for
    WHS 2011)
    Hope it helps!
    Thanks,
    Dharmesh

  • Is there a way to Report out Remote Desktop Gateway Manager Monitor data?

    We are running Windows Server 2012 R2 Remote Desktop Services configured to provide a managed pool of VMs through a RD Gateway server. Everything is working well. We would like to generate a regular report on the information that shows up in the Gateway
    Monitoring window about connections and users etc. Is there any way to generate such a report without purchasing 3rd party software?

    Hi,
    Based on my experience, you can use Remote Desktop Gateway Manager to view information about active connections from Remote Desktop Services clients to internal network resources through an RD Gateway server. However, there is no such options in
    RD gateway manager to create reports for that.
    It seems that System Center Operations Manager can monitor Remote Desktop Gateway Service and the number of sessions that run through the RD Gateway are monitored.
    Best regards,
    Susie
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Remote Desktop Gateway threw WMBus (Enchanced Session Mode)?

    Hi.
    I am currently investigating the possibility to run a remote desktop gateway on an virtual machine, and connecting to it (udp) threw the wmbus instead of a network adapter. It such a thing possible? Basically what I am asking is if I get use the VMBUS to
    connect to machine as i would a network adapter (on a specific upd port).
    I ran across a post enabling debugging threw the VMBUS (I think): http://withinrafael.com/how-to-set-up-synthetic-kernel-debugging-for-hyper-v-virtual-machines/ if
    this is any way related to my question.
    Cheers

    Hi Sir,
    I have read that article , it seems that the NET debug of VM was passed to physical NIC (As far as I know Net debug for VM is not supported ) .
    In addition , there is no settings for RDG to change the communication from TCP/UDP to VMBUS also we can not configure VMBUS .
    Based on  this , it is not possible to do that .
    Best Regards,
    Elton Ji
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] .

  • Remote Desktop Gateway - Event 304/Error "23005"

    Hi,
    I am tearing my hair out.  I have a RD Gateway server that is pointing towards a RD Farm.  I cannot connect to it using the Gateway.  I keep getting the the following error in the TerminalServices-Gateway Operational log:
    Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
    Source:        Microsoft-Windows-TerminalServices-Gateway
    Date:          10/7/2014 10:56:02 AM
    Event ID:      304
    Task Category: (3)
    Level:         Warning
    Keywords:      (16777216)
    User:          NETWORK SERVICE
    Computer:      XXXXXXXXXXX.wbc.local
    Description:
    The user "XXXXXX", on client computer "XXX.XXX.XXX.XXX", met connection authorization policy and resource authorization policy requirements, but could not connect to resource "SyteLine.wbc.local". The following error occurred:
    "23005".
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" />
        <EventID>304</EventID>
        <Version>0</Version>
        <Level>3</Level>
        <Task>3</Task>
        <Opcode>44</Opcode>
        <Keywords>0x4000000001000000</Keywords>
        <TimeCreated SystemTime="2014-10-07T15:56:02.952172000Z" />
        <EventRecordID>183</EventRecordID>
        <Correlation />
        <Execution ProcessID="2428" ThreadID="3140" />
        <Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel>
        <Computer>WBC-SLGW-01.wbc.local</Computer>
        <Security UserID="S-1-5-20" />
      </System>
      <UserData>
        <EventInfo xmlns="aag">
          <Username>XXXXXXXXXXXXX</Username>
          <IpAddress>XXX.XXX.XXX.XXX</IpAddress>
          <AuthType>
          </AuthType>
          <Resource>SyteLine.wbc.local</Resource>
          <ErrorCode>23005</ErrorCode>
        </EventInfo>
      </UserData>
    </Event>
    Any ideas?  Lots of googling has not helped
    Thanks

    Hi,
    Thank you for posting in Windows Server Forum.
    To resolve this issue, ensure that Remote Desktop is enabled and that the user is a member of the Remote Desktop Users group on the target computer. 
    Please check that you have properly configured RD CAP and RD RAP policy for RD Gateway server. For remote clients to successfully connect to internal network resources (computers) through a Remote Desktop Gateway (RD Gateway) server, clients must meet the conditions
    specified in at least one Remote Desktop connection authorization policy (RD CAP) and Remote Desktop resource authorization policy (RD RAP). 
    More information.
    Event ID 304 — RD Gateway Server Connections
    http://technet.microsoft.com/en-us/library/ee891047(v=ws.10).aspx
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    TechNet Community Support

  • Licensing for Remote Desktop Gateway

    Hello
    I searched a lot on several forum to gain an answer to my question. There is a lot of misunderstanding out there on the need for licensing for the Remote Desktop Gateway.
    I want to implement only the server role Remote Desktop Gateway for 20 users to connect remote to Window 7 computers in the LAN. The 20 remote users initiate the connection from they're own Windows 7 Laptop. The connection is:
    Windows 7 --- Remote Desktop Gateway --- Windows 7
    The remote users use software for production environments (PLC/DCS) on the Windows 7 computers in the LAN. So in this situation the remote users will not connect to session host servers (terminal servers). They only use the gateway to act as a proxy for
    RDP connections to the Windows 7 PC's in the LAN.
    What kind of licensing do i need for this situation?
    Do i need RDCAL's?
    Do i need Windows server device CAL's for the 20 devices of the 20 users that initiate the connection to the gateway?
    Thanks

    One other option you could consider, which is free, is to use 1 public IP address with 20 ports that NAT's and Port Forwards to the 20 internal computers.
    Example:
    If you have 1 available public IP address (let's say 1.2.3.4), and you assign static IP addresses (192.168.0.201 - .220) to the 20 internal computers, the firewall would NAT:
    1.2.3.4:50001 -> 192.168.0.201:3389
    1.2.3.4:50002 -> 192.168.0.202:3389
    1.2.3.4:50003 -> 192.168.0.203:3389
    1.2.3.4:50020 -> 192.168.0.220:3389
    This way, remote users would connect directly to their computer without the need for any additional licenses.
    Just a thought.
    Please mark as answer or vote
    as helpful when
    it applies. Thanks!

  • How to issue a self-signed certificate to match Remote Desktop Gateway server address requested

    I have an RDG server named gw.domain.local with port 3389/tcp forwarded from
    gw.example.com.
    Using RDGM snap-in I created a self-signed SSL certigicate with FQDN gw.example.com.
    But when I connect over RDP from outside the local network I'm getting an error:
    Your computer can't connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match
    Because certificate subject name is gw.domain.local indeed.
    So there question is: how to issue a certificate properly, or how to assign an existing one the name to match?

    Hi,
    Thanks for your post in Windows Server Forum.
    The certificate error which you are facing seems like certificate mismatch error, something like the security certificate name presented by the TS Gateway server does not match the TS Gateway name. You can try reconnecting using the FQDN name of the TS Gateway
    server. You can refer below article for more troubleshooting.
    TS Gateway Certificates Part III: Connection Time Issues related to TS Gateway Certificates
    And for creating a SSL certificate for RD gateway, you can refer beneath articles.
    1.  Create a Self-Signed Certificate for the Remote Desktop Gateway Server
    2.  Obtain a Certificate for the Remote Desktop Gateway Server
    Hope it helps!
    Thanks,
    Dharmesh

  • How enable remote desktop gateway manager server 2012 essentials

    how enable remote desktop gateway manager

    There is a DISM command,
    dism /online /disable-feature:Gateway-UI
    http://support.microsoft.com/kb/2472211/en-us
    Robert Pearman SBS MVP
    itauthority.co.uk |
    Title(Required)
    Facebook |
    Twitter |
    Linked in |
    Google+

Maybe you are looking for

  • Connecting the T410s to an external monitor

    1) Excuse the ignorant question but how would you connect the T410s to an external monitor?  The T410s has a DisplayPort port, but what if the monitor does not have a DisplayPort port but an HDMI port? 2) Which leads into my second question.  How wou

  • How to use XQuery Exist() Function on a SSIS XML file

    I have a Package Inventory table that has an XML Column named CurrentPackageXML. This XML column contains the SSIS Package XML. I need to use the XQuery Exist() function to determine if the errorRowDisposition="IgnoreFailure" exists. Below I have a b

  • How can I use a READ statement for the checking date =sydatum?

    Hello,      I need use a READ statement on an internal table ITAB (with feild var1) and check whether feild var1<= sydatum(i.e. var1 greater than or equal to sy-datum)....how can I implement this?? Regards, Shashank.

  • Valid period date of Cost Element

    hi, i have problem in cost element.actually my fiscal year is Jan.1.2011 to Dec31.2011.i create some cost element in 01012011 to31122011 (valid period )this period is system allow to enter the transaction.but i create some cost elements in 01.09.2011

  • CSM 2.0 install problem

    Hi, It seems that CSM 2.0 is not compatible to the current (1.8) Java version: C:\Users\X\Downloads\CSM-2.0>SetupCSM.cmd Incompatible java version found. This version of Cisco Software Manager requires  JRE 1.5,1.6,1.7