Remote Desktop Gateway Support One Time Passwords?

Similar Messages

• Server 2012 R2 Remote Desktop Gateway. Most Simple and Secure Design For Small Environment?

  We would like users to be able to connect remotely over the Internet from their personal devices to their primary Windows 7 workstation (a physical box on their desk) by using the Microsoft RDP Client For Windows, Mac, iOS and Android.  There is no
  plan to use RDWeb or Remote Apps, or VDI.  Just plain remote access to their desktop PC without VPN plus a third party 2nd factor authentication product that can text them back a code to enter with their AD credentials (AuthAnvil or Duosecurity)
  We do not have TMG or ISA.
  We would like to get these services all running in a single server and be as simple as possible while still being very secure.
  The recommendations I see seem to suggest putting the RDG in a DMZ with either a domain controller on a new domain with a one-way trust to your internal domain or else a read-only domain controller on your domain and then RD Session Host and License server
  located on different servers on your internal LAN.
  http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
  That sounds like a lot of separate servers and cost for not a lot of users in our environment.
  Do we even need a separate session host server if there are no RDP sessions being hosted directly on the servers because  the users are only being redirected to connect to their workstations and will never be using terminal sessions on the server?
  Can the RODC or the Domain controller on new domain with the one-way trust be the same server as the Remote Desktop Gateway server and not separate servers?
  What is the most minimalist way to set this up with good security when opening all the ports needed to authenticate with internal DC is not secure enough?

  #2 sounds like we would need 2 Essentials servers and we will not have that.
  We currently have Server 2008 R2 and have 2012 Standard licenses that are not yet used.
  We have much more than 75 users total, but 75 is more than the number of users that will probably take advantage of using RD Gateway any time soon.  It will probably take time to catch on.
  If RD Gateway usage was to get super popular and more than 75 users were depending on access to it, then we could financially justify paying to buy all the CALs needed to run RD Gateway without Essentials.  Right now, they are skeptical that it will
  be worth spending much money on this and don't want to invest a lot  of money up front.
  My understanding is that if we have 75 or fewer users using RD Gateway then we need to by no CALs, just apply a Server Standard Edition License to the server, but if we had 76, we would need to turn off Essentials and buy 76 new CALs.
  Or would we need to add 50 CALs to the 25 that automatically come with Essentials?
  Also does "turning off" Essentials mean we would have to reinstall and redeploy the RDG or is it just a matter of enabling the RD license server and adding purchased CALs?
  No, when you buy essentials you get the right to create 25 users that access the server, when you create the 26th user you will need to have 26 CAL and RDS CAL. 

• Remote desktop gateway server is unavailable

  We get this error while trying to rdp to a computer almost everyday between 6:45am-7:10AM we have confirmed that IIS pools have enable 32-bit as false. The registry key in HKLM\Software\Microsoft\Rpc\RpcProxy is set with a value of "default web
  site"  the binding to port 443 is binded to the default website 3 times using https if you can browse to the site for two of them but the third cannot browse to the site. Should I remove the binding that cannot get to the site. Why is it only around
  this time that we cannot get remote access. We have changed our back settings and scheduled tasks to not run around this time but it continues to be a problem.

  Hi,
  Regarding the current issue, would you please let me know if the issue only occurred in the time range you mentioned in the original post? If so, would you please check if the Remote Desktop
  Gateway service is running correctly during that time? Please try to restart the service to see if it works.
  To start the Remote Desktop Gateway service
  Click
  Start, click Administrative Tools, right-click
  Services, and then click Run as administrator.
  In the
  Services (Local) list, right-click Remote Desktop Gateway, and then click
  Start.
  In addition, please also check other relevant application pools for the same setting - > SBS Web Workplace AppPool or SBS Web Applications application pool. You should make sure
  that all of the pools should run with Enable 32-Bit – False.
  And please also try to run the Fix My Network wizard to repair the bindings. For details, please refer to the article below.
  http://support.microsoft.com/kb/969743
  Hope it helps.
  Best Regards,
  Andy Qi
  Andy Qi
  TechNet Community Support

• How to issue a self-signed certificate to match Remote Desktop Gateway server address requested

  I have an RDG server named gw.domain.local with port 3389/tcp forwarded from
  gw.example.com.
  Using RDGM snap-in I created a self-signed SSL certigicate with FQDN gw.example.com.
  But when I connect over RDP from outside the local network I'm getting an error:
  Your computer can't connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match
  Because certificate subject name is gw.domain.local indeed.
  So there question is: how to issue a certificate properly, or how to assign an existing one the name to match?

  Hi,
  Thanks for your post in Windows Server Forum.
  The certificate error which you are facing seems like certificate mismatch error, something like the security certificate name presented by the TS Gateway server does not match the TS Gateway name. You can try reconnecting using the FQDN name of the TS Gateway
  server. You can refer below article for more troubleshooting.
  TS Gateway Certificates Part III: Connection Time Issues related to TS Gateway Certificates
  And for creating a SSL certificate for RD gateway, you can refer beneath articles.
  1.  Create a Self-Signed Certificate for the Remote Desktop Gateway Server
  2.  Obtain a Certificate for the Remote Desktop Gateway Server
  Hope it helps!
  Thanks,
  Dharmesh

• Remote Desktop Gateway and WebAccess Deployment - Multiple Logon Prompts

  I'm having a few issues with some multiple logon prompts using "Connect to a remote PC" via RD Web Access.
  I am able to log onto the RDWeb without a problem.
  Essentially once I make a connection to my end-device I first receive a logon prompt, I'm authenticated, then I'm asked again for another logon prompt. Any ideas how to resolve this?
  My layout is simple:
  1 VM in the DMZ that has the Remote Desktop Gateway and Remote Desktop Web Access roles installed. No connection broker, or session host.
  With my deployment I have a wildcard certificate bound to the Remote Desktop Gateway and it is bound properly in IIS. Remote Desktop functionality through the RDGateway works just fine. However, the only nuisance is that I get prompted multiple times for
  credentials when accessing the end-device regardless if my connection is from a domain-joined machine or a non-domain joined machine.
  I've tried using Web Single Sign On via http://anandthearchitect.com/2014/01/20/rds-2012-r2single-sign-on-using-windows-authentication-for-rdweb-page/ and it still does not work.
  Any ideas?
  Thanks,
  Dan

  Hi Dan,
  How many prompts are you seeing?  Expected behavior for Connect to a remote PC would be this:
  1. Log on to RDWeb
  2. Select Connect to a remote PC tab
  3. Enter server name in Connect to box, click Connect
  4. Unknown publisher warning, click Connect
  5. Credentials prompt, it should say These credentials will be used to connect to the following computers: 1. rdgw.domain.com (RD Gateway server) 2. remote.domain.com (remote computer)
  6. After entering credentials and clicking OK it should log you in to the remote computer.  This assumes that the destination is authenticated properly (usually via certificate) and the credentials are valid for both the RDG and the remote
  computer.  Normally in a domain environment the same credentials (domain\username) would be valid for the RDG and the remote server.
  -TP

• Connecting to Remote Desktop using proxy and Remote Desktop Gateway?

  I have setup a Remote Desktop Gateway server using Windows Server 2012 R2. I am using the Remote Desktop Gateway as an intermediary between to provide the remote desktop session over 443 since 3389 is blocked at many client locations.
  However, I ran into a problem with a client who's using a web proxy.
  Is is possible to configure Remote Desktop to connect via web proxy? If so, how? If not does any one have any suggestions on how to provide a Remote Desktop session via 443 over proxy for situations where you don't control the client's PC or network? Does RemoteApps
  allow for access via web proxy when using RD Gateway?
  The error message is below:
  Your computer can't connect to the remote computer because the web proxy server requires authentication. To allow unauthenticated traffic to an RD Gateway server through your web proxy server, contact your network administrator.
  Thanks for any help!

  Hi,
  My suggestion is to setup a RD Web Access server and make it available for your clients via proxy.
  Remote Desktop Web Access (RD Web Access)
  http://technet.microsoft.com/en-us/library/cc731923.aspx
  Thanks.
  Jeremy Wu
  TechNet Community Support

• Is there a way to Report out Remote Desktop Gateway Manager Monitor data?

  We are running Windows Server 2012 R2 Remote Desktop Services configured to provide a managed pool of VMs through a RD Gateway server. Everything is working well. We would like to generate a regular report on the information that shows up in the Gateway
  Monitoring window about connections and users etc. Is there any way to generate such a report without purchasing 3rd party software?

  Hi,
  Based on my experience, you can use Remote Desktop Gateway Manager to view information about active connections from Remote Desktop Services clients to internal network resources through an RD Gateway server. However, there is no such options in
  RD gateway manager to create reports for that.
  It seems that System Center Operations Manager can monitor Remote Desktop Gateway Service and the number of sessions that run through the RD Gateway are monitored.
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Remote Desktop Gateway threw WMBus (Enchanced Session Mode)?

  Hi.
  I am currently investigating the possibility to run a remote desktop gateway on an virtual machine, and connecting to it (udp) threw the wmbus instead of a network adapter. It such a thing possible? Basically what I am asking is if I get use the VMBUS to
  connect to machine as i would a network adapter (on a specific upd port).
  I ran across a post enabling debugging threw the VMBUS (I think): http://withinrafael.com/how-to-set-up-synthetic-kernel-debugging-for-hyper-v-virtual-machines/ if
  this is any way related to my question.
  Cheers

  Hi Sir,
  I have read that article , it seems that the NET debug of VM was passed to physical NIC (As far as I know Net debug for VM is not supported ) .
  In addition , there is no settings for RDG to change the communication from TCP/UDP to VMBUS also we can not configure VMBUS .
  Based on  this , it is not possible to do that .
  Best Regards,
  Elton Ji
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] .

• How enable remote desktop gateway manager server 2012 essentials

  how enable remote desktop gateway manager

  There is a DISM command,
  dism /online /disable-feature:Gateway-UI
  http://support.microsoft.com/kb/2472211/en-us
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Remote Desktop Gateway - Event 304/Error "23005"

  Hi,
  I am tearing my hair out.  I have a RD Gateway server that is pointing towards a RD Farm.  I cannot connect to it using the Gateway.  I keep getting the the following error in the TerminalServices-Gateway Operational log:
  Log Name:      Microsoft-Windows-TerminalServices-Gateway/Operational
  Source:        Microsoft-Windows-TerminalServices-Gateway
  Date:          10/7/2014 10:56:02 AM
  Event ID:      304
  Task Category: (3)
  Level:         Warning
  Keywords:      (16777216)
  User:          NETWORK SERVICE
  Computer:      XXXXXXXXXXX.wbc.local
  Description:
  The user "XXXXXX", on client computer "XXX.XXX.XXX.XXX", met connection authorization policy and resource authorization policy requirements, but could not connect to resource "SyteLine.wbc.local". The following error occurred:
  "23005".
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" />
      <EventID>304</EventID>
      <Version>0</Version>
      <Level>3</Level>
      <Task>3</Task>
      <Opcode>44</Opcode>
      <Keywords>0x4000000001000000</Keywords>
      <TimeCreated SystemTime="2014-10-07T15:56:02.952172000Z" />
      <EventRecordID>183</EventRecordID>
      <Correlation />
      <Execution ProcessID="2428" ThreadID="3140" />
      <Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel>
      <Computer>WBC-SLGW-01.wbc.local</Computer>
      <Security UserID="S-1-5-20" />
    </System>
    <UserData>
      <EventInfo xmlns="aag">
        <Username>XXXXXXXXXXXXX</Username>
        <IpAddress>XXX.XXX.XXX.XXX</IpAddress>
        <AuthType>
        </AuthType>
        <Resource>SyteLine.wbc.local</Resource>
        <ErrorCode>23005</ErrorCode>
      </EventInfo>
    </UserData>
  </Event>
  Any ideas?  Lots of googling has not helped
  Thanks

  Hi,
  Thank you for posting in Windows Server Forum.
  To resolve this issue, ensure that Remote Desktop is enabled and that the user is a member of the Remote Desktop Users group on the target computer. 
  Please check that you have properly configured RD CAP and RD RAP policy for RD Gateway server. For remote clients to successfully connect to internal network resources (computers) through a Remote Desktop Gateway (RD Gateway) server, clients must meet the conditions
  specified in at least one Remote Desktop connection authorization policy (RD CAP) and Remote Desktop resource authorization policy (RD RAP). 
  More information.
  Event ID 304 — RD Gateway Server Connections
  http://technet.microsoft.com/en-us/library/ee891047(v=ws.10).aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• Remote Desktop Gateway on Windows Server 2012 R2 and IPAD

  Hi guys,
  Would love some help with an issue I been struggling for a couple of days now.
  I have a RDS 2012 R2 Gateway configured and it works great with all Windows clients both internal and external communication. The problems comes now when my I want to use  IPAD
  from APPLE. I installed latest RD Client from Microsoft and it works great from the internal network but as soon the device is moved to an external network the client get an error while connecting. Gateway is located in the domain network.
  The error is “Failed to parse authorization Challenge”,
  This is what I see in the log file from the RD Client.
  [2014-Mar-06 16:53:49] RDP (0): --- BEGIN INTERFACE LIST ---
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip1 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip2 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip3 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip4 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): en1 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): ap1 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): en0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): awdl0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): --- END INTERFACE LIST ---
  [2014-Mar-06 16:53:49] RDP (0): Not using any proxy
  [2014-Mar-06 16:53:49] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
  [2014-Mar-06 16:53:54] RDP (0): Resolved 'MB-RDS-01.contoso.LOCAL' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
  [2014-Mar-06 16:53:54] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
  [2014-Mar-06 16:53:54] RDP (0): Final rdp configuration used: {
      activeUsername = " Contoso\\User01";
      arcTimeout = 1800;
      cacheId = 12BF328DD1C8B841;
      certificatesUseRedirectName = 1;
      configurationVersion = 8;
      font = 1;
      gatewayId = F2EE288CD1C8B841;
      gatewayMode = 2;
      gwAutodetectState = kConnectionGwAutodectedForceGW;
      host = "MB-RDS-01.CONTOSO.LOCAL";
      label = "Murbiten - Terminal Server";
      loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.Contoso_-_Termi";
      mouseMode = "-1";
      port = 3389;
      temporary = 1;
      type = rdp;
      useAlt = 0;
      utilityBar = "-1";
      webFeedVersion = "Windows 2008 R2 or newer";
      connections =     (
          F4BF288CD1C8B841,
          12BF328DD1C8B841
      host = "remote.customer.com";
      id = F2EE288CD1C8B841;
      port = 443;
      temporary = 1;
      type = rdp;
      kCFProxyTypeKey = kCFProxyTypeNone;
  [2014-Mar-06 16:53:54] RDP (0): --- BEGIN INTERFACE LIST ---
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip1 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip2 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip3 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip4 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): en1 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): ap1 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): en0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): awdl0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): --- END INTERFACE LIST ---
  [2014-Mar-06 16:53:54] RDP (0): Not using any proxy
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
  [2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
  [2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
  [2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
      User Message : Failed to parse authorization Challenge
  [2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
      User Message : Failed to parse authorization Challenge
  [2014-Mar-06 16:53:54] RDP (0): Error message: Failed to parse authorization Challenge(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
  [2014-Mar-06 16:53:54] RDP (0): ------ END ACTIVE CONNECTION ------
  en → en
  authorization
  Adam Bokiniec

  Hi Jeremy,
  I found a solution, thanks for you effort. The solutions is the following.
  First thing that needs to be done is either solution from options below, I did the Solution 1 in my case and added a NPS server to AD. (https://blogs.technet.com/b/networking/archive/2010/01/14/remote-desktop-gateway-client-fails-authentication-with-your-user-account-is-not-authorized-to-access-the-rd-gateway.aspx)
  Solution 1
  Register the NPS server in Active Directory:
  In Server Manager, browse to the following location: Roles\Network Policy and Access Services\NPS (Local).
  Right click on the NPS (Local) node and choose Register server in Active Directory.
  Click OK to authorize the server when prompted.
  Solution 2
  Open Active Directory Users and Computers on any Domain Controller of the same domain as the Remote Desktop Gateway.
  Add the Computer Name of the Remote Desktop Gateway to the RAS and IAS Servers group.
  Situation B
  Restart the RDS host and Gateway server.
  Secondly and the most important is to configure an alternate address that match your public certificate. My public certificate CNAME is “remote.domain.se”.
  All commands need to be run as administrator in PowerShell
  To show you current configuration run the following commands:
  CollectionName is the Collection Name you created for the RDS deployment.
  To get your collection name type
  Get-RDSessionCollection
  When you got the collection name type
  Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
  The default configuration will look like this:
  CustomRdpProperty     : use redirection server name:i:1
  No to add you public domain name that match the certificate run the following command
  Set-RDSessionCollectionConfiguration –CollectionName " RDS - Terminal Server " -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:remote.domain.se
  Run again to verify your settings
  Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
  Now it show look something like this
  CustomRdpProperty     : use redirection server name:i:1
                           alternate full address:s:remote.domain.se
  IPADs and iPhones can now connect to your environment.
  Adam Bokiniec

• One Time Password (OTP) on mobile/email required in Oracle Apps R12

  Dear All,
  Good Day! Hope you all are doing well.
  My management needs OTP on mobile/email for log-in into Oracle APPs R12 for some key users in our Organization.
  Let me explain the requirement is detail, When user log-in to oracle apps by entering his/her user name and password then system send an email or send sms on mobile for One time password. When user provide this OTP then he is able to log-in to the Oracle Apps.
  Any body have some idea then please guide.
  Regards,
  Saquib.

  Hi,
  Based on our experience, if the NTLM error occurs, please check the password.
  Regards,
  Mike
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Two factor authentication in wireless network by one-time password

  is this possible? What required for this scenario?

  Hello, thanks for the answer.
  I will try to tell in more detail that we want.
  We already have the following equipment:
  Cisco WLC 5508 and some ap's
  Cisco ACS
  Microsoft AD Server
  Process of authentication of the user in a wireless network is represented to me following:
  at first the user enters the registration data, then to him through SMS the one-time password comes.
  Thus we don't want to use digital certificates.
  Whether such scheme is possible?

• CSV file for users who have one-time password email address

  Hi Guys,
  I am trying to extract the list of users who have one-time password email address in FIM or users who have registered with one-time password reset authentication workflow. I need to get their email addresses in CSV file.
  Regards
  Sarwar
  Sarwar

  Take a look at:
  http://social.technet.microsoft.com/wiki/contents/articles/3616.how-to-use-powershell-to-export-all-users-who-have-registered-for-self-service-password-reset-sspr.aspx
  The script queries a WorkFlow called "Password Reset AuthN Workflow" and returns its ObjectID, then uses it to do a new query searching for "Users" with these parameters:
  AuthN WorkFlow Registered = ObjectID of "Password Reset AuthN Workflow"
  The script exports these details to a CSV.
  Also, all OTP email addresses should be stored in the "msidmOneTimePasswordEmailAddress" attribute in the FIM Portal.

• Remote Web Access (remote desktop gateway) issue with WHS2011

  I have been using Remote Web Access on my Windows Home Server 2011 for several years with no problems. Over the past several weeks, though, I have been receiving an error when I try to connect to a computer through WHS's Remote Web Access:
  "...the Remote Desktop Gateway is temporarily unavailable." Interestingly, when I try to connect from a Windows 8.1 computer, I just get a dialog box that says "Initiating connection," but the connection is never established. I cannot
  find any relevant errors in any of the event logs.
  I have read numerous articles relating to WHS configuration and port forwarding, but these do not have any information that addresses my situation. I have ports 4125, 80, and 443 forwarded to my Home Server. As I said, everything has been working fine with
  this configuration until several weeks ago -- I suspect it might have something to do with a .NET Framework 4.5 update that was recently installed (and that has now been uninstalled), but that is the only change I can think of.
  Any help would be greatly appreciated! Thanks!

  Hi,
  As you have commented that after installing .Net framework you are facing this issue. So after uninstalling still you are facing the same issue. Apart from installing .Net framework 4.5, have you installed or done any other change on your server?
  Here you can check that “Remote Gateway Service” is running. Please check and restart the service if it’s stop. Apart you can check below 2 article for more detail step.
  1.  Can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable error via SBS 2011 
  2.  This computer can't connect to the remote computer because the Terminal Services Gateway server is temporarily unavailable (Try to perform the steps as suggested for
  WHS 2011)
  Hope it helps!
  Thanks,
  Dharmesh