Windows Server 2019 RD Gateway disconnections

Question

Hello,

About one or two times each day for about two months, our remote desktop gateway server running Windows Server 2019 causes all users to be disconnected from their remote desktop sessions. This issue appears to have been identified by Microsoft since KB5040430where it is described in the "known bugs" section. The issue persisted to the following KB5041578 update, and the latest update, KB5043050 still has it listed as well. This has been very disruptive to our operations with the only solution at the moment being to rollback to previous versions, which we are uncomfortable with for security purposes. The disconnections are listed in the event log as follows:

ID: 700

Severity: Critical

Source: Microsoft-Windows-TerminalServices-Gateway

Log: Microsoft-Windows-TerminalServices-Gateway/Admin

The following exception code "3221225477" occured in the RD Gateway server. The RD Gateway will be restarted. No user action is required.

And afterwards, usually two minutes later:

ID: 103

Severity: Critical

Source: Microsoft-Windows-TerminalServices-Gateway

Log: Microsoft-Windows-TerminalServices-Gateway/Operational

The Remote Desktop Gateway service does not have sufficient permissions to access the Secure Sockets Layer (SSL) certificate that is required to accept connections. To resolve this issue, bind (map) a valid SSL certificate by using RD Gateway Manager. For more information, see "Obtain a certificate for the RD Gateway server" in the RD Gateway Help. The following error occurred: "2148073494".

I am writing to ask if there is any insight or temporary solution until Microsoft patches this issue.

Thanks!

Answer 1

Hello

Thank you for posting in Microsoft Community forum.

As you mentioned, this issue is related to multiple updates to the Microsoft (KB5040430, KB5041578, and KB5043050) and shows specific error messages in the event log. Here are some possible solutions and temporary measures.

1. Based on your error logs, RD Gateway reports "Not having sufficient permissions to access the required SSL certificate". You can try rebinding your SSL certificate: Open RD Gateway Manager. In the Actions pane on the right, select Properties. In the SSL Certificates tab, reselect and bind a valid SSL certificate.

Ensure that the RD Gateway service account has the appropriate read permissions on the SSL certificate being used. You can find the certificate in the Certificate Manager, right-click on the certificate, select All Tasks > Manage Private Keys, and add the account used by the RD Gateway service.

2. You can set the script to restart the RD Gateway service periodically to avoid frequent disconnections by users.

If there's a problem with the certificate you're currently using, you can try switching to an alternate certificate that is known to work.

3. Periodically review the logs in Event Viewer, especially those related to RD Gateway, to determine if there are any other errors or warnings that could help diagnose the problem.
4. Make sure the network connection is stable and regularly check the firewall settings and router settings to confirm that there are no configuration issues that are causing the connection to be interrupted.
5. If the issue still can't be resolved and affects the normal operation, you can consider temporarily rolling back to the previous security version while making sure that the version is acceptable to you in terms of security.
6. Stay tuned to Microsoft's updates on this issue, especially their support forums and official blog, so you can update new patches as soon as they are released.

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.



Regards,

Jill Zhou