Event ID 641 — RD Gateway Server Availability
Applies To: Windows Server 2008 R2
.jpg)
The Remote Desktop Gateway (RD Gateway) server must be available on the network, and the appropriate services must be running on the RD Gateway server. The Remote Desktop connection authorization policy (RD CAP) and the Remote Desktop resource authorization policy (RD RAP) stores must also be available, so that these policies can be evaluated to determine whether remote clients meet policy requirements. RD CAPs specify who can connect to an RD Gateway server. RD RAPs specify the internal network resources (computers) that clients can connect to through an RD Gateway server. If RD CAPs and RD RAPs are not available, the RD Gateway server will not be available for client connections.
Event Details
| Product: | Windows Operating System |
| ID: | 641 |
| Source: | Microsoft-Windows-TerminalServices-Gateway |
| Version: | 6.1 |
| Symbolic Name: | AAG_EVENT_IAS_TO_NAP_FAILED |
| Message: | RD Gateway Network access Policy engine received failure from IAS and the error was "%2" |
Resolve
Ensure that the Network Policy Server service is started
To resolve this issue, ensure that the Network Policy Server service is started.
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
If you have configured local Remote Desktop connection authorization policies (RD CAPs), perform the following procedure on the RD Gateway server. If you have configured central RD CAPs (RD CAPs that are stored on another computer running the Network Policy Server service), perform the following procedure on the NPS server where the central RD CAPs are stored.
To ensure that the Network Policy Server service is started:
- On the RD Gateway server or the NPS server where the central RD CAPs are stored, click Start, point to Administrative Tools, and then click Services.
- In the Services snap-in, find Network Policy Server, and then confirm that Started appears in the Status column.
- If the status is not Started, right-click Network Policy Server, and then click Start.
- If the attempt to start only the service fails, restart the computer. This forces all related and dependent services to restart.
- If you want the service to always start automatically after the server is restarted, right-click Network Policy Server, click Properties, and in Startup type, select Automatic, and then click OK.
Verify
To verify that the RD Gateway server is available for client connections, examine Event Viewer logs and search for the following event messages. These event messages indicate that the Remote Desktop Gateway service is running, and that clients are successfully connecting to internal network resources through the RD Gateway server.
To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.
To verify that the RD Gateway server is available for client connections:
- On the RD Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
- In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events:
- Event ID 101, Source TerminalServices-Gateway: This event indicates that the Remote Desktop Gateway service is running.
- Event ID 200, Source TerminalServices-Gateway: This event indicates that the client is connected to the RD Gateway server.
- Event ID 302, Source TerminalServices-Gateway: This event indicates that the client is connected to an internal network resource through the RD Gateway server.