Event ID 1001 — RD Gateway Server Connections
Applies To: Windows Server 2008 R2
For remote clients to successfully connect to internal network resources (computers) through a Remote Desktop Gateway (RD Gateway) server, clients must meet the conditions specified in at least one Remote Desktop connection authorization policy (RD CAP) and Remote Desktop resource authorization policy (RD RAP). RD CAPs specify who can connect to an RD Gateway server and the authentication method that must be used. RD RAPs specify the computers that clients can connect to through an RD Gateway server.
Note: A limit can be set on the RD Gateway server to restrict the maximum number of simultaneous client connections.
Event Details
Product: | Windows Operating System |
ID: | 1001 |
Source: | Microsoft-Windows-TerminalServices-Gateway |
Version: | 6.1 |
Symbolic Name: | AAG_EVENT_INVALID_WINDOWS_LICENSE |
Message: | The Remote Desktop Gateway service cannot determine the version of Windows that this computer is running. Therefore, users cannot connect to this RD Gateway server. To resolve this issue, please contact Microsoft Product Support Services. The following error occurred: "%2". |
Resolve
Restart the RD Gateway server, and if needed, remove and reinstall the Remote Desktop Gateway role service
To resolve this issue, restart the RD Gateway server. If the problem persists, try removing and reinstalling the Remote Desktop Gateway role service.
The failure to determine the version of Windows that the computer is running might be caused by one of the following issues:
- There is a problem with the Application Programming Interface (API) that provides the Windows version number (the API timed out).
- There is a problem with a hotfix or other update that was applied to the RD Gateway server (for example, if a hotfix or other update is not a genuine Microsoft software update). For more information, see the Microsoft Genuine Software Web site (https://go.microsoft.com/fwlink/?LinkId=102293).
Remove the Remote Desktop Gateway role service
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To remove the Remote Desktop Gateway role service:
- Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
- In the Server Manager console tree, click Roles. In the details pane, under Remote Desktop Services\Role Services, click Remove Role Services.
- In the Remove Role Services Wizard, on the Select Role Services page, clear the** Remote Desktop Gateway** check box, and then click Next.
- On the Confirm Removal Selections page, confirm that Remote Desktop Gateway appears in the list of role services to be removed, and then click Remove.
- On the Removal Results page, Remote Desktop Services (not Remote Desktop Gateway) will appear, indicating that a restart is pending. You must restart the server to finish removing the Remote Desktop Gateway role service.
- Click Close.
- You will be prompted to choose whether you want to restart the server now or later. Click Yes to restart the server immediately. Click No to restart the server later.
- After you restart the server, log on to the server by using the same user account that you used to log on to the server previously, when you began removing the Remote Desktop Gateway role service.
- The Resume Configuration Wizard will open and the removal of the Remote Desktop Gateway role service will be completed.
- On the Removal Results page, confirm that the removal succeeded for the Remote Desktop Gateway role service.
- Click Close.
Reinstall the Remote Desktop Gateway role service
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
Note: If the Remote Desktop Services role is already installed, begin with the steps in the section "To reinstall the Remote Desktop Gateway role service (if the Remote Desktop Services role is already installed)."
To reinstall the Remote Desktop Gateway role service (if the Remote Desktop Services role is not already installed):
- Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
- In Server Manager, under Roles Summary, click Add Roles.
- In the Add Roles Wizard, if the Before You Begin page appears, click Next. This page will not appear if you have already installed other roles and you have selected the Skip this page by default check box.
- On the Select Server Roles page, under Roles, select Remote Desktop Services, and then click Next.
- On the Remote Desktop Services page, click Next.
- On the Select Role Services page, select the Remote Desktop Gateway check box.
- If prompted to specify whether you want to install the additional role services required for Remote Desktop Gateway, click Add Required Role Services.
- On the Select Role Services page, click Next.
- On the Choose a Server Authentication Certificate for SSL Encryption, select the choice for an SSL encryption certificate that is appropriate for your environment, and then click Next. If you select Choose an existing certificate for SSL encryption (recommended), you must first click the certificate that you want to use, and then click Next. For information about choosing an SSL certificate, see "Obtain a certificate for the Remote Desktop Gateway server" in the Remote Desktop Gateway Manager Help in the Windows Server 2008 R2 Technical Library (https://go.microsoft.com/fwlink/?LinkId=178454).
- On the Create Authorization Policies for RD Gateway page, specify whether you want to create authorization policies (an RD CAP and an RD RAP) during the Remote Desktop Gateway role service installation process or later, and then click Next. If you select Later, for instructions about how to create these policies, see "Create an RD CAP" (https://go.microsoft.com/fwlink/?LinkId=178452) and "Create an RD RAP" (https://go.microsoft.com/fwlink/?LinkId=178450) in the Remote Desktop Gateway Manager Help in the Windows Server 2008 R2 Technical Library. If you select Now, do the following:
- On the User Groups That Can Connect Through RD Gateway page, click Add to specify additional user groups. In the Select Groups dialog box, specify the user group location and name, and then click OK as needed to check the name and to close the Select Groups dialog box. To specify more than one user group, do either of the following: Type the name of each user group, separating the name of each group with a semi-colon; or add additional groups from different domains by repeating the first part of this step for each group.
- After you finish specifying additional user groups, on the User Groups That Can Connect Through RD Gateway page, click Next.
- On the Create an RD CAP for RD Gateway page, accept the default name for the RD CAP (TS_CAP_01) or specify a new name, select one or more supported Windows authentication methods, and then click Next.
- On the Create an RD RAP for RD Gateway page, accept the default name for the RD RAP (TS_RAP_01) or specify a new name, and then do one of the following: Specify whether to allow users to connect only to computers in one or more computer groups, and then specify the computer group; or specify that users can connect to any computer on the network.
- Click Next.
- On the Network Policy and Access Services page (which appears if this role service is not already installed), review the summary information, and then click Next.
- On the Select Role Services page, confirm that Network Policy Server is selected, and then click Next.
- On the Web Server (IIS) page (which appears if this role service is not already installed), review the summary information, and then click Next.
- On the Select Role Services page, accept the default selections for Web Server (IIS), and then click Next.
- On the Confirm Installation Selections page, confirm that the following role services will be installed, if they have not been already installed: Remote Desktop Services\Remote Desktop Gateway, Network Policy and Access Services\Network Policy Server, Web Server (IIS), and RPC over HTTP Proxy.
- Click Install.
- On the Installation Progress page, installation progress will be noted. If any of these roles, role services, or features has already been installed, installation progress will be noted only for the new roles, role services, or features that are being installed.
- On the Installation Results page, confirm that installation for these roles, role services, and features was successful, and then click Close.
To reinstall the Remote Desktop Gateway role service (if the Remote Desktop Services role is already installed):
- Open Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.
- Under Roles Summary, click Remote Desktop Services.
- Under Role Services, click Add Role Services.
- On the Select Role Services page, select the Remote Desktop Gateway check box, and then click Next.
- If prompted to specify whether you want to install the additional role services required for Remote Desktop Gateway , click Add Required Role Services. On the Select Role Services page, click Next.
- Proceed to step 9 in the previous section, "To reinstall the Remote Desktop Gateway role service (if the Remote Desktop Services role is not already installed)," and then follow the rest of the steps in that section.
If these steps do not resolve the problem, contact Microsoft Customer Service and Support (CSS). For information about how to contact CSS, see Support Options from Microsoft Services (https://go.microsoft.com/fwlink/?LinkID=52267).
Verify
To verify that RD Gateway server connectivity is working, examine Event Viewer logs and search for the following event messages.
To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.
To verify that RD Gateway server connectivity is working:
- On the RD Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
- In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events:
- Event ID 101, Source TerminalServices-Gateway: This event indicates that the Remote Desktop Gateway service is running.
- Event ID 200, Source TerminalServices-Gateway: This event indicates that the client is connected to the RD Gateway server.
- Event ID 302, Source TerminalServices-Gateway: This event indicates that the client is connected to an internal network resource through the RD Gateway server.