none
Windows 8 and RD gateway not working!

    Pertanyaan

  • I have Windows server 2008 (not R2) server running RD gateway and now finding that any client that has upgraded to windows 8 can longer connect via the RD Gateway server.  We are using domain\username to log in as we have always done with windows 7 RDP client (which just worked).  After reading a number of posts where certain "fixes" or "workarounds" have worked sadly none of these appear to apply to our setup.

    I have made sure that ignore client certificates is set to ignore and restarted IIS, I have chacked the server logs and there are no failed logon events, in fact the authentication succeeds but the session isn't created.

    Running out of ideas now...any help?

    drac

    28 Nopember 2012 10:57

Semua Balasan

  • Hi,

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
    Thank you for your understanding and support.

    Regards,

    Clarence

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    29 Nopember 2012 6:40
  • Hi,

    To narrow down the issue, could you please help clarify the following information?

    ===========================================================

    a. How did you judge that the authentication succeed, but the RDP session created failed?

    b. Are there any errors/prompted warning message when the issue occurred? If yes, please provide the errors/warnings to us.

    c. Do all the Windows 8 clients have the issue or only some of them have the issue? Does the issue also occur on Windows 7 clients?

    d. Please let us know the Windows Server 2008 TS configuration information.

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    29 Nopember 2012 10:14
  • Hi,

    Thanks for the response, to answer your questions...

    a. How did you judge that the authentication succeed, but the RDP session created failed?

    There is an entry in the security event log showing a successful authentication request and no failures logon events for the time the user tried to connect

    b. Are there any errors/prompted warning message when the issue occurred? If yes, please provide the errors/warnings to us.

    There are no errors or warnings at the client side as such, the logon box just reports logon failure username or password incorrect and then re-prompts for UN and PW

    c. Do all the Windows 8 clients have the issue or only some of them have the issue? Does the issue also occur on Windows 7 clients?

    This happens with all Windows 8 clients or any Windows 7 client that has updated the RDP client to 6.2.9200, all other clients work ok.

    d. Please let us know the Windows Server 2008 TS configuration information

    Windows server 2008 (not R2), registered on the domain, with licensing server, TS gateway and session host added features.  SSL certificate purchased from trusted CA. CAP configured to allow all domain users and RAP configured to allow access to all resources.  Server has been working happily away and still does for the majority of clients.

    Hope this helps, let me knew if you need any further information.

    Regards

    Drac

    29 Nopember 2012 11:04
  • I can confirm the same issue.  Any client computer running Windows 8 cannot connect to an RDP host of it goes through a Gateway server.  I have 2 workstations, 1 running Windows 8 and one running Windows Server 2008 R2.  The Win8 machine cannot connect to my clients workstations, which are on a LAN behind a Gateway server, while the Win2K8R2 can connect without issue.

    I also use a program called Royal TS (to connect to many RDP machines at once) on my Win8 machine and since it uses the underlying RDP libraries of the host OS, it suffers from the same bug.

    Please advise on if and when a fix is ready as this has made it difficult for IT Consultants such as myself to manage our clients remotely.

    Regards,

    Sean Ford

    29 Nopember 2012 22:27
  • Hi,

    In Windows Server 2012/Windows 8, RDP connection support UDP protocol connections(but in Windows Server 2008, the RDP connection doesn't support UDP), if we don't customize it, then clients will choose the optimal protocols(TCP or UDP) for delivering the best user experience. If the Win8 clients use UDP for the RDP connection but Windows Server 2008 TS Gateway doesn't support that, then such issue will occur.

    Now I advise you configure below group policies:

    Enable Select RDP transport protocols and set the Transport Type as Use only TCP. The GP is under Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

    Enable Ture Off UDP On Client GP which is under Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client.

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Disarankan sebagai Jawaban oleh Ahdoga 18 Januari 2013 21:19
    30 Nopember 2012 7:17
  • I am having the same issue with RDS Gateway 2012 server.  Windows 8 clients can't connect to it, Windows 7 SP1 clients can connect but only after I remove the KB2592687 update i.e. the RDP 8.0 client update.

    I have Windows 2012 RDS Session Host, Broker, Web Access and Gateway running on a single server in a test environment.  Windows XP, 2003, 2008 and 2008 R2 (minus KB2592687 update) clients can connect to it without issue.

    The problem seems to be with RDP 8.0 clients.  I have disabled UDP in RDS Gateway properties, forced the RDP transport protocol to TCP on the Session Host and turned off UDP on the Windows 8 client.

    Any help appreciated!


    30 Nopember 2012 16:15
  • Hi,

    Wish this post can help you:

    http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/fda8b95c-32bb-4d34-b739-10733d9c92aa

    Regards


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    03 Desember 2012 7:59
  • Anonymous authentication is already enabled on the default website as is ignore client SSL certificates - still doesn't work for Windows 8 and Windows 7 once KB2592687 update i.e. the RDP 8.0 client update is installed.
    03 Desember 2012 15:53
  • Yes, I have been through the process in the link above also.  My set up was already configured like that so can't change anything, but some users did report that it worked for them so it must be a combination of a number of things.  Likewise I have started on the rote of assuming server 2012 would work, but the above post suggests otherwise.  Not tried changing any group policy settings yet so will give it a whirl.

    Drac

    04 Desember 2012 9:31
  • I even have it working with iTap RDP from an iPad now too so it is just Windows 8 clients and Windows 7 clients once KB2592687 update i.e. the RDP 8.0 client update is installed.
    04 Desember 2012 9:54
  • Hi,

    Windows 8 defaults to using TLS 1.2, and in Windows 7/Windwos Server 2008, by default it uses TLS 1.1. so you have to downgrade Windows 8 to use TLS 1.1 or 1.0; I use TLS 1.0.

    To disable TLS 1.2 in W8, do the following on the client:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001


    And the following to disable 1.1 (to fall back to TLS 1.0):

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
    "Enabled"=dword:00000000
    "DisabledByDefault"=dword:00000001

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    05 Desember 2012 1:29
  • I have added all of the above registry keys to my Windows 8 client and still have the same problem.
    06 Desember 2012 10:52
  • Hi ,

    I am writing to check how is the issue going on?

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    29 Desember 2012 7:38
  • No update...I'm not sure if Microsoft has even acknowledged the issue yet.

    29 Desember 2012 17:01
  • I have found that the issue is related to a Group Policy setting on our domain - I am still trying to find the exact policy setting causing the issue which is proving difficult as I am not a Domain Admin on our system!

    I built a fresh Windows 7 and Windows 8 image (non-domain joined) and both can connect to the Windows 2012 RDS via Windows 2012 RD Gateway without issue.  I joined both images to our domain and they then no longer work.  I remove them from the domain and they still don't work so obviously the policy setting isn't changed back upon domain removal.

    03 Januari 2013 10:10
  • I am also still trying to figure this out.  I have tried editing the group policies to use only TCP for RDP and that didn't work.  Tried setting the server IIS to ignore client certificates, that didn't work.  I mean, my phone connects fine (HTC 8x) and win xp and win 7 and even iPad and Android.  Can't figure our how MS could fail to connect to their own server products when everyone else can.  I am hoping to see a fix for this soon.

    -- Edit:  got it..  for some reason the first time I tried editing the group policy for RDP connection method it didn't work.  All I did was change it back, save and restart, change it to TCP ONLY again, restart and then it worked.  Cool..  Now, if only someone could get the Surface RT to work through an RD gateway.. MS support told me it won't and suggested we upgrade to Surface pro (more money).  Not a good answer MS, especially since our return window was eaten up trying to get this to work.  Now I am stuck with 2 Surface tabs at work that won't connect through RD gateway...  Ironically, Android tabs and iPad work fine with a $15 app.  Go figure.

    • Diedit oleh Ahdoga 18 Januari 2013 21:18
    16 Januari 2013 2:30
  • Could you tell me exactly which GP and setting you changed please?
    21 Januari 2013 17:27
  • Actually there are two places you can do this.  I used both.

    1. Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Desktop Connection Client  -- Turn off UDP On Client (enable this).

    2. Computer Configuration\Administrative Templates -- ALL Settings --  Look for "Select RDP Transport Protocols" and set this to TCP Only.

    You will need to restart.

    -- I have to credit #1 to Peterson Xiao (above).  He posted this.  I found #2 by poking around.  I tried # 2 first and it worked.  Then tried #1..  Both seem to work.  I left both settings in place.

    • Diedit oleh Ahdoga 21 Januari 2013 20:12
    21 Januari 2013 20:09
  • I just faced this issue on Windows Server 2012 with Windows 8 clients while working on my 70-415 exam...

    Seems this issue can be also traced to the SSL TLS requirement/support.

    To fix this on a Remote Desktop Web Access server, under each collection, Edit properties, Security, set it to "RDP Client Compatible" and reboot the server that is the RDCB(several if more than one in a HA setup). Fixes it.

    29 Maret 2013 18:44
  • hi Rune

    i haev configured my collections as you suggested but still the same error: unable to launch remote apps from Win 8 or Win 7 sp1 with rdp 8.0!!

    Can you explain how do you fix, if u did it?

    Thanks

    21 April 2013 21:12
  • I'll offer something else to try.  I was running into the same issues as others here.  Uninstalling KB2592687 worked for me, but that wasn't really a solution to me.  I tried setting both the "Turn of UDP on Client" and "Select RDP Transport Protocols" as suggested in this thread, but that didn't fix the issue for me either.  I also checked the IIS config for the Default Web Site, which already had Anonymous Access set to "Enabled".

    As I was troubleshooting this, I did notice that my login attempts weren't even registering in the TerminalService-Gateway Operational log in the Event Viewer, so I enabled advanced auditing of the "Logon/Logoff" events.  I then noticed Security Event ID 4625 in my Security Log, which brought me to this forum post:

    http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/3842a844-46c4-4943-9cc7-a88bcfa9119a/#609b7103-6f5d-4440-ab74-301c352566cf

    That reminded me that we set the LAN Manager authentication level in our domain (Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level).  For the problematic computers, we had this set to "Send LM & NTLM response".  I changed this to "Send NTLMv2 response only" and it started working.  I imagine "Send NTLMv2 response only. Refuse LM" and "Send NTLMv2 response only. Refuse LM & NTLM" will work as well.  Perhaps this will work for you?  Just make sure to test things after the change as the setting can affect compatibility with clients, services, and applications.

    • Disarankan sebagai Jawaban oleh Anchovie 25 April 2013 18:07
    25 April 2013 18:07
  • Just had this one solved (for us anyway) by MS Support (after many months) - make sure that only Anonymous Authentication is enabled on the Default Web Site (Windows Authentication should be disabled) - it appears to relate to RDP 8.0 only supporting NTLM v2 and the interaction that causes dependent on the security policy settings for the server.

    A little more at Terminal Services "Logon Attempt Failed" with RDP 8.0.

    24 Juli 2013 15:02
  • Has anyone solved this problem?  I have done everything in this article, and the Windows 8 client or Windows 7 with updated RDP 8.0 will not connect through TS Gateway to my Windows 2012 Server.  I have both domain-joined clients and non-domain-joined clients and both are experiencing the issue.  This is the error message I am getting:

    "Your computer can't connect to the remote computer because an error occurred on the remote computer that you want to connect to.  Contact your network administrator for assistance."

    Anyone have any more ideas?

    Jim C


    26 Agustus 2013 17:03
  • open up local group policy  Start-run-gpedit.msc

    go to Computer config-Admin Templates-Windows Components-Remote Desktop Services-Connections

    And enable TCP only in the "Select RDP transport Protocols".  For some reason in Windows 8 and 8.1 MS wont allow a connection to a TS Gateway Box over UDP, only TCP. Hope this helps. 

    06 Nopember 2013 20:22