none
Remote Desktop Gateway Service Stops Responding

    Question

  • Hello Experts!

    I have the NPS extension for Azure MFA configured as described in the following document: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg

    If a user does NOT respond to the MFA prompt (does not select approve or deny) then the remote desktop gateway service stops responding. The server needs to be restarted in order for the remote desktop gateway server to process login requests again.

    This same issue has been reported by multiple users on Technet: https://social.technet.microsoft.com/Forums/windowsserver/en-US/8c0cd4a4-e251-433c-b47f-8028cc774807/remote-desktop-gateway-service-timeout-and-hang-with-azure-mfa?forum=winserverTS

    Increasing the timeout to 60sec as described in the doc is not helping! Please Suggest!



    CreedHameed

    Tuesday, May 15, 2018 5:11 PM

Answers

  • Hi,

    >>I have a case open with Microsoft for this very issue. They have acknowledged that the issue is in the RDS side, not Azure. The Gateway service seems to stop waiting for the NPS/CAP authentication after 30s.

    Quote from the thread you had mentioned. 

    Please try to increased the Timeout Value for RDG using below registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core

    Value name: IasTimeout
    Value data: 120000 ( Hex)
    Type: DWORD ( 32-bit)

    Please bake up the registry before any change. Besides, please re-start system after changing in order to have the change effected. 

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 16, 2018 9:42 AM
    Moderator

All replies

  • Hi,

    >>I have a case open with Microsoft for this very issue. They have acknowledged that the issue is in the RDS side, not Azure. The Gateway service seems to stop waiting for the NPS/CAP authentication after 30s.

    Quote from the thread you had mentioned. 

    Please try to increased the Timeout Value for RDG using below registry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core

    Value name: IasTimeout
    Value data: 120000 ( Hex)
    Type: DWORD ( 32-bit)

    Please bake up the registry before any change. Besides, please re-start system after changing in order to have the change effected. 

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 16, 2018 9:42 AM
    Moderator
  • Hi,

    How things are going there on this issue?

    Please let me know if you would like further assistance.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 18, 2018 2:13 AM
    Moderator
  • Hi,

    Is there any update?

    Please click “Mark as answer” if any of above reply is helpful. It would make this reply to the top and easier to be found for other people who has the similar problem.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 22, 2018 1:48 AM
    Moderator
  • I am still waiting for my client to test it, I will let you know the result. 

    CreedHameed

    Tuesday, May 22, 2018 7:15 PM
  • Hi,

    Thank you for updating, please feel free to let us know if there is any new.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 23, 2018 9:13 AM
    Moderator