locked
TerminalServices-Gateway Event ID 301 - The following error occured: "5" RRS feed

  • Question

  • Hi,

    I have setup a new Remote Desktop Gateway (on 2008 R2) with both a Connection Authorization Policy (one user group, no computer group) and a Resource Authorization Policy (one user group same as CAP, all network resources).

    The problem I'm having is that some of my users (who are within the User Group specified for the CAP and RAP policies) are unable to establish a connection.  Each time they try the RDG server logs the following TerminalServices-Gateway operational event;

    Log Name:   Microsoft-Windows-TerminalServices-Gateway/Operational
    Source:    Microsoft-Windows-TerminalServices-Gateway
    Date:     02/12/2010 07:38:48
    Event ID:   301
    Task Category: (5)
    Level:     Error
    Keywords:   Audit Failure,(16777216)
    User:     NETWORK SERVICE
    Computer:   magellan.swift.local
    Description:
    The user "DOMAIN\user", on client computer "xxx.xxx.xxx.xxx", did not meet resource authorization policy requirements and was therefore not authorized to resource "". The following error occurred: "5".
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
     <System>
      <Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B}" />
      <EventID>301</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>5</Task>
      <Opcode>30</Opcode>
      <Keywords>0x4010000001000000</Keywords>
      <TimeCreated SystemTime="2010-12-02T07:38:48.769448800Z" />
      <EventRecordID>1217</EventRecordID>
      <Correlation />
      <Execution ProcessID="4100" ThreadID="4956" />
      <Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel>
      <Computer>rdgcomputer.domain.local</Computer>
      <Security UserID="S-1-5-20" />
     </System>
     <UserData>
      <EventInfo xmlns="aag">
       <Username>DOMAIN\user</Username>
       <IpAddress>xxx.xxx.xxx.xxx</IpAddress>
       <AuthType>
       </AuthType>
       <Resource>
       </Resource>
       <ErrorCode>5</ErrorCode>
      </EventInfo>
     </UserData>
    </Event>

    When this happens a successful event, ID 200, is logged just before ID 301 detailing that the user and computer met the CAP policy requirements.

    The problem I've got is other standard domain users (who are not setup any differently) are able to successfully establish a connect to a RD host and can do so from the same machine.  I know the above error indicates the user is not meeting the RAP policy requirements but how does one figure out exactly what the issue is (bearing in mind my users are setup in exactly the same way)?  I've searched Microsoft documentation but have been unable to find out what The following error occurred: "5" in the event actually means.  Does anyone know?

    Many thanks in advance.

    Regards,

    Ross

     

     

     

     

    Wednesday, December 8, 2010 12:44 PM

Answers

All replies