none
The following exception code "3221225477" occured in the RD Gateway server. The RD Gateway will be restarted. No user action is required.

    Question

  • Hello everyone,

    I've been trawling around and cannot find any info on my problem.

    Server 2008 std R2 SP1 >> fully updated

    Running in vmWare workstation, to test in readiness for production vSphere environment (not sure if that's relevant, it crossed my mind as I had a gotcha in RD farms in that area and uni/multicast settings)

    I've worked around it by using the exact same config on Server 2008 - which is nice and stable, and in our production environment.

    The TSgateway service stops with 'The following exception code "3221225477" occured in the RD Gateway server', and no other detail - this can be reproduced at will by causing a RAP to fail (which is part of my testing). It stays running reliably when authentication requests are correct and RAP is satisfied, ie: u/n + p/w are correct and the remote host being requested is allowed.

    I'm keen to avoid being stuck on Server 2008 to workaround, any help appreciated !

    Thanks in advance,

    BP

    Thursday, June 28, 2012 2:24 PM

Answers

  • Hi,

    Please provide more details on how to reproduce the problem.  I installed Server 2008 R2 Standard from .iso, all windows updates, RDG, joined to domain, etc., created a RAP with one ip address included in the group.  I then tested from a client by attempting to connect using RDG to a server that was not allowed and I received the proper error message on the client (RD Gateway service did not crash).

    Have you tried deleting/recreating your RAP?  How about a simplified RAP?

    Thanks.

    -TP

    • Marked as answer by BigpaSQL Monday, July 09, 2012 7:31 AM
    Thursday, July 05, 2012 10:58 AM
    Moderator

All replies

  • Hi,

    Consider the following scenario:

    • You configure Remote Desktop resource authorization policies (RD RAP) on the computer.
    • Multiple users connect to the computer at the same time.

    Make sure that Windows Terminal server and client PC's NIC driver has been correctly installed and has been upgraded to the latest version.

    Do you have install any antivirus software?Please try to disable the antivirus software to see if the same issue still exists.

    For this case, please using Performance Monitor to monitor the performance of the server status, if the memory or CPU loading is too high. Then you can find which process ID causing the problem.

    More information:

    Using Performance Monitor

    http://technet.microsoft.com/en-us/library/cc749115.aspx

    Performance Monitor Wizard

    http://www.microsoft.com/downloads/en/details.aspx?FamilyID=31fccd98-c3a1-4644-9622-faa046d69214

    As a last resort,uninstalled TSGateway, ALL IIS, etc. Deleted all files in the folder %windir%\system32\inetsrv\config and all files in the folder %windir%\system32\inetsrv\metaback.After,restart the system and try to install TSGateway again



    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.



    Wednesday, July 04, 2012 8:44 AM
    Moderator
  • Hi,

    Thanks for the response.

    This machine is straight from template, ie: clean install + win updates, so no other roles / apps / pollution and it is a test server, with near zero load on it.

    Is there any way (reg keys or suchlike) that will create more logging ?

    Thanks,

    BP

    Thursday, July 05, 2012 10:36 AM
  • Hi,

    Please provide more details on how to reproduce the problem.  I installed Server 2008 R2 Standard from .iso, all windows updates, RDG, joined to domain, etc., created a RAP with one ip address included in the group.  I then tested from a client by attempting to connect using RDG to a server that was not allowed and I received the proper error message on the client (RD Gateway service did not crash).

    Have you tried deleting/recreating your RAP?  How about a simplified RAP?

    Thanks.

    -TP

    • Marked as answer by BigpaSQL Monday, July 09, 2012 7:31 AM
    Thursday, July 05, 2012 10:58 AM
    Moderator
  • http://support.microsoft.com/kb/2497787

    Check This Link Hope This Link 'll Help You :)


    DushYant

    Thursday, July 05, 2012 11:02 AM
  • Hi DushYant,

    I did see that in my travels, and did apply it - still got the problem (and reverted to prior to snapshot). Also, it is a test server with zero load on it...literally.

    Thanks though !

    BP

    Friday, July 06, 2012 7:58 AM
  • Hi TP,

    I realise it's a fundamental issue, as it falls over every time when RAP fails, and the config is really simplified. Apart from certificate, CAP, RAP and a couple of accounts...it's out of box. As per Clarence's first reply I've tried with all the different vNICs, just in case, but no change.

    One difference from your summary is that I'm not using a domain (although the working 2008 (not R2) production environment uses that for NLB/farm awareness, but not for RDG/RAP endpoint authentication). Also, another is that I'm using vmware...are you using physical or hyper-v etc ?

    (I can 'see' you scratching your head..) This is a managed services environment where the gateway is on management LAN and the RAP endpoints inside private vlans with only 3389 between them - they don't share a domain. As such, from outside world you authenticate to the RDG (locally with rdg\...), then the second prompt is for the RAP endpoint (locally, with xpclient\...)

    I'm just configuring it with a domain and will post shortly.

    Thanks again,

    BP


    • Edited by BigpaSQL Friday, July 06, 2012 8:22 AM
    Friday, July 06, 2012 8:20 AM
  • Thanks for your input guys - I'm going to put this post on ice whilst I sort out some other strangeness (unable to add certain groups into the CAP).

    Monday, July 09, 2012 7:31 AM
  • We have had a similar issue with Windows Server 2012 RDS. We have two connection brokers, two gateways (which are also web access) and two session hosts. But in the end, for us, the solution was different. We would have the gateway crash all the time as soon as we tried to open an app in RemoteApp. We had tried various settings without any effects, and everything was fine if we were bypassing the gateway in the setup, but the culprit was a GPO that we had enabled.

    Policies\Windows Settings\Security Settings\Local Policies - Security Options\System Cryptography

    System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing.

     

    Once we set this to Disabled, the gateway service stopped crashing.


    Philippe Carignan

    Tuesday, April 16, 2013 11:55 AM