none
Windows 8 Remote Desktop Gateway not working (Windows 2008 TS Gateway)

    Question

  • Everything works perfectly with Windows 7 and Vista

    Windows 8 : Remote Desktop Gateway (Web TS access or RDP Client) not working (with Windows 2008 TS Gateway) :

    I imported my root certificate. (I do the same thing on Windows 7 or Vista)

    Certificate appears under the Trusted Root Certification Authorities store

    I configure my gateway with the RDC client or I use the Web TS access. 

    Error message : the logon attempt failed

    do you have any ideas ?

    Tuesday, October 16, 2012 12:37 PM

Answers

  • Check the IIS logs for entries from the clients. Are you seeing 401 status similar to the below?

    2012-11-05 19:32:56 192.168.1.14 RDG_OUT_DATA /remoteDesktopGateway/ - 443 - 192.168.0.105 MS-RDGateway/1.0 401 2 5 718

    On a Windows 2008 host, when a client connects using the 8.0 client, its normal to see entries like this but with a 404 status. (The 404 is expected.)

    Check to see if anonymous authentication is disabled for the default website? If so, re-enable it and test.

    • Marked as answer by sim007 Wednesday, November 07, 2012 2:13 PM
    Monday, November 05, 2012 8:37 PM

All replies

  • Hi,

    1. When logging on from the Windows 8 Remote Desktop Client, are you entering your full username (domain\username) when prompted for credentials?

    2. Please attempt to connect from Windows 8, and then immediately after check the Security log as well as the Applications and Services Logs\Microsoft\Windows\TerminalServices-Gateway\Operational logs using Event Viewer.  There should be audit failure events in the Security log.

    Please post any errors/warnings that occur around the time of the failed log on attempt.  When looking at the audit failure events pay close attention to the domain and username that it thinks is failing.

    3. Are you using the Metro/Modern UI Remote Desktop Client or the desktop RD Client (mstsc.exe)?

    Thanks.

    -TP


    Tuesday, October 16, 2012 12:56 PM
    Moderator
  • @TP

    1. When logging on from the Windows 8 Remote Desktop Client, are you entering your full username (domain\username) when prompted for credentials? YES

    2. 2. Please attempt to connect from Windows 8, and then immediately after check the Security log as well as the Applications and Services Logs\Microsoft\Windows\TerminalServices-Gateway\Operational logs using Event Viewer.  There should be audit failure events in the Security log. No server log for these connection attempts. Really Weird !

    3.Are you using the Metro/Modern UI Remote Desktop Client or the desktop RD Client (mstsc.exe)? RD Client (mstsc.exe) and RD TS WEB ACCESS

    Works perfectly with Windows 7 and Vista

    I tried on two different Windows 8 PC with two different internet provider...

    Weird ! looks like it's not compatible ??? 





    • Edited by sim007 Tuesday, October 16, 2012 3:17 PM
    Tuesday, October 16, 2012 2:34 PM
  • Hi,

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
    Thank you for your understanding and support.

    Regards,

    Clarence

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, October 22, 2012 9:49 AM
    Moderator
  • Hi,

    Could you please provide more information about the issue, such as:

    Please describe more details about your RDS environment/symptom:

    ---such as do you like RDP to your internal RDS servers from external Windows 8 client? How many RDS servers and what kind of server edition are they, etc.

    ---If you RDP to the internal servers from internal Windows 8 client, does the issue still persist?

    ---If you try to reproduce it from another external Windows 8 client, does the issue still occur?

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, October 24, 2012 6:01 AM
  • Server Gateway :

    Windows 2008 R1 TSG

    Policy CAP and RAP :  same user's assigned group

    CAP: "disable device redirection for all devices execpt smart cards" is selected

    Destination :

    Any network ressource

    External Remote Client

    Windows 8 RD Client (mstsc.exe) and RD TS WEB ACCESS

    Root Certificate appears under the Trusted Root Certification Authorities store

    ------------------------------------------------------------------------------------

    Works perfectly with Windows 7, Vista and XP (external remote client)

    Works perfectly with Mac OS with iTap mobile RDP * Now also supports TS Gateway !!!!

    No problem internally with a Windows 8 computer without gateway

    I tried 3 different external windows 8 Error message : the logon attempt failed

    WEIRD !



    • Edited by sim007 Wednesday, October 24, 2012 6:23 PM
    Wednesday, October 24, 2012 5:12 PM
  • Hi,

    When you said that the certificate is under Trusted Root Certification Authorities store, please make sure whether it's for user or for compurter(it should be for computer, the full path should be Console1-[Console Root\Certificates(Local Computer)\Trusted Root Certification Authorities]).

    Also please make sure the LmCompatibilityLevel registry(it locates at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa) on both Windows 8 client and internal network clients/servers. The value on both side should be work.

    As I know, the authentication process uses two different protocols, called LanMan and NTLM. The process starts with the client requesting a challenge from the authentication server. Once the challenge is received the client computes a response to this challenge. This is done by first padding the two hashes of the password with NULLs to 168 bits. 

    If the issue still persists, please let us know what kind of the certificat, is it a self-assigned certificate, applied from an internal CA or purchase from third party?

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, October 25, 2012 5:17 AM
  • There is no LmCompatibilityLevel key. I need to create this key?

    Self-assigned certificate, applied from an internal CA

    Works perfectly with Windows 7, Vista and XP (external remote client)

    Works perfectly with Mac OS with iTap mobile RDP * Now also supports TS Gateway !!!!

    No problem internally with a Windows 8 computer withoutgateway

    I tried 3 different external windows 8 Error message : the logon attempt failed

    Thursday, October 25, 2012 12:45 PM
  • Hi,

    Please try to add this key and have a try,  after you add this key, the specific server/client should reboot to take effect. Here is a article talk about the detail information. http://technet.microsoft.com/en-us/library/cc960646.aspx.

    Besides, please try to turn off the Windows Firewall or third party firewall and have a try.

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, October 26, 2012 2:45 AM
  • Hi,

    We have not heard you for some days, could you please let us know how are things going?

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, October 30, 2012 2:45 AM
  • I too am having this same problem.  I have a Windows Server 2008 R2 Server running RD Services.  I can connect without any problems under Windows 7 and also XP.  However, after upgrading my home PC to Windows 8 Pro, I can no longer connect.  I also have sveral RemoteApps that no longer work. 

    I can Remote Desktop in to other systems.  It is only when I use the Conect from Anywhere option under the Advanced Options for a Remote Desktop Connection.  If I put out server name in there, it will not allow me to connect to our RD Gateway server.

    Could this be a security issue on the RD Gateway Server that needs to allow Windows 8 Clients to connect?

    Tuesday, October 30, 2012 3:14 PM
  • I too am having this same problem.  I have a Windows Server 2008 R2 Server running RD Services.  I can connect without any problems under Windows 7 and also XP.  However, after upgrading my home PC to Windows 8 Pro, I can no longer connect.  I also have sveral RemoteApps that no longer work. 

    I can Remote Desktop in to other systems.  It is only when I use the Conect from Anywhere option under the Advanced Options for a Remote Desktop Connection.  If I put out server name in there, it will not allow me to connect to our RD Gateway server.

    Could this be a security issue on the RD Gateway Server that needs to allow Windows 8 Clients to connect?

    Here same problem !!!!!!! its the same problem like in the win 8 pre release..

    same setup as above.. win 2008 r2 and win 8 cliend rdp anywhere doenst work ! included rdweb access, i thought it was a problem of the beta this summer so i said it will be ok on the final version.. but it isnt..

    everything works except remote app and remote desktop trought anywhere.

    26 october after upgrading some clients to win 8 from win 7 everyhting stopped working..

    i am too angry..

    one more thing may address this, anywhere clients, even in vpn working perfectly, in vpn they can remote desktop normaly but not trought remote app or rdweb

    Tuesday, October 30, 2012 7:17 PM
  • Try this:

    On your Server 2008 R2 Machine:

    1.  Open IIS manager

    2.  Select the default web site

    3.  Select SSL

    4.  Change the setting to ignore client certificates.

    • Proposed as answer by BrianGrimm Wednesday, October 31, 2012 4:24 AM
    Wednesday, October 31, 2012 4:24 AM
  • ok tried personally right now... because before i had feedback that wasnt the correct issue..

    you are corrrect.. great work..

    anyway this isnt the correct behavior.. so.. something must be fixed

    dont think so ?

    Wednesday, October 31, 2012 10:34 AM
  • if it is a certificate problem, it shouldn't work inside and outside, the fact is that inside works... just not ouside, did you face the same behavior ?

    Outside in vpn didnt work for me too ! even if the vpn works perfectly, i mean NetBIOS, dns, discover etc..

    Wednesday, October 31, 2012 10:39 AM
  • ok tried personally right now... because before i had feedback that wasnt the correct issue..

    you are corrrect.. great work..

    anyway this isnt the correct behavior.. so.. something must be fixed

    dont think so ?

    Correct.  This is just a workaround.  Microsoft still needs to fix this.

    • Edited by BrianGrimm Wednesday, October 31, 2012 2:06 PM
    Wednesday, October 31, 2012 2:05 PM
  • You Sir, are my hero. Thanks for solving this very, very hard to find bug. Now I can finally use Win8 without dualboot Win7 for RDP!
    Wednesday, October 31, 2012 5:44 PM
  • This fix worked for me.  I can now Remote Desktop using a RD Gateway and also run RemoteApps which all connect through our Windows 2008 R2 Servers.  Thank you so much for this workaround. 
    Thursday, November 01, 2012 1:48 AM
  • Thank you!!!! After 4 days I found your solution which solved my RDP connection problem using Windows 8.
    Friday, November 02, 2012 7:03 PM
  • not working for me.. The box "Ignore"was already checked :(

    TSG windows 2008 R1 SP1 with windows 8 client

    Works perfectly with Windows 7, Vista and XP (external remote client)

    Works perfectly with Mac OS with iTap mobile RDP * Now also supports TS Gateway !!!!

     
    • Edited by sim007 Friday, November 02, 2012 8:48 PM
    Friday, November 02, 2012 8:47 PM
  • Also doesn't work for me... only XP can connect, 7 and 8 not - same config as sim007.
    Sunday, November 04, 2012 11:32 PM
  • Check the IIS logs for entries from the clients. Are you seeing 401 status similar to the below?

    2012-11-05 19:32:56 192.168.1.14 RDG_OUT_DATA /remoteDesktopGateway/ - 443 - 192.168.0.105 MS-RDGateway/1.0 401 2 5 718

    On a Windows 2008 host, when a client connects using the 8.0 client, its normal to see entries like this but with a 404 status. (The 404 is expected.)

    Check to see if anonymous authentication is disabled for the default website? If so, re-enable it and test.

    • Marked as answer by sim007 Wednesday, November 07, 2012 2:13 PM
    Monday, November 05, 2012 8:37 PM
  • Thanx Adam now everything works including Windows 8 !
    Wednesday, November 07, 2012 2:18 PM
  • Try this:

    On your Server 2008 R2 Machine:

    1.  Open IIS manager

    2.  Select the default web site

    3.  Select SSL

    4.  Change the setting to ignore client certificates.


    Yes, this works great. Thank you!
    Tuesday, November 13, 2012 1:12 AM
  • BrianGrimm,

    This answer was driving me crazy.  Support about 25 computer connections to a test RD Services 2008 Server, only 1 computer failed after working for about 3 months.  Never had any other problems.  This solution fixed it.  Note: that this started occuring after an patch to a Windows 7 machine and all Windows 8 machines I tried.

    Thanks so much!!!!

    Sunday, November 25, 2012 4:40 AM
  • This is going to be a right royal pain if I can't get this sorted.

    I have checked that the default site is set to ignore client certificates and still no dice.  I have also made sure that anonymous authentication was configured along with windows and forms authentication.

    Any other ideas on this subject?

    Drac

    Tuesday, November 27, 2012 10:09 PM
  • I faced the same problem on 25 upgraded win8 stations from XP. We tried everything above without result. After a clean install on each pc everything works fine, logging in to a gateway server 2012. So it seems to be a pc related problem when upgrading from a older windows version.
    Saturday, December 01, 2012 7:27 AM
  • I'm facing the same issues with RDP 8 Clients on Windows 7 SP1.

    Also tried all the suggestions without any success.

    Maybe we simply should consider this a bug! The only thing I expect, would be a statement from Microsoft!

    Christian

    Wednesday, December 05, 2012 9:23 PM
  • Just had this one solved by MS Support (after many months) - make sure that only Anonymous Authentication is enabled on the Default Web Site - it appears to relate to RDP 8.0 only supporting NTLM v2 and the interaction that causes dependent on the security policy settings for the server.

    A little more at Terminal Services "Logon Attempt Failed" with RDP 8.0.

    Wednesday, July 24, 2013 2:59 PM
  • Theo Gray: Yesssss Sir! Works like a charm. Thank you so much!


    Wednesday, September 11, 2013 9:23 AM