Error connecting truogh RD Gateway 2012 R2

In some cases you recieve an error when you try to connect trough the RD Gateway using a RDP Connection. The error is a generic error for the user and does not help you to find out the reason.

“Remote Desktop can’t connect to the remote computer “computername” for one of these reasons: …”

1

The Event Viewer on the RD Gateway server shows errors in the Microsoft\Windows\TerminalServices-Gateway\Operational log like this:

The user “domain\username”, on client computer “remote-ip”, did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server.
The following authentication method was attempted: “NTLM”. The following error occurred: “”

Also under the security logs you will find the Event 6274 Audit Failure. Error message: “The authentication or accounting record could not be written to the configured accounting datastore. Ensure that the logfile location is available, has available space, can be written to, and that the directory on the SQL server is available.”

2

Solution

Open up the Server Manager on your RD Gateway Server and expand Roles > Network Policy Server > NPS (Local) > Accounting. In the main section, click the “Change Log File Properties”.

3

 

Uncheck the checkbox “If logging fails, discard connection requests”. If you have a Server Farm for Gateways in use, make sure you configure all the Gateway Server the same way. After that try again to connect.

 

 

 

RDS – RD Gateway Ports

It seems to be a need to know the used ports by the Remote Desktop RD Gateway. Find a short overview bellow:

Internet –> Gateway WAN NIC:

TCP: 443
UDP: 3391 (You have to enable UDP on the RD Gateway)

Gateway LAN NIC –> Session Host Servers:

TCP / UDP: 3389

Gateway LAN NIC –> Connection Broker Servers:

TCP / UDP: 3389
TCP: 5504
TCP: 5985

Gateway LAN NIC –> Domain Controllers:

TCP / UDP: 88
TCP: 135
UDP: 123
UDP 137
TCP: 139
TCP / UDP: 389
TCP: 3268
TCP / UDP: 53
TCP / UDP: 445
TCP: 5985
TCP Dynamic Ports (NTDS RPC service )

Connection Broker Servers –> Gateway LAN NIC

TCP 5985 (WS-Management and PowerShell Remoting)
TCP: 3389 (Remote Desktop)

 

Let me know if this helps.
Cheers,

Al