Message

The RD Gateway service could not be initialized. The following error occurred: "%2". To diagnose possible causes for this problem, verify whether the following services are installed and started: (1) World Wide Web Publishing Service (2) Internet Authentication Service (IAS) (3) RPC/HTTP Load Balancing Service. Also, check Event Viewer for Network Policy Server (NPS) and IIS events that might indicate problems with NPS or IIS. Also, check whether HTTP and UDP transport IP address, port pair is in use.

Message

The RD Gateway service has started.

Message

The Remote Desktop Gateway service requires a valid Secure Sockets Layer (SSL) certificate to accept connections. Ensure that you have obtained a valid SSL certificate, and then bind (map) the certificate by using RD Gateway Manager. For more information, see "Obtain a certificate for the RD Gateway server" in the RD Gateway Help. The following error occurred: "%2"

Message

The Remote Desktop Gateway service does not have sufficient permissions to access the Secure Sockets Layer (SSL) certificate that is required to accept connections. To resolve this issue, bind (map) a valid SSL certificate by using RD Gateway Manager. For more information, see "Obtain a certificate for the RD Gateway server" in the RD Gateway Help. The following error occurred: "%2".

Message

The UDP Proxy is started.

Message

The UDP Proxy is shutting down.

Message

The UDP Proxy is not enabled.

Message

The user "%1", on client computer "%2", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The authentication method used was: "%3" and connection protocol used: "%5".

Fields

Example Event

system:
  provider: Microsoft-Windows-TerminalServices-Gateway
  guid: 4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B
  event_source_name: ''
  event_id: 200
  version: 0
  level: 4
  task: 2
  opcode: 30
  keywords: 4620693217698906112
  time_created: '2024-11-04T13:59:32.400587+00:00'
  event_record_id: 87
  correlation:
    ActivityID: 7CF86876-882F-0625-F153-3DEC514DA0B2
  execution:
    process_id: 1444
    thread_id: 2256
  channel: Microsoft-Windows-TerminalServices-Gateway/Operational
  computer: EC2AMAZ-6C3C9U6
  security:
    user_id: S-1-5-20
user_data:
  EventInfo:
    Username: EC2AMAZ-6C3C9U6\Administrator
    IpAddress: 219.100.37.243
    AuthType: NTLM
    Resource: ''
    ConnectionProtocol: HTTP
    ErrorCode: 0
message: ''

References

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Message

The user "%1", on client computer "%2", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "%3" and connection protocol used: "%5". The following error occurred: "%6".

Message

The administrator disconnected the user "%1", on client computer "%2", from the following network resource: "%4". Before the user was disconnected, the client transferred %6 bytes and received %5 bytes using %8 connection protocol. The client session duration was %7 seconds.

Message

The number of simultaneous connections to the RD Gateway server has reached the maximum number that was configured by the administrator. The server is therefore not accepting any new connections. The connection attempt by user "%1" on client computer "%2", using the authentication method "%3" has been denied. For information about how to modify the maximum connection limit, see the "Specify the Maximum Number of Allowable Connections for RD Gateway" topic in the RD Gateway Help.

Message

The user "%1", on client computer "%2", did not meet the requirements of the Network Access Protection (NAP) policies defined in the Network Policy Server. Therefore, the user was not authorized to connect to the RD Gateway server. The authentication method attempted: "%3" and connection protocol used "%5". The following error occurred: "%6".

Message

The user "%1", on client computer "%2", successfully connected to the remote server "%4" using UDP proxy. The authentication method used was: "%3".

Message

The user "%1", on client computer "%2", failed connection to the remote server "%4" using UDP proxy. The following error occurred : "%9".

Message

The administrator disconnected the user "%1", on client computer "%2", from the following network resource: "%4". Before the user was disconnected, the client transferred %6 bytes and received %5 bytes. The client session duration was %7 seconds.

Message

The UDP Proxy disconnected the user "%1" on client computer "%2", from the following network resource: "%4" because it was unresponsive. Before the user was disconnected, the client transferred %6 bytes and received %5 bytes. The client session duration was %7 seconds.

Message

The RD Gateway client supports HTTP proxy protocol but connected using Legacy RPC-HTTP.

Message

Http transport: IN channel could not find a corresponding OUT channel

Message

The user "%1", on client computer "%2", met resource authorization policy requirements and was therefore authorized to connect to resource "%4".

Fields

Example Event

system:
  provider: Microsoft-Windows-TerminalServices-Gateway
  guid: 4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B
  event_source_name: ''
  event_id: 300
  version: 0
  level: 4
  task: 5
  opcode: 30
  keywords: 4620693217698906112
  time_created: '2024-11-04T13:59:32.621299+00:00'
  event_record_id: 88
  correlation:
    ActivityID: 7CF86876-882F-0625-F153-3DEC514DA0B2
  execution:
    process_id: 1444
    thread_id: 2556
  channel: Microsoft-Windows-TerminalServices-Gateway/Operational
  computer: EC2AMAZ-6C3C9U6
  security:
    user_id: S-1-5-20
user_data:
  EventInfo:
    Username: EC2AMAZ-6C3C9U6\Administrator
    IpAddress: 219.100.37.243
    AuthType: ''
    Resource: ec2-18-179-8-103.ap-northeast-1.compute.amazonaws.com
    ConnectionProtocol: ''
    ErrorCode: 0
message: ''

References

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Message

The user "%1", on client computer "%2", did not meet resource authorization policy requirements and was therefore not authorized to resource "%4". The following error occurred: "%6".

Message

The user "%1", on client computer "%2", connected to resource "%4". Connection protocol used: "%5".

Fields

Example Event

system:
  provider: Microsoft-Windows-TerminalServices-Gateway
  guid: 4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B
  event_source_name: ''
  event_id: 302
  version: 0
  level: 4
  task: 3
  opcode: 30
  keywords: 4611686018444165120
  time_created: '2024-11-04T13:59:32.624374+00:00'
  event_record_id: 89
  correlation:
    ActivityID: 7CF86876-882F-0625-F153-3DEC514DA0B2
  execution:
    process_id: 1444
    thread_id: 2556
  channel: Microsoft-Windows-TerminalServices-Gateway/Operational
  computer: EC2AMAZ-6C3C9U6
  security:
    user_id: S-1-5-20
user_data:
  EventInfo:
    Username: EC2AMAZ-6C3C9U6\Administrator
    IpAddress: 219.100.37.243
    AuthType: ''
    Resource: ec2-18-179-8-103.ap-northeast-1.compute.amazonaws.com
    ConnectionProtocol: HTTP
    ErrorCode: 0
message: ''

References

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Message

The user "%1", on client computer "%2", disconnected from the following network resource: "%4". Before the user disconnected, the client transferred %6 bytes and received %5 bytes. The client session duration was %7 seconds. Connection protocol used: "%8".

Fields

Example Event

system:
  provider: Microsoft-Windows-TerminalServices-Gateway
  guid: 4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B
  event_source_name: ''
  event_id: 303
  version: 0
  level: 4
  task: 3
  opcode: 44
  keywords: 4611686018444165120
  time_created: '2024-11-04T13:59:25.431624+00:00'
  event_record_id: 84
  correlation:
    ActivityID: D993DEC4-0E8C-5014-E2B6-F10CDDA2250E
  execution:
    process_id: 1444
    thread_id: 2256
  channel: Microsoft-Windows-TerminalServices-Gateway/Operational
  computer: EC2AMAZ-6C3C9U6
  security:
    user_id: S-1-5-20
user_data:
  EventInfo:
    Username: EC2AMAZ-6C3C9U6\Administrator
    IpAddress: 219.100.37.243
    AuthType: ''
    Resource: ec2-18-179-8-103.ap-northeast-1.compute.amazonaws.com
    BytesReceived: '391624'
    BytesTransfered: '241242'
    SessionDuration: '57'
    ConnectionProtocol: HTTP
    ErrorCode: 1226
message: ''

References

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Message

The user "%1", on client computer "%2", met connection authorization policy and resource authorization policy requirements, but could not connect to resource "%4". Connection protocol used: "%5". The following error occurred: "%6".

Message

The user "%1", on client computer "%2", was not authorized to connect to this RD Gateway server because the authentication method attempted by the user is not supported. The following authentication method was attempted. "%3". The following error occurred: "%6".

Message

The user "%1", on client computer "%2", was not authorized to connect to the RD Gateway server because a tunnel could not be created. The authentication method attempted: "%3" and connection protocol "%5". The following error occurred: "%6".

Message

The user "%1", on client computer "%2", disconnected from the following network resource: "%3" because the session exceeded the session timeout limit of "%4" minutes.
At the time the user was disconnected:
Client transferred: %5 bytes
 Client received:%6 bytes
 Client session duration: %7 seconds
The user can try reconnecting again to the network resource.

Message

The user "%1", on client computer "%2", met RD resource authorization policy (RD RAP) requirements but the network resource "%5" did not meet the requirements, so the connection was not authorized. Try connection to another network resource or possibly lower RD Gateway security by modifying the RD RAP requirements for the connection to be authorized.

Message

The user "%1", on client computer "%2", was disconnected from the following network resource: "%4" because of a failure during reauthentication/reauthorization.
At the time the user was disconnected:
Client transferred: %6 bytes
Client received: %5 bytes
Client session duration: %7 seconds
The user can try reconnecting again to the resource by using a valid username and password.

Message

The user "%1",  connected by using client computer "%2" and "%8" connection protocol to the network resource "%3" was successfully reauthenticated/reauthorized after a session timeout of %4 minutes. No user action is required.

Message

The user "%1", on client computer "%2", did not connect to the following network resource: "%4" because the remote computer does not support secure device redirection. Try selecting another network resource or possibly lower RD Gateway security by modifying RD CAP to allow client connections to resources that do not enforce device redirection.

Message

The user "%1", on client computer "%2", has initiated an outbound connection. This connection may not be authenticated yet.

Fields

Example Event

system:
  provider: Microsoft-Windows-TerminalServices-Gateway
  guid: 4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B
  event_source_name: ''
  event_id: 312
  version: 0
  level: 0
  task: 3
  opcode: 30
  keywords: 4611686018427387904
  time_created: '2024-11-04T13:59:31.379210+00:00'
  event_record_id: 86
  correlation:
    ActivityID: 7CF86876-882F-0625-F153-3DEC514DA0B2
  execution:
    process_id: 1444
    thread_id: 2256
  channel: Microsoft-Windows-TerminalServices-Gateway/Operational
  computer: EC2AMAZ-6C3C9U6
  security:
    user_id: S-1-5-20
user_data:
  EventInfo:
    Username: Administrator
    IpAddress: 219.100.37.243:63920
message: ''

References

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Message

The user "%1", on client computer "%2", has initiated an inbound connection. This connection may not be authenticated yet.

Message

The RD Gateway service is shutting down. This maybe voluntary administrator restart or a configuration driven restart due to RDG server certificate change. If the RD Gateway shutdown was not expected, kindly verify whether the following services are started: (1) Network Policy Server; (2) Remote Procedure Call (RPC); (3) RPC/HTTP Load Balancing Service;  and (4) World Wide Web Publishing Service. Also, check Event Viewer for Network Policy Server (NPS) and IIS events that might indicate problems with NPS or IIS.

Message

The RD Gateway service successfully registered with the Service Connection Point. No user action is required.

Message

The RD Gateway service failed to register with the Service Connection Point.

Message

The RD Gateway service successfully unregistered with the Service Connection Point. No user action is required.

Message

The RD Gateway service failed to unregister with the Service Connection Point.

Message

Logging was enabled for the following RD Gateway event: "%1".

Message

Logging could not be enabled for the following RD Gateway event: "%1". The following error occurred: "%2". To resolve this issue, ensure that the correct permissions have been granted to the LogEvents registry key and that the Remote Registry service is started.

Message

Logging was disabled for the following RD Gateway event: "%1".

Message

Logging could not be disabled for the following RD Gateway event: "%1". The following error occurred: "%2". To resolve this issue, ensure that the correct permissions have been granted to the LogEvents registry key and that the Remote Registry service is started.

Message

The value for the maximum number of connections allowed to the RD Gateway server was updated.

Message

The value for the maximum number of simultaneous connections allowed to the RD Gateway server could not be updated. The following error occurred: "%2".

Message

The central connection authorization policy was enabled.

Message

The central connection authorization policy store could not be enabled. The following error occurred: "%2". To resolve this issue, ensure that you have typed the name of the Network Policy Server (NPS) correctly and that the NPS exists on the network, and then try again. If the problem persists, then identify and resolve any network connectivity issues.

Message

The central connection authorization policy was disabled.

Message

The central connection authorization policy store could not be disabled. The following error occurred: "%2".

Message

The 'Request clients to send a statement of health' (SoH) setting is enabled on this RD Gateway server. Therefore; each time a client attempts to connect to this RD Gateway server; the client’s SoH will be requested.

Message

The 'Request clients to send a statement of health' (SoH) setting could not be enabled on this RD Gateway server. To resolve this issue; ensure that the QuarantineEnabled registry key exists and that the System and Administrators groups are granted Full Control permissions to this key. The following error occurred: '{name}'.

Fields

Message

The 'Request clients to send a statement of health' (SoH) setting is not enabled on this RD Gateway server. Therefore; the client’s SoH will not be requested when the client attempts to connect to this RD Gateway server.

Message

The 'Request clients to send a statement of health' (SoH) setting could not be disabled on this RD Gateway server. To resolve this issue; ensure that the QuarantineEnabled registry key exists and that the System and Administrators groups are granted Full Control permissions to this key. The following error occurred: '{name}'.

Fields

Message

The 'Request clients to send a statement of health' (SoH) setting could not be enabled on this RD Gateway server. This setting could not be enabled because the public key of the server certificate that is bound (mapped) to the Remote Desktop Gateway service contains an object identifier (also known as OID) of 2.5.29.15; but does not support the Extended Key Usage (EKU) for encryption. To resolve this issue; if the certificate that you plan to use contains an OID of 2.5.29.15; you must ensure that one of the following key usage values for this certificate is also set: (1) CERT_KEY_ENCIPHERMENT_KEY_USAGE (2) CERT_KEY_AGREEMENT_KEY_USAGE (3) CERT_DATA_ENCIPHERMENT_KEY_USAGE. Bind (map) the certificate again by using RD Gateway Manager; and then attempt to enable the 'Request clients to send a statement of health' setting again. For more information; see 'Obtain a certificate for the RD Gateway server' in the RD Gateway Help.

Message

The server certificate is not valid because the public key of the certificate contains an object identifier (also known as OID) of 2.5.29.15, but does not support the Extended Key Usage (EKU) for encryption. For the "Request clients to send a statement of health" setting that is enabled on this RD Gateway server to function, if the certificate that you plan to use contains an OID of 2.5.29.15, you must ensure that one of the following key usage values for this certificate is also set: (1) CERT_KEY_ENCIPHERMENT_KEY_USAGE (2) CERT_KEY_AGREEMENT_KEY_USAGE (3) CERT_DATA_ENCIPHERMENT_KEY_USAGE. For more information, see "Obtain a certificate for the RD Gateway server" in the RD Gateway Help.

Message

The connection authorization policy "%1" was created.

Message

The connection authorization policy "%1" was deleted.

Message

The connection authorization policy "%1" was updated.

Message

The connection authorization policy "%1" could not be created. The following error occurred: "%2".

Message

The connection authorization policy "%1" could not be deleted. The following error occurred: "%2".

Message

The connection authorization policy "%1" could not be updated. The following error occurred: "%2".

Message

The system message was not enabled because a failure occurred. Try enabling the system message again.

Message

The system message was successfully enabled. No user action is required.

Message

The system message was not disabled because a failure occurred. Try removing the system message again.

Message

The system message was successfully disabled. No user action is required.

Message

The logon message was not enabled because a failure occurred. Try enabling the logon message again.

Message

The logon message was successfully enabled. No user action is required.

Message

The current logon message was not disabled because a failure occurred. Try disabling the logon message again.

Message

The current logon message was successfully disabled. No user action is required.

Message

The resource authorization policy "%1" was created.

Message

The resource authorization policy "%1" was deleted.

Message

The resource authorization policy "%1" was updated.

Message

The resource authorization policy (RAP) "%1" could not be created. The following error occurred: "%2". To resolve this issue, ensure that you have configured RAP settings correctly and set the correct value and permissions for the RAP.xml file and the RAPStore registry key.

Message

The resource authorization policy (RAP) "%1" could not be deleted. The following error occurred: "%2". To resolve this issue, ensure that you have configured RAP settings correctly and set the correct value and permissions for the RAP.xml file and the RAPStore registry key.

Message

The resource authorization policy (RAP) "%1" could not be updated. The following error occurred: "%2". To resolve this issue, ensure that you have configured RAP settings correctly and set the correct value and permissions for the RAP.xml file and the RAPStore registry key.

Message

The resource group "%1" was created.

Message

The resource group "%1" was deleted.

Message

The resource group "%1" was updated.

Message

The resource group "%1" could not be created. The following error occurred: "%2". To resolve this issue, ensure that you have configured resource group settings correctly and set the correct value and permissions for the RAP.xml file and the RAPStore registry key.

Message

The resource group "%1" could not be deleted. The following error occurred: "%2". To resolve this issue, ensure that you have configured resource group settings correctly and set the correct value and permissions for the RAP.xml file and the RAPStore registry key.

Message

The resource group "%1" could not be updated. The following error occurred: "%2". To resolve this issue, ensure that you have configured resource group settings correctly and set the correct value and permissions for the RAP.xml file and the RAPStore registry key.

Message

The Network Policy Server (NPS) "%1" was added to the central connection authorization policy.

Message

The Network Policy Server (NPS) "%1" was deleted from the central connection authorization policy.

Message

The central connection authorization policy settings for the Network Policy Server (NPS) "%1" have been updated.

Message

The Network Policy Server (NPS) "%1" could not be added to the central connection authorization policy. The following error occurred: "%2". To resolve this issue, ensure that you have typed the name of the Network Policy Server (NPS) correctly and that the NPS exists on the network, and then try again. If the problem persists, then identify and any resolve network connectivity issues.

Message

The Network Policy Server (NPS) "%1" could not be deleted from the central connection authorization policy. The following error occurred: "%2".

Message

The central connection authorization policy settings for the Network Policy Server "%1" could not be updated. The following error occurred: "%2". To resolve this issue, ensure that you have typed the name of the Network Policy Server (NPS) correctly and that the NPS exists on the network, and then try again. If the problem persists, then identify and resolve any network connectivity issues.

Message

%1

Message

%1, Failed with %2

Message

The RD Gateway server "%1" was deleted from the list of servers in the RD Gateway server farm.

Message

The RD Gateway servers "%1" were added to the RD Gateway managed group. No user action is required.

Message

The RD Gateway server "%1" could not be deleted from the list of servers in the RD Gateway server farm. The following error occurred: "%2".

Message

The RD Gateway servers "%1" could not be added to the Remote Desktop Gateway managed group. The following error occurred: "%2".

Message

The RD Gateway server "%1" is not a member of a domain and therefore cannot be added to the RD Gateway server farm. To add this RD Gateway server to the farm, you must first add the server to a domain.

Message

A Windows Firewall exception for RD Gateway has been configured to allow data for Remote Desktop Services client connections and RPC-HTTP load balancing to be sent between RD Gateway servers when load balancing is used. This exception is automatically configured when you add the first RD Gateway server to a RD Gateway server farm.

Message

The Windows Firewall exception for RD Gateway to allow network traffic comprising of Remote Desktop Services client connections data and RPC-HTTP load balancing data (to be sent between RD Gateway servers when load balancing is used) has been disabled. This exception is automatically disabled when you remove all RD Gateway servers from a RD Gateway server farm.

Message

The Windows Firewall exception to allow network traffic through TCP port 3388 (so that Remote Desktop Services client connections can be directed to the appropriate RD Gateway servers when load balancing is used) could not be configured.

Message

The Windows Firewall exception "RD Gateway Server Farm" that allows network traffic through TCP port 3388 (so that Remote Desktop Services client connections can be directed to the appropriate Remote Desktop Gateway servers when load balancing is used) could not be disabled. We recommend that you disable this exception manually by modifying Windows Firewall settings as needed.

Message

The RD Gateway servers "%1" were set to the RD Gateway managed group. No user action is required.

Message

The RD Gateway servers "%1" could not be set to the RD Gateway managed group. The following error occurred: "%2".

Message

RD Gateway Network access Policy engine failed to contact IAS and the error was "%2"

Message

RD Gateway Network access Policy engine received failure from IAS and the error was "%2"

Message

The RD Gateway server cannot open the resource authorization policy store on Authorization Manager (Azman). The following error occurred: "%2".

Message

RD Gateway Resource access Policy engine failed to open Azman Application(Remote Desktop Gateway) and the error was "%2"

Message

The following exception code "%2" occured in the RD Gateway server. The RD Gateway will be restarted. No user action is required.

Message

The exception code "%2" occurred in the authentication plug-in: "%1" loaded by the RD Gateway server. The RD Gateway server will be restarted. Continued failures might indicate a problem with the authentication plug-in.

Message

The exception code "%2" occurred in the authorization plug-in: "%1" loaded by the RD Gateway server. The RD Gateway server will be restarted. Continued failures might indicate a problem with the authorization plug-in.

Message

The Remote Desktop Gateway service cannot determine the version of Windows that this computer is running. Therefore, users cannot connect to this RD Gateway server. To resolve this issue, please contact Microsoft Product Support Services. The following error occurred: "%2".

Message

The user authentication plug-in "%1" has been configured. The configuration will take effect after the RD Gateway service is restarted.

Message

RD Gateway native authentication is configured. The configuration changes will take effect after the RD Gateway service is restarted.

Message

The user authorization plug-in "%1" is enabled. No user action is required.

Message

The RD Gateway native authorization is enabled. No user action is required.

Message

The policy and server configuration settings for the RD Gateway server "%1" have been successfully imported.

Message

The policy and server configuration settings for the RD Gateway server "%1" could not be imported. This problem might occur if the settings have become corrupted.

Message

The policy and server configuration settings for the RD Gateway server "%1" have been successfully exported.

Message

The policy and server configuration settings for the RD Gateway server "%1" could not be exported. The following error occurred: "%2".

Message

The RD Gateway server certificate was changed. No user action is required.

Message

The RD Gateway server certificate cannot be changed. The following error occurred: "%2". Verify the certificate and try changing the certificate again.

Message

The Windows Firewall exception to allow network traffic comprising of Remote Desktop Services client connections data through the configured (non-default) HTTPS port of the Remote Desktop Gateway has been modified.

Message

The Windows Firewall exception to allow network traffic comprising of Remote Desktop Services client connections data through the configured (non-default) HTTPS port of Remote Desktop Gateway could not be modified.

Message

The Windows Firewall exception to allow network traffic comprising of Remote Desktop Services client connections data through the configured UDP port of the Remote Desktop Gateway has been modified.

Message

The Windows Firewall exception to allow network traffic comprising of Remote Desktop Services client connections data through the configured UDP port of Remote Desktop Gateway could not be modified.