Event ID 400 — TS Gateway Server Availability

Applies To: Windows Server 2008

The Terminal Services Gateway (TS Gateway) server must be available on the network and the appropriate services must be running on the TS Gateway server. The Terminal Services connection authorization policy (TS CAP) and Terminal Services resource authorization policy (TS RAP) stores must also be available, so that these policies can be evaluated to determine whether remote clients meet policy requirements. TS CAPs specify who can connect to a TS Gateway server. TS RAPs specify the internal network resources (computers) that clients can connect to through a TS Gateway server. If TS CAPs and TS RAPs are not available, the TS Gateway server will not be available for client connections.

Event Details

Product: Windows Operating System
ID: 400
Source: Microsoft-Windows-TerminalServices-Gateway
Version: 6.0
Symbolic Name: AAG_EVENT_SERVICE_SHUTDOWN
Message: The TS Gateway service is shutting down. To diagnose possible causes for this problem, verify whether the following services are installed and started: (1) World Wide Web Publishing Service (2) Internet Authentication Service (IAS) (3) RPC/HTTP Load Balancing Service. Also, check Event Viewer for Network Policy Server (NPS) and IIS events that might indicate problems with NPS or IIS.

Diagnose

This error might be caused by one of the following conditions:

  • The services required by TS Gateway are not started.
  • There are problems with the NPS Server or Web Server (IIS).

The services required by TS Gateway are not started

Use the following procedures to determine whether the services required by TS Gateway are started.

To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To determine whether the Network Policy Server service is started:

  1. On the TS Gateway server, click Start, point to Administrative Tools, and then click Services.
  2. In the Services snap-in, find Network Policy Server, and then confirm that Started appears in the Status column.
  3. If the service status is not Started, see the section titled "Restart the Terminal Services Gateway service."

To determine whether the Remote Procedure Call (RPC) service is started:

  1. On the TS Gateway server, click Start, point to Administrative Tools, and then click Services.
  2. In the Services snap-in, find Remote Procedure Call (RPC), and then confirm that Started appears in the Status column.
  3. If the service status is not Started, see the section titled "Restart the Terminal Services Gateway service."

To determine whether the RPC/HTTP Load Balancing Service is started:

  1. On the TS Gateway server, click Start, point to Administrative Tools, and then click Services.
  2. In the Services snap-in, find RPC/HTTP Load Balancing Service, and then confirm that Started appears in the Status column.
  3. If the service status is not Started, see the section titled "Restart the Terminal Services Gateway service."

To determine whether the World Wide Web Publishing Service is started:

  1. On the TS Gateway server, click Start, point to Administrative Tools, and then click Services.
  2. In the Services snap-in, find World Wide Web Publishing Service, and then confirm that Started appears in the Status column.
  3. If the service status is not Started, see the section titled "Restart the Terminal Services Gateway service."

There are problems with the NPS Server or Web Server (IIS)

TS Gateway depends on NPS server to store, manage, and validate Terminal Services connection authorization policies (TS CAPs). TS Gateway depends on Web Server (IIS) for mutual authentication of clients and TS Gateway servers. Problems with the NPS server or Web Server (IIS) can prevent TS Gateway from functioning correctly and being available for client connections.

To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

Search the Event log to find NPS events

To search the Event log to find NPS events:

  1. On the TS Gateway server or the central NPS server, click Start, point to Administrative Tools, and then click Event Viewer.
  2. In the Event Viewer console tree, navigate to Windows Logs\Application, and then search for events that contain the word NPS. If you find any NPS events, note the event ID and source of the relevant events for further investigation.
  3. Navigate to Windows Logs\System, and then search for events that contain the word NPS. If you find any NPS events, note the event ID and source of the relevant events for further investigation.
  4. While you are still in the Windows Logs\System event log, filter the current log to search for any NPS events. For example, you can select the NPS check box.
  5. If any events correspond to the event sources that you have selected, note the event ID and source of the relevant events for further investigation, and then see the section titled "Consult the Network Policy Server (NPS) and Web Server (IIS) documentation."

Search the Event log to find IIS events

To search the Event log to find IIS events:

  1. On the TS Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
  2. In the Event Viewer console tree, navigate to Windows Logs\Application, and then search for events that contain the word IIS. To search for these events, in the Actions pane, click Find, and in the Find dialog box, type IIS, and then click Find Next. If you find any IIS events, note the event ID and source of the relevant events for further investigation.
  3. While you are still in the Windows Logs\Application event log, you can filter the current log to search for IIS events, as well. To filter the current log, in the Actions pane, click Filter Current Log. In Event sources, click the down arrow to display the list of event sources. Select the check boxes that correspond to any events containing the word IIS (for example, IIS-IISManager, IISInfoCtrs, IIS-W3SVC-PerfCounters, and IIS-W3SVC-WP), and then click OK. If any events correspond to the event sources that you have selected, they will appear in the results pane. Note the event ID and source of the relevant events for further investigation.
  4. Navigate to Windows Logs\System, and then search for events that contain the word IIS. If you find any IIS events, note the event ID and source of the relevant events for further investigation.
  5. While you are still in the Windows Logs\Applications event log, filter the current log to search for any IIS events. Sources for IIS events in this event log include: IIS Config, IIS-APPHOSTSVC, IIS-IisMetabaseAudit, IIS-IISReset, IISLOG, and IIS-W3SVC.
  6. If any events correspond to the event sources that you have selected, note the event ID and source of the relevant events for further investigation, and then see the section titled "Consult the Network Policy Server (NPS) and Web Server (IIS) documentation."

Resolve

To resolve this issue, use the resolution that corresponds to the cause you identified in the Diagnose section. After performing the resolution, see the Verify section to confirm that the feature is operating properly

Cause

Resolution

The services required by TS Gateway are not started

Restart the Terminal Services Gateway service

There are problems with the NPS Server or Web Server (IIS)

Consult the Network Policy Server (NPS) and Web Server (IIS) documentation

Restart the Terminal Services Gateway service

To resolve this issue, restart the Terminal Services Gateway service. Restarting the Terminal Services Gateway service also restarts all dependent services.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To restart the Terminal Services Gateway service:

  1. On the TS Gateway server, click Start, point to Administrative Tools, and then click Services. In the Name column of the Services snap-in, right-click Terminal Services Gateway, and then click Restart.
  2. If the attempt to restart only the service fails, restart the computer. This forces all related and dependent services to restart.
  3. If you want the service to always start automatically after the server is restarted, in the Name column of the Services snap-in, right-click Terminal Services Gateway, click Properties, and in Startup type, select Automatic, and then click OK.

Consult the Network Policy Server (NPS) and Web Server (IIS) documentation

At this time, there is no troubleshooting information for NPS server and Internet Information Services (IIS) issues that affect TS Gateway. For general information about NPS server and Web Server (IIS), see Network Policy Server (https://go.microsoft.com/fwlink/?LinkID=102167) and IIS 7.0 Operations Guide (https://go.microsoft.com/fwlink/?LinkID=102168).

Verify

To verify that the TS Gateway server is available for client connections, examine Event Viewer logs and search for the following event messages. These event messages indicate that the Terminal Services Gateway service is running, and that clients are successfully connecting to internal network resources through the TS Gateway server.

To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

To verify that the TS Gateway server is available for client connections:

  1. On the TS Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
  2. In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events:
    • Event ID 101, Source TerminalServices-Gateway: This event indicates that the Terminal Services Gateway service is running.
    • Event ID 200, Source TerminalServices-Gateway: This event indicates that the client connected to the TS Gateway server.
    • Event ID 302, Source TerminalServices-Gateway: This event indicates that the client connected to an internal network resource through the TS Gateway server.

TS Gateway Server Availability

Terminal Services