Event ID 311 — RD Gateway Server Connections

Applies To: Windows Server 2008 R2

For remote clients to successfully connect to internal network resources (computers) through a Remote Desktop Gateway (RD Gateway) server, clients must meet the conditions specified in at least one Remote Desktop connection authorization policy (RD CAP) and Remote Desktop resource authorization policy (RD RAP). RD CAPs specify who can connect to an RD Gateway server and the authentication method that must be used. RD RAPs specify the computers that clients can connect to through an RD Gateway server.

Note: A limit can be set on the RD Gateway server to restrict the maximum number of simultaneous client connections.

Event Details

Product: Windows Operating System
ID: 311
Source: Microsoft-Windows-TerminalServices-Gateway
Version: 6.1
Symbolic Name: AAG_EVENT_SDR_NOT_SUPPORTED_BY_TS
Message: The user "%1", on client computer "%2", did not connect to the following network resource: "%4" because the remote computer does not support secure device redirection. Try selecting another network resource or possibly lower RD Gateway security by modifying RD CAP to allow client connections to resources that do not enforce device redirection.

Resolve

Change the secure device redirection policy on the RD Gateway server

To resolve this issue, you must allow connections to Remote Desktop Session Host (RD Session Host) servers which do not support secure device redirection.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Note: This is supported only for connections to RD Session Host servers running Windows Server 2008 R2.

To change the secure device redirection policy on the RD Gateway server:

  1. Open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.
  2. In the console tree, click to select the node that represents the RD Gateway server, which is named for the computer on which the RD Gateway server is running.
  3. In the console tree, expand Policies, and then click Connection Authorization Policies.
  4. In the results pane, right-click the RD CAP for which you want to enable or disable secure device redirection, and then click Properties.
  5. On the Device Redirection tab, clear the Allow connection only to Remote Desktop Session Host servers that enforce RD Gateway device redirection check box.
  6. Click OK.

Verify

To verify that RD Gateway server connectivity is working, examine Event Viewer logs and search for the following event messages.

To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

To verify that RD Gateway server connectivity is working:

  1. On the RD Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
  2. In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events:
    • Event ID 101, Source TerminalServices-Gateway: This event indicates that the Remote Desktop Gateway service is running.
    • Event ID 200, Source TerminalServices-Gateway: This event indicates that the client is connected to the RD Gateway server.
    • Event ID 302, Source TerminalServices-Gateway: This event indicates that the client is connected to an internal network resource through the RD Gateway server.

 

RD Gateway Server Connections

Remote Desktop Services