Event ID 517 — TS Gateway Server Configuration

Updated: January 5, 2012

Applies To: Windows Server 2008

red

For remote clients to successfully connect to internal network resources (computers) through a Terminal Services Gateway (TS Gateway) server, the TS Gateway server must be configured correctly. The TS Gateway server must be configured to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate, and authorization policy settings must be configured correctly. Terminal Services connection authorization policies (TS CAPs) specify who can connect to the TS Gateway server. Terminal Services resource authorization policies (TS RAPs) specify the internal network resources that clients can connect to through a TS Gateway server.

Event Details

Product: Windows Operating System
ID: 517
Source: Microsoft-Windows-TerminalServices-Gateway
Version: 6.0
Symbolic Name: AAG_EVENT_QUARANTINE_DISABLE_FAILED
Message: The "Request clients to send a statement of health" (SoH) setting could not be disabled on this TS Gateway server. To resolve this issue, ensure that the QuarantineEnabled registry key exists and that the System and Administrators groups are granted Full Control permissions to this key. The following error occurred: "%1".

Resolve

Ensure that the required permissions are granted to the Core registry key

To resolve this issue, ensure that the required permissions are granted to the Core registry key.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Caution:  Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

To grant the required permissions to the Core registry key:

  1. On the TS Gateway server, click Start, click Run, type regedit, and then press ENTER.
  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core subkey, right-click the subkey, and then click Permissions.
  3. In the Permissions for Core dialog box, under Group or user names, click SYSTEM. Under Permissions for SYSTEM, if Full control is not allowed, select the Allow check box adjacent to Full control.
  4. In the same dialog box, under Group or user names, click Administrators. Under Permissions for Administrators, if Full control is not allowed, select the Allow check box adjacent to Full control.
  5. Click OK.

Verify

To verify that the TS Gateway server is configured correctly, examine Event Viewer logs and search for the following event messages. These event messages indicate that the Terminal Services Gateway service is running, and that clients are successfully connecting to internal network resources through the TS Gateway server.

To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

To verify that the TS Gateway server is configured correctly:

  1. On the TS Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
  2. In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events:
    • Event ID 101, Source TerminalServices-Gateway: This event indicates that the Terminal Services Gateway service is running.
    • Event ID 200, Source TerminalServices-Gateway: This event indicates that the client connected to the TS Gateway server.
    • Event ID 302, Source TerminalServices-Gateway: This event indicates that the client connected to an internal network resource through the TS Gateway server.

Related Management Information

TS Gateway Server Configuration

Terminal Services

Community Additions

ADD
Show: