RDS: The RD Gateway server must be able to contact the server running NPS

  • Article

Applies To: Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Remote Desktop Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2008 R2, Windows Server 2012

Product/Feature

Remote Desktop Services

Severity

Error

Category

Operation

Issue

The Remote Desktop Gateway (RD Gateway) server is unable to contact the server running Network Policy Server (NPS) that contains the central Remote Desktop connection authorization policy (RD CAP) store.

Impact

If the RD Gateway server is unable to contact the server running NPS that contains the central RD CAP store, users cannot connect to internal network resources (computers) through the RD Gateway server.

Resolution

Ensure that the server running NPS is started and that there is network connectivity between the RD Gateway server and the server running NPS.

Use the following to help resolve connectivity issues to the server running NPS:

  • Determine the name of the server running NPS

  • Verify the Network Policy service is started on the server running NPS

  • Check network connectivity on the server running NPS

  • Check network connectivity to the server running NPS

Membership in the local Administrators group, or equivalent, on the RD Gateway server that you plan to configure, is the minimum required to complete this procedure.

To determine the name of the server running NPS

  1. Open RD Gateway Manager. To open RD Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click RD Gateway Manager.

  2. In the console tree, expand the node that represents the local RD Gateway server, which is named for the computer on which the RD Gateway server is running.

  3. In the console tree, expand Policies, and then click Central Network Policy Servers.

  4. On the Action menu, click Configure Central RD CAP.

  5. On the RD CAP Store tab, under Central server running NPS, note the name of the server running NPS.

To verify the Network Policy Server service is started on the server running NPS

  1. Open the Services snap-in on the server running NPS noted in “To determine the name of the server running NPS.” To open the Services snap-in, click Start, point to Administrative Tools, and then click Services.

  2. Verify the Network Policy Server service is started. If the service is stopped, right-click the Network Policy Server service and then click Start.

To check network connectivity on the server running NPS

  1. On the server running NPS open an elevated Command Prompt window. To open a Command Prompt, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

  2. Type ipconfig /all at a command prompt on the server running NPS. Make sure that the server running NPS has an IP address in the correct IP address range, and does not have an Automatic Private IP Addressing (APIPA) address (an IP address in the 169.254.x.x range).

  3. Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with the network adapter.

  4. Type ping ip*_address*, where ip_address is the IP address assigned to the computer. If you can ping the localhost address but not the local IP address, there may be an issue with the routing table or with the network adapter driver.

  5. Ping the RD Gateway server. If you cannot ping the RD Gateway server, this indicates a potential problem with the RD Gateway server, or the network in between the server running NPS and the RD Gateway server.

To check network connectivity to server running NPS

  1. On the RD Gateway server open an elevated Command Prompt window. To open a Command Prompt, click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.

  2. Type ipconfig /all at a command prompt on the RD Gateway server. Make sure that the RD Gateway server has an IP address in the correct IP address range, and does not have an Automatic Private IP Addressing (APIPA) address (an IP address in the 169.254.x.x range).

  3. Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with the network adapter.

  4. Type ping ip*_address*, where ip_address is the IP address assigned to the computer. If you can ping the localhost address but not the local IP address, there may be an issue with the routing table or with the network adapter driver.

  5. Ping the server running NPS. If you cannot ping the server running NPS, this indicates a potential problem with the server running NPS, or the network in between the server running NPS and the RD Gateway server.

Additional references

See Also

Concepts

Best Practices Analyzer for Remote Desktop Services: Operation
Best Practices Analyzer for Remote Desktop Services