Event ID 530 — RD Gateway Server Configuration

  • Article

Applies To: Windows Server 2008 R2

For remote clients to successfully connect to internal network resources (computers) through a Remote Desktop Gateway (RD Gateway) server, the RD Gateway server must be configured correctly. The RD Gateway server must be configured to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate, and authorization policy settings must be configured correctly. Remote Desktop connection authorization policies (RD CAPs) specify who can connect to the RD Gateway server. Remote Desktop resource authorization policies (RD RAPs) specify the internal network resources that clients can connect to through an RD Gateway server.

Event Details

Product: Windows Operating System
ID: 530
Source: Microsoft-Windows-TerminalServices-Gateway
Version: 6.1
Symbolic Name: AAG_EVENT_CONSENT_MESSAGE_CONFIGURE_FAILED
Message: The logon message was not enabled because a failure occurred. Try enabling the logon message again.

Resolve

Check configuration of the logon message

A logon message is displayed to users when they log on to the remote computer. To ensure that the logon message is properly configured, do the following things:

  • Ensure that the logon message box is not empty.
  • Ensure that the logon message text file is less than 64 kilobytes.
  • Ensure that the logon message text file exists in the specified path.
  • Grant the required permissions on the TSGMessaging registry key.

To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Ensure that the logon message box is not empty

Use Remote Desktop Gateway Manager to ensure that the logon message box is not empty.

To ensure that the logon message box is not empty:

  1. On the RD Gateway server, open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.
  2. In the Remote Desktop Gateway Manager console tree, right-click the node that represents the local RD Gateway server, which is named for the computer on which the RD Gateway server is running, and then click Properties.
  3. Click the Messaging tab.
  4. Check that the Enable logon message check box is selected, and that a text file is appropriately assigned.

Ensure that the logon message text file is less than 64 kilobytes

You can ensure that the logon message is less than 64 kilobytes by using Windows Explorer.

To ensure that the logon message text file is less than 64 kilobytes:

  1. On the RD Gateway server, find the location of the logon message text file.
    1. Open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.
    2. In the Remote Desktop Gateway Manager console tree, right-click the node that represents the local RD Gateway server, which is named for the computer on which the RD Gateway server is running, and then click Properties.
    3. Click the Messaging tab.
    4. Locate the text file location under the Enable logon message check box.
  2. On the RD Gateway server, navigate to the folder where the logon message text file is located by using Windows Explorer.
  3. Right-click the text file, and then click Properties.
  4. In the Properties sheet of the text file, ensure that the value of Size is less than 64 KB.

Ensure that the logon message text file exists in the specified path

You can ensure that the logon message is less than 64 kilobytes by using Windows Explorer.

To ensure that the logon message text file is less than 64 kilobytes:

  1. On the RD Gateway server, find the location of the logon message text file.
    1. Open Remote Desktop Gateway Manager. To open Remote Desktop Gateway Manager, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Gateway Manager.
    2. In the Remote Desktop Gateway Manager console tree, right-click the node that represents the local RD Gateway server, which is named for the computer on which the RD Gateway server is running, and then click Properties.
    3. Click the Messaging tab.
    4. Locate the text file location under the Enable logon message check box.
  2. On the RD Gateway server, navigate to the folder where the logon message text file is located by using Windows Explorer.
  3. Ensure that the logon message text file exists in the specified path.

Grant the required permissions on the TSGMessaging registry key

You can check the permissions on the TSGMessaging registry key by using Registry Editor.

Caution:  Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

To grant the required permissions to the TSGMessaging registry key:

  1. On the RD Gateway server, click Start, click Run, type regedit, and then press ENTER.
  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core\TSGMessaging subkey, right-click the subkey, and then click Permissions.
  3. In the Permissions for Core dialog box, under Group or user names, click SYSTEM. Under Permissions for SYSTEM, if Full control is not allowed, select the Allow check box adjacent to Full control.
  4. In the same dialog box, under Group or user names, click Administrators. Under Permissions for Administrators, if Full control is not allowed, select the Allow check box adjacent to Full control.
  5. Click OK.

Verify

To verify that the RD Gateway server is configured correctly, examine Event Viewer logs and search for the following event messages. These event messages indicate that the Remote Desktop Gateway service is running, and that clients are successfully connecting to internal network resources through the RD Gateway server.

To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

To verify that the RD Gateway server is configured correctly:

  1. On the RD Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
  2. In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events:
    • Event ID 101, Source TerminalServices-Gateway: This event indicates that the Remote Desktop Gateway service is running.
    • Event ID 200, Source TerminalServices-Gateway: This event indicates that the client is connected to the RD Gateway server.
    • Event ID 302, Source TerminalServices-Gateway: This event indicates that the client is connected to an internal network resource through the RD Gateway server.

RD Gateway Server Configuration

Remote Desktop Services