Ошибка 23005 rdp

Remote Web Access (remote desktop gateway) issue with WHS2011

I have been using Remote Web Access on my Windows Home Server 2011 for several years with no problems. Over the past several weeks, though, I have been receiving an error when I try to connect to a computer through WHS’s Remote Web Access:
«…the Remote Desktop Gateway is temporarily unavailable.» Interestingly, when I try to connect from a Windows 8.1 computer, I just get a dialog box that says «Initiating connection,» but the connection is never established. I cannot
find any relevant errors in any of the event logs.
I have read numerous articles relating to WHS configuration and port forwarding, but these do not have any information that addresses my situation. I have ports 4125, 80, and 443 forwarded to my Home Server. As I said, everything has been working fine with
this configuration until several weeks ago — I suspect it might have something to do with a .NET Framework 4.5 update that was recently installed (and that has now been uninstalled), but that is the only change I can think of.
Any help would be greatly appreciated! Thanks!

Hi,
As you have commented that after installing .Net framework you are facing this issue. So after uninstalling still you are facing the same issue. Apart from installing .Net framework 4.5, have you installed or done any other change on your server?
Here you can check that “Remote Gateway Service” is running. Please check and restart the service if it’s stop. Apart you can check below 2 article for more detail step.
1.  Can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable error via SBS 2011 
2.  This computer can’t connect to the remote computer because the Terminal Services Gateway server is temporarily unavailable (Try to perform the steps as suggested for
WHS 2011)
Hope it helps!
Thanks,
Dharmesh

Remote Desktop Gateway on Windows Server 2012 R2 and IPAD

Hi guys,
Would love some help with an issue I been struggling for a couple of days now.
I have a RDS 2012 R2 Gateway configured and it works great with all Windows clients both internal and external communication. The problems comes now when my I want to use  IPAD
from APPLE. I installed latest RD Client from Microsoft and it works great from the internal network but as soon the device is moved to an external network the client get an error while connecting. Gateway is located in the domain network.
The error is “Failed to parse authorization Challenge”,
This is what I see in the log file from the RD Client.
[2014-Mar-06 16:53:49] RDP (0): — BEGIN INTERFACE LIST —
[2014-Mar-06 16:53:49] RDP (0): lo0 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-Mar-06 16:53:49] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
[2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
[2014-Mar-06 16:53:49] RDP (0): pdp_ip1 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): pdp_ip2 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): pdp_ip3 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): pdp_ip4 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): en1 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): ap1 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): en0 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): awdl0 af=18  addr= netmask=
[2014-Mar-06 16:53:49] RDP (0): — END INTERFACE LIST —
[2014-Mar-06 16:53:49] RDP (0): Not using any proxy
[2014-Mar-06 16:53:49] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-Mar-06 16:53:54] RDP (0): Resolved ‘MB-RDS-01.contoso.LOCAL’ to ‘ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.’ using NameResolveMethod_Unknown(0)
[2014-Mar-06 16:53:54] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
[2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Mar-06 16:53:54] RDP (0): Final rdp configuration used: {
    activeUsername = » Contoso\\User01″;
    arcTimeout = 1800;
    cacheId = 12BF328DD1C8B841;
    certificatesUseRedirectName = 1;
    configurationVersion = 8;
    font = 1;
    gatewayId = F2EE288CD1C8B841;
    gatewayMode = 2;
    gwAutodetectState = kConnectionGwAutodectedForceGW;
    host = «MB-RDS-01.CONTOSO.LOCAL»;
    label = «Murbiten — Terminal Server»;
    loadBalanceInfo = «tsv://MS Terminal Services Plugin.1.Contoso_-_Termi»;
    mouseMode = «-1»;
    port = 3389;
    temporary = 1;
    type = rdp;
    useAlt = 0;
    utilityBar = «-1»;
    webFeedVersion = «Windows 2008 R2 or newer»;
    connections =     (
        F4BF288CD1C8B841,
        12BF328DD1C8B841
    host = «remote.customer.com»;
    id = F2EE288CD1C8B841;
    port = 443;
    temporary = 1;
    type = rdp;
    kCFProxyTypeKey = kCFProxyTypeNone;
[2014-Mar-06 16:53:54] RDP (0): — BEGIN INTERFACE LIST —
[2014-Mar-06 16:53:54] RDP (0): lo0 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2014-Mar-06 16:53:54] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
[2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
[2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
[2014-Mar-06 16:53:54] RDP (0): pdp_ip1 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): pdp_ip2 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): pdp_ip3 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): pdp_ip4 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): en1 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): ap1 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): en0 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): awdl0 af=18  addr= netmask=
[2014-Mar-06 16:53:54] RDP (0): — END INTERFACE LIST —
[2014-Mar-06 16:53:54] RDP (0): Not using any proxy
[2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-Mar-06 16:53:54] RDP (0): Resolved ‘remote.customer.com’ to ‘194.71.11.69’ using NameResolveMethod_Unknown(0)
[2014-Mar-06 16:53:54] RDP (0): Resolved ‘remote.customer.com’ to ‘194.71.11.69’ using NameResolveMethod_Unknown(0)
[2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file ‘/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp’ at line 346
    User Message : Failed to parse authorization Challenge
[2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file ‘/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp’ at line 346
    User Message : Failed to parse authorization Challenge
[2014-Mar-06 16:53:54] RDP (0): Error message: Failed to parse authorization Challenge(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
[2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Mar-06 16:53:54] RDP (0): —— END ACTIVE CONNECTION ——
en → en
authorization
Adam Bokiniec

Hi Jeremy,
I found a solution, thanks for you effort. The solutions is the following.
First thing that needs to be done is either solution from options below, I did the Solution 1 in my case and added a NPS server to AD. (https://blogs.technet.com/b/networking/archive/2010/01/14/remote-desktop-gateway-client-fails-authentication-with-your-user-account-is-not-authorized-to-access-the-rd-gateway.aspx)
Solution 1
Register the NPS server in Active Directory:
In Server Manager, browse to the following location: Roles\Network Policy and Access Services\NPS (Local).
Right click on the NPS (Local) node and choose Register server in Active Directory.
Click OK to authorize the server when prompted.
Solution 2
Open Active Directory Users and Computers on any Domain Controller of the same domain as the Remote Desktop Gateway.
Add the Computer Name of the Remote Desktop Gateway to the RAS and IAS Servers group.
Situation B
Restart the RDS host and Gateway server.
Secondly and the most important is to configure an alternate address that match your public certificate. My public certificate CNAME is “remote.domain.se”.
All commands need to be run as administrator in PowerShell
To show you current configuration run the following commands:
CollectionName is the Collection Name you created for the RDS deployment.
To get your collection name type
Get-RDSessionCollection
When you got the collection name type
Get-RDSessionCollectionConfiguration -CollectionName «RDS — Terminal Server» | FL *
The default configuration will look like this:
CustomRdpProperty     : use redirection server name:i:1
No to add you public domain name that match the certificate run the following command
Set-RDSessionCollectionConfiguration –CollectionName » RDS — Terminal Server » -CustomRdpProperty «use redirection server name:i:1 `n alternate full address:s:remote.domain.se
Run again to verify your settings
Get-RDSessionCollectionConfiguration -CollectionName «RDS — Terminal Server» | FL *
Now it show look something like this
CustomRdpProperty     : use redirection server name:i:1
                         alternate full address:s:remote.domain.se
IPADs and iPhones can now connect to your environment.
Adam Bokiniec

Connecting to Remote Desktop using proxy and Remote Desktop Gateway?

I have setup a Remote Desktop Gateway server using Windows Server 2012 R2. I am using the Remote Desktop Gateway as an intermediary between to provide the remote desktop session over 443 since 3389 is blocked at many client locations.
However, I ran into a problem with a client who’s using a web proxy.
Is is possible to configure Remote Desktop to connect via web proxy? If so, how? If not does any one have any suggestions on how to provide a Remote Desktop session via 443 over proxy for situations where you don’t control the client’s PC or network? Does RemoteApps
allow for access via web proxy when using RD Gateway?
The error message is below:
Your computer can’t connect to the remote computer because the web proxy server requires authentication. To allow unauthenticated traffic to an RD Gateway server through your web proxy server, contact your network administrator.
Thanks for any help!

Hi,
My suggestion is to setup a RD Web Access server and make it available for your clients via proxy.
Remote Desktop Web Access (RD Web Access)
http://technet.microsoft.com/en-us/library/cc731923.aspx
Thanks.
Jeremy Wu
TechNet Community Support

Remote desktop gateway server is unavailable

We get this error while trying to rdp to a computer almost everyday between 6:45am-7:10AM we have confirmed that IIS pools have enable 32-bit as false. The registry key in HKLM\Software\Microsoft\Rpc\RpcProxy is set with a value of «default web
site»  the binding to port 443 is binded to the default website 3 times using https if you can browse to the site for two of them but the third cannot browse to the site. Should I remove the binding that cannot get to the site. Why is it only around
this time that we cannot get remote access. We have changed our back settings and scheduled tasks to not run around this time but it continues to be a problem.

Hi,
Regarding the current issue, would you please let me know if the issue only occurred in the time range you mentioned in the original post? If so, would you please check if the Remote Desktop
Gateway service is running correctly during that time? Please try to restart the service to see if it works.
To start the Remote Desktop Gateway service
Click
Start, click Administrative Tools, right-click
Services, and then click Run as administrator.
In the
Services (Local) list, right-click Remote Desktop Gateway, and then click
Start.
In addition, please also check other relevant application pools for the same setting — > SBS Web Workplace AppPool or SBS Web Applications application pool. You should make sure
that all of the pools should run with Enable 32-Bit – False.
And please also try to run the Fix My Network wizard to repair the bindings. For details, please refer to the article below.
http://support.microsoft.com/kb/969743
Hope it helps.
Best Regards,
Andy Qi
Andy Qi
TechNet Community Support

How to issue a self-signed certificate to match Remote Desktop Gateway server address requested

I have an RDG server named gw.domain.local with port 3389/tcp forwarded from
gw.example.com.
Using RDGM snap-in I created a self-signed SSL certigicate with FQDN gw.example.com.
But when I connect over RDP from outside the local network I’m getting an error:
Your computer can’t connect to the computer because the Remote Desktop Gateway server address requested and the certificate name do not match
Because certificate subject name is gw.domain.local indeed.
So there question is: how to issue a certificate properly, or how to assign an existing one the name to match?

Hi,
Thanks for your post in Windows Server Forum.
The certificate error which you are facing seems like certificate mismatch error, something like the security certificate name presented by the TS Gateway server does not match the TS Gateway name. You can try reconnecting using the FQDN name of the TS Gateway
server. You can refer below article for more troubleshooting.
TS Gateway Certificates Part III: Connection Time Issues related to TS Gateway Certificates
And for creating a SSL certificate for RD gateway, you can refer beneath articles.
1.  Create a Self-Signed Certificate for the Remote Desktop Gateway Server
2.  Obtain a Certificate for the Remote Desktop Gateway Server
Hope it helps!
Thanks,
Dharmesh

Server 2012 R2 Remote Desktop Gateway. Most Simple and Secure Design For Small Environment?

We would like users to be able to connect remotely over the Internet from their personal devices to their primary Windows 7 workstation (a physical box on their desk) by using the Microsoft RDP Client For Windows, Mac, iOS and Android.  There is no
plan to use RDWeb or Remote Apps, or VDI.  Just plain remote access to their desktop PC without VPN plus a third party 2nd factor authentication product that can text them back a code to enter with their AD credentials (AuthAnvil or Duosecurity)
We do not have TMG or ISA.
We would like to get these services all running in a single server and be as simple as possible while still being very secure.
The recommendations I see seem to suggest putting the RDG in a DMZ with either a domain controller on a new domain with a one-way trust to your internal domain or else a read-only domain controller on your domain and then RD Session Host and License server
located on different servers on your internal LAN.
http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
That sounds like a lot of separate servers and cost for not a lot of users in our environment.
Do we even need a separate session host server if there are no RDP sessions being hosted directly on the servers because  the users are only being redirected to connect to their workstations and will never be using terminal sessions on the server?
Can the RODC or the Domain controller on new domain with the one-way trust be the same server as the Remote Desktop Gateway server and not separate servers?
What is the most minimalist way to set this up with good security when opening all the ports needed to authenticate with internal DC is not secure enough?

#2 sounds like we would need 2 Essentials servers and we will not have that.
We currently have Server 2008 R2 and have 2012 Standard licenses that are not yet used.
We have much more than 75 users total, but 75 is more than the number of users that will probably take advantage of using RD Gateway any time soon.  It will probably take time to catch on.
If RD Gateway usage was to get super popular and more than 75 users were depending on access to it, then we could financially justify paying to buy all the CALs needed to run RD Gateway without Essentials.  Right now, they are skeptical that it will
be worth spending much money on this and don’t want to invest a lot  of money up front.
My understanding is that if we have 75 or fewer users using RD Gateway then we need to by no CALs, just apply a Server Standard Edition License to the server, but if we had 76, we would need to turn off Essentials and buy 76 new CALs.
Or would we need to add 50 CALs to the 25 that automatically come with Essentials?
Also does «turning off» Essentials mean we would have to reinstall and redeploy the RDG or is it just a matter of enabling the RD license server and adding purchased CALs?
No, when you buy essentials you get the right to create 25 users that access the server, when you create the 26th user you will need to have 26 CAL and RDS CAL. 

Remote Desktop Gateway and WebAccess Deployment — Multiple Logon Prompts

I’m having a few issues with some multiple logon prompts using «Connect to a remote PC» via RD Web Access.
I am able to log onto the RDWeb without a problem.
Essentially once I make a connection to my end-device I first receive a logon prompt, I’m authenticated, then I’m asked again for another logon prompt. Any ideas how to resolve this?
My layout is simple:
1 VM in the DMZ that has the Remote Desktop Gateway and Remote Desktop Web Access roles installed. No connection broker, or session host.
With my deployment I have a wildcard certificate bound to the Remote Desktop Gateway and it is bound properly in IIS. Remote Desktop functionality through the RDGateway works just fine. However, the only nuisance is that I get prompted multiple times for
credentials when accessing the end-device regardless if my connection is from a domain-joined machine or a non-domain joined machine.
I’ve tried using Web Single Sign On via http://anandthearchitect.com/2014/01/20/rds-2012-r2single-sign-on-using-windows-authentication-for-rdweb-page/ and it still does not work.
Any ideas?
Thanks,
Dan

Hi Dan,
How many prompts are you seeing?  Expected behavior for Connect to a remote PC would be this:
1. Log on to RDWeb
2. Select Connect to a remote PC tab
3. Enter server name in Connect to box, click Connect
4. Unknown publisher warning, click Connect
5. Credentials prompt, it should say These credentials will be used to connect to the following computers: 1. rdgw.domain.com (RD Gateway server) 2. remote.domain.com (remote computer)
6. After entering credentials and clicking OK it should log you in to the remote computer.  This assumes that the destination is authenticated properly (usually via certificate) and the credentials are valid for both the RDG and the remote
computer.  Normally in a domain environment the same credentials (domain\username) would be valid for the RDG and the remote server.
-TP

Remote Desktop Gateway Support One Time Passwords?

We are considering setting up a Remote Desktop Gateway server so users can remote control their office desktop PCs from home without needing VPN.
The plan is for it to only be a secure pass-through from the Internet to their desktop PC.  There will be not be any terminal services login or web apps hosted on the server.  We have not decided if RDWeb will be available.  It is likely that
users will just use a RDP client such as the Microsoft MSTSC.exe Remote Desktop client in Windows or similar app for iOS, Android or OSX rather than use a browser to reach their PC.
I noticed that most RDP clients, mobile apps and web browsers have an option to remember credentials so they can log in without typing credentials the next time they connect.  This will be a security threat if their PC is stolen and not encrypted.  Is
there any way to provide access, but prevent users from reusing saved passwords to connect to the Remote Desktop Gateway without using smart cards?
I had that the idea of having some kind of one time password system to authenticate through the RD Gateway so saved passwords would be useless.  What does Remote Desktop Gateway support that can do this?

Hi,
Thanks for your posting in Windows Server Forum.
I consider that you are trying to find the solution as per below article. Please go through carefully.
1. Configuring the TS Gateway OTP Scenario
2. RD Gateway deployment in a perimeter network & Firewall rules
Hope it helps!
Thanks,
Dharmesh

Is there a way to Report out Remote Desktop Gateway Manager Monitor data?

We are running Windows Server 2012 R2 Remote Desktop Services configured to provide a managed pool of VMs through a RD Gateway server. Everything is working well. We would like to generate a regular report on the information that shows up in the Gateway
Monitoring window about connections and users etc. Is there any way to generate such a report without purchasing 3rd party software?

Hi,
Based on my experience, you can use Remote Desktop Gateway Manager to view information about active connections from Remote Desktop Services clients to internal network resources through an RD Gateway server. However, there is no such options in
RD gateway manager to create reports for that.
It seems that System Center Operations Manager can monitor Remote Desktop Gateway Service and the number of sessions that run through the RD Gateway are monitored.
Best regards,
Susie
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

Remote Desktop Gateway threw WMBus (Enchanced Session Mode)?

Hi.
I am currently investigating the possibility to run a remote desktop gateway on an virtual machine, and connecting to it (udp) threw the wmbus instead of a network adapter. It such a thing possible? Basically what I am asking is if I get use the VMBUS to
connect to machine as i would a network adapter (on a specific upd port).
I ran across a post enabling debugging threw the VMBUS (I think): http://withinrafael.com/how-to-set-up-synthetic-kernel-debugging-for-hyper-v-virtual-machines/ if
this is any way related to my question.
Cheers

Hi Sir,
I have read that article , it seems that the NET debug of VM was passed to physical NIC (As far as I know Net debug for VM is not supported ) .
In addition , there is no settings for RDG to change the communication from TCP/UDP to VMBUS also we can not configure VMBUS .
Based on  this , it is not possible to do that .
Best Regards,
Elton Ji
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] .

How enable remote desktop gateway manager server 2012 essentials

how enable remote desktop gateway manager

There is a DISM command,
dism /online /disable-feature:Gateway-UI
http://support.microsoft.com/kb/2472211/en-us
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+

Remote Desktop Gateway, Pluggable Authentication

Hi,
Where should I post questions regarding Remote Desktop Gateway and the Pluggable Authentication and Authorization (PAA) Framework? I’m trying to build a custom cookie based
authentication module. 

Ok, then I’d try asking them over here.
http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?category=vslanguages&filter=alltypes&sort=lastpostdesc
http://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/home?category=windowsdesktopdev
Regards, Dave Patrick ….
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.

Licensing for Remote Desktop Gateway

Hello
I searched a lot on several forum to gain an answer to my question. There is a lot of misunderstanding out there on the need for licensing for the Remote Desktop Gateway.
I want to implement only the server role Remote Desktop Gateway for 20 users to connect remote to Window 7 computers in the LAN. The 20 remote users initiate the connection from they’re own Windows 7 Laptop. The connection is:
Windows 7 — Remote Desktop Gateway — Windows 7
The remote users use software for production environments (PLC/DCS) on the Windows 7 computers in the LAN. So in this situation the remote users will not connect to session host servers (terminal servers). They only use the gateway to act as a proxy for
RDP connections to the Windows 7 PC’s in the LAN.
What kind of licensing do i need for this situation?
Do i need RDCAL’s?
Do i need Windows server device CAL’s for the 20 devices of the 20 users that initiate the connection to the gateway?
Thanks

One other option you could consider, which is free, is to use 1 public IP address with 20 ports that NAT’s and Port Forwards to the 20 internal computers.
Example:
If you have 1 available public IP address (let’s say 1.2.3.4), and you assign static IP addresses (192.168.0.201 — .220) to the 20 internal computers, the firewall would NAT:
1.2.3.4:50001 -> 192.168.0.201:3389
1.2.3.4:50002 -> 192.168.0.202:3389
1.2.3.4:50003 -> 192.168.0.203:3389
1.2.3.4:50020 -> 192.168.0.220:3389
This way, remote users would connect directly to their computer without the need for any additional licenses.
Just a thought.
Please mark as answer or vote
as helpful when
it applies. Thanks!

RD Gateway issue from Mac Remote Desktop client — 503 RPC Error: c0021012

I have an employee who is able to use the Mac Remote Desktop client to connect to her office PC via RD Gateway, but after a short time she consistently has her connection dropped with a
503 RPC Error: c0021012.  I’ve researched this a little and apparently it refers to an expected shutdown condition (RPC_P_CONNECTION_SHUTDOWN) rather than a true RPC «exception».  Also, the error almost always occurs exactly
10 minutes after the connection is established, so I’m wondering if a timeout is occurring due to a heartbeat/keepalive not getting through, the expiration of a token or credential, or something similar(?).  Any help would be appreciated, here’s a section
from the log that shows one of her drops:
[2014-Jun-22 23:58:44] RDP (0): —— BEGIN ACTIVE CONNECTION ——
[2014-Jun-22 23:58:44] RDP (0): client version: 8.0.24875
[2014-Jun-22 23:58:44] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-Jun-22 23:58:44] RDP (0): correlation id: 79b9ed3a-2198-784a-8805-0f1d292a0000
[2014-Jun-22 23:58:45] RDP (0): Resolved ‘ourserver.oursite.com’ to ‘x.x.x.x’ using NameResolveMethod_DNS(1)
[2014-Jun-22 23:58:45] RDP (0): Resolved ‘ourserver.oursite.com» to ‘x.x.x.x’ using NameResolveMethod_DNS(1)
[2014-Jun-22 23:59:50] RDP (0): Protocol state changed to: ProtocolNegotiatingCredentials(2)
[2014-Jun-22 23:59:53] RDP (0): Exception caught: Exception in file ‘../../librdp/private/tlsendpoint_openssl.cpp’ at line 116
    User Message : TLS1_ALERT_ACCESS_DENIED
[2014-Jun-22 23:59:53] RDP (0): Exception caught: Exception in file ‘../../librdp/private/tlsendpoint_openssl.cpp’ at line 116
    User Message : TLS1_ALERT_ACCESS_DENIED
[2014-Jun-22 23:59:53] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2014-Jun-22 23:59:53] RDP (0): correlation id: 79b9ed3a-2198-784a-8805-0f1d292a0000
[2014-Jun-22 23:59:53] RDP (0): Resolved ‘ourserver.oursite.com» to ‘x.x.x.x’ using NameResolveMethod_DNS(1)
[2014-Jun-22 23:59:53] RDP (0): Resolved ‘ourserver.oursite.com» to ‘x.x.x.x’ using NameResolveMethod_DNS(1)
[2014-Jun-22 23:59:53] RDP (0): Protocol state changed to: ProtocolNegotiatingCredentials(2)
[2014-Jun-22 23:59:53] RDP (0): Protocol state changed to: ProtocolConnectingRDP(3)
[2014-Jun-22 23:59:54] RDP (0): Protocol state changed to: ProtocolInactive(4)
[2014-Jun-22 23:59:55] RDP (0): Server supports RAIL
[2014-Jun-22 23:59:55] RDP (0): Protocol state changed to: ProtocolActive(5)
[2014-Jun-23 00:10:54] RDP (0): Exception caught: Exception in file ‘../../librdp/private/httpendpoint.cpp’ at line 217
    User Message : The gateway failed to connect with the message: 503 RPC Error: c0021012
[2014-Jun-23 00:10:54] RDP (0): Exception caught: Exception in file ‘../../librdp/private/httpendpoint.cpp’ at line 217
    User Message : The gateway failed to connect with the message:
503 RPC Error: c0021012
[2014-Jun-23 00:10:54] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2014-Jun-23 00:10:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
[2014-Jun-23 00:10:54] RDP (0): —— END ACTIVE CONNECTION ——

Hi,
Is there any error occur on the RD Gateway server? Please make sure that RPC, RPC Locator and RPC Endpoint Mapper service are running on the server. Also, please make sure that the RD gateway
server does not reach the maximum number of connections.
Thanks.
Jeremy Wu
TechNet Community Support