Произошла следующая ошибка 2147965421

Home
> Certificates, Desktop Support, RDS, Windows Server > Error when attempting to run a published app via RDS website

Setup: Virtualization Host — Physical Dell PowerEdge R540 w 192gb RAM, 2x Xeon procs (cant remember the model, 16 cores total) running Win Server 2016 + Hyper-V
Service RD Gateway, RD Broker, RD Web Access, RD Licencing — One VM running on the Virtualization Host. Windows Server 2016, 16gb RAM, 4CPU cores.

Right now I have only have 10 Windows 10 VMs spun up.

Problem #1: At seemingly random intervals, users are unable to connect to their VM via their physical Wyse thin client terminal. After logging in, the client contacts the broker, attempts
to sign into the machine and then says «RD Failed». After rebooting the broker server things go back to normal for a few hours, then the «RD Failed» messages return again.

The weird thing: everything works fine if they try to connect from RD Web Access.

Problem #2: Again, at seemingly random intervals, users are receiving messages when logging into their terminals saying: «The requested session access is denied.»

The weird thing: this is only sometimes, and usually goes away if they either a) leave the error message on their screen or b) exit and try again.

I’m honestly not sure where to go from here. I thought it could be a policy or permission issue but it only does it sometimes?

Event Viewer messages collected when experiencing problem #1:

The user «DOMAINUSER», on client computer «10.10.12.41», met connection authorization policy and resource authorization policy requirements, but could not connect to
resource «COMPUTERNAME.DOMAIN.COM». Connection protocol used: «HTTP». The following error occurred: «23005».

The user «DOMAINUSER», on client computer «192.168.4.231», met RD resource authorization policy (RD RAP) requirements but the network resource «10.25.20.197;10.25.20.197»
did not meet the requirements, so the connection was not authorized. Try connection to another network resource or possibly lower RD Gateway security by modifying the RD RAP requirements for the connection to be authorized.

RD Connection Broker failed to process the connection request for user DOMAINUSER. Error: Element not found.

RD Connection Broker failed to process the connection request for user DOMAINUSER. Load Balancing failed OR Specified endpoint could not be found. Error: Element not found.

Again, after a reboot of the broker/gateway server, everything is back to normal for a few hours.

I’m so lost.

Setup: Virtualization Host — Physical Dell PowerEdge R540 w 192gb RAM, 2x Xeon procs (cant remember the model, 16 cores total) running Win Server 2016 + Hyper-V
Service RD Gateway, RD Broker, RD Web Access, RD Licencing — One VM running on the Virtualization Host. Windows Server 2016, 16gb RAM, 4CPU cores.

Right now I have only have 10 Windows 10 VMs spun up.

Problem #1: At seemingly random intervals, users are unable to connect to their VM via their physical Wyse thin client terminal. After logging in, the client contacts the broker, attempts
to sign into the machine and then says «RD Failed». After rebooting the broker server things go back to normal for a few hours, then the «RD Failed» messages return again.

The weird thing: everything works fine if they try to connect from RD Web Access.

Problem #2: Again, at seemingly random intervals, users are receiving messages when logging into their terminals saying: «The requested session access is denied.»

The weird thing: this is only sometimes, and usually goes away if they either a) leave the error message on their screen or b) exit and try again.

I’m honestly not sure where to go from here. I thought it could be a policy or permission issue but it only does it sometimes?

Event Viewer messages collected when experiencing problem #1:

The user «DOMAINUSER», on client computer «10.10.12.41», met connection authorization policy and resource authorization policy requirements, but could not connect to
resource «COMPUTERNAME.DOMAIN.COM». Connection protocol used: «HTTP». The following error occurred: «23005».

The user «DOMAINUSER», on client computer «192.168.4.231», met RD resource authorization policy (RD RAP) requirements but the network resource «10.25.20.197;10.25.20.197»
did not meet the requirements, so the connection was not authorized. Try connection to another network resource or possibly lower RD Gateway security by modifying the RD RAP requirements for the connection to be authorized.

RD Connection Broker failed to process the connection request for user DOMAINUSER. Error: Element not found.

RD Connection Broker failed to process the connection request for user DOMAINUSER. Load Balancing failed OR Specified endpoint could not be found. Error: Element not found.

Again, after a reboot of the broker/gateway server, everything is back to normal for a few hours.

I’m so lost.

Exchange Server Field Notes

Свежие записи

Be in touch

Microsoft TMG 2010 RDS Publishing issue

Некрофилии пост. Словил забавный глючок на доживающем свое Microsoft Forefront Threat Management Gateway 2010. Развернута у меня внутри сети инфраструктура удаленных рабочих столов с блэкджеком и т.п. Доступ в сеть через Remote Desktop Gateway. Там тебе и CAP и RAP, все по-серьезному. И все это дело (RDGW в смысле) публикуется наружу через TMG. Классика жанра для 2008 года

Во время выполнения довольно ответственных работ по перенастройке инфраструктуры RDP, было создано временное правило, публикующее внутренний management-server (ну отдельный сервер для администраторов со всякими консолями и прочим) на одном из внешних интерфейсов. Правило выглядело безобидно:

Allow TCP 3389 from Remote Management Hosts to Management Server via External Network Adapter with IP-address 10.10.10.10

Т.е. становится понятно, что это обычное правило публикации. Оно работало, серверы RDS чинилисьпереконфигурировались. После их починки началось странное: нельзя было подключиться к серверу TMG с использованием RDGW. Причем сам сервер RDGW писал в логе:

Description: The user «COMPANYO.Krylov», on client computer «192.168.1.2», met connection authorization policy and resource authorization policy requirements, but could not connect to resource «tmg.company.ru». Connection protocol used: «RPC-HTTP». The following error occurred: «23005».

Попытки подключиться к TMG непосредственно с серверов RDGW так же оканчивались неудачей с невнятными комментариями.

Что делает настоящий айсавод? Правильно, проверяет IP-адреса серверов RDGW (те, кто не в курсе, как работает Remote Desktop Gateway, просто имейте ввиду, что подключение к серверу выполняется именно с них по TCP3389, проксируя подключения к ним по TCP443), лезет в консоль TMG и смотрит две вещи:

System Policy в разрезе Terminal Services (включено ли, каким группам разрешен доступ)

Группы Remote Management Computers и Enterprise Remote Management Computers.

А там все в порядке

Что же, что же за глюк-то приключился? А приключилось вот что… Если набрать в командной строке Netstat /ano видим, что TCP3389 слушается ТОЛЬКО на 10.10.10.10 и не слушается ни на одном другом адресе. Окей, TMG! Убираем временное правило публикации RDS. И… Тот же результат. Рестартим сервисы Remote Desktop Services и Remote Desktop Services UserMode Port Redirector и видим, что теперь TCP3389 слушается на всех интерфейсах.

И это еще не все. Идем в оснастку Remote Desktop Session Host Configuration, выбираем в списке Connections то, что нам нужно (а скорее всего там будет один объект), в его свойствах на вкладке Network Adapter выбираем внутренний интерфейс и еще раз рестартим службы Remote Desktop. В итоге вы получаете возможность подключаться по RDP к серверу только из внутренней сети, хосты которой ограничены членством в группах TMG Remote Management Computers и Enterprise Remote Management Computers.

Источник

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

I am tearing my hair out. I have a RD Gateway server that is pointing towards a RD Farm. I cannot connect to it using the Gateway. I keep getting the the following error in the TerminalServices-Gateway Operational log:

Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
Source: Microsoft-Windows-TerminalServices-Gateway
Date: 10/7/2014 10:56:02 AM
Event ID: 304
Task Category: (3)
Level: Warning
Keywords: (16777216)
User: NETWORK SERVICE
Computer: XXXXXXXXXXX.wbc.local
Description:
The user «XXXXXX», on client computer «XXX.XXX.XXX.XXX», met connection authorization policy and resource authorization policy requirements, but could not connect to resource «SyteLine.wbc.local». The following error occurred: «23005».
Event Xml:

Any ideas? Lots of googling has not helped

Answers

If you log on locally to the RD Gateway server and open mstsc, and you able to successfully connect to syteline.wbc.local?

You may want to use netmon/wireshark to capture the traffic between the RD Gateway and the target RDSH server and see if you can see what is happening when you attempt to connect.

• Marked as answer by Dharmesh S Microsoft employee Monday, October 20, 2014 8:59 AM

Thank you for posting in Windows Server Forum.

To resolve this issue, ensure that Remote Desktop is enabled and that the user is a member of the Remote Desktop Users group on the target computer.

Please check that you have properly configured RD CAP and RD RAP policy for RD Gateway server. For remote clients to successfully connect to internal network resources (computers) through a Remote Desktop Gateway (RD Gateway) server, clients must meet the conditions specified in at least one Remote Desktop connection authorization policy (RD CAP) and Remote Desktop resource authorization policy (RD RAP).

TechNet Community Support

The farm is accessible inside the LAN — it’s the Gateway that is not working. The error message states:

The user «XXXXXX», on client computer «XXX.XXX.XXX.XXX», met connection authorization policy and resource authorization policy requirements, but could not connect to resource «SyteLine.wbc.local». The following error occurred: «23005».

So it looks like the RAP and CAP is working correctly

If you log on locally to the RD Gateway server and open mstsc, and you able to successfully connect to syteline.wbc.local?

You may want to use netmon/wireshark to capture the traffic between the RD Gateway and the target RDSH server and see if you can see what is happening when you attempt to connect.

• Marked as answer by Dharmesh S Microsoft employee Monday, October 20, 2014 8:59 AM

How is everything going? Could you please tell us the present situation? If you need any further assistance, please let us know.

TechNet Community Support

Thanks for posting in Windows Server forum.

As this thread has been quiet for a while, we will mark it as ‘Answered’ and if there is anything new to update we will let you know by following up this thread.

BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems.

Thanks for your Support & understanding!

TechNet Community Support

For future searchers.

I had this issue also. I was able to fix this by enabling the Remote Desktop setting in Server Manager > Local Server (on Windows Server 2012 R2). I verified that the connection is going through the Gateway using RD Gateway Manager.

I deployed a new collection of Windows10 VDI machines, initially I could connect and all was fine.

But after some time it reverted to its local policy of not allowing inbound RDP connections, so I just had to put in a new GPO to always allow RDP connections to virtual machines.

I was also pulling my hair out over this error. Almost all week. And at around the same time a number of other problems appeared, which all seemed unrelated.

When using RDWeb over the internet, and connecting to a resource (Session Host or VDI) on a separate server to the Connection Broker / Session Host (one server doing both), it would give the user an error and RD Gateway would log Event ID 304 with error 23005.

What I found was that a policy I set in place across all domain computers was the cause.

Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

This was set to Deny all. And I then found these logs:

Event Log: NTLM
Event ID: 8001
«NTLM client blocked: Outgoing NTLM authentication traffic to remote servers that is blocked.
Target server: TERMSRV/ «

After changing that policy to Audit all everything worked again.

Источник

Использован протокол подключения http произошла следующая ошибка 23005

Вопрос

We have a simple setup here but we have a problem with users have intermittent connection issues. The event log isn’t the most helpful so I was wandering if anyone here can point me in the right direction. In lamens terms this is my issue.

We have a Kemp load balancer to two RDS gateways and then our RDS connection broker then our RDS hosts. All are Windows Server 2016.

Daily we get issues from remote working users that when they first connect they get the configuring connecting dialog box (after all the authentication) and it just stays there and either times out or the user just cancels. When they click on the RDP icon and attempt to connect a second time, it works fine and logs straight in.

I understand there are many factors (user internet connection etc) but we (IT) have ourselves, in the evening gone home and tested it and get the same issue. spinning circle on configuring, cancel it or wait until it times out, try again and straight in.

Is there anywhere you can tell me where I can look like a RDS log where I can see exactly what it is doing so I can get to the bottom of this issue?

On a side note I can see in the «TerminalServices-Gateway» log on one of the gateway servers, I keep seeing this warning and error (same time) against a mixture of users, daily;

Warning: The user «domainuser1», on client computer «IP address», met connection authorization policy and resource authorization policy requirements, but could not connect to resource «RDS Host 4». Connection protocol used: «UDP». The following error occurred: «23005».

Error: The user «domainuser1», on client computer «User IP address», failed connection to the remote server «RDS Host 4» using UDP proxy. The following error occurred : «2147965405».

Now, I dont know if this is related to what everyone is experiencing but it doesnt show this error and warning for everyone who has the two attempt connecting issue. I just put that in to see if it helps.

I just want to know if there is anywhere I can see exactly what is happening when connecting (RDS logs etc).

Источник

Использован протокол подключения http произошла следующая ошибка 23005

Вопрос

Setup: Virtualization Host — Physical Dell PowerEdge R540 w 192gb RAM, 2x Xeon procs (cant remember the model, 16 cores total) running Win Server 2016 + Hyper-V Service RD Gateway, RD Broker, RD Web Access, RD Licencing — One VM running on the Virtualization Host. Windows Server 2016, 16gb RAM, 4CPU cores.

Right now I have only have 10 Windows 10 VMs spun up.

Problem #1: At seemingly random intervals, users are unable to connect to their VM via their physical Wyse thin client terminal. After logging in, the client contacts the broker, attempts to sign into the machine and then says «RD Failed». After rebooting the broker server things go back to normal for a few hours, then the «RD Failed» messages return again.

The weird thing: everything works fine if they try to connect from RD Web Access.

Problem #2: Again, at seemingly random intervals, users are receiving messages when logging into their terminals saying: «The requested session access is denied.»

The weird thing: this is only sometimes, and usually goes away if they either a) leave the error message on their screen or b) exit and try again.

I’m honestly not sure where to go from here. I thought it could be a policy or permission issue but it only does it sometimes?

Event Viewer messages collected when experiencing problem #1:

The user «DOMAINUSER», on client computer «10.10.12.41», met connection authorization policy and resource authorization policy requirements, but could not connect to resource «COMPUTERNAME.DOMAIN.COM». Connection protocol used: «HTTP». The following error occurred: «23005».

The user «DOMAINUSER», on client computer «192.168.4.231», met RD resource authorization policy (RD RAP) requirements but the network resource «10.25.20.197;10.25.20.197» did not meet the requirements, so the connection was not authorized. Try connection to another network resource or possibly lower RD Gateway security by modifying the RD RAP requirements for the connection to be authorized.

RD Connection Broker failed to process the connection request for user DOMAINUSER. Error: Element not found.

RD Connection Broker failed to process the connection request for user DOMAINUSER. Load Balancing failed OR Specified endpoint could not be found. Error: Element not found.

Again, after a reboot of the broker/gateway server, everything is back to normal for a few hours.

Источник

Довольно часто после всяческих экспериментов с сетевыми подключениями, переустановкой винды и прочего может возникнуть такая ситуация, что рабочая станция перестанет входить в домен. Это бывает по нескольким причинам. В этом посте я расскажу о двух из них

Ошибка при запросе DNS записи ресурса размещения службы (SRV), используемой для нахождения контроллера домена Active Directory 

Полный текст ошибки может быть такой:

Ошибка при запросе DNS записи ресурса размещения службы (SRV), используемой для нахождения контроллера домена Active Directory для домена “domain.loc”:
Произошла ошибка: “DNS-имя не существует.”
(код ошибки: 0x0000232B RCODE_NAME_ERROR)

Опрос проводился для SRV-записи для _ldap._tcp.dc._msdcs.exigeant.loc
Возможны следующие причины ошибки:
– SRV-записи DNS, необходимые для нахождения контроллера домена Active Directory в этом домене, не зарегистрированы в службе DNS. Эти записи регистрируются на DNS-сервере автоматически при добавлении контроллера домена Active Directory в домен. Они обновляются контроллером домена Active Directory через заданные интервалы. Этот компьютер настроен на использование DNS-серверов со следующими IP-адресами:

8.8.8.8
192.168.0.1
– Одна или несколько зон из указанных ниже не содержит делегирование к своей дочерней зоне:
domain.loc
loc
. (корневая зона)

Решение

• Контроллер домена должен быть первым DNS сервером в списке. Если у вас в сетевои соединении прописано два DNS серера, например внутренний и внешний, то важно помнить, чтобы их порядок был правильным. Вы можете настроить порядок через кнопку “Дополнительно”, закладку “DNS” в настройках сетевого подключения.
• Также важным моментом является адрес DNS сервера, вы должны прописывать внутренний (а не вшешний) адрес вашего DNS-сервера (он же контроллер домена).

При присоединении к домену произошла следующая ошибка: Сетевая папка недоступна

Решение

Проверьте, включена ли галочка “Клиент для сетей Microsoft” в настройках сетевого соединения.

Перестали работать удаленные рабочие места. Следующая ошибка:

103    Критическое    Microsoft-Windows-TerminalServices-Gateway    Microsoft-Windows-TerminalServices-Gateway/Operational    15.03.2014 20:54:34
Службе шлюза удаленных рабочих столов не предоставлены разрешения, необходимые для доступа к SSL-сертификату, который требуется для приема подключений. Чтобы устранить эту проблему, свяжите (сопоставьте) действительный SSL-сертификат при помощи диспетчера шлюза удаленных рабочих столов. Дополнительные сведения см. в разделе справки диспетчера «Получение сертификата для сервера шлюза удаленных рабочих столов». Произошла следующая ошибка: «2148073494».