Announcement

Collapse
No announcement yet.

TS Gateway Configuration Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • TS Gateway Configuration Issues

    I am running a Win2008 64x Server with SP2 installed. This is not a Win2008 SBS server, however it has many of the same items installed on it. Exchange, IIS, DNS, File Services, DHCP, etc.

    All MS updates have been run on the server.

    The server is also running Symantec Endpoint Protection 11 MR4 MP2.

    Last week, during the installation process one of the roles did not install correctly. I did not notice it at the time, however, looking back in the logs I can see that there was an installation error. If I look in the setup log for the server I see the following event
    ****************************************
    Installation succeeded with errors.
    Roles:
    Network Policy and Access Services
    The following role services were installed:
    Network Policy Server
    Informational: You can use a wizard in the NPS console to configure Network Access Protection (NAP). To open the NPS console after installation, go to Server Manager or click Start, Administrative Tools, Network Policy Server.
    Terminal Services
    Error: The TS Gateway settings could not be configured. To resolve this issue, try configuring the settings by using TS Gateway Manager.
    The following role services were installed:
    TS Licensing
    TS Gateway
    Web Server (IIS)
    The following role services were installed:
    Web Server
    Common HTTP Features
    HTTP Redirection
    Health and Diagnostics
    Logging Tools
    Tracing
    Security
    Client Certificate Mapping Authentication
    Features:
    RPC over HTTP Proxy
    ****************************************

    Yesterday I finally got around to setting up the TS Gateway. However, if I click on the TS Gateway Manager in Server Manager, there is nothing displayed in the window.

    Therefore, I attempted to uninstall and reinstall TS Gateway. However the uninstalled failed. I tried to uninstall several times. Each time the server would want to be restarted 2 times and then it would eventually say something to the effect "This role has failed to install three times. Installation will not be attempted again."

    I tried to uninstall the TS Gateway role several times. I then tried to uninstall the entire Terminal Services role. However, each time I encountered similar failures.

    Currently the server does have the TS Gateway role installed on it. In addition all of the services appear to be running correctly.

    The only problem that I have is that I cannot configure the TS Gateway. If I open TS Gateway through the Server Manager it is blank and I can't do anything. The list of managed TS gateway servers is empty.

    If I click on "Start" and open TS Gateway Manager that is also blank. If I select "Connect to TS Gateway" and then select "Local Server" I get the following message.

    "The Terminal Services Connection authorization policies (TS CAPs) cannot be read. This problem might be due to a corrupted store for the TS CAP. Alternatively, this problem might be due to a recent password change for the Administrator account on the TS Gateway server."

    I hit the OK button and I cannot get any further. I have searched for the above error message and have not been able to find a solution.

    This is a production server, but I can reboot it in the evenings.

    Ideas anyone?


  • #2
    Re: TS Gateway Configuration Issues

    1. Please reboot the server after any role installation/uninstallation.

    2. TS Gateway should be installed on a seperate server in the DMZ most of the times.
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: TS Gateway Configuration Issues

      1) The server has already been rebooted many times.
      2) This is a small client. The server is setup similar to a SBS2008 server. SBS2008 server has TS Gateway along with many other roles installed on it. Unfortunately the client is not big enough to have a dedicated server sitting in a DMZ.

      Comment


      • #4
        Re: TS Gateway Configuration Issues

        Please make sure that the server object was added to the relevent local groups (thats allow the computer to interact with the terminal services).

        http://technet.microsoft.com/en-us/l...8WS.10%29.aspx

        http://technet.microsoft.com/en-us/l...30(WS.10).aspx
        Best Regards,

        Yuval Sinay

        LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

        Comment


        • #5
          Re: TS Gateway Configuration Issues

          OK. I have some updated information.

          I discovered that I could manually delete the TS CAP and TS RAP by using the following instructions.
          1. Navigate to %Windir%\System32\tsgateway\rap.xml, where %Windir% is the drive on which the operating system is installed.
          2. Save a backup copy of rap.xml by renaming rap.xml to rapbak.xml.
          3. Delete rap.xml.
          4. Open TS Gateway Manager. To open TS Gateway Manager, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Gateway Manager.
          1. Navigate to %Windir%\System32\ias\ias.xml, where %Windir% is the drive on which the operating system is installed.
          2. Save a backup copy of IAS.xml by renaming IAS.xml to IASbak.xml.
          3. Delete IAS.xml.
          4. Open TS Gateway Manager. To open TS Gateway Manager, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Gateway Manager.
          After doing that I was able to open the TS Gateway Manager. I then manually created a TS RAP and TS CAP. However, on the "Confirm Policy Creation" window I get the following messages.

          The TS CAP “General Connection Authorization Policy” could not be created. The following error occurred: WMI failure: Unable to Create Network Access Policy
          The TS RAP “General Resource Authorization Policy” has been successfully created.


          I looked in the log files but I was not able to find a better error message.

          Anyway, I have made progress. I can now at least open the TS Gateway Manager.

          Any ideas why I cannot create a TS CAP?

          Comment


          • #6
            Re: TS Gateway Configuration Issues

            Did you tried to remove the "Network Access Policy" role, reboot and reinstall it?
            Best Regards,

            Yuval Sinay

            LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

            Comment


            • #7
              Re: TS Gateway Configuration Issues

              I tried to uninstall just the Network Access Policy role. However, that failed to unisntall. After two reboots the server states that it is unable to remove the role.

              Comment


              • #8
                Re: TS Gateway Configuration Issues

                Did you got any error message (event log etc.)?
                Best Regards,

                Yuval Sinay

                LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

                Comment

                Working...
                X