To resolve this issue, ensure that the required permissions are granted to the Core registry key. If the problem persists, you might have to delete and recreate the Terminal Services resource authorization policies (TS RAPs) and the Terminal Services connection authorization policies (TS CAPs) on the TS Gateway server.
To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
Grant the required permissions to the Core registry key
Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
To grant the required permissions to the Core registry key:
On the TS Gateway server, click Start, click Run, type regedit, and then press ENTER.
Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core subkey, right-click the subkey, and then click Permissions.
In the Permissions for Core dialog box, under Group or user names, click SYSTEM. Under Permissions for SYSTEM, if Full control is not allowed, select the Allow check box adjacent to Full control.
In the same dialog box, under Group or user names, click Administrators. Under Permissions for Administrators, if Full control is not allowed, select the Allow check box adjacent to Full control.
Click OK.
Try exporting the policy and configuration settings again.
If the export is successful, the rest of the resolution steps in this topic do not apply.
If granting the required permissions to the Core registry key does not resolve the problem, try deleting and then recreating the TS RAPs and the TS CAPs on the TS Gateway server.
Delete and recreate the TS RAPs on the TS Gateway server
Note: After you rename rap.xml and restart TS Gateway Manager, no TS RAPs will appear, so you must reconfigure the TS RAP settings.
To back up and delete rap.xml and then open the TS Gateway Manager console:
Navigate to %Windir%\System32\tsgateway\rap.xml, where %Windir% is the drive on which the operating system is installed.
Save a backup copy of rap.xml by renaming rap.xml to rapbak.xml.
Delete rap.xml.
Open TS Gateway Manager. To open TS Gateway Manager, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Gateway Manager.
Reconfigure the TS RAP settings as needed.
Try exporting the policy and configuration settings again.
Delete and recreate the TS CAPs on the TS Gateway server
If backing up and removing the current copy of Rap.xml and recreating the TS RAP settings does not resolve the problem, try renaming IAS.xml to IASbak.xml, and then starting TS Gateway Manager. Opening the console will create a new IAS.xml file.
Note: After you rename IAS.xml and restart TS Gateway Manager, no TS CAPs will appear, so you must reconfigure the TS CAP settings.
To back up and delete IAS.xml and then open TS Gateway Manager:
Navigate to %Windir%\System32\ias\ias.xml, where %Windir% is the drive on which the operating system is installed.
Save a backup copy of IAS.xml by renaming IAS.xml to IASbak.xml.
Delete IAS.xml.
Open TS Gateway Manager. To open TS Gateway Manager, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Gateway Manager.
Reconfigure the TS CAP settings as needed.
Try exporting the policy and configuration settings again.
| Target | Microsoft.Windows.Server.2008.TerminalServicesRole.Service.TSGateway | ||
| Category | EventCollection | ||
| Enabled | True | ||
| Event_ID | 2004 | ||
| Event Source | Microsoft-Windows-TerminalServices-Gateway | ||
| Alert Generate | True | ||
| Alert Severity | Error | ||
| Alert Priority | Normal | ||
| Remotable | True | ||
| Alert Message |
| ||
| Event Log | Microsoft-Windows-TerminalServices-Gateway/Admin |
| ID | Module Type | TypeId | RunAs |
|---|---|---|---|
| DS | DataSource | Microsoft.Windows.EventProvider | Default |
| Alert | WriteAction | System.Health.GenerateAlert | Default |
Home
ENU <Rule ID="Microsoft.Windows.Server.2008.TerminalServicesRole.Service.TSGateway.EventCollection.2004" Enabled="onStandardMonitoring" Target="Microsoft.Windows.Server.2008.TerminalServicesRole.Service.TSGateway" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Microsoft-Windows-TerminalServices-Gateway/Admin</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="UnsignedInteger">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="UnsignedInteger">2004</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">Microsoft-Windows-TerminalServices-Gateway</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="Alert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertName/>
<AlertDescription/>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="Microsoft.Windows.Server.2008.TerminalServicesRole.Service.TSGateway.EventCollection.2004.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue>$Data/LoggingComputer$</SuppressionValue>
</Suppression>
<Custom1/>
<Custom2/>
<Custom3/>
<Custom4/>
<Custom5/>
<Custom6/>
<Custom7/>
<Custom8/>
<Custom9/>
<Custom10/>
</WriteAction>
</WriteActions>
</Rule>