Event ID 3001 — RD Gateway Server Configuration

Event ID 3001 — RD Gateway Server Configuration

Published: January 8, 2010

Applies To: Windows Server 2008 R2

For remote clients to successfully connect to internal network resources (computers) through a Remote Desktop Gateway (RD Gateway) server, the RD Gateway server must be configured correctly. The RD Gateway server must be configured to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate, and authorization policy settings must be configured correctly. Remote Desktop connection authorization policies (RD CAPs) specify who can connect to the RD Gateway server. Remote Desktop resource authorization policies (RD RAPs) specify the internal network resources that clients can connect to through an RD Gateway server.

Event Details

Product: Windows Operating System
ID: 3001
Source: Microsoft-Windows-TerminalServices-Gateway
Version: 6.1
Symbolic Name: AAG_EVENT_NEW_CERTIFICATE_SET_FAILED
Message: The RD Gateway server certificate cannot be changed. The following error occurred: “%2”. Verify the certificate and try changing the certificate again.

Resolve
Ensure that the required permissions are granted to the private key of the SSL certificate

To resolve this issue, ensure that required permissions are granted to the private key of the SSL certificate.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

To grant the required permissions to the private key of the SSL certificate:

  1. On the RD Gateway server, open the Certificates snap-in console. If you have not already added the Certificates snap-in console, you can do so by doing the following:
    1. Click Start, click Run, type mmc, and then click OK.
    2. On the File menu, click Add/Remove Snap-in.
    3. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and then click Add.
    4. In the Certificates snap-in dialog box, click Computer account, and then click Next.
    5. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
    6. In the Add or Remove Snap-ins dialog box, click OK.
  2. In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), expand Personal, and then navigate to the SSL certificate for the RD Gateway server.
  3. Right-click the certificate, point to All Tasks, and then click Manage Private Keys.
  4. In the Permissions for <Name> private keys dialog box, under Group or user names, click NETWORK SERVICE. Under Permissions for NETWORK SERVICE, if Read is not allowed, select the Allow check box adjacent to Read.
  5. Click OK.

Verify

To verify that the RD Gateway server is configured correctly, examine Event Viewer logs and search for the following event messages. These event messages indicate that the Remote Desktop Gateway service is running, and that clients are successfully connecting to internal network resources through the RD Gateway server.

To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

To verify that the RD Gateway server is configured correctly:

  1. On the RD Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
  2. In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events:
    • Event ID 101, Source TerminalServices-Gateway: This event indicates that the Remote Desktop Gateway service is running.
    • Event ID 200, Source TerminalServices-Gateway: This event indicates that the client is connected to the RD Gateway server.
    • Event ID 302, Source TerminalServices-Gateway: This event indicates that the client is connected to an internal network resource through the RD Gateway server.

Related Management Information

RD Gateway Server Configuration

Remote Desktop Services

Related:

Unable to start the replication agent on Public Folder Store “”. Error

Details
Product: Exchange
Event ID: 3001
Source: MSExchangeIS Mailbox Store
Version: 6.5.6940.0
Component: Microsoft Exchange Information Store
Message: Unable to start the replication agent on Public Folder Store “<name>“. Error <error code>
   
Explanation

Unable to start the replication agent on the Public Folder store.

   
User Action

At this time, there is no historical information to provide assistance on this event. Monitor event logs for recurrence of this event, and any other events that recur with it. Also, note any other behaviors with the product that coincide with this event. If this is causing a catastrophic or unavailable server situation, contact Microsoft Product Support Services immediately.

Related:

Unable to open ATK device for R access. Returning IO Status Block in Data.

Details
Product: Windows Operating System
Event ID: 3001
Source: Atkctrs
Version: 5.0
Component: Application Event Log
Symbolic Name: ATK_OPEN_FILE_ERROR
Message: Unable to open ATK device for R access. Returning IO Status Block in Data.
   
Explanation

The AppleTalk Protocol is not installed or is not configured properly.

   
User Action

In Control Panel, double-click Devices and check the Status list to verify whether the AppleTalk Protocol is installed and started. Also, check the Event Log in Event Viewer for related messages. If there are a large number of events recorded in the Event Log, there might be problems with Services for Macintosh on the server.

Related:

Unable to start the replication agent on Public Folder Store “%2”. Error %1

Details
Product: Exchange
Event ID: 3001
Source: MSExchangeIS
Version: 8.0
Symbolic Name: msgidReplStartError
Message: Unable to start the replication agent on Public Folder Store “%2”. Error %1
   
Explanation

This Error event indicates that Microsoft Exchange was unable to start the replication agent on the public folder store.

   
User Action

If the problem persists, try one or more of the following:

  • Review the Application log for related events. For example, events that occur immediately before and after this event may provide more information about the root cause of this event.

  • If this event seems to be causing mailflow interruptions or other problems in your Exchange environment, contact Microsoft Product Support. For information about contacting support, visit the Contact Us page of the Microsoft Help and Support Web site.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.

Related:

The performance counter name string value in the registry is incorrectly formatted. The bogus string is %1!s!, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.

Details
Product: Windows Operating System
Event ID: 3001
Source: LoadPerf
Version: 5.2
Symbolic Name: LDPRFMSG_REGISTRY_COUNTER_STRINGS_CORRUPT
Message: The performance counter name string value in the registry is incorrectly formatted. The bogus string is %1!s!, the bogus index value is the first DWORD in Data section while the last valid index values are the second and third DWORD in Data section.
   
Explanation

All performance counter names and explain text are maintained in string tables managed by the performance counter subsystem (Perflib).

The current contents of the performance counter string tables are corrupted and cannot be displayed. To correct the problem, rebuild the string tables.

   
User Action

To rebuild the string tables, on the computer that displayed the message, at the command prompt, type Lodctr /rThe contents of the string tables are automatically rebuilt.

For more information about the Lodctr command, see Help and Support.

Related:

Log file not positioned at end.

Details
Product: Windows Operating System
Event ID: 3001
Source: EvntAgnt
Version: 5.2
Symbolic Name: SNMPELEA_ERROR_LOG_END
Message: Log file not positioned at end.
   
Explanation

Because of a problem with the system, the end of the record cannot be located in the event log file. As a result, the event-to-SNMP (Simple Network Management Protocol) trap translation might be sent twice. This will not affect the operation of the system.

   
User Action

No user action is required.

Related: