Event ID 517 — RD Gateway Server Configuration

Event ID 517 — RD Gateway Server Configuration

Published: January 8, 2010

Applies To: Windows Server 2008 R2

For remote clients to successfully connect to internal network resources (computers) through a Remote Desktop Gateway (RD Gateway) server, the RD Gateway server must be configured correctly. The RD Gateway server must be configured to use an appropriate Secure Sockets Layer (SSL)-compatible X.509 certificate, and authorization policy settings must be configured correctly. Remote Desktop connection authorization policies (RD CAPs) specify who can connect to the RD Gateway server. Remote Desktop resource authorization policies (RD RAPs) specify the internal network resources that clients can connect to through an RD Gateway server.

Event Details

Product: Windows Operating System
ID: 517
Source: Microsoft-Windows-TerminalServices-Gateway
Version: 6.1
Symbolic Name: AAG_EVENT_QUARANTINE_DISABLE_FAILED
Message: The “Request clients to send a statement of health” (SoH) setting could not be disabled on this RD Gateway server. To resolve this issue, ensure that the QuarantineEnabled registry key exists and that the System and Administrators groups are granted Full Control permissions to this key. The following error occurred: “%1”.

Resolve
Ensure that the required permissions are granted to the Core registry key

To resolve this issue, ensure that the required permissions are granted to the Core registry key.

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Caution:  Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.

To grant the required permissions to the Core registry key:

  1. On the RD Gateway server, click Start, click Run, type regedit, and then press ENTER.
  2. Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core subkey, right-click the subkey, and then click Permissions.
  3. In the Permissions for Core dialog box, under Group or user names, click SYSTEM. Under Permissions for SYSTEM, if Full control is not allowed, select the Allow check box adjacent to Full control.
  4. In the same dialog box, under Group or user names, click Administrators. Under Permissions for Administrators, if Full control is not allowed, select the Allow check box adjacent to Full control.
  5. Click OK.

Verify

To verify that the RD Gateway server is configured correctly, examine Event Viewer logs and search for the following event messages. These event messages indicate that the Remote Desktop Gateway service is running, and that clients are successfully connecting to internal network resources through the RD Gateway server.

To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

To verify that the RD Gateway server is configured correctly:

  1. On the RD Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
  2. In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events:
    • Event ID 101, Source TerminalServices-Gateway: This event indicates that the Remote Desktop Gateway service is running.
    • Event ID 200, Source TerminalServices-Gateway: This event indicates that the client is connected to the RD Gateway server.
    • Event ID 302, Source TerminalServices-Gateway: This event indicates that the client is connected to an internal network resource through the RD Gateway server.

Related Management Information

RD Gateway Server Configuration

Remote Desktop Services

Related:

Event ID 517 — Backup Operations

Event ID 517 — Backup Operations

Updated: January 27, 2011

Applies To: Windows Server 2008

You can use the Windows Server Backup snap-in or the wbadmin command to create and manage backups to protect your operating system, volumes, files, and application data. Backups can be saved to single or multiple disks, DVDs, removable media, or remote shared folders. They can also be scheduled to run automatically or manually.

However, system state backup is only available for the command line and is not available in the Windows Server Backup snap-in user interface. Also, you cannot configure a scheduled backup to create system state backups—but you can script the wbadmin start systemstatebackup command to run backups on a schedule.

In addition, you can use the Local Group Policy Editor snap-in (Gpedit.msc) to allow or disallow certain types of backups or backup locations. Policy settings for Windows Server Backup are located at: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Backup\Server.

Event Details

Product: Windows Operating System
ID: 517
Source: Microsoft-Windows-Backup
Version: 6.0
Symbolic Name: ADMIN_GENERIC_BACKUP_FAILED_EVENT
Message: Backup started at ‘%1’ failed with following error code ‘%2’ (%3). Please rerun backup once issue is resolved.

Resolve
Review event details for solutions for failed backup

If a backup fails, review the details for the applicable events to find out why the backup operation failed. Then re-run the backup.

To do this, follow these general steps:

  1. Find the applicable events in Event Viewer, and then review the details for those events to find out why the backup operation failed. For more information, see “Review event details in Event Viewer.”
  2. Review the details provided about the failure in the Windows Server Backup snap-in start page. For more information, see “Review error messages in the Windows Server Backup snap-in.”
  3. Confirm that the location to perform the backup to is online.
  4. After resolving any errors that you find in performing the steps above, re-run another backup. For more information, see “Perform a backup using the command line.”

To perform these procedures, you must have membership in Backup Operators or Administrators, or you must have been delegated the appropriate authority.

Review event details in Event Viewer

To review event details for a backup in Event Viewer:

  1. Open Event Viewer. Click Start, click Administrative Tools, and then click Event Viewer.
  2. In the left pane, double-click Applications and Service Logs, double-click Microsoft, double-click Windows, double-click Backup, and then click Operational.
  3. In the right pane, click the Details tab, and then click XML View.
  4. Click an event in the list.
  5. Review <Data Name=”VolumesInfo”> to see the error code (XML Node: HResult) and detailed error code (XML Node: DetailedHResult), along with other details about the volumes whose backup failed.
  6. Review error messages for the error codes, as described in “Review error messages in the Windows Server Backup snap-in.”

Review error messages in the Windows Server Backup snap-in

To view error messages using Windows Server Backup:

  1. Open the Windows Server Backup snap-in. Click Start, click Administrative Tools, and then click Windows Server Backup.
  2. On the start page, under Messages, double-click the event for the failed volume recovery, click the Errors tab, and view the text under Message.

Perform a backup using the command line

To perform a one-time backup:

  1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. At the prompt, type: wbadmin start backup. Use parameters, as needed. (To view the parameters and help for this command, at a command line, type: wbadmin start backup /?).

    For example, to create a backup that will be stored on drive f, of volumes e:, d:\mountpoint, and \\?\Volume{cc566d14-4410-11d9-9d93-806e6f6e6963}, type: wbadmin start backup -backupTarget:f: -include:e:,d:\mountpoint,\\?\Volume{cc566d14-44a0-11d9-9d93-806e6f6e6963}\.

Verify

To verify that backup operations are running, or will run, successfully, you should do one or more of the following, as needed:

  • For any backup operations that you have run, look for Event ID 4, which indicates that the operation completed successfully with no errors.
  • Verify that no other backup or recovery operations are running so that you can start an operation.
  • Verify that you have enabled a scheduled backup, and is configured correctly.
  • Verify that the location where you plan to store your backups is available and online.

To perform these procedures, you must have membership in Backup Operators or Administrators, or you must have been delegated the appropriate authority.

Verify the backup completed with no errors

To verify that a backup operation completed with no errors:

  1. Open Event Viewer. Click Start, click Administrative Tools, and then click Event Viewer.
  2. In the left pane, double-click Applications and Service Logs, double-click Microsoft, double-click Windows, double-click Backup, and then click Operational.
  3. In the Event ID column, look for event 4.  
  4. For this event, confirm that the value in the Source column is Backup.

Verify another operation is not running

To verify that another backup or recovery operation is not running:

  1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. At the prompt, type: wbadmin get status.
  3. If the command output indicates that no operation is running, then you can start a backup.

Verify scheduled backup is enabled

To verify that a scheduled backup is enabled:

  1. Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
  2. At the prompt, type: wbadmin enable backup.
  3. If the command output shows a schedule, then a scheduled backup is enabled.
  4. Confirm that the schedule contains the correct parameters.

Verify storage location is online

To verify that a disk used to store backups is online:

  1. For the computer that contains the storage disk, open Disk Management. Click Start, click Run, and then type: diskmgmt.msc.
  2. Click View, click Top, and then click Disk List.
  3. For the disk that contains the volume that you will use to store backups, confirm that the value in the Status column is Online.

Related Management Information

Backup Operations

File Services

Related:

%1 (%2) %3Database recovery failed with error %4 because it encountered references to a database, ‘%5’, which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the “more information” link at the bottom of this message.

Details
Product: Exchange
Event ID: 517
Source: ESE
Version: 8.0
Symbolic Name: CONSISTENT_TIME_MISMATCH_ID
Message: %1 (%2) %3Database recovery failed with error %4 because it encountered references to a database, ‘%5’, which does not match the current set of logs. The database engine will not permit recovery to complete for this instance until the mismatching database is re-instated. If the database is truly no longer available or no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the “more information” link at the bottom of this message.
   
Explanation

This Error event indicates that database recovery failed because it encountered references to a database that does not match the current set of logs.

   
User Action

To resolve this Error event, do one or more of the following:

  • If this event is encountered after a database or log restore, verify that the correct database or logs were restored to the correct path.

  • Review the Application log for related events. For example, events that occur immediately before and after this event may provide more information about the root cause of this error.

  • For more information, see How to Mount a Database in a Cluster Continuous Replication Environment and How to Run Eseutil /R (Recovery).

  • If you are still having difficulty resolving the issue, contact Microsoft Product Support. For information about contacting support, visit the Contact Us page of the Microsoft Help and Support Web site.

If you are not already doing so, consider running the tools that Microsoft Exchange offers to help administrators analyze and troubleshoot their Exchange environment. These tools can help you make sure that your configuration is in line with Microsoft best practices. They can also help you identify and resolve performance issues, improve mail flow, and better manage disaster recovery scenarios. Go to the Toolbox node of the Exchange Management Console to run these tools now. For more information about these tools, see Toolbox in the Exchange Server 2007 Help.

Related:

The audit log was cleared Primary User Name: %1 Primary Domain: %2 Primary Logon ID: %3 Client User Name: %4 Client Domain: %5 Client Logon ID: %6

Details
Product: Windows Operating System
Event ID: 517
Source: Security
Version: 5.0
Component: Security Event Log
Symbolic Name: SE_AUDITID_AUDIT_LOG_CLEARED
Message: The audit log was cleared Primary User Name: %1 Primary Domain: %2 Primary Logon ID: %3 Client User Name: %4 Client Domain: %5 Client Logon ID: %6
   
Explanation

This event record indicates that the audit log has been cleared. This event is always recorded, regardless of the audit policy. It is recorded even if auditing is turned off. The audit log should be saved in a file before deleting. The practice of always saving copies of audit logs is good for catching fraudulent users. A fraudulent user with sufficient privileges can delete the audit log as a way of erasing evidence of tampering with the computer systems and files. Lack of a backed-up audit log will help trace an unauthorized user. Once deleted, an audit log is lost unless a copy was made and saved before deleting.

   
User Action

Always save copies of your audit logs before deleting them.

Related: