Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member Topic Starter
3 years ago
your computer can't connect to the remote computer because the remote desktop gateway server is running low on server resources and is temporarily unavailable

UserPostedImage

Is this due to idle sessions on the Remote Desktop Gateway Servers?

We think they should be able to handle far more than they are doing...

We have also seen people talking about the failed logon phantom users that seem to arise in 2012 R2 these days:

UserPostedImage

But the error is reporting remote desktop gateway, not remote desktop client.
Sponsor

Want to thank us? Use: Patreon or PayPal or Bitcoins: 3GJia7gLLY8V8eYBf5Q3RjCrNV8kZC3aNn

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.


sirclesadmin
3 years ago
It is more likely to be the gateway where the issue is to be found as the system message appears to be reporting the Remote Desktop Gateway.

What edition of server is providing the Remote Desktop Gateway IIS?
Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member Topic Starter
3 years ago
sirclesadmin
3 years ago
Have a look in the registry and see if you are receiving the following error:

UserPostedImage

Log Name: System
Source: Schannel
Date: 30/11/2020 07:37:44
Event ID: 36874
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: site-DC1.domain.local
Description:
An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event Xml:



36874
0
2
0
0
0x8000000000000000

1379825


System
site-DC1.domain.local



TLS 1.0




As the inability of the Remote Desktop Gateway server to decrypt the TLS might explain the message.

You can resolve this easily by the following:

Open regedit on the Windows 2008 R2 server and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

Add Keys called "TLS 1.1" and "TLS 1.2"

Under each of the two keys you have just created, create two further keys under each key called Client and Server

Under each of those keys, create DWORD Values called:

DisabledByDefault [Value = 0]
Enabled [Value = 1]

Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member Topic Starter
3 years ago
Thanks for this - thanked on the Forum too.

This is a very appealing idea as the errors have only recently come to light and it has been with Windows 10 Azure connected client machines that have been causing the issue. We are seeing this error in the logs but have not successfully tied the timings to the errors as yet.

We will try and update the IIS TLS settings and report back.

Failing that, we are in the process of rolling out 2019 Remote Desktop Gateway servers which will obviously solve the issue so we may just switch over to those.

Just one question - why does it say TLS 1.0 which is supposedly enabled on Windows 2008 R2 by default and yet it does not appear in the protocols under the registry.
Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member Topic Starter
3 years ago
I have tried the registry entries, and as far as I can see it makes no difference.

The Microsoft pages say that even 2008 supports TLS 1.2

What am I doing wrong?
sirclesadmin
3 years ago
It will be working but in order to stop the Chrome message you need to disable the SSL 2 & 3.0 protocols that are vulnerable to the POODLE attack.

You can use this TLS/SSL vulnerability fix utility  from Nartac that will solve the issue.

We recommend using this tool on any internet facing server 2008 - 2012 R2

Check with Nartac before using it on anything newer than that.
Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member Topic Starter
3 years ago
Ah, yes, you are right. The message has now disappeared from the browsers using that site.