Lemonde
  • Lemonde
  • Advanced Member Topic Starter
a year ago
your computer can't connect to the remote computer because the remote desktop gateway server is running low on server resources and is temporarily unavailable

UserPostedImage

Is this due to idle sessions on the Remote Desktop Gateway Servers?

We think they should be able to handle far more than they are doing...

We have also seen people talking about the failed logon phantom users that seem to arise in 2012 R2 these days:

UserPostedImage

But the error is reporting remote desktop gateway, not remote desktop client.


Sponsor

Want to thank us? Use: Patreon or PayPal or Bitcoins: 12G4A52Znm5s35buKDEmKU2p2vQY69Nsyo

Protect your visitors with SSL, from $3.44

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.


sirclesadmin
a year ago
It is more likely to be the gateway where the issue is to be found as the system message appears to be reporting the Remote Desktop Gateway.

What edition of server is providing the Remote Desktop Gateway IIS?


Lemonde
  • Lemonde
  • Advanced Member Topic Starter
a year ago
sirclesadmin
a year ago
Have a look in the registry and see if you are receiving the following error:

UserPostedImage

Log Name: System

Source: Schannel

Date: 30/11/2020 07:37:44

Event ID: 36874

Task Category: None

Level: Error

Keywords:

User: SYSTEM

Computer: site-DC1.domain.local

Description:

An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Event Xml:

36874

0

2

0

0

0x8000000000000000

1379825

System

site-DC1.domain.local

TLS 1.0

As the inability of the Remote Desktop Gateway server to decrypt the TLS might explain the message.

You can resolve this easily by the following:

Open regedit on the Windows 2008 R2 server and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

Add Keys called "TLS 1.1" and "TLS 1.2"

Under each of the two keys you have just created, create two further keys under each key called Client and Server

Under each of those keys, create DWORD Values called:

DisabledByDefault [Value = 0]

Enabled [Value = 1]


Lemonde
  • Lemonde
  • Advanced Member Topic Starter
a year ago
Thanks for this - thanked on the Forum too.

This is a very appealing idea as the errors have only recently come to light and it has been with Windows 10 Azure connected client machines that have been causing the issue. We are seeing this error in the logs but have not successfully tied the timings to the errors as yet.

We will try and update the IIS TLS settings and report back.

Failing that, we are in the process of rolling out 2019 Remote Desktop Gateway servers which will obviously solve the issue so we may just switch over to those.

Just one question - why does it say TLS 1.0 which is supposedly enabled on Windows 2008 R2 by default and yet it does not appear in the protocols under the registry.


Lemonde
  • Lemonde
  • Advanced Member Topic Starter
a year ago
I have tried the registry entries, and as far as I can see it makes no difference.

The Microsoft pages say that even 2008 supports TLS 1.2

What am I doing wrong?


sirclesadmin
a year ago
It will be working but in order to stop the Chrome message you need to disable the SSL 2 & 3.0 protocols that are vulnerable to the POODLE attack.

You can use this TLS/SSL vulnerability fix utility  from Nartac that will solve the issue.

We recommend using this tool on any internet facing server 2008 - 2012 R2

Check with Nartac before using it on anything newer than that.


Lemonde
  • Lemonde
  • Advanced Member Topic Starter
a year ago
Ah, yes, you are right. The message has now disappeared from the browsers using that site.