Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. You cannot connect to a terminal server that is running Windows Server 2008 through the TS Gateway by using its FQDN if it is in a disjointed namespace and if the TCP port 445 is disabled between the terminal server and the TS Gateway

You cannot connect to a terminal server that is running Windows Server 2008 through the TS Gateway by using its FQDN if it is in a disjointed namespace and if the TCP port 445 is disabled between the terminal server and the TS Gateway

View products that this article applies to.

Symptoms

Consider the following scenario:
  • You use the Terminal Services Gateway (TS Gateway) role service on a computer that is running Windows Server 2008. You allow the authorized remote users to use the TS Gateway to connect to the terminal servers in your internal corporate network or in your private network.
  • You use Active Directory security groups to control user rights in Terminal Services resource authorization policy ("TS RAP" policy).
  • A terminal server and the TS Gateway are in different domains or in a disjoint namespace.
  • You disable communication to the TCP port 445 on the terminal server or on the firewall.
In this scenario, you still cannot connect to the terminal server through the TS Gateway by using the fully qualified domain name (FQDN) of the terminal server after you install the hotfix 967933. Additionally, you receive an error message that resembles the following:
Remote Desktop Disconnected: Terminal Services Resource Authorization Policy (TS RAP) is preventing connection to the remote computer through TS Gateway, possibly due to one of the following reasons:
  • You do not have permission to connect to this remote computer through the TS Gateway server.
  • The name specified for the remote computer does not match the name in the TS RAP.
Contact your administrator for further assistance.

↑ Back to the top

Cause

After you install hotfix 976933, you can connect to terminal servers in the disjoined namespace through the TS Gateway by using their FQDN name. However, this hotfix introduces an additional requirement to create a connection. This requirement is that the TCP port 445 must be enabled between the terminal servers and the TS Gateway. Therefore, the error occurs when the TCP port 445 is disabled between the terminal servers and the TS Gateway.

↑ Back to the top

Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, your computer must be running Windows Server 2008 or Windows Server 2008 Service Pack 2 (SP2). The TS Gateway role service must be installed.

For more information about how to obtain a Windows Server 2008 service pack, click the following article number to view the article in the Microsoft Knowledge Base:
968849 How to obtain the latest service pack for Windows Server 2008

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix replaces the previously released hotfix 967933

File information

The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows Server 2008 file information notes
  • The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
    VersionProductSR_LevelService branch
    6.0.600 1 . 22xxxWindows Server 2008SP1LDR
    6.0.600 2 . 22xxx Windows Server 2008SP2LDR
  • Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.xxxxxx version number.
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2008" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows Server 2008

File nameFile versionFile sizeDateTimePlatformService branch
Aaedge.dll6.0.6001.22563193,53612-Nov-200917:48x86X86_MICROSOFT-WINDOWS-TSP
Aaedge.mofNot Applicable1,10401-Apr-200918:54Not ApplicableX86_MICROSOFT-WINDOWS-TSP
Aatspp.dll6.0.6001.2256373,72812-Nov-200917:48x86X86_MICROSOFT-WINDOWS-TSP
Aatspp.mofNot Applicable1,10701-Apr-200918:54Not ApplicableX86_MICROSOFT-WINDOWS-TSP
Rap.xmlNot Applicable89501-Apr-200918:54Not ApplicableX86_MICROSOFT-WINDOWS-TSP
Tsgateway.xmlNot Applicable59101-Apr-200918:54Not ApplicableX86_MICROSOFT-WINDOWS-TSP
Tsgclean.exe6.0.6001.22563225,79212-Nov-200915:57x86X86_MICROSOFT-WINDOWS-TSP
Tsproxy-edgeadapter-ppdlic.xrm-msNot Applicable3,01812-Nov-200917:36Not ApplicableX86_MICROSOFT-WINDOWS-TSP
Aaedge.dll6.0.6002.22267193,53612-Nov-200917:35x86X86_MICROSOFT-WINDOWS-TSP
Aaedge.mofNot Applicable1,10403-Apr-200920:41Not ApplicableX86_MICROSOFT-WINDOWS-TSP
Aatspp.dll6.0.6002.2226773,72812-Nov-200917:35x86X86_MICROSOFT-WINDOWS-TSP
Aatspp.mofNot Applicable1,10703-Apr-200920:41Not ApplicableX86_MICROSOFT-WINDOWS-TSP
Rap.xmlNot Applicable89503-Apr-200920:41Not ApplicableX86_MICROSOFT-WINDOWS-TSP
Tsgateway.xmlNot Applicable59103-Apr-200920:41Not ApplicableX86_MICROSOFT-WINDOWS-TSP
Tsgclean.exe6.0.6002.22267225,79212-Nov-200915:43x86X86_MICROSOFT-WINDOWS-TSP
Tsproxy-edgeadapter-ppdlic.xrm-msNot Applicable3,01812-Nov-200917:13Not ApplicableX86_MICROSOFT-WINDOWS-TSP
For all supported x64-based versions of Windows Server 2008

File nameFile versionFile sizeDateTimePlatformService branch
Aaedge.dll6.0.6001.22563221,18412-Nov-200918:19x64AMD64_MICROSOFT-WINDOWS-TSP
Aaedge.mofNot Applicable1,10401-Apr-200915:54Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP
Aatspp.dll6.0.6001.2256376,28812-Nov-200918:19x64AMD64_MICROSOFT-WINDOWS-TSP
Aatspp.mofNot Applicable1,10701-Apr-200915:54Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP
Rap.xmlNot Applicable89501-Apr-200915:54Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP
Tsgateway.xmlNot Applicable59101-Apr-200915:54Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP
Tsgclean.exe6.0.6001.22563377,85612-Nov-200916:22x64AMD64_MICROSOFT-WINDOWS-TSP
Tsproxy-edgeadapter-ppdlic.xrm-msNot Applicable3,01812-Nov-200918:15Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP
Aaedge.dll6.0.6002.22267221,18412-Nov-200917:40x64AMD64_MICROSOFT-WINDOWS-TSP
Aaedge.mofNot Applicable1,10403-Apr-200920:39Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP
Aatspp.dll6.0.6002.2226776,28812-Nov-200917:40x64AMD64_MICROSOFT-WINDOWS-TSP
Aatspp.mofNot Applicable1,10703-Apr-200920:39Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP
Rap.xmlNot Applicable89503-Apr-200920:39Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP
Tsgateway.xmlNot Applicable59103-Apr-200920:39Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP
Tsgclean.exe6.0.6002.22267377,85612-Nov-200916:01x64AMD64_MICROSOFT-WINDOWS-TSP
Tsproxy-edgeadapter-ppdlic.xrm-msNot Applicable3,01812-Nov-200917:27Not ApplicableAMD64_MICROSOFT-WINDOWS-TSP

↑ Back to the top

Workaround

Workaround for Windows Server 2008

To work around the issue, use one of the following methods:
  • Use the NetBIOS name of the terminal server to create the terminal server sessions.
  • Use the TS Gateway managed groups instead of Active Directory security groups to configure Terminal Services resource authorization policy ("TS RAP" policy).

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More information

When port 445 is blocked on TS, RAP checks for a resource whose domain NetBIOS of TS is not a correct prefix of its domain FQDN. The checking process takes around 30-40 seconds to complete and then the following result occurs:
  • The checking process fails if this hotfix is not installed and the hotfix 967933 is installed.
  • The checking process succeeds if this hotfix is installed.
Note Port 445 is for file and printer sharing.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
967933 Error message when a remote user tries to connect to a resource on a Windows Server 2008-based computer through TS Gateway by using the FQDN of the resource: "Remote Desktop Disconnected"

Additional file information

Additional file information for Windows Server 2008

Additional files for all supported x86-based versions of Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Package_for_kb974195_server_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,41714-Nov-200907:18Not Applicable
Package_for_kb974195_server_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,36814-Nov-200907:18Not Applicable
Package_for_kb974195_server~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,71114-Nov-200907:18Not Applicable
X86_microsoft-windows-tsproxy-edgeadapter_31bf3856ad364e35_6.0.6001.22563_none_3e563922e600d7a3.manifestNot Applicable86,94012-Nov-200919:45Not Applicable
X86_microsoft-windows-tsproxy-edgeadapter_31bf3856ad364e35_6.0.6002.22267_none_4040ac32e3239223.manifestNot Applicable86,94012-Nov-200919:20Not Applicable
Additional files for all supported x64-based versions of Windows Server 2008

File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-tsproxy-edgeadapter_31bf3856ad364e35_6.0.6001.22563_none_9a74d4a69e5e48d9.manifestNot Applicable87,29813-Nov-200911:19Not Applicable
Amd64_microsoft-windows-tsproxy-edgeadapter_31bf3856ad364e35_6.0.6002.22267_none_9c5f47b69b810359.manifestNot Applicable87,29812-Nov-200919:20Not Applicable
Package_for_kb974195_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,42514-Nov-200907:18Not Applicable
Package_for_kb974195_server_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,37614-Nov-200907:18Not Applicable
Package_for_kb974195_server~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,72114-Nov-200907:18Not Applicable

↑ Back to the top

Keywords: kbqfe, kbhotfixserver, kbsurveynew, kbautohotfix, kbexpertiseinter, kbbug, kbfix, KB974195

↑ Back to the top

Article Info
Article ID : 974195
Revision : 3
Created on : 1/18/2010
Published on : 1/18/2010
Exists online : False
Views : 252