Windows Server 2008 Terminal Services Gateway Setup Troubleshooter

If you have an issue after your initial setup of Windows Server 2008 Terminal Services, you can make use of the troubleshooting section on TechNet. Here are some additional things to check, and steps to consider:

  1. Check that the TS server role is installed using Server Manager tool - you should see the TS server role is installed and the status icon shows green.
  2. Check that a SSL certificate is installed. TS Gateway server needs a SSL certificate which is trusted by IE or Windows.  For more details, see the Terminal Services Authentication and Encryption troubleshooting topic.  You must install the SSL certificate for the TS Gateway server using the TS Gateway Admin tool only.  If you are not sure about how you installed your SSL certificate in the first place during server install, it is ok to reinstall the certificate using admin tool again. Make sure SSL certificate “subject name” matches the Gateway server FQDN name.
  3. Check that Terminal Services Gateway service is running using the Service Manager - verify that  “Terminal services Gateway services” is set to auto start and running.
  4. Check that a “Connection Authorization policy” (CAP) has been created and that you have added the user/groups you want.
  5. Check that a “Resource Authorization policy” (RAP) has been created and permissions assigned to a Resource Group.
  6. Check/Enable full auditing using the TS Gateway admin tool to enable the full auditing on both successful and failed connections.
  7. Check for error messages in the NT event log for TS Gateway server.
  8. Check the TS Gateway admin tool startup page (home page) for warning messages or outstanding steps to be completed.
  9. Check end-to-end connectivity: 
    • Follow the TS Gateway Server Step-by-Step Guide for help on configuring the TS client to use the Gateway server -- make sure you have selected “Use these Settings” radio button under TS Gateway server settings available under “Advanced” tab. 
    • Make sure you have entered a valid Gateway server name. 
    • Make sure you have entered a full FQDN name for the Gateway server if you are testing using an Internet connection. 
    • Make sure you have unchecked “By pass TS Gateway server for local addresses” checkbox.
    • Leave the authentication method to default - “Ask for Password (NTLM)” for testing purpose. 
    • Make sure that a "corporate CA certificate” public key certificate is installed on the Vista client machine.