I've been using TS Gateway to permit remote access for our staff for a few months now, and all has been well. Users either connect to a traditional terminal server desktop or hit our website and start an TS RemoteApp application- in both cases the connection is routed through a TS Gateway.
However I came into work this morning to find that has stopped authenticating users through TS Gateway, each time returning "The logon attempt failed" as seen in the image even though the credentials are correct.
It should be noted that everything works fine if the Gateway is taken out of the equation, it's the TS Gateway component that is causing these problems.
Users experience this problem whether they connect through XP SP3, Vista or 7.
On the server a total of 4 entries appear in the Windows security log at exactly the same time for each failed logon attempt: two 4624 "An account was successfully logged on" messages for the user, immediately followed by two 4634 "An account was logged off"s. This suggests that the server is accepting the credentials as correct, then booting the user off. Nothing at all is recorded in the NPS and Terminal Server logs.
A reboot doesn't change things. Neither does completely removing and reinstalling the NPS and Terminal Server roles. I'm baffled as to how this can happen suddenly without warning.
Any suggestions would be greatly appreciated.
Best Answer
This problem has been plaguing me for months on an SBS 2008 machine, but has never been critical enough to go to crazy measures to fix.
After resorting to uninstalling and reinstalling the TS Gateway service and it still not working, I went to IIS Manager → Sites → SBS Web Applications → Rpc → Authentication and found only "Basic Authentication" was enabled.
Though details on this particular error are scarce online, I have seen that Outlook Anywhere seems to change IIS Authentication schemes. Since this is SBS, I figured Exchange and TS Gateway might be fighting over the authentication setting.
I enabled "Windows Authentication" then ran an IIS reset. When IIS came back online, I was able to connect via TS Gateway to two servers and at least one workstation. I connected and disconnected multiple times and it had no problems.
I can't guarantee this is permanent, but I'm definitely hoping.
EDIT: Since making this change, I haven't had any problems with TS Gateway.