Problems connecting to a Windows Remote Desktop Gateway

Regedit to the rescue.

January 10, 2014

Introduction

I am writing this in case anyone finds it while searching for the following symptoms. It is the two things I had to do to get a Windows remote desktop (RDP) connection to consistently work from a Windows 8 or higher client to a Windows 2012 server via a Microsoft Remote Desktop Gateway (RDG).

Symptoms

  1. You set up an RDP connection via a RDG. It works correctly the first time, but all subsequent attempts to login result in the remote desktop client prompting for your credentials but then returning to the RDP connection prompt again without connecting.

And/or:

  1. You set up an RDP connection via RDG. It works correctly, but the connection drops and then automatically reconnects every 60 seconds or so.

If either of these are happening to you, read on.

First connection works, subsequent connections don’t

The problem comes from how you answer the prompt the first time you successfully connect to the desktop. Depending on your RDG’s policy, you may receive a “Logon Message” prompt similar to the following:

Logon message

Be careful how you answer the two check boxes at the bottom. You must check the first one (“I understand and agree to the terms of this policy”) to complete logging in. However, if you check the second one (“Do not ask again unless changes to policy occur”) and your client machine is not under the same group policy as the server, i.e., you are connecting to your work’s RDG via an RDP connection on your home machine, you will get symptom #1. So leave it unchecked, which means you will have to answer this prompt every time you login via the RDG, but so it goes.

If you have already checked the second check box and are getting symptom #1, the following may be helpful.

Since the following involves editing the registry, you take on all risk by doing this, and for this post I presume you know what you are doing. I am simply outlining what worked for me. Be careful and don’t just blindly follow these instructions but use them as a starting point for your own problem determination and correction.

  1. I cleaned up all Remote Desktop entries in the registry dealing with the target RDP server (using its name to search on). These will appear under HKCU\Software\Microsoft\Terminal Server Client\Servers\<servername> (where <servername> is the problematic server). I simply deleted the key for the problem server (only).
  2. There were also entries under HKCU\Software\Microsoft\Terminal Server Gateway\<domain> (where <domain> is the internal A/D domain name of the server I was connecting to). Under that was a key called Messages. This had the message from the above logon prompt cached in it. I simply deleted the key for the specific domain (only).
  3. When I then tried to reconnect I was presented with the above logon message box again. Progress! On a hunch I then checked the first check box but left the second unchecked and from then on was able to reconnect successfully (albeit always having to answer the first check box in the logon message prompt).

This symptom only happened on my home box. On my work laptop it did not, even when the second check box was checked. My theory is that since the work laptop is under the same Active Directory group policy as the RDG server it all “just works,” but since the home box is not and has no way of checking policy until it connects, it causes an issue. You would think Microsoft could do better than allowing you to shoot yourself in the foot like that.

Connection keeps disconnecting after 60 seconds

This one seems to be a specific “Windows 8 thing” if you search for it on the ’net (I don’t know if it still affects Windows 10). This post has a lot of things to try in the long comment thread. However, the one that worked for me was changing the registry to disable UDP for RDP clients. Note that the original comment that proposes the registry change for this gets the value name wrong. Another post has the correct name in a comment correcting that comment (got that?). To be clear, the value name is fClientDisableUDP ( not tofClientDisableUDP).

Since the following involves editing the registry, you take on all risk by doing this, and for this post I presume you know what you are doing. I am simply outlining what worked for me. Be careful and don’t just blindly follow these instructions but use them as a starting point for your own problem determination and correction.

  1. Navigate to HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client.
  2. Create a DWORD named fClientDisableUDP and assign it a value of 1.

That should be all there is to it. After making the above change I had a multi-monitor RDP session via the RDG work uninterrupted for hours.

I hope this post helps someone else who is searching for answers to these issues.