The Sysadmins

Tips and tricks from the Sysadmins

Remote Desktop iOS 8.1.0 – Error 0x03000008

Issue

In a recent update to the iOS Remote Desktop client (8.1.0 and above) you receive the following error when connecting using a Remote Desktop Gateway: Can’t connect to the Remote Desktop Gateway. Contact your network administrator for assistance. (Error code: 0x03000008)

iPhone iPad Error 0x03000008

Confirmed on the Remote Desktop Services blog here.

Fix

1. Review the TerminalServices-Gateway operational event log on the Remote Desktop Gateway server and look for EventID 301 which states: The user “DOMAIN\user”, on client computer “1.2.3.4”, did not meet resource authorization policy requirements and was therefore not authorized to resource “172.17.50.10”. The following error occurred: “23002”.

RDS-IP-5

The resource IP should be one of your RDS servers, note healthy connections to the Gateway should (typically) specify the FQDN of the RDS server it is trying to connect to: The user “Domain\user”, on client computer “1.2.3.4”, met resource authorization policy requirements and was therefore authorized to connect to resource “RDS-NY-2.domain.co.uk“.

2. Open the RD Gateway Manager MMC on your Gateway server, go to Policies, Resource Authorization Policies (RAP) and review the policy you have configured for your company- note the locally stored computer group used.

iPhone iPad Error 0x03000008

3. Choose Manage locally stored computer groups from the right hand side, select the group used in the policy and select properties.

iPhone iPad Error 0x03000008

4. Add the IP for each of the RDS servers in the farm (keep hostname and FQDN if present).

iPhone iPad Error 0x03000008

Once this is complete it should resolve the issue. Review the TerminalServices-Gateway operational event log and you should now see: The user “DOMAIN\user”, on client computer “1.2.3.4”, met resource authorization policy requirements and was therefore authorized to connect to resource “172.17.50.10”.

This issue/bug/feature is still present in the Remote Desktop iOS application version 8.1.5 from 29th October.

7 Comments

  1. Thanks for this fix!
    Our RDS servers were already added to the “network resources” in the “locally stored computer group”, but with the hostname. When I added the IP-adresses, the app started working again!

  2. This may be a “right-there” type question, but where does one find the TerminalServer-Gateway logs on the Windows 2012R2 server?

    • Tom@thesysadmins.co.uk

      November 20, 2014 at 6:51 am

      Open the Event Log viewer -> Applications and Services Logs -> Microsoft -> Windows -> TerminalServices-Gateway. It will only appear if you have the Remote Desktop Gateway role service installed.

      • Thank you! However, after checking the logs, I do not see any EventID 301 errors from yesterday, even though I tried connecting multiple times with an IOS device yesterday. In fact, I don’t have any logs in the last month in there. Any Ideas as to why that would be? Android is connecting just fine, and I followed the above steps. Help?

        Thank you!

        • Tom@thesysadmins.co.uk

          November 20, 2014 at 7:26 pm

          Check that logging is enabled and that no filtering is in place against the Operational section. You can do this by right clicking the Operational section and making sure you do not see “Enable Log” or “Clear Filter”.

          • Logging was already enabled and there is no filter in place.

            • Tom@thesysadmins.co.uk

              November 20, 2014 at 9:25 pm

              Have you checked the auditing options within the RD Gateway Manager Console? Right click on the Server -> Properties -> Auditing.

              RDS Gateway

              Can you confirm you are seeing *no* items in the operational log within the last month?

Leave a Reply

Your email address will not be published.

*