SYMPTOM:
You are trying to expose an application from Windows Server 2012 Remote Desktop Gateway. It works flawless when connecting from a Windows 8/8.1 machine, but it times out when connecting from a Windows 7 machine.
The possible cause is described in this KB article ID: 2903333
DESCRIPTION:
Error on a MSTSC connection with RDP 8.0 on a Windows 2012 Remote Desktop Gateway Server: "This computer can not connect to the remote computer." On the Remote Desktop Gateway Server for Terminal Services Event ID is 4625 listed with the status 0xC000035B in the security log. Protocol name: Security Source: Microsoft Windows security auditing Date: 05/08/2013 16:20:00 Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N computer: RDGW.CONTOSO.COM Description: The registration of an account failed. applicant : Security ID: NULL SID Account Name: -Account Domain: – Logon ID: 0x0 Logon Type: 3 Account in which the login failed: Security ID: NULL SID Account Name: myuserAccount Domain: Contoso error information: Error Cause: The application is an error . occurred Status: 0xC000035B Under Status: 0x0
CAUSE:
This error occurs if the registry entry LMCompatibility has been configured to force the use of NTLMv1. By setting LMCompatibility to a value which is smaller than 3, the use of NTLMv1 is forced. forces in Windows 2012 RDP 8.0 default channel bonding. Since these bonds are not delivered when using NTLMv1, the authentication with the status 0xC000035B "The supplied from the client SSPI channel bindings are incorrect" error, indicating that the bonds are not valid.
SOLUTION:
This article describes how to change the Windows registry. information about modifying the registry, see the online Help topic "Changing Keys and Values" in Registry Editor (Regedit.exe). You should make a backup copy of the registry files (System.dat and User.dat) before you edit the registry. WARNING: Improper use of Registry Editor can cause serious problems that may require you to reinstall your operating system. Microsoft can not guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.======================================== ==== There are two methods to resolve this error. Method 1:Adjust the registry value LMCompatibility so NTLMv1 is not enforced, by setting it to a value of 3 or a higher value. Further information about the registry value LMCompatibility see http://technet.microsoft.com/de-de/library/cc960646.aspx Method 2:Set the registry value EnforceChannelBinidng to zero (0) determine the associated lack of channel bindings on the RD Gateway Server be ignored for Terminal Services. path: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Terminal Server Gateway \ Config \ Core Type: REG_DWORD Name: EnforceChannelBinding VALUE: 0 (decimal) Note: The EnforceChannelBinidng value is not present by default on the gateway server and must be created.
This solution is posted in German at
http://support.microsoft.com/kb/2903333/de
and run through Google Translate as is. There is no equivalent in English, as far as I can tell.
Enjoy :)
thatcrm.com 
Leave a Reply