Event ID - 643

Event Id643
SourceMicrosoft-Windows-TerminalServices-Gateway
DescriptionTS Gateway Resource access Policy engine failed to open Azman Application(TS Gateway) and the error was "%2"
Event InformationAccording to Microsoft :
Cause :
This event is logged when the TS Gateway Resource access Policy engine failed to open Azman Application(TS Gateway) and the error occured.
Resolution :
Grant the required permissions to rap.xml
To resolve this issue, grant the required permissions to the rap.xml file. If granting the required permissions to the rap.xml file does not resolve the problem, rename the rap.xml file and start the TS Gateway Manager snap-in console.
To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
Grant the required permissions to the rap.xml file
To grant the required permissions to the rap.xml file:
  1. On the TS Gateway server, navigate to %Windir%\System32\tsgateway\rap.xml, where %Windir% is the drive on which the operating system is installed.
  2. Right-click rap.xml.
  3. In the rap.xml Properties dialog box, click the Security tab.
  4. Click Edit, and then do the following:
    a.In the Permissions for rap dialog box, under Group or user names, click SYSTEM. Under Permissions for SYSTEM, if Full control is not allowed, select the Allow check box adjacent to Full control.
    b.Under Group or user names, click Administrators. Under Permissions for Administrators, if Full control is not allowed, select the Allow check box adjacent to Full control.
    c.Under Group or user names, click Users. Under Permissions for Users, if Read and Execute and Read are not allowed, select the Allow check box adjacent to these two permissions.
    d.Under Group or user names, click Network Service. Under Permissions for Network Service, if Read is not allowed, select the Allow check box adjacent to Read.
  5. Click OK.
Rename the rap.xml file and start TS Gateway Manager
If granting the required permissions to rap.xml does not resolve the problem, try renaming rap.xml to rapbak.xml, and then starting TS Gateway Manager. Starting the console will create a new rap.xml file.
To rename the rap.xml file:
  1. On the TS Gateway server, navigate to %Windir%\System32\tsgateway\rap.xml, where %Windir% is the drive on which the operating system is installed.
  2. Right-click rap.xml, type rapbak.xml, and then press ENTER.
Note : After you rename rap.xml and restart TS Gateway Manager, no Terminal Services resource authorization policies (TS RAPs) will appear when you open the console (to confirm that no TS RAPs appear, open TS Gateway Manager, click to expand the node that represents your TS Gateway server, expand Policies, and then click Resource Authorization Policies).
To start TS Gateway Manager:
  • On the TS Gateway server, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Gateway Manager.
Verify :
To verify that the TS Gateway server is available for client connections, examine Event Viewer logs and search for the following event messages. These event messages indicate that the Terminal Services Gateway service is running, and that clients are successfully connecting to internal network resources through the TS Gateway server.
To perform this procedure, you do not need to have membership in the local Administrators group. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.
To verify that the TS Gateway server is available for client connections:
  1. On the TS Gateway server, click Start, point to Administrative Tools, and then click Event Viewer.
  2. In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events:
    • Event ID 101, Source TerminalServices-Gateway: This event indicates that the Terminal Services Gateway service is running.
    • Event ID 200, Source TerminalServices-Gateway: This event indicates that the client connected to the TS Gateway server.
    • Event ID 302, Source TerminalServices-Gateway: This event indicates that the client connected to an internal network resource through the TS Gateway server.
Reference LinksEvent ID 643 from Source Microsoft-Windows-TerminalServices-Gateway

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.