RDP 0xC000035B Error occurred during login

I had the weirdest error recently when rolling out a remote app to a new customer. It was a Windows 7 machine that had the latest RDP updates installed.

When launching the thin app, the following error occurred on the client end:

Disconnected from remote computer

This stumped me for some time. It looked like some sort of authentication error. There is a Microsoft article on this, which applies to the RDP Gateway. I don’t think you should be applying a wholesale fix like this to a RDP Gateway, let alone on multi tenancy infrastructure.

I looked at the event log on the Remote Desktop Gateway server which was running Server 2012. I saw the following event log.

error

This confirmed to me that this was some sort of authentication error.

Looking at the local security options on the computer, I found the following:

Untitled-2

Now, on a normal domain, this would not be set. You need to set this to the following:

Untitled-1

Set to NTLM v2 for server 2012 connections.

12 thoughts on “RDP 0xC000035B Error occurred during login”

  1. Hey thanks for the great article. I too am running into issues with this.
    I have server 2012 RDGateway running and my win7 machines (running RDP version 7.1) connect just fine to the RemoteApps. But any of my Win8 machines (running RDP version 8.1) says:

    “Remote Desktop can’t find the computer “my.servername.here”. This might mean that “my.servername.here” does not belong to the specified network. Verify the computer name and domain that you are trying to connect to.”

    I have tried applying your policy but no dice. Do you know what else might be causing something like this?
    Thanks for the help!

      1. Hi there!
        Thanks for the prompt response. Here is the gateway log(s) for my test user. These 3 logs consist of a single log on event:

        __________________________________________________________________________

        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:05 AM
        Event ID: 200
        Task Category: (2)
        Level: Information
        Keywords: Audit Success,(16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “omitted external client IP”, met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The authentication method used was: “NTLM” and connection protocol used: “HTTP”.
        Event Xml:

        200
        0
        4
        2
        30
        0x4020000001000000

        487

        Microsoft-Windows-TerminalServices-Gateway/Operational
        SERVER-5.SAAS.local

        SAASteTest01
        omitted external IP
        NTLM

        HTTP
        0

        __________________________________________________________________________
        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:05 AM
        Event ID: 300
        Task Category: (5)
        Level: Information
        Keywords: Audit Success,(16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “omitted external client IP”, met resource authorization policy requirements and was therefore authorized to connect to resource “online.omitted.com”.
        Event Xml:

        300
        0
        4
        5
        30
        0x4020000001000000

        488

        Microsoft-Windows-TerminalServices-Gateway/Operational
        SERVER-5.SAAS.local

        SAASteTest01
        omitted external IP

        online.omitted.com

        0

        __________________________________________________________________________
        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:26 AM
        Event ID: 304
        Task Category: (3)
        Level: Warning
        Keywords: (16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “omitted external client IP”, met connection authorization policy and resource authorization policy requirements, but could not connect to resource “online.omitted.com”. Connection protocol used: “HTTP”. The following error occurred: “23005”.
        Event Xml:

        304
        0
        3
        3
        44
        0x4000000001000000

        489

        Microsoft-Windows-TerminalServices-Gateway/Operational
        SERVER-5.SAAS.local

        SAASteTest01
        omitted external IP

        online.omitted.com
        HTTP
        23005

        So what will happen is I’ll get through RDWeb log in jsut fine and it will display my remote apps, but once one is selected, I get said error. Only for RDP 8.0 & 8.1 too…
        Thanks again for the help!

      2. Hey Thanks for your help!
        Here are the 3 log files from the Gateway that occur upon login with my test user, Actual domains and IPs have been omitted.

        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:05 AM
        Event ID: 200
        Task Category: (2)
        Level: Information
        Keywords: Audit Success,(16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “client external IP omitted”, met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The authentication method used was: “NTLM” and connection protocol used: “HTTP”

        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:05 AM
        Event ID: 300
        Task Category: (5)
        Level: Information
        Keywords: Audit Success,(16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “client external IP omitted”, met resource authorization policy requirements and was therefore authorized to connect to resource “online.omitted.com”.

        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:26 AM
        Event ID: 304
        Task Category: (3)
        Level: Warning
        Keywords: (16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “client external IP omitted”, met connection authorization policy and resource authorization policy requirements, but could not connect to resource “online.omitted.com”. Connection protocol used: “HTTP”. The following error occurred: “23005”.

  2. Hey thanks for the great article. I too am running into issues with this.
    I have server 2012 RDGateway running and my win7 machines (running RDP version 7.1) connect just fine to the RemoteApps. But any of my Win8 machines (running RDP version 8.1) says:

    “Remote Desktop can’t find the computer “my.servername.here”. This might mean that “my.servername.here” does not belong to the specified network. Verify the computer name and domain that you are trying to connect to.”

    I have tried applying your policy but no dice. Do you know what else might be causing something like this?
    Thanks for the help!

      1. Hi there!
        Thanks for the prompt response. Here is the gateway log(s) for my test user. These 3 logs consist of a single log on event:

        __________________________________________________________________________

        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:05 AM
        Event ID: 200
        Task Category: (2)
        Level: Information
        Keywords: Audit Success,(16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “omitted external client IP”, met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The authentication method used was: “NTLM” and connection protocol used: “HTTP”.
        Event Xml:

        200
        0
        4
        2
        30
        0x4020000001000000

        487

        Microsoft-Windows-TerminalServices-Gateway/Operational
        SERVER-5.SAAS.local

        SAASteTest01
        omitted external IP
        NTLM

        HTTP
        0

        __________________________________________________________________________
        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:05 AM
        Event ID: 300
        Task Category: (5)
        Level: Information
        Keywords: Audit Success,(16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “omitted external client IP”, met resource authorization policy requirements and was therefore authorized to connect to resource “online.omitted.com”.
        Event Xml:

        300
        0
        4
        5
        30
        0x4020000001000000

        488

        Microsoft-Windows-TerminalServices-Gateway/Operational
        SERVER-5.SAAS.local

        SAASteTest01
        omitted external IP

        online.omitted.com

        0

        __________________________________________________________________________
        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:26 AM
        Event ID: 304
        Task Category: (3)
        Level: Warning
        Keywords: (16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “omitted external client IP”, met connection authorization policy and resource authorization policy requirements, but could not connect to resource “online.omitted.com”. Connection protocol used: “HTTP”. The following error occurred: “23005”.
        Event Xml:

        304
        0
        3
        3
        44
        0x4000000001000000

        489

        Microsoft-Windows-TerminalServices-Gateway/Operational
        SERVER-5.SAAS.local

        SAASteTest01
        omitted external IP

        online.omitted.com
        HTTP
        23005

        So what will happen is I’ll get through RDWeb log in jsut fine and it will display my remote apps, but once one is selected, I get said error. Only for RDP 8.0 & 8.1 too…
        Thanks again for the help!

      2. Hey Thanks for your help!
        Here are the 3 log files from the Gateway that occur upon login with my test user, Actual domains and IPs have been omitted.

        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:05 AM
        Event ID: 200
        Task Category: (2)
        Level: Information
        Keywords: Audit Success,(16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “client external IP omitted”, met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The authentication method used was: “NTLM” and connection protocol used: “HTTP”

        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:05 AM
        Event ID: 300
        Task Category: (5)
        Level: Information
        Keywords: Audit Success,(16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “client external IP omitted”, met resource authorization policy requirements and was therefore authorized to connect to resource “online.omitted.com”.

        Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
        Source: Microsoft-Windows-TerminalServices-Gateway
        Date: 10/31/2014 2:40:26 AM
        Event ID: 304
        Task Category: (3)
        Level: Warning
        Keywords: (16777216)
        User: NETWORK SERVICE
        Computer: SERVER-5.SAAS.local
        Description:
        The user “SAASteTest01”, on client computer “client external IP omitted”, met connection authorization policy and resource authorization policy requirements, but could not connect to resource “online.omitted.com”. Connection protocol used: “HTTP”. The following error occurred: “23005”.

  3. Hello,

    Any luck with fixing that error Mike? Getting exactly the same error with my setup. I have a web/gateway server and connection broker in the same subnet and a session host server in another subnet, and get this error. RemoteApps display fine, and I can login to the GW fine.

    When I put a session host in the same subnet as the gw and cb everything works as expected. I have confirmed firewall rules between both subnets and opened everything for testing purposes. Anything else I can try?

Leave a Reply