Cannot RDP using OSX. RpcOverHttpEndpointException: 2, Your connection was denied because of a Resource Access Policy (TS_RAP). Please contact your server administrator

remote-desktop

After spending many hours trying to resolve a Mac OSX system remoting to a 2012 R2 RDS/TS Server, we have found the fix.

When remoting in you may get the following error:
Cannot RDP using OSX. RpcOverHttpEndpointException: 2, Your connection was denied because of a Resource Access Policy (TS_RAP). Please contact your server administrator

This error is with Microsoft Remote Desktop on a Mac with version 8.0.28 that had been upgraded from 8.0.26.

Interestingly we didn’t have the problem on a fresh client that had 8.0.28 installed fresh and not upgraded from an earlier version.

Navigate and delete or move the following folder: (NOTE: doing so will delete all your preconfigs saved currently)

/Users/username/Library/Containers/com.microsoft.rdc.mac/

Then the next time that you load the client, you get a completely fresh client version, including first run prompts etc. You will need to re-create the profile and gateway however.

After doing that, we no longer get the ‘login failed’ popup.

It seems that something in the version upgrade doesn’t correctly upgrade the settings files, causing the issue. But a fresh setup works.

We haven’t yet found out exactly which file causes the issue however we have tested and can confirm this fix allows the system to connect and work.

 

Credit: Tony “tbigby” Bigby

5 thoughts on “Cannot RDP using OSX. RpcOverHttpEndpointException: 2, Your connection was denied because of a Resource Access Policy (TS_RAP). Please contact your server administrator

  1. Kurian Thampy says:

    I’ve started facing the same problem out of the blue. I can connect from Remote Desktop for iOS but not from OS X. Both use the same RD Gateway and credentials. I’m unable to get the OS X app to connect.

    • Kurian Thampy says:

      It turns out that granting access to BUILTIN groups on the server do not work for RD Gateway. You have to create a new group with the required users and grant access to that group.

Leave a Reply