diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c
index bdab4035b..2f827c799 100644
--- a/libfreerdp/core/gateway/rdg.c
+++ b/libfreerdp/core/gateway/rdg.c
@@ -2233,7 +2233,8 @@ rdpRdg* rdg_new(rdpContext* context)
 	if (rdg->context->settings->GatewayAccessToken)
 		rdg->extAuth = HTTP_EXTENDED_AUTH_PAA;
 
-	UuidCreate(&rdg->guid);
+	if (UuidCreate(&rdg->guid) != RPC_S_OK)
+		goto rdg_alloc_error;
 
 	rdg->tlsOut = freerdp_tls_new(rdg->context);
 
diff --git a/libfreerdp/core/gateway/tsg.c b/libfreerdp/core/gateway/tsg.c
index 15012c90b..93d68e23a 100644
--- a/libfreerdp/core/gateway/tsg.c
+++ b/libfreerdp/core/gateway/tsg.c
@@ -1037,6 +1037,9 @@ static BOOL tsg_packet_quarenc_response_to_string(char** buffer, size_t* length,
 	if (!tsg_print(buffer, length, " "))
 		return FALSE;
 
+	if (UuidToStringA(&caps->nonce, &uuid) != RPC_S_OK)
+		return FALSE;
+
 	if (caps->certChainLen > 0)
 	{
 		if (caps->certChainLen > INT_MAX)
@@ -1047,7 +1050,6 @@ static BOOL tsg_packet_quarenc_response_to_string(char** buffer, size_t* length,
 	}
 
 	tsg_packet_versioncaps_to_string(&ptbuffer, &size, &caps->versionCaps);
-	UuidToStringA(&caps->nonce, &uuid);
 	if (strdata || (caps->certChainLen == 0))
 		rc =
 		    tsg_print(buffer, length,