Microsoft
Just wanted to add that we are facing the same issue. We were using key trust and enrolled smart card certificates from our internal PKI, for authenticating with WH4B on rd remoteapps from our windows clients. Logging on to the session hosts through a remote desktop gateway works when allowing to bypass the gateway and accessing the session hosts directly with RDP. But when enforcing the access to go through the gateway by https and udp 3391, smart card authentication stops working. SSO with username and password works in both scenarios though.
I don't have any in depth knowledge about every mechanism at play here, but i am kind of on the same track as you. Looking at the events on the rd gateway/kdc-proxy, it looks like it does nothing when we are forcing everything through the rd gateway and trying to authenticate with our enrolled smart cards. I am at my wits end with this, and i cannot find any documentation on how to properly configure everything for this particular scenario - if possible.
We have migrated to cloud trust now, but the smart cards for authentication on RDP is still needed as i have understood from the documentation.
