Forum Discussion

VincentG1816's avatar
VincentG1816
Copper Contributor
Apr 07, 2023

Users from a trusted domain cannot connect to remote desktop gateway

Hey,   Trying since few days to have an RDP gateway allowing users from a tusted domain to connect to.   The only error I can find in the error log is :  <The user "DOMAIN\login", on client comp...
Windows Server
VincentG1816's avatar
VincentG1816
Copper Contributor
Nov 19, 2023

Hey Mattias1305,

 

Yes and no 🙂

 

The issue described above has been "fixed" by using local group on the server instead of AD groups (for gateway rules). Of course in local groups I set domain groups of the trusted domain.

 

In the meantime we moved to Win 2022 and I didn't had to do that, it worked like a charm directly even with trusted groups.

 

Good luck !

 

Vincent

Mattias1305's avatar
Mattias1305
Copper Contributor
Nov 21, 2023

Im glad you fixed it. We worked it out also, it was the "StrongAuthMethods" in Entra AD that had defaulted to "PhoneAppOTP" instead of the previous "PhoneAppNotification". Obviously the OTP will never work with standard rdp-file connection since you cant input the OTP anywhere.

 

We found a way to change the default values in Entra through powershell. Since May 8th 2023 the PhoneAppOTP seems to be the standard when users enroll MFA.

 

Now we have another known problem and it is the NPS maxing out the CPU and memory due to some kind of loop when the secondary auth gets sent to Entra. I guess you didn't encounter this?

Resources