Hey,
Trying since few days to have an RDP gateway allowing users from a tusted domain to connect to.
The only error I can find in the error log is :
<The user "DOMAIN\login", on client computer "172.22.2.125", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP". The following error occurred: "23003".>
Another error from the NPS is :
<"ServerName","RAS",04/07/2023,11:31:59,1,"DOMAIN\login","DOMAIN\login","UserAuthType:PW",,,,,,,,,,,,5,,,12,7,"-- RDG Marker Policy {985F7B54-FCE8-4f55-AEBF-DF8827A44068} --",0,"311 1 10.239.16.9 04/06/2023 10:04:45 50",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",1,,,,
"ServerName","RAS",04/07/2023,11:31:59,3,,"DOMAIN\login",,,,,,,,,,,,,,,,,7,"-- RDG Marker Policy {985F7B54-FCE8-4f55-AEBF-DF8827A44068} --",65,"311 1 10.239.16.9 04/06/2023 10:04:45 50",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",1,,,,>
More info about the setup:
Domain A and domain B are linked by a 2 way trust (required for RDG to work)
I have been checking really a lot of stuff but can't fix that setup.
- Users with duplicate accounts (same SAM)
- Networking
- Creating a different CAP with separated groups (to avoid mixing local domain users and remote domain users
- RDG server well in AD group "RAS and IAS Servers"
- CAP well contains groups were my user is
- ...
Anyone has an idea ?
Regards,
Vincent
