Trying since few days to have an RDP gateway allowing users from a tusted domain to connect to.
The only error I can find in the error log is :
The user "DOMAIN\login", on client computer "172.22.2.125", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP". The following error occurred: "23003".
Another error from the NPS is :
"ServerName","RAS",04/07/2023,11:31:59,1,"DOMAIN\login","DOMAIN\login","UserAuthType:PW",,,,,,,,,,,,5,,,12,7,"-- RDG Marker Policy {985F7B54-FCE8-4f55-AEBF-DF8827A44068} --",0,"311 1 10.239.16.9 04/06/2023 10:04:45 50",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",1,,,,
"ServerName","RAS",04/07/2023,11:31:59,3,,"DOMAIN\login",,,,,,,,,,,,,,,,,7,"-- RDG Marker Policy {985F7B54-FCE8-4f55-AEBF-DF8827A44068} --",65,"311 1 10.239.16.9 04/06/2023 10:04:45 50",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"TS GATEWAY AUTHORIZATION POLICY",1,,,,>
More info about the setup:
Domain A and domain B are linked by a 2 way trust (required for RDG to work)
I have been checking really a lot of stuff but can't fix that setup.
Users with duplicate accounts (same SAM)
Networking
Creating a different CAP with separated groups (to avoid mixing local domain users and remote domain users
RDG server well in AD group "RAS and IAS Servers"
CAP well contains groups were my user is
...
Anyone has an idea ?
Regards,
Vincent
