A few more Bingoogle searches and I found a forum post about this NPS failure. Additionally, check which username format is being used and ensure that a matching username or username alias exists in Duo. If you have feedback for TechNet Subscriber Support, contact Welcome to the Snap! No: The information was not helpful / Partially helpful. Hope this helps and please help to accept as Answer if the response is useful. EAP Type:- We are seeing this generic error on Windows when trying to connect: Remote Desktop can't connect to the remote computer.for one of these reasons: 1) Your user account is not authorized to access the RD Gateway 2) Your computer is not authorized to access the RG Gateway 3) You are using an incompatible authentication method The user successfully logs into RDS Web utility but fails to open an app on one collection, but the attempt succeeds on another collection. The user "user1.", on client computer "192.168.1.2", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-register) should fix that issue, I register the server. Windows 2012 Essentials - "The user attempted to use an authentication On a computer running Active Directory Users and Computers, click. Glad it's working. I had checked my Remote Desktop Users is added group domain\domain users, and also RD CAP and RD RAP. I have had this message pop up for one of my old clients I still do support for and I am still the Admin for on their 365 system. For your reference: Absolutely no domain controller issues. Currently I only have the server 2019 configure and up. DOMAIN\Domain Users Azure - AD --> Azure Active Directory Doman Services + RDS 2019 MFA Event ID 200, Source TerminalServices-Gateway: This event indicates that the client connected to the TS Gateway server. The Logon ID field can be used to correlate this event with the corresponding user logon event as well as to any other security audit events generated In the event log of RDS Server, prompted: The user "domain\tony", on client computer "192.168.5.188", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. "RDGW01","RAS",02/19/2019,18:06:05,1,"DOMAIN\Username","DOMAIN\Username","UserAuthType:PW",,,,,,,,,,,,5,,,12,7,,0,"311 I had him immediately turn off the computer and get it to me. All Rights Reserved. In the console tree, expand Active Directory Users and Computers/DomainNode/, where the DomainNode is the domain to which the security group belongs. The following error occurred: "23003". The following error occurred: "23003"." All users have Windows 10 domain joined workstations. The authentication method used was: "NTLM" and connection protocol used: "HTTP". Have you configured any CAP (connection authorization policy) and RAP (resource authorization policy)? RD Gateway NPS issue (error occurred: "23003") Check the TS CAP settings on the TS Gateway server. In the Event Viewer console tree, navigate to Application and Services Logs\Microsoft\Windows\TerminalServices-Gateway, and then search for the following events: Event ID 101, Source TerminalServices-Gateway: This event indicates that the Terminal Services Gateway service is running. Password Remote desktop connection stopped working suddenly Event Xml: However, I noticed your user group that are allowed to connect to the RD gateway is only Domain Admins. Archived post. In our case the problem is that the Pre-Windows 2000 name (NETBIOS) is also a possible DNS suffix which create issue. Login to remote desktop services fails for some users : r/sysadmin - Reddit Hi Team, I have a valid certificate, firewall rule and everything was perfect without any issues with MFA configured. General steps to configured RD Gateway to work with RADIUS/NPS are as below: RDS deployment with Network Policy Server The authentication method used was: "NTLM" and connection protocol used: "HTTP". thanks for your understanding. The following error occurred: "23003". In this case, registration simply means adding the computer objects to the RAS and IAS Servers AD group (requires Domain Admin privs). PDF Terminal Services Gateway - Netsurion I had password authentication enabled, and not smartcard. CAP and RAP already configured. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. Looking at the TS Gateway logs, on success (when client computer is not a member of its domain), I see: The user "domain\user", on client computer "xxx.xxx.xxx.xxx", met connection authorization policy requirements and was therefore authorized to access the TS Gateway server. 3.Was the valid certificate renewed recently? This was working without any issues for more than a year. In the security Audit event log I foundthe following 4 event: The user get authenticated, but for a unknown reason, the policy block it. By accepting all cookies, you agree to our use of cookies to deliver and maintain our services and site, improve the quality of Reddit, personalize Reddit content and advertising, and measure the effectiveness of advertising. I had him immediately turn off the computer and get it to me. The authentication method used was: "NTLM" and connection protocol used: "HTTP". 2 Allow the user to connect to this RD Gateway server and disable device redirection for the following client devices: The error is The user "DOMAIN\USER", on client computer "172.31.48.1", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server.