2

When a user attempts to connect to their computer from a remote client using RD Gateway the connection fails if their active directory account specifically limits them to their computer but allows them to connect if they are not restricted to logging in to their own computer.

In active directory, the users' properties, Account tab, Log On To... button. If it says "This user can log on to: All computers" it works (assuming other creds such as password and certificate of course). If it says "This user can log on to: The following computers" (and their computer is listed) then they get "The logon attempt failed"

I have also added the gateway machine to the list of computers the user can log on to with no change. The only way I can get remote users (from outside the lan) to connect to their computer is if they are allowed to connect to all computers with no restrictions. Note: This only applies to external users coming in through the RD Gateway service. The "This user can log on to : All computers / The following computers works for controlling logons for users on the lan.

(RD_Cap and RD_Rap are configured correctly as well)

Robb
  • 23
  • 4

1 Answers1

2

You cannot use the Log On To feature along with RD Gateway.

http://blogs.technet.com/b/networking/archive/2010/02/18/remote-desktop-gateway-and-active-directory-user-profiles.aspx

pk.
  • 6,451
  • 2
  • 42
  • 63
  • Yep. That's exactly what I have seen. That person sure was cheerful though! while describing a poor 'feature'! as if they meant to break functionality when they added rd gateway! :) Thank you for the link. At least I know I can stop working on the issue now. If microsoft wants it broke, broke it will stay. – Robb Jul 18 '14 at 17:47