KB ID 0001623
I had to deploy a Remote Desktop Gateway Server into an existing RDS farm for a client this week, the RDS farm was presenting Windows Desktops (VDI) from Hyper-V. All went well until I tested the Gateway Server Externally, this is the error I got.
Remote Desktop can’t connect to the remote computer ‘server/farm-name} for one of these reasons.
1) Your user account is not listed in the RD Gateway’s permission list.
2) You might have specified the remote computer in NetBIOS format (for example Computer1), but the RD Gateway is expecting an FQDN or IP address format (for example, computer1.fabrikam.com or 18.104.22.168).
Contact your network administrator for assistance.
This was perplexing because, on the Gateway Servers RAP (Remote Authorization Policy) it was set to allow access to ‘Domain Computers” and allow access for “Domain Users”. Also I was feeding the gateway server the correct FQDN of the internal server farm (farm-name.domain-name.local).
I did TWO things and the problem went away;
Firstly, you might not realise this, but your RD Gateway policies are actually controlled by NPS (Network Policy Server). From administrative tools open the Network Policy Server, management snap-in. Right click the NPS (Local) entry > ‘Register server in Active Directory‘ > OK > OK.
(I agree the following makes no sense, but it worked!) Open the RD Gateway Manager console > Policies > Remote Authorisation Policy > Right click the RDG policy > Properties > Network Resource > I changed the option to ‘Allow users to connect to any network resource‘ > OK.
I then rebooted the server and all worked correctly.
Related Articles, References, Credits, or External Links