RD Gateway access issues when connecting via netbios name

SkywalkerIsNotNull 0 Reputation points

We have a client who has the following setup:

DC01 with AD/DC, RD Gateway, DHCP, DNS, etc.
DC02 with AD/DC, DHCP, DNS etc.

The issue randomly occurs when a user attempts to remote in using the NetBIOS name. According to the logs, the kerberos ticket is successfully created on the DC, and then moments later the session disconnects from the Gateway. No logs can be found on the TS that indicate that an attempt was even made to the TS. Usually, if we change from the NetBIOS to the IP address, or the internal FQDN it will resolve and the user can connect.

After rebooting the TS, and no other changes, the users can connect to the TS.

We are unsure how to troubleshoot this further, as a workaround, we have attempted to do a weekly reboot schedule and that is not working. If any one has any ideas on what logs we can look for, or what we can check to see what is causing the issue, that would be greatly appreciated.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,223 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  2. Karlie Weng 13,876 Reputation points Microsoft Vendor

    Hello SkywalkerIsNotNull

    As the nature of this issue is intermittent, you may consider using Wireshark to capture network traffic between the client, RD Gateway, and TS01. Analyzing the captured packets can reveal issues like packet loss, unexpected traffic patterns, or errors in the communication flow.

    0 comments No comments

  3. SkywalkerIsNotNull 0 Reputation points

    The root of this issue was Kerberos PAC. DC02 was not as up to date as was expected, and in the event logs, we found multiple Error Event 37s on DC01.

    I used the command:

    wevtutil qe System /q:"*[System[Provider[@Name='Microsoft-Windows-Kerberos-Key-Distribution-Center']]]"

    From the primary Domain Controller, and then identified multiple Event 37's

    The resolution to this was to update DC02 to the most current cumulative update, and then monitor the event logs for any additional Event 37's over the next week.

    0 comments No comments