This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 99%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Hi Team, I have a valid certificate, firewall rule and everything was perfect without any issues with MFA configured. All of the sudden I see below error while connecting RDP from outside for all users.
The user "Domain\Username", on client computer "X.X.X.X", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP". The following error occurred: "23003".
This was working without any issues for more than a year. But I am not really sure what was changed. We even tried to restore VM from backup and still the same.
RDS Gateway server version:
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 50%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJY%3C/text%3E%3C/svg%3E)
Hi,
1.Kindly ensure that the Network Policy Service on the gateway systems needs to be registered.
https://social.technet.microsoft.com/Forums/office/en-US/fa4e025c-8d6b-40c2-a834-bcf9f96ccbb5/nps-fails-with-no-domain-controller-available
2.What kind of firewall is being used? Per searching, there is one instance that the issue was caused by Dell Sonicwall and was resolved by reboot of the firewall.
3.Was the valid certificate renewed recently? Have you tried to reconfigure the new cert?
4.Besides the error message you've shared, is there any more event log with logon failure?
Hope this helps and please help to accept as Answer if the response is useful.
Thanks,
Jenny
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 20%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
I'm having the same issue with at least one user. I cannot recreate the issue. Absolutely no domain controller issues.
Event ID 312 followed by Event ID 201.
The user successfully logs into RDS Web utility but fails to open an app on one collection, but the attempt succeeds on another collection.
Log Name: Microsoft-Windows-TerminalServices-Gateway/Operational
Source: Microsoft-Windows-TerminalServices-Gateway
Date: 5/20/2021 10:58:34 AM
Event ID: 201
Task Category: (2)
Level: Error
Keywords: Audit Failure,(16777216)
User: NETWORK SERVICE
Computer: myRDSGateway.mydomain.org
Description:
The user "domain\username", on client computer "XXX.XXX.XXX.XXX", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP". The following error occurred: "23003".
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-TerminalServices-Gateway" Guid="{4d5ae6a1-c7c8-4e6d-b840-4d8080b42e1b}" />
<EventID>201</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>2</Task>
<Opcode>30</Opcode>
<Keywords>0x4010000001000000</Keywords>
<TimeCreated SystemTime="2021-05-20T16:58:34.914365600Z" />
<EventRecordID>56407</EventRecordID>
<Correlation ActivityID="{a1dbc777-777f-4695-a0a8-25c63cc60000}" />
<Execution ProcessID="3500" ThreadID="1652" />
<Channel>Microsoft-Windows-TerminalServices-Gateway/Operational</Channel>
<Computer>RDSGateway.mydomain.org</Computer>
<Security UserID="S-1-5-20" />
</System>
<UserData>
<EventInfo xmlns="aag">
<Username>domain/username</Username>
<IpAddress>XXX.XXX.XXX.XXX</IpAddress>
<AuthType>NTLM</AuthType>
<Resource>
</Resource>
<ConnectionProtocol>HTTP</ConnectionProtocol>
<ErrorCode>23003</ErrorCode>
</EventInfo>
</UserData>
</Event>
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 22%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
What was the solution for this issue ?