Share via

did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server

Dzung Tien 6 Reputation points
2021-07-13T10:49:03.573+00:00

I just installed and configured RD gateway follow this URL https://turbofuture.com/computers/How-To-Setup-a-Remote-Desktop-Gateway-Windows-Server-2016
When I try to connect I received that error message:

The user "user1.", on client computer "192.168.1.2", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP". The following error occurred: "23003".

I'm using windows server 2012 r2.
Please advise me how to troubleshoot this issue, I did not configure any special thing in local NPS.
Do I need to install RD Web Access, RD connection Broker, RD licensing?

Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,577 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,486 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Eleven Yu (Shanghai Wicresoft Co,.Ltd.) 10,731 Reputation points Microsoft Vendor
    2021-07-14T03:18:05.777+00:00

    Hi,

    Please kindly help to confirm below questions, thanks.

    1. What roles have been installed in your RDS deployment? Are there only RD session host and RD Gateway?
    2. Have you configured any CAP (connection authorization policy) and RAP (resource authorization policy)? Please kindly share a screenshot.

    General steps to configured RD Gateway to work with RADIUS/NPS are as below:

    1. On RD Gateway, configured it to use Central NPS.
    2. Add RD Gateway as radius client.
    3. Configure shared secret on both sides.
    4. Test and configure policies.

    RDS deployment with Network Policy Server
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    For your reference:
    https://social.technet.microsoft.com/Forums/ie/en-US/d4351e8d-9193-4fd4-bde9-ba1d6aca94d1/rds-gateway-move-to-central-nps-server?forum=winserverTS

    Thanks,

    If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.

    0 comments
  2. Dzung Tien 6 Reputation points
    2021-07-14T04:37:45.323+00:00

    Hi there,
    I only installed RD Gateway role. Do I need to install RD session host role?
    CAP and RAP already configured
    114423-image.png

    114397-image.png

    Currently, I just want to configure RD Gateway work with local NPS first, so I still not configure anything in NPS.
    Thanks.

  3. Eleven Yu (Shanghai Wicresoft Co,.Ltd.) 10,731 Reputation points Microsoft Vendor
    2021-07-16T08:08:57.167+00:00

    Hi,

    Based on my research and lab tests, I found that we do not need to configure from the NPS side but only need to set RAP and CAP from RD gateway side. Only if we need to integrate the RD gateway with the central NPS, we will have to configure the NPS.

    If so, please kindly remove all the settings from NPS and only configure CAP and RAP from RD gateway manager as well as choose "Local Server running NPS".

    However, I noticed your user group that are allowed to connect to the RD gateway is only Domain Admins. Could you please change it to Domain Users to have a try?

    115338-image.png

    115344-image.png

    Thanks,

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.