We have an issue with the connection to our Remote Desktop server that is running in Azure on Server 2016 and using bypass rd gateway server for local addresses for computers that are in the Office.
The Offices ( about 15 locations ) are connected to Azure with an Site2Site connection on the Firewalls and all the Devices are Windows 10 ( 1903 or higher )
The Computers are not Domain joined.
The Remote Desktop Connection Broker is an HA setup, we use Microsoft MFA Server on-premis on an VM running in Azure for our 2 way factor with an Phone call to our users.
The Remote Desktop Gateway is using NPS to forward the requests to our MFA Server, this all works as expected.
We use one RDP shortcut with an Remote Desktop Gateway and use bypass rd gateway server for local addresses on the Office. But sometimes the users are getting an MFA call when they are in the Office and sometimes they don’t, this problem occurs on all the locations.
Now have we found out that when the network connection from an user who is getting an MFA prompt form the Office computer, the computer is connect to “Network” or “Network 1” or even higher numbers.
If we reconnect the network cable then the network is saying our internal domain name and MFA is not being prompted.
The following settings are changed to solved this problem, but no luck so far:
- Disable Windows 10 Fast boot and set the power scheme to High performance
- Change the “Network Location Awareness” services to Automatic Delayed start
- Delete the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles and subprofiles
Has anyone the golden solution for our problem ?