Bypass rd gateway server for local addresses not working, MFA Prompt

Erik-Vi 41 Reputation points
2020-08-20T08:16:16.41+00:00

Hi Folks,

We have an issue with the connection to our Remote Desktop server that is running in Azure on Server 2016 and using bypass rd gateway server for local addresses for computers that are in the Office.
The Offices ( about 15 locations ) are connected to Azure with an Site2Site connection on the Firewalls and all the Devices are Windows 10 ( 1903 or higher )
The Computers are not Domain joined.

The Remote Desktop Connection Broker is an HA setup, we use Microsoft MFA Server on-premis on an VM running in Azure for our 2 way factor with an Phone call to our users.
The Remote Desktop Gateway is using NPS to forward the requests to our MFA Server, this all works as expected.

We use one RDP shortcut with an Remote Desktop Gateway and use bypass rd gateway server for local addresses on the Office. But sometimes the users are getting an MFA call when they are in the Office and sometimes they don’t, this problem occurs on all the locations.

Now have we found out that when the network connection from an user who is getting an MFA prompt form the Office computer, the computer is connect to “Network” or “Network 1” or even higher numbers.
If we reconnect the network cable then the network is saying our internal domain name and MFA is not being prompted.
The following settings are changed to solved this problem, but no luck so far:

  • Disable Windows 10 Fast boot and set the power scheme to High performance
  • Change the “Network Location Awareness” services to Automatic Delayed start
  • Delete the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles and subprofiles

Has anyone the golden solution for our problem ?

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
925 questions
No comments
{count} votes

Accepted answer
  1. Candy Luo 12,451 Reputation points
    2020-08-21T02:09:38.243+00:00

    Hi ,

    Here is a similar thread discussed before, you might have a look:

    https://serverfault.com/questions/917158/windows-nla-issue-at-co-location-site-to-site-vpn-several-machines-cannot-rec

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Since your environment is more complexity, if the above link is not helpful, I would suggest you open a case with Microsoft where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

    In this way , they can have a clear picture about your issue and your environment by phone communication and live share session.

    You may find phone number for your region accordingly from the link below:

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

    Best Regards,

    Candy

    No comments

0 additional answers

Sort by: Most helpful