I've got this odd issue going on at a client.
This happens to both internal users, and people using the VPN, or coming in via the internet.
I'm unsure, at the moment, if the RD Gateway is playing a role in the problem.
We've got group policies in place to have disconnects after idle timeout of 15 min.
The problem we're seeing is that if a session times out, and disconnects, the users AD account is ending up locked out sometimes.
Of course this requires a period of time or manual unlock to fix.
I've reviewed GP's and see nothing that should be causing this behavior.
I'm thinking that this has to be in how the sessions are disconnecting, and, as stated above, have not ruled out the RD Gateway.