Hello, I have a parent/child domain configuration. All of my RD Infrastructure machines (Gateway/Web cluster, Broker, Licenscing) live in the Parent.domain. All of my Session host servers, and users/groups are in the Child.parent.domain.
When I create my rule in the gateway, users in the child.parent.domain can only connect to their server if "Allow users to connect to any network resource" is selected in the RAP.
If I assign the specific computer group(located in the child.parent.dom) to the RAP the connection goes all the way through to "Loading Virtual Machine" and acts as if it will connect, then the last second fails out with the standard "User not Authorized" error...
Users get this same experience if they go through RDWeb or straight RDP using the gateway.
I think the solution is similar to the issue in this post: https://social.technet.microsoft.com/Forums/en-US/b9111b86-6679-46df-92c6-d03b7dd0a186/rd-gateway-cap-and-child-domain?forum=winserverTS
but since my setup is slightly reversed I can't seem to get the group organization across the child and parent domains correct.
Does anyone have any thoughts what I might be missing?