asked on
Trouble accessing Remote Desktop Gateway for other users
I was able to set up the Remote Desktop gateway and use RDP externally with my user account to log on to my machine, and other PCs in the company. However, when I try for any other account, I get an error, even if that person is in the Remote Desktop Users group for the gateway. It's a single server setup. The error I get is the "Remote desktop cannot connect to the remote computer" message.
Even log shows an ID 6274 in auditing - "There are not sufficient access rights to process the request."
I believe the RDG_CAP_ALLUsers is set up correctly for domain users and client computer membership is left blank.
Any suggestions on how to proceed? Thanks.
Even log shows an ID 6274 in auditing - "There are not sufficient access rights to process the request."
I believe the RDG_CAP_ALLUsers is set up correctly for domain users and client computer membership is left blank.
Any suggestions on how to proceed? Thanks.
Remote AccessWindows Server 2019
Last Comment
ruhkus
ASKER
Thanks for the response. I'm an admin, the other user isn't.
I made some progress since I posted, and it relates to NPS. Basically, I changed the connection request policy for TS Gateway Authorization Policy from "Authentication" of "Authenticate requests on this server" to "Accept users without validating credentials". I don't have Radius and was looking to just allow access based on a remote desktop security group.
Do you know how I could get the "authenticate requests" option to work, or am I somewhat ok leaving it as "accept w/o validating"?
I made some progress since I posted, and it relates to NPS. Basically, I changed the connection request policy for TS Gateway Authorization Policy from "Authentication" of "Authenticate requests on this server" to "Accept users without validating credentials". I don't have Radius and was looking to just allow access based on a remote desktop security group.
Do you know how I could get the "authenticate requests" option to work, or am I somewhat ok leaving it as "accept w/o validating"?
Got it! Did you try to use NPS as a Radius Server?
ASKER
No, I had no intent of using it for Radius - not sure if I accidentally set it up as such at some point.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I think I figured it all out. Thanks for your help.
Your user is an administrator? How about the another one?
Did you try to use only the user instead a domain group?
Do you have some NPS?
Maybe you will need to created the RD_CAP policy to allow a Domain Group RDS Clients access to the Gateway and the RD_RAP policy to allow users to connect to any network source.
Please, let me know.
Thanks.
-Rafael