Some admins in our IT group have been attempting to set-up RDS (incl RDG) on Windows Server 2016. It works in most scenarios:
- Password auth to RDS server (with NLA)
- Smartcard auth to RDS server (with NLA)
- Password auth "passthrough" to a server via RDS (with NLA)
I've also verified smartcard auth to a server directly (not with a remote desktop gateway). For some reason, I'm unable to passthrough my smartcard to a server when using a remote desktop gateway. It simply comes back with "login failed" on the client. The "login failed" message appears as an error during the hop to the gateway server (i.e. it doesn't seem to even try to connect to the destination server).
On the RDG server, there are two error events generated:
- AUDIT FAILURE, ID 4625, Unknown user name or bad password., NULL SID, SubStatus 0xC0000064
- AUDIT FAILURE, ID 4625, An Error occured during Logon., NULL SID, Status 0x80090347
I'm not sure why a smartcard would work in one situation but result in Unknown user name or password in another. Any ideas on where to start?