Hello.
We use TSGateway connected to main site with domain controllers via VPN channel, no domain controllers or other servers on site with tsgateway server. It's needed because users have problem with access to main site from their location.
Sometime TSGateway throw error Terminal-Services Gateway event id 201:
The user "<username>", on client computer "1.1.1.1", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The following authentication method was attempted:"NTLM". The following error occurred: "23003".
After reconnection - user have access via ts gateway.
I think it may happen if server doesn't receive response from domain controller.