Currently, I am running 2 servers in a High Availability config. Both have NAP installed. Users in the local domain have no issue getting through the RD Gateway. We have another domain connected by VPN and a 2-way trust. The users from this connected domain do not get authenticated. I have tried both through the Web Access page and directly through RDC (with both the domain\username andusername@domain format). Also, I can do a "runas" command with the connected domain user and have no problem authenticating. I have added both of the gateway servers to both AD domains RAS and IAS servers group. When I user attempts to log in, I get this error (#6274) in the Event Viewer / Security logs:
Network Policy Server discarded the request for a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: NULL SID
Account Name: WM\user
Account Domain: WMC
Fully Qualified Account Name: WM\user
Client Machine:
Security ID: NULL SID
Account Name: ***SurfacePro4
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: UserAuthType:PW
Calling Station Identifier: -
NAS:
NAS IPv4 Address: -
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Virtual
NAS Port: -
RADIUS Client:
Client Friendly Name: -
Client IP Address: -
Authentication Details:
Connection Request Policy Name: TS GATEWAY AUTHORIZATION POLICY
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: WMC-AX-***-2.WMC-AX.***
Authentication Type: Unauthenticated
EAP Type: -
Account Session Identifier: -
Reason Code: 5
Reason: The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.
Any help would be greatly appreciated.