The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Multi-Factor Authentication!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
MFA with RD Gateway problem RRS feed

  • Question

  • Hello! Try to test MFA through RD gateway by this instruction:

    http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/

     Deploy 3 servers for testing technology: DC+NPS, Terminal+TSGW and MFA

    I want to connect in terminal server through RD gateway with azure MFA use OTP and windows credential.

    1) Unfortunately my scheme didn't work. In Terminal_servicesgateway event i have a error message:

    The user "username", on client computer "%computername%", did not meet connection authorization policy requirements and was therefore not authorized to access the RD Gateway server. The authentication method used was: "NTLM" and connection protocol used: "HTTP". The following error occurred: "23003".

    What i'm doing wrong?

    2) How looks like One-Time Passcode dialog in this case? See many instructions, but no one have this screenshot!

    p.s Try RD Gateway + DUO MFA - 15 min and all works. Try Azure MFA + RD Gateway - 3 days kill and nothing. :(

    Wednesday, March 16, 2016 8:33 AM

All replies

  • Hello,

    We are checking on the query and would get back to you soon on this.
    I apologize for the inconvenience and appreciate your time and patience in this matter.

    Regards,
    Neelesh
    Thursday, March 17, 2016 8:14 AM
    Moderator
  • 1) I don't know what is causing your problem. You can take a look at our guide, although it is very similar to the RDS Gurus guide. It is at https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-get-started-server-rdg/. A support case may be needed to review your configuration.

    2) One-way SMS and OATH tokens aren't supported with RD Gateway and MFA Server. MFA Server prompts for the OTP by issuing an Access Challenge response after validating the username/password. However, RD Gateway isn't able to process Access Challenge responses to prompt the user for the OTP.

    Thursday, March 17, 2016 9:23 PM
    Moderator
  • I've been struggling with the exact same problem for quite a while and found out that this message also gets triggered if your MFA is unable to deliver. For example if you use a verification code on the auth application instead of using the popup to approve app function you will get this error as well.
    Sunday, October 20, 2019 8:52 AM