Bypass rd gateway server for local addresses not working, MFA Prompt

Erik Vissers | QNP ICT & Telecom Professionals 67 Reputation points
2020-08-19T12:48:07.887+00:00

Hi Folks,

We have an issue with the connection to our Remote Desktop server that is running in Azure on Server 2016 and using bypass rd gateway server for local addresses for computers that are in the Office.
The Offices ( about 15 locations ) are connected to Azure with an Site2Site connection on the Firewalls and all the Devices are Windows 10 ( 1903 or higher )
The Computers are not Domain joined.

The Remote Desktop Connection Broker is an HA setup, we use Microsoft MFA Server on-premis on an VM running in Azure for our 2 way factor with an Phone call to our users.
The Remote Desktop Gateway is using NPS to forward the requests to our MFA Server, this all works as expected.

We use one RDP shortcut with an Remote Desktop Gateway and use bypass rd gateway server for local addresses on the Office. But sometimes the users are getting an MFA call when they are in the Office and sometimes they don’t, this problem occurs on all the locations.

Now have we found out that when the network connection from an user who is getting an MFA prompt form the Office computer, the computer is connect to “Network” or “Network 1” or even higher numbers.
If we reconnect the network cable then the network is saying our internal domain name and MFA is not being prompted.
The following settings are changed to solved this problem, but no luck so far:

  • Disable Windows 10 Fast boot and set the power scheme to High performance
  • Change the “Network Location Awareness” services to Automatic Delayed start
  • Delete the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles and subprofiles

Has anyone the golden solution for our problem ?

Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,484 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,509 questions
0 comments
Accepted answer
  1. Jenny Yan-MSFT 9,336 Reputation points
    2020-08-20T02:58:28.42+00:00

    Hi,
    Thanks for your posting. From your description, it seemed that the setting of RD gateway bypass local address was configured successfully.

    But if the network connection of computers in office switched to other network instead of internal, the bypass setting will not work because it did not meet the requirements of local address.

    If so, the problem here is more related to the network connection instead of RDS settings.

    You could raise a separate thread to seek assistance on the network switching issue and revert back if the MFA prompts behavior still persist when computer connected to internal network.
    https://video2.skills-academy.com/en-us/answers/topics/windows-dhcp-dns.html

    -----Please "Accept as answer" if the reply is helpful-----
    Thanks,
    Jenny

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Erik Vissers | QNP ICT & Telecom Professionals 67 Reputation points
    2020-08-20T08:15:57.93+00:00

    Hi,

    I will post the same question in that group.
    Thanks so far.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.