We are hosting an RDS service on our Windows 2016 servers.

We currently have our domain controller which hosts:

AD RD Gateway RD Web Access RD Licensing RD Connection Broker and we have a few session host servers which run session hosts.

The issue we are having is, we are only able to connect to the session host collections through the RD Web access.

This means if we download the file from RD Web Access we are able to sign in with a client account and connect through the DC to the session host.

The issue we are running into is that even when copying all of the information from that file over to a normal MSTSC file, it will not connect to the collection. It will say: "The connection was denied because the user account is not authorized for remote log-in."

This makes no sense considering the same account is able to connect to the collection through the file generated by the web access. Also, after giving the account remote log-in priveledges it will just end up with an RDP connection to the domain controller, which isn't what we want.

We filled in the hostname as the domain controller (tried local and public), we have filled in the gateway as the domain controller (public) and unchecked "Bypass RD Gateway server for local addresses".

We don't know what we are doing wrong and what we're stuck on...