Remote Desktop Gateway: force use NTLM

On Windows Events (Microsoft-Windows-TerminalServices-Gateway/Operational) appears records with event ID’s 312, but the connection does not authenticate successfully. Remote Desktop Gateway does not support Kerberos authentication, which use Remote Desktop Client with version >= 8.0


  1. On Remote Desktop Gateway server set the EnforceChannelBinding registry value to 0 (zero) to ignore missing channel bindings on the Gateway server. Reboot for applying changes.

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core

    Type: REG_DWORD

    Name: EnforceChannelBinding

    Value: 0 (Decimal)

  2. On client change Local Policy LAN Manager Authentication Level. Adjust the NTLM Manager setting on the client to be "Send LM & NTLM - use NTLMv2 session security if negotiated".