Possible Cause:
The user does not meet the Remote Desktop Gateway’s Connection Authorization policy(CAP) requirements
The user does not meet the Remote Desktop Gateway’s Network Policy (NPS) requirements
Possible Solution:
Ensure CAP and NPS policies are configured properly
For CAP: Server Manager → Tools → Remote Desktop Gateway Manager, in the left pane, expand your server name → Policies → Connection Authorization Policies.
For NPS: Server Manager → Tools → Network Policy Server, review the relevant policies.
The user is a part of the groups or criteria to meet the policy requirements.
On the gateway server, review event logs under Event Viewer → Custom Views → Server Roles
Remote Desktop Services1
Network Policy and Access Services
In case the Gateway has Duo or a third-party plugin installed, please validate the relevant logs to determine what is missing because authentication is failing (for example, MFA is not configured).