Users on Remote Desktop Services clients must meet specific requirements before they can connect to RD Gateway. These requirements include the following:

Supported Windows authentication methods

If you configure the supported Windows authentication method by using Remote Desktop Gateway Manager, you can specify that a user must use either a password or a smart card, or both. If you select both methods, either can be used to connect.

If you configure the supported Windows authentication method by using Group Policy, the following options are available:

  • Ask for credentials, use NTLM protocol (a Windows NT challenge/response protocol). For information about the NTLM protocol, see Logon and Authentication Technologies ( and Microsoft NTLM (

  • Ask for credentials, use Basic protocol. The Basic authentication method is a widely used industry-standard method for collecting user name and password information. It is less secure, however, because the passwords are transmitted in Base64-encoded form, not encrypted. For more information, see Basic Authentication (

  • Use locally logged-on credentials. In this case, the same credentials that users provide to log on to their local computer will be used to connect to the RD Gateway server. Note that if you select this option, but users have previously connected to the same RD Gateway server and they have selected the Remember my credentials check box in the RD Gateway Server Settings dialog box on their client computer, their saved credentials will be used to connect to the RD Gateway server.

  • Use smart card. Smart cards contain a microcomputer and a small amount of memory, and they provide secure, tamper-proof storage for private keys and X.509 security certificates. A smart card is a form of two-factor authentication that requires the user to have a smart card and know the PIN to gain access to network resources. For more information, see The Secure Access Using Smart Cards Planning Guide (

  • If all of these credentials are available to users, and if users have already specified to save their credentials when connecting to the RD Gateway server, their credentials will be used in the following order:

  1. Saved credentials

  2. Locally logged-on credentials

  3. Other password or smart card credentials supplied by the user

Additional references