We set up a gateway in our environment and the associated NPS, which was registered in the AD. After registering it, it worked fine for about 30–60 minutes, then we started getting rejection errors stating "You were denied access to this gateway server because of a connection access policy (TS_CAP)" on Mac clients and a more generic error on Windows clients stating the policies may not have been configured correctly.
No known changes were made to the config, and poring over the settings we see no reason connections would be rejected. One thing we did notice though was this: While the issue was occurring we right clicked the gateway/NPS server in Server Manager, but Network Policy Server and IIS did not show up in the contextual menu. They were both roles installed on the server (and the associated services we checked other than IIS were up and running).
Any ideas? Could this be related to an IIS failure or something else?
Edit/Update: This is related to an error we are seeing saying it is using NTLM authentication and connection protocol used is HTTP. There also us an error code 23003.
This appears to have started when we told the Gateway to be used even for local addresses, which indicates our Gateway is misconfigured.