Remote Desktop & Network Access Protection Issue

I have installed Remote Desktop Services on a fresh Windows Server 2012 R2 Datacenter VM. It has the basics: RD Gateway, RD Web Access and RD Connection Broker. I've accepted the default values pretty much all throughout the setup process. I've also installed a "real" SSL certificate (using the server's external FQDN, not the internal one).

This was all working fine until recently. A Windows 8.1 client (not on my domain) gets the following error message when trying to connect to RemoteApps: "Your computer can't connect to the remote computer because your computer or device did not pass the Network Access Protection requirements set by your network administrator. Contact your network administrator for assistance."

I cannot work out what is causing this issue. It only happens to this one user (and it was working previously for him), and I can still connect via other Windows 7 and Mac OS X clients.

EDIT: This also does not happen when this user is on our LAN or tunnelled in via a VPN. It's only happening via the public internet.

I only have default NAP rules. Unfortunately, my understanding of NAP is fairly limited at this stage so I don't know where to start there.

Any assistance would be appreciated.

Solution 1:

In the end, this issue was caused by incorrect certificate installation in the Remote Desktop Gateway. When I opened the RD Gateway Manager it gave me options to select a certificate to import and use.

It has nothing to do with Network Access Protection, although through this process I ended up adjusting some of my policies anyway to lock it down further.