RD Gateway 2012, MFA, ADFS

Category: azure multifactorauthentication


NationalAnalysts on Fri, 21 Mar 2014 20:55:04

I think I have almost everything set up correctly for MFA and a 2012 RD Gateway Server. I've got ADFS 3.0 up and running with a proxy, and logging into portal.microsoftonline.com works, with MFA enabled too.

I've set up according to us/library/windowsazure/dn394287.aspx, but my test user is failing Pfauth.

Pfauth failed for user 'pre200domain\firstnameLastInitial'.  Call status: SKIPPED_NO_USER - "Couldn't match supplied username to a defined user". 

I'm logging in through the remote desktop client with my UPN (firstInitialLastName @domain) to both the RD Gateway and destination computer, so I'm not sure where it's getting the pre2000 style username.  It seems like that username isn't resolving to the UPN on Azure AD/PhoneAuth.  I can log in with either format locally, but I'm am 100% sure I'm logging into the RDGateway with my UPN, which is the same UPN that works when logging into the portal.  How do I get the MFA service to use the UPN I'm already logging in with instead of trying to use the pre2000 username?