I have a weird situation, I set up a RD Gateway. When doing some self testing brute forcing logins almost no event 4625 get logged on the gateway. I tried a password about 30 times and I only got two 4625 events.
I do see on the DC the failed logons, and lockouts do occur, just event 4625 don't get logged on the gateway.
What could be causing this weird behavior?