For usage of our RDS farm, we set up 2 factor authentication with IBM verify app. The user that tries to connect from outside our network, will get a pop-up on his smartphone and will have to confirm. After confirmation, connection to the session host should be made, and that is were things go wrong (but not all the time)
In the logs on our broker server, we can see successful logon for the user (event:4624), a redirection request to the correct session host (event 1301), a connection request (event 800) ,successful connection request (event 801), a successful redirected the user to the endpoint event (event1307) and finally a 4634 event, successful logoff. At that time, we should get a 787 event (Session added to Broker's database), but we are not getting this (at least not all the time), some users have to retry 3,4,5 times to get connected.
So the question is: what is happening between events 1307/4634 and event 787? Are there other components involved besides the RDS farm servers at that point?