Unable to connect to RDP via VPN by server name

Question

Hello,

I have configured point-to-site IKEv2 split-tunnel connection to my domain network.
I get my routes and local DNS servers when connect
I am able to ping or access computers by their IPs or by name
I am able to connect to one of my servers via RDP (by using its name), which has RDS role configured, and I am unable to do so by name (only by IP address) to any other of my servers (with or without RDS)
If I connect to VPN first and the to RDP, it says "The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name."
If I connect to my corp network, connect to RDP by name and then switch my connection to wifi hotspot + vpn, RDP drops with "The connection has been terminated because an unexpected server authentication certificate was received from the remote computer."

I tried:
checked time on my computer and server
ipconfig /flushdns
checked ipconfig /displaydns
disabling win10 new dns query sequence via GPO
manually setting VPN's metric lower then my wifi network connection
disabling IPv6 on VPN connection
sniffing dns traffic to see if it is really asking my local dns server - it is
checking event logs both on client and on server - nothing on Application / security
enrolling a new certificate for RDP server from my domain CA instead of self-signed one
disabling NLA

so I am stuck here.

My client machine is Windows 10 1909
Server is WinServer 2016 Standard
VPN server is Mikrotik RB4011

can you help me please?

sorry for my english :)

Answer 1

Solved. It was a problem with NAT configuration on Mikrotik.