question

Same problem here: when using an Windows Server 2022 jump/admin host to connect to other machines using mstsc /remoteguard then we run in the kerberos double hop issue as robert described (you can´t access file shares, ...). It doesn´t matter if the destination machine is Windows Server 2016, 2019 or 2022. If you use an Windows Server 2016 or 2019 jump/admin host to connect to other machines using mstsc /remoteguard, then everything works as expected (access to file shares works, ...).

Similar issue here, using Windows 10 21H2 after applying January Patch Tuesday Update (KB5009543) as source of RDP (destination machine is Windows Server 2019 or 2022.)
A work arround is to Lock / Unlock the remote session (CTRL+ALT+END) ... but I imagine then you are not relying on RGC but local Authentication.

We opened a support case on 2022-02-22 but so far no resolution.

We also opened a support case on 2022-01-14, and provided a reproduction scenario on 19-02-2022 ...

Good news,
Preview update (4C) is available, and addresses the issue

Windows Server 2022 - KB5012637 ,Windows 11 (SV) - KB5012643 , Windows 10 2004 \ 20H1 \ 20H2 \ 21H1 \21H2 -KB5011831

“Addresses an issue that causes Kerberos authentication to fail, and the error is “0xc0030009 (RPC_NT_NULL_REF_POINTER)”. This occurs when a client machine attempts to use the Remote Desktop Protocol (RDP) to connect to another machine while Remote Credential Guard is enabled.”

did you test it?
we're still investigating but so far the patch doesn't fix the issue.

Yes we tested it, yes it fixes the issue for us.
The patch has to be installed on the Client machine (the one you are launching mstsc on) not the Server (machine that you RDP to)

found the issue.
additionally to RCG we have Credential Guard / VBS enabled on all our systems as well.

while this is fine on hardware boxes (e.g. Win10->Win10), on virtualized servers it still causes the problem as described in the first post. disabling Virtualization Based Security "fixes" it. both confirmed in lab and in prod environment. i'll update the MS support case.

@RobertRo-0293 ,
we also have Credential Guard / Virtualization Based Security enabled on our VMs - on purpose.
We knew at the opening of the case that disabling it 'fixes' the issue - but this is not a valid option !
And again, for us, installing KB5011831 on the 'source' machine fixes the issue.

Thanks, i wasn't aware of this. care to compare with our specs? i'm trying to find a difference why it works for you, and not for us.

our starting point is a server 2022 vm, in esxi 6.7 Update 2 VM 15 Compatibility Level, on VMware ESXi, 6.7.0, 19195723 Host

credential guard is enabled as per screenshot above.

ipv4/ipv6 dual stack, but i tried with ipv4 only, no difference.

destinations are a random selection of server 2019 or server 2022 vms on the same esx host. all with the latest patch installed as well.

i confirmed the situation in a lab environment to make sure no other (hardening) settings come to play.