Resolving RDWEB “Remote Desktop Can’t Connect to the Remote Computer” Errors with Event ID 23002

After an out-of-the-box install of RDS on Server 2019, enabling RDWEB, setting certificate, the following error is observed after successfully logging in through RDWEB and selecting the Remote Desktop Collection:

RDWEB error

Solution sourced from:
http://www.paulodossantos.ch/Documentation/Windowserver/Shared%20Documents/Eventid%2023002%20on%20Gateway%20RDS.pdf

Event Viewer on TS Gateway shows:

The user “[Domain\User]”, on client computer “[external IP]”, did not meet resource authorization policy requirements and was therefore not authorized to resource “[externalURL]”. The following error occured: “23002”

Access the RD Gateway from Server Manager by clicking on Remote Desktop Services in the left column, then Servers in the left column, then right clicking on the server in question:

RD Gateway Manager

It can also be accessed from Administrative Tools -> Remote Desktop Services:

Administrative Tools

Locate Resource Authorization Policies (RAP) on the left and then the RDG_RDConnectionBrokers policy on the right. Right click and select Properties:

Go to the Network Resource tab and choose “Select an existing RD Gateway-managed group or create one. More than likely, a generic group is already present with the internal name of the RD Gateway. This needs to be modified to reflect the external FQDN of the deployment. Select Browse -> Create New Group -> enter a name in the General Tab (like RD Gateway Servers) -> Select Network Resources Tab -> Type external FQDN of deployment and click Add. Then Click OK until all menus are closed. The settings should now reflect the new information:

RAP Policy

Re-try accessing published collection resources after a few minutes.