Remote Desktop Connection gateway authentication dropping users with credential delegation error code 0x8009030e

Hello Michel Chloe,

The error code 0x8009030e you’re seeing after the domain certificate renewal cycle usually points to a Kerberos or TLS authentication mismatch. When the gateway servers present a new certificate, the RDP client may fail to delegate credentials if the Service Principal Name (SPN) or certificate binding is not updated consistently across the domain controllers and gateway array.

Here are a few steps you can try:

• Verify that the new certificate is correctly bound to the RD Gateway service and trusted by all domain members.
• Check that the SPNs for the gateway servers are correct and match the new certificate subject/alternate names.
• Run klist purge on affected clients to clear cached Kerberos tickets before reconnecting.
• Ensure that the RD Gateway servers have synchronized time and domain trust with the DCs, as time drift can cause credential delegation failures.
• Review the NPS policies and confirm that the certificate thumbprint matches the renewed certificate.

This is typically a configuration alignment issue rather than a deeper infrastructure fault. Once the certificate bindings and SPNs are corrected, users should be able to connect again without credential delegation errors.

I hope the response provided some helpful insight. If you find this answer useful, please hit “accept answer” so I know it addressed your concern.

Jason.