Environment

• Fully patched Windows 7 Client
• Fully patched Server 2012R2 Environment
• RDS-Deployment with two HA connection brokers, three session hosts, one WA host
• externally available RDS gateway, connection is made from within the company network though
• Client and RDS environment on different networks, connected via IPSec VPN
• I've got this problem on four clients now, more than a 150 work fine

Problem

• When I try to connect to the RDS environment, it fails. Roughly translated from german, the UI message says For your computer, no connection to the remotecomputer could be made. Please reconnect. Ask your administrator if the problem persists.

What I've seen and tried

Clientside

• In the clients eventlog, the only event I can see is ID 1041: The remote app "DNS name of my broker setup" is getting started in "DNS name of my broker setup", but no saved credentials are used for one time logon. (Reason: RemoteApp- and Remotedesktop connection do not exist).
• connecting directly to a session host via mstsc.exe /admin works fine
• using wireshark while connecting, I can not see a single TCP packet being transmitted to the connection broker or gateway. When connecting directly, I do.
• Deleting my Root-CA from the certstore and re-importing did not help
• Tracing it via procexp shows nothing unusual
• completely uninstalled antivirus solution "Bitdefender"
• used a fresh RDP connection file that works fine on any other client
• used an unsigned RDP connection

Serverside

• Failover to the second connection broker node did not change the situation
• I can not find any entries in the brokers event logs

What could cause a client to fail connecting before even transmitting a single packet to the connection broker, while connecting fine directly?

Thanks for any hint. I'm out of ideas what to test, but don't want to simply resetup the machine because it is not a single case anymore.