this one’s a head scratcher but just throwing it out in the unlikely case someone has an idea.
let’s call our domain example.com. private ip block, 192.0.0.0/24
zero trust has been configured and working great. using gateway - firewall policies - dns policies we have an override rule: pc1.example.com 192.0.0.10
remote desktop to 192.0.0.10 works flawlessly, but rd to pc1.exmaple.com gets stuck on securing network connection after submitting the login credentials (NLA is on) which always pops up.
more strangely remote desktop to pc1.exmaple.com does connect on rare random occasions.
pc1.example.com lookup using dig or nslookup from the client always correctly returns 192.0.0.10 and besides the login window popup is proof that the record is correct.
any ideas at all why connecting via host name fails? even more bizarre, why it works on rare occasions?
all the while connecting via explicit 192.0.0.10 works all the time. it makes troubleshooting this a nightmare.
ps. we also have other overridden records such as for activesync or owa and they work fine using host names.