RDP

Authentication with certificates in a foreign domain is attempted with an explicit domain\username. User hint doesn't help. How to get around?

There is a domain, PKI is configured in it, issuing certificates for smart cards with UPNs. There is a completely separate domain where you need to configure PKI-issued smart card certificate authentication. Configured according to instructions https://support.microsoft.com/en-us/help/281245/gu...treating the configured PKI as third-party. When I try to access through the RDP client, I get an "incorrect username or password" cuff, in the server logs, authorization with an explicit domain name, while the domain is where the PKI is, and not the one where the server is. I set up user hint on the client, I type in remote \ user from the user to whom the certificate is bound, I get a "user not found" error on the client with a disconnection, while the server reports successful authorization. How can this behavior be bypassed? Do not suggest disabling NLA on a remote server, because otherwise they will zaddosit, the server looks at the Internet with little or no protection. There is no other way to do it, there is no money. Is it possible to configure a full-fledged third party CA of the standalone type to issue certificates with an explicitly specified UPN,