This is excellent, thanks for writing it! I've been trying to find the simplest method, and this answers that question! I like how Michael's setup allows for things like re-prompting an end user if they get their password wrong the first time, but in most use cases where the end target is something like Microsoft Word trying to access SharePoint, where the computer already has valid credentials, I really prefer this simpler method. I also like that your method doesn't require setting port translation on the virtual server to "preserve-strict", because that can result in a broken connection for someone if two clients try to use the same source port. Thanks again for writing this, it is much appreciated!