RDS Farm - Gateway querying DC from client's domain

Hello everybody,

I have a little problem I’m struggling with as I’m trying to set up a new RDS farm in our environment. I searched the internet for hours for this problem but I couldn’t find any useful information.

Here is the picture :

DOMAIN1.LOCAL and DOMAIN2.LOCAL are internal to our company.
Workstation (RD clients) are in domain DOMAIN1.LOCAL
RD servers had been set up into domain DOMAIN2.LOCAL
Firewall is filtering traffic between the 2 domains (different network zones).
2 servers are holding RD Web Access and Gateway Role (SRVGW1.DOMAIN2.LOCAL, SRVGW2.DOMAIN2.LOCAL)
2 servers are holding RD Broker Role (SRVBRK1.DOMAIN2.LOCAL, SRVBRK2.DOMAIN2.LOCAL) and are configured in HA mode.
2 servers are RD Session Host (SRVHOST1.DOMAIN2.LOCAL, SRVHOST2.DOMAIN2.LOCAL) and are on a pool handled by the brokers.
A server is holding RD Licence Server Role (SRVLIC1.DOMAIN2.LOCAL)

Everything is up and running, and connections are working fine except for a strange delay while connecting : once I’m logged into RD Web Access web page from my DOMAIN1.LOCAL workstation (obviously with DOMAIN2.LOCAL credentials, that are passed through the remote desktop connections with the tick box “Use RD gateway credentials for remote computers” ), when I click on a published remote desktop connection, the RDP connection is launched but is stuck for 15 seconds at “Initiating remote connection” and then, process the other steps smoothly.

So, I analyzed network traffic on the SRVGW1.DOMAIN2.LOCAL gateway server while this delay occurs and I found that the gateway server is trying to contact the Domain Controllers of DOMAIN1.LOCAL (so the domain from which the workstation is member of) on port UDP 389 (LDAP). Those packets are dropped by the firewall, so the gateway server retries on every domain controller in DOMAIN1.LOCAL, and then, is waiting for what I assume is a timeout as its requests are not answered.

So my question is :

-        Is it normal that the gateway is trying to contact the domain controllers from which the workstation (RDP client) is member of,  despite that the credentials used for connection are DOMAIN2.LOCAL credentials? What is the purpose of those LDAP requests? Should we open port 389 from gateway to all DOMAIN1.LOCAL domain controller in our firewalls (seems strange to me because if RDP clients were external I couldn't possibly know their domain membership and even less the domain controllers handling it)?

Thanks in advance.