https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3364788#M549303 Hi Octavian,<BR /><BR /><BR /><BR />Thanks a lot for your reply.<BR /><BR /><BR />But could you please specify why it is not working. I tried to check the configuration guide but changing registry key EnforceSingleLogon didn`t help.<BR /><BR />Is it possible to modify anything to have working RDP for this case?<BR /><BR /><BR />I hope you will answer and show the the direction because at this moment neither Cisco or MS can help me.<BR /><BR /><BR /><BR /> Thu, 12 Apr 2018 09:20:38 GMT oleg_kobzar 2018-04-12T09:20:38Z https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3364738#M549294 <P>RDP to Windows 10&nbsp; machine is not working when Cisco NAM is used instead native Windows supplicant. The case is below:</P> <P>1) PC is turned on and passed machine authentication</P> <P>2) RDP is initiated to PC and user authentication passed. But RDP is not established.Windows Firewall blocks this traffic, even if&nbsp; there is a permit rule in its configuration (tcp/udp from any source&nbsp; to port 3389) </P> <P>3) Machine authentication is passed again.</P> <P>User and Machine VLAN are the same. It works only if user is locally login into PC( user authentication on switch port) or if Windows Firewall is disabled. Logs are below.</P> <P>&nbsp;</P> <P>2018-03-30 16:08:52 DROP TCP 172.27.235.51 172.27.235.53 51817 3389 0 - 0 0 0 - - - RECEIVE<BR />2018-03-30 16:08:52 DROP UDP 172.27.235.51 172.27.235.53 62652 3389 0 - - - - - - - RECEIVE</P> <P>Does anyone use such deployment of 802.1x with Cisco NAM?</P> Fri, 21 Feb 2020 18:53:32 GMT https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3364738#M549294 oleg_kobzar 2020-02-21T18:53:32Z https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3364755#M549301 <P>Hi,</P> <P>&nbsp;</P> <P>It's working as expected <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect45/administration/guide/b_AnyConnect_Administrator_Guide_4-5.pdf" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect45/administration/guide/b_AnyConnect_Administrator_Guide_4-5.pdf</A></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="nam.PNG" style="width: 906px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/10192i48D482F3E2216D5F/image-size/large?v=v2&amp;px=999" role="button" title="nam.PNG" alt="nam.PNG" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 12 Apr 2018 08:35:32 GMT https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3364755#M549301 Octavian Szolga 2018-04-12T08:35:32Z https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3364788#M549303 Hi Octavian,<BR /><BR /><BR /><BR />Thanks a lot for your reply.<BR /><BR /><BR />But could you please specify why it is not working. I tried to check the configuration guide but changing registry key EnforceSingleLogon didn`t help.<BR /><BR />Is it possible to modify anything to have working RDP for this case?<BR /><BR /><BR />I hope you will answer and show the the direction because at this moment neither Cisco or MS can help me.<BR /><BR /><BR /><BR /> Thu, 12 Apr 2018 09:20:38 GMT https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3364788#M549303 oleg_kobzar 2018-04-12T09:20:38Z https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3364815#M549313 <P>Hi Oleg,</P> <P>&nbsp;</P> <P>Please check if windows firewall is completely off just to exclude this as a possible issue.</P> <P>Also, make sure you've added the correct dword in registry to allow RDP with a different user than the currently logged in user.</P> <P>I've tested this in the past and it worked.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Octavian</P> Thu, 12 Apr 2018 10:22:24 GMT https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3364815#M549313 Octavian Szolga 2018-04-12T10:22:24Z https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3915263#M549317 <P>Its known bug,</P><P><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo47467" target="_blank" rel="noopener">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo47467</A></P><P>&nbsp;</P><P>Work around as below.</P><P><SPAN>1. In Registry Editor, locate the following registry subkey:</SPAN><BR /><SPAN>HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy</SPAN><BR /><SPAN>2. Right-click the Parameters registry subkey, point to New, and then click DWORD (32-bit) Value.</SPAN><BR /><SPAN>3. Rename the new registry entry to IntfQuarantineEnabled and set the value to 0.</SPAN></P><P>Hope this helps</P> Wed, 28 Aug 2019 11:50:09 GMT https://community.cisco.com/t5/network-access-control/rdp-is-not-working-with-cisco-nam-user-and-machine-auth/m-p/3915263#M549317 DHaya 2019-08-28T11:50:09Z