11-01-2022 02:14 AM
Team, an issue we are facing with one of our client machines.
We have some end user who try an RDP to a machine in the office network.
However, in our case for a successful authentication to take place the machine must show the user certificate to the network.
Till the user does an RDP certificate authentication does not work, and the machine gets an IP address on the Guest VLAN till then.
Any suggestions on getting over this behavior?
Regards,
N!
Solved! Go to Solution.
11-01-2022 08:28 AM
AnyConnect NAM solves this problem.
11-01-2022 09:44 AM
As already mentioned, you would need to install AnyConnect NAM or you can also use TEAP to fix that issue. Essentially what you need in this case is EAP chaining, otherwise when the user tries to RDP to the remote host, the session will still be previous one that has been already authenticated and authorized. AnyConnect NAM require buying its licenses as well as deploying the software on all the hosts that would be RDP'ed. However, TEAP is much simpler and has no extra cost, the only thing to keep in mind with TEAP is that you need the Windows 10 build 2004, otherwise you won't see it as an option in the NIC dot1x tab.
11-01-2022 07:41 AM
Not a helpful answer, but the issue is Microsoft doesn't register an RDP session as a login, so the networks will still see it as a machine. I don't know of a way around it without some installed program to force it.
Here we have Citrix and a receiver app installed on computers so when they remote in it triggers it as a login.
11-01-2022 08:28 AM
AnyConnect NAM solves this problem.
11-01-2022 08:45 AM
AnyConnect NAM causes more problems than it solves lol.
11-01-2022 09:44 AM
As already mentioned, you would need to install AnyConnect NAM or you can also use TEAP to fix that issue. Essentially what you need in this case is EAP chaining, otherwise when the user tries to RDP to the remote host, the session will still be previous one that has been already authenticated and authorized. AnyConnect NAM require buying its licenses as well as deploying the software on all the hosts that would be RDP'ed. However, TEAP is much simpler and has no extra cost, the only thing to keep in mind with TEAP is that you need the Windows 10 build 2004, otherwise you won't see it as an option in the NIC dot1x tab.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide