Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2060
Views
10
Helpful
2
Replies

Remote Desktop to DOT1X authenticated machine throws internal error.

Gagandeep Singh
Cisco Employee
Cisco Employee

‎06-01-2018 03:51 PM

Hi Team,

Need assistance on below concern.

RDP A = Machine I want to remote into located at our office on dot1x ( NAM installed)

RDP B = Machine I am remoting from, this is my personal computer at my house and not on ISE

1. RDP A boots up and gets to Windows login screen

2. I Remote Desktop from RDP B to RDP A and get the screen where I enter in my password

3. Remote Desktop on RDP B throws the internal error has occurred message. This is also when ping response is lost.

4. Remote Desktop back into RDP A after a minute from RDP B and am presented this screen. I click on my username, enter password, and I'm fine after that.

Setup :

Home pc (Internet)----vpn----ASA (VPN server) ----- ASA ---- Switch dot1x port ---- Office pc ( NAM installed)

Client remains in same VLAN moving from machine to user authentication.

I researched internally in our database and found that

MS Supplicant does not authenticate as User when you log on with Remote Desktop (even if you have supplicant configured to authenticate as computer or user).

It will remain logged on as machine to 802.1X after you logon with remote desktop. So yes it works,  there will be no user auth, no change of vlan or refresh of ip after you logon with RDP.

Check this document

https://communities.cisco.com/thread/65238?start=0&tstart=0

I am looking for the settings on NAM or the machine that can take care of the RDP session.

Any help would be appreciated.

Regards

Gagan

1 person had this problem
Labels:
2 Replies 2

Jason Kunst
Cisco Employee
Cisco Employee

‎06-01-2018 04:16 PM

Moving to anyconnect

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎06-01-2018 04:46 PM

When using NAM,  and using machine and user auth NAM profile,  enable "extend user connection beyond log off" for user authentication. So when the local user has logged off, the connection remains active.

Screen Shot 2018-06-01 at 4.43.24 PM.png

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents