cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2240
Views
10
Helpful
2
Replies

Remote Desktop to DOT1X authenticated machine throws internal error.

Gagandeep Singh
Cisco Employee
Cisco Employee

Hi Team,

Need assistance on below concern.

RDP A = Machine I want to remote into located at our office on dot1x ( NAM installed)

RDP B = Machine I am remoting from, this is my personal computer at my house and not on ISE

1. RDP A boots up and gets to Windows login screen

2. I Remote Desktop from RDP B to RDP A and get the screen where I enter in my password

3. Remote Desktop on RDP B throws the internal error has occurred message. This is also when ping response is lost.

4. Remote Desktop back into RDP A after a minute from RDP B and am presented this screen. I click on my username, enter password, and I'm fine after that.

Setup :

Home pc (Internet)----vpn----ASA (VPN server) ----- ASA ---- Switch dot1x port ---- Office pc ( NAM installed) 

Client remains in same VLAN moving from machine to user authentication.

I researched internally in our database and found that

MS Supplicant does not authenticate as User when you log on with Remote Desktop (even if you have supplicant configured to authenticate as computer or user).

It will remain logged on as machine to 802.1X after you logon with remote desktop. So yes it works,  there will be no user auth, no change of vlan or refresh of ip after you logon with RDP.

Check this document

https://communities.cisco.com/thread/65238?start=0&tstart=0

I am looking for the settings on NAM or the machine that can take care of the RDP session.

Any help would be appreciated.

Regards

Gagan

2 Replies 2

Jason Kunst
Cisco Employee
Cisco Employee

Moving to anyconnect

hslai
Cisco Employee
Cisco Employee

When using NAM,  and using machine and user auth NAM profile,  enable "extend user connection beyond log off" for user authentication. So when the local user has logged off, the connection remains active.

Screen Shot 2018-06-01 at 4.43.24 PM.png