The logon attempt failed error for RDP access method
Article ID: 233011
Updated On:
Products
Issue/Introduction
We are receiving an error in PAM when attempting to access an RDP server using auto-login:
We can use PAM to remote into other servers in the device group using the same credentials. This server will not allow us to login with any account we use. The accounts are part of the Active Directory admin group that would have permission to login to the server (We can login to the server outside of PAM using PAM credentials, just not within PAM). The working servers are domain controllers, but the one that doesn't work is not.
Environment
Release : 4.0
Component : PRIVILEGED ACCESS MANAGEMENT
Cause
PAM did not pass the domain name for the account correctly in the auto-login process, because the target application had the domain configured with distinguished name syntax: DC=xxx,DC=yyy,CD=zzz. The target server therefore interpreted the credentials as local user credentials, which resulted in an authentication error.
Resolution
Changing the domain name to xxx.yyy.zzz in the target application, under the Active Directory tab, resolved the problem. This is standard syntax for domain names. Do not use the distinguished name syntax when defining Active Directory target applications.
Below a correct domain name entry example.com is shown. The distinguished name syntax, DC=example,DC=com, must not be used, as it would cause the problem discussed here.
Feedback
