User cannot RDP to Windows server using SAC
search cancel

User cannot RDP to Windows server using SAC

book

Article ID: 247155

calendar_today

Updated On:

Products

Symantec ZTNA

Issue/Introduction

Newly provisioned SAC tenant where no Applications were defined and Identity store was a local one.

Created an RDP app with default settings and applied the RDP policy to a few local users defined - confirmed that RDP to the Windows servers worked directly before creating the App

A locally logged in user was able to see the RDP app on Portal. After selecting and adding the username and short term password (shown below), they got an error message popping up that indicated authentication issues. 

The forensic logs never indicated the same authentication issues were causing the RDP failure .

“Authentication for username '[email protected]' failed. failed getting active sessions for user: the user was not found”

Created a Web based Application and did not have any issues.

Environment

SAC.

RDP Application.

Cause

Looks like a corruption of the short term passwords.

Resolution

Switched users from short to long term RDP passwords as shown below and all worked fine - issue appears specific to short term passwords.

As soon as we re-enabled short term RDP passwords, all worked fine again. Looks like the operation reset the token database so that all worked well.