Windows machine name in the title when connecting through RDP service
Article ID: 280655
Updated On: 03-28-2024
Products
Issue/Introduction
Defining an RDP service to connect to remote Windows systems from PAM, the terminal window is always showing as Connection information the loopback address, 127.0.0.1 and not the name of the remote endpoint.
Why is this so and is there any way to change it ?
Environment
CA PAM all versions up to the latest 4.1.X
Cause
This is caused by the fact that when using an RDP service, it is the MSTSC native Windows client that is launched.
The client uses the IP or machine name that it connects to as the Label in the Window title bar.
Now the way in which PAM works, when creating a service a local random port is open for the loopback address. For instance, if we are connecting to machine 192.168.0.10:3389 using an RDP PAM service, that may create a tunnel from 127.0.0.1: 54321 through PAM to the purported 192.168.0.10:3389 through the PAM appliance. Precisely the idea of PAM is that any remote connection is actually redirected through PAM and that direct connection to the remote system is never established.
Once the tunnel is established between the local loopback and the remote endpoint through PAM, the native local client will connect to the loopback address, that is, in the example, mstsc will connect to 127.0.0.1:54321. As such and given the way that the MSTSC client works, it will show that address and not the remote one, which remains unbeknownst to the local client
Resolution
mstsc does not allow for customization of the connection window in as far as custom connection information, so there is no way to set up a custom caption.
A possible option is to use the PAM Agent. In this case, a windows driver is introduced which redirects connections to the remote IP to the local loopback, but this is transparent to the end user, so the experience is that a regular mstsc to the final machine is being established. In this case, since the mstsc is done to the real final IP address (even if PAM Agent redirects under the hood to the local loopback address and random port), the connection information will indeed show the final machine name.
This solution requires deploying the PAM Agent to the workstations of the users using this functionality
There may be other developments in PAM in future releases which may work around the problem, but these are still under development.
Another possibility is to identify the Windows machine itself by using sysinternals tool bginfo, available at
Setting this little utility in the startup folder of the remote machines to which users connect will show background information such as machine name, ip, etc, which may help overcome this limitation
Feedback
