×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

windows remote access

Unanswered Question
Sep 29th, 2014
User Badges:

Hi

I have ISE 1.2 and there an issue with windows remote access on the computer

I use remote access to give assistance to remote user


Issue description:
The windows remote access  are possible as much as the user’s assistance does not required to switch to an admin account
In case a switch to admin account is done, the network connection is lost and I can no more continue unless the remote user reconnects again.

 

Please how can I configure ISE to permit remote acces and switch to administrator user session without loose conexion ?

Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nspasov Mon, 09/29/2014 - 13:46
User Badges:
  • Cisco Employee,
  • Cisco Designated VIP,

    2017 AAA, Identity and NAC Security

So I am assuming that you are using "user only" based authentication. Correct? If so, that is the problem and it is a problem with Windows XP, 7 and even 8. It appears that during the RDP session, only machine credentials are sent, thus the 802.1x authentication fails. The workaround is to either switch the devices to perform "machine" based authentication or "user or machine" based authentication. In ISE then you will have to create a rule for machine based authentication to permit RDP based ports. 

Take a look at the following links:

https://supportforums.cisco.com/discussion/12003786/cisco-ise-12-8021x-wires-ms-rdp

http://social.technet.microsoft.com/Forums/windows/en-US/507cd666-9c86-423c-bbed-789b9e975bd9/windows-7-rdp-and-8021x-authentication

Hope this helps!

 

Thank you for rating helpful posts!

nicanor00 Tue, 09/30/2014 - 05:10
User Badges:

Hi

I am using machine auth first then user authentication after user login

But I can create specific authorization profile for the administrator (windows user login : remoteaccess)

How would I configure rule for that specific user ?

How create a rule for machine based authentication to permit RDP based ports ?

Check some printscreen of my config in attachement : it is not work

 

Please help

nicanor00 Thu, 10/02/2014 - 02:08
User Badges:

Hi

Please how can I create a rule to permit windows RDP on machine authentication for a specific user (windows user login : RDPTEST)

 

Please help

nspasov Thu, 10/02/2014 - 11:51
User Badges:
  • Cisco Employee,
  • Cisco Designated VIP,

    2017 AAA, Identity and NAC Security

You can try to create a rule that allows machine based authentication and with that you can return an authorization profile that allows RDP and perhaps block everything else. Or you can just allow everything. 

The rule in your screenshot above is referencing a user-based authentication. 

 

Thank you for rating helpful posts!

Pranav Gade Mon, 11/23/2015 - 21:52
User Badges:

Hi Neno,

 

Somewhat same issue I am also facing, we are running with ISE 1.4 and we are running with machine + user auth.

But once user gets login to his machine and try to access rdp or copying any file, and if he locked the machine then its stopping the session and use has to do log-off login to reinitiate the connection.

Currently end point are - windows 10 and window 8

We are using user or machine option in windows native supplicant,

 

Thanks in advance 

 

Actions

This Discussion