09-29-2014 05:35 AM - edited 03-10-2019 10:04 PM
Hi
I have ISE 1.2 and there an issue with windows remote access on the computer
I use remote access to give assistance to remote user
Issue description:
The windows remote access are possible as much as the user’s assistance does not required to switch to an admin account
In case a switch to admin account is done, the network connection is lost and I can no more continue unless the remote user reconnects again.
Please how can I configure ISE to permit remote acces and switch to administrator user session without loose conexion ?
Thanks in advance
09-29-2014 01:46 PM
So I am assuming that you are using "user only" based authentication. Correct? If so, that is the problem and it is a problem with Windows XP, 7 and even 8. It appears that during the RDP session, only machine credentials are sent, thus the 802.1x authentication fails. The workaround is to either switch the devices to perform "machine" based authentication or "user or machine" based authentication. In ISE then you will have to create a rule for machine based authentication to permit RDP based ports.
Take a look at the following links:
https://supportforums.cisco.com/discussion/12003786/cisco-ise-12-8021x-wires-ms-rdp
Hope this helps!
Thank you for rating helpful posts!
09-30-2014 05:10 AM
Hi
I am using machine auth first then user authentication after user login
But I can create specific authorization profile for the administrator (windows user login : remoteaccess)
How would I configure rule for that specific user ?
How create a rule for machine based authentication to permit RDP based ports ?
Check some printscreen of my config in attachement : it is not work
Please help
10-02-2014 02:08 AM
Hi
Please how can I create a rule to permit windows RDP on machine authentication for a specific user (windows user login : RDPTEST)
Please help
10-02-2014 11:51 AM
You can try to create a rule that allows machine based authentication and with that you can return an authorization profile that allows RDP and perhaps block everything else. Or you can just allow everything.
The rule in your screenshot above is referencing a user-based authentication.
Thank you for rating helpful posts!
11-23-2015 09:52 PM
Hi Neno,
Somewhat same issue I am also facing, we are running with ISE 1.4 and we are running with machine + user auth.
But once user gets login to his machine and try to access rdp or copying any file, and if he locked the machine then its stopping the session and use has to do log-off login to reinitiate the connection.
Currently end point are - windows 10 and window 8
We are using user or machine option in windows native supplicant,
Thanks in advance
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: