Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

windows remote access

Hi

I have ISE 1.2 and there an issue with windows remote access on the computer

I use remote access to give assistance to remote user


Issue description:
The windows remote access  are possible as much as the user’s assistance does not required to switch to an admin account
In case a switch to admin account is done, the network connection is lost and I can no more continue unless the remote user reconnects again.

 

Please how can I configure ISE to permit remote acces and switch to administrator user session without loose conexion ?

Thanks in advance

5 REPLIES
Cisco Employee

So I am assuming that you are

So I am assuming that you are using "user only" based authentication. Correct? If so, that is the problem and it is a problem with Windows XP, 7 and even 8. It appears that during the RDP session, only machine credentials are sent, thus the 802.1x authentication fails. The workaround is to either switch the devices to perform "machine" based authentication or "user or machine" based authentication. In ISE then you will have to create a rule for machine based authentication to permit RDP based ports. 

Take a look at the following links:

https://supportforums.cisco.com/discussion/12003786/cisco-ise-12-8021x-wires-ms-rdp

http://social.technet.microsoft.com/Forums/windows/en-US/507cd666-9c86-423c-bbed-789b9e975bd9/windows-7-rdp-and-8021x-authentication

Hope this helps!

 

Thank you for rating helpful posts!

Community Member

HiI am using machine auth

Hi

I am using machine auth first then user authentication after user login

But I can create specific authorization profile for the administrator (windows user login : remoteaccess)

How would I configure rule for that specific user ?

How create a rule for machine based authentication to permit RDP based ports ?

Check some printscreen of my config in attachement : it is not work

 

Please help

Community Member

HiPlease how can I create a

Hi

Please how can I create a rule to permit windows RDP on machine authentication for a specific user (windows user login : RDPTEST)

 

Please help

Cisco Employee

You can try to create a rule

You can try to create a rule that allows machine based authentication and with that you can return an authorization profile that allows RDP and perhaps block everything else. Or you can just allow everything. 

The rule in your screenshot above is referencing a user-based authentication. 

 

Thank you for rating helpful posts!

Community Member

Hi Neno,

Hi Neno,

 

Somewhat same issue I am also facing, we are running with ISE 1.4 and we are running with machine + user auth.

But once user gets login to his machine and try to access rdp or copying any file, and if he locked the machine then its stopping the session and use has to do log-off login to reinitiate the connection.

Currently end point are - windows 10 and window 8

We are using user or machine option in windows native supplicant,

 

Thanks in advance 

 

231
Views
0
Helpful
5
Replies
CreatePlease to create content