Unable to log in with Direct RDP Session

I created a new PAM server to mirror a test PAM server and created a rule to audit user logins via RDP (Direct RDP Session). However, authentication always fails. I've looked at the settings in both the old and new server and they all match so I'm stumped as to what the problem is.

The rule in question:


The "Data Center" group mirrors what is on the old PAM Server, as does the Windows wcc credential. unifid.log from the new PAM server shows:
Wed May 30 12:22:13 2018, 78, 1433954048, 2908, Info, cmdctrl request denied for '<rdpDirect> WCC\C00000039@v3tsw00422' from C00000039@v3tsw00422

while unifid.log from the old PAM server shows:
Wed May 30 12:18:44 2018, 886, 1262679808, 13775, Info, cmdctrl request accepted for '<rdpDirect> WCC\C00000039@v3tsw00421' from C00000039@v3tsw00421 as wcc\SubmitUser@v3tsw00421


Anyone have any ideas? Both the old and new wcc domain have the SubmitUser credential.
Parents
  • achinayoung_waubonsee;2481781 wrote:
    I created a new PAM server to mirror a test PAM server and created a rule to audit user logins via RDP (Direct RDP Session). However, authentication always fails. I've looked at the settings in both the old and new server and they all match so I'm stumped as to what the problem is.

    The rule in question:


    This was solved with help from NetIQ by leaving Account Domain and Credentials blank and Run User as "Submit User" and Run Host as "Submit Host". This is on a 3.2.0.4 system. I did not have to do this on 3.2.0.3. Maybe 3.2.0.4 introduced a bug.
Reply
  • achinayoung_waubonsee;2481781 wrote:
    I created a new PAM server to mirror a test PAM server and created a rule to audit user logins via RDP (Direct RDP Session). However, authentication always fails. I've looked at the settings in both the old and new server and they all match so I'm stumped as to what the problem is.

    The rule in question:


    This was solved with help from NetIQ by leaving Account Domain and Credentials blank and Run User as "Submit User" and Run Host as "Submit Host". This is on a 3.2.0.4 system. I did not have to do this on 3.2.0.3. Maybe 3.2.0.4 introduced a bug.
Children
No Data