pappa_recd Contributor.
Contributor.
1752 views

PAM RDP Error

I have the below setup

Framework Manager - Windows 2012 R2 attached to the domain netiq.com
3 servers where NPUM agent is installed
a) Standalone server -Windows 2012 R2 installed
b) Server with AD installed - windows 2012 R2 domain .netiq.com
c) Server tied to domain .netiq.com - Windows 2012 R2


Attaching the Enterprise Credential Vault Domains and the Rule screenshot. Whenever I try to access the remote desktop I am being asked to save a single file for all the connections avaialble. Its asking to save the file in form of .rdp and when the .rdp file is being opened I am getting different errors.

Also the video file is displaying "no video files to playback"
0 Likes
9 Replies
pappa_recd Contributor.
Contributor.

Re: PAM RDP Error

Attachment Added
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: PAM RDP Error

Let's verify the scenario here.. so it appears you have two connection approaches here you are attempting to work out:
1) Direct-RDP, where Administrator connects directly with mstsc client (session isn't being audited / recorded)
2) RDP-Relay, where an AD user connects to MyAccess page to start rdp session as a Local Administrator Account on a Non-Domain Windows Server (session unable to start)

Here are a few recommendations:

1) My initial suspicion is the Account Domain Name as "WinLocalAccount"..
Is the Account Domain Name in the Enterprise Credential Vault, "WinLocalAccount", the actual NETBIOS Name / Windows Server Name in the Windows environment (i.e. NETBIOSNAME\Administrator) ?
For more details regarding Local Windows accounts, please see the following TID: https://www.novell.com/support/kb/doc.php?id=7021908
To me, this appears to be a convenience-type name, which is likely not the actual Windows Server Name in this instance.

2) Another possibility is to change "Submit User" Credential in the PAMAD LDAP Account Domain to "SubmitUser" instead (no space).
This is according to https://www.netiq.com/documentation/privileged-account-manager-3/npam_admin/data/t41wusurtnvg.html.
I am pretty sure it must be "SubmitUser" though for SubmitUser direct-rdp type rule to work right.

3) If you are looking to allow direct rdp connections, then changing "AD Domain Rule" to the following should help:
Account Domain: PAMAD
Credentials: PAMAD\SubmitUser
Run User: PAMAD\SubmitUser
Run Host: PAMAD
0 Likes
pappa_recd1 Absent Member.
Absent Member.

Re: PAM RDP Error

Thanks for your reply.. I have updated the Enterprise Account domain and Rules suggested but whenever I try to access the Direct RDP and RDP Relay a .rdp file with the name pamwindows.rdp gets downloaded (irrespective of the connections). attaching the updated screenshots of the Rule and Account Domain
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: PAM RDP Error

If I remember correctly, this has been resolved, correct? If so, when available, would you please update this thread with the details of the solution? Thank you very much!
0 Likes
pappa_recd1 Absent Member.
Absent Member.

Re: PAM RDP Error

The issue have been resolved after changing the hostname of the host for the PAM manager to point to IP address...
0 Likes
frankabhinav Super Contributor.
Super Contributor.

Re: PAM RDP Error



PFA pdf of error still coming .Even when i have changed host . I am unable to log in and still seeing network level authentication
error.

Thanks
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: PAM RDP Error

Hey Frank,

The network level authentication (NLA) issue you are referring to I think is very different than the issue discussed in this particular thread. Feel free to open a new thread if needed; however, please take a look at the following document that is related:
https://www.novell.com/support/kb/doc.php?id=7020137
0 Likes
prasenjitmass Respected Contributor.
Respected Contributor.

Re: PAM RDP Error

Hi,
I've faced the same RDP error where I access thorough browser https://pamserver/myaccess , login through Active Directory user, link of RDP rule shows, i.e AD\SubmitUser@*

Message came that .rdp file could not be downloaded,

Please see the rule I've specified


IF (user IN Windows CMD US AND command IN RDP Session)
Authorize : yes
Secondary Authentication : no
Session Capture : yes
Credential : MASS\Administrator (Tried to put SubmitHost here,as per above solution, but failed)
Run User = MASS\SubmitHost
Run Hosts= All Hosts

please provide any solution.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: PAM RDP Error

This sounds like the error is different than what is in this thread.
Please create a new forum thread and specify the exact error message you are experiencing.

A couple recommendations to take to the new thread you make:
- Verify 'SubmitUser' empty credential has been added to MASS Account Domain in the Credential Vault.
- Set Credential to MASS\SubmitUser, Run User to MASS\SubmitUser, Run Host to the specific windows host or a host group. As far as I understand, Run Hosts as 'All Hosts' won't work in this case.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.