Highlighted
edbarrag Absent Member.
Absent Member.
1623 views

RDPRelay - Network Level Authentication - ISSUE

Hi,

I have the following problem.
When the "Allow connections only from computer running Remote Desktop with Network Level Authentication (more secure)" option is enabled on the server containing the NPAM agent, it is not possible to establish a connection using RDPrelay, sending the message "the remote computer requires network level authentication which your computer does not support"

How can I solve this problem ?, without modifying the options of the server that contains the agent NPAM.
0 Likes
2 Replies
Micro Focus Expert
Micro Focus Expert

Re: RDPRelay - Network Level Authentication - ISSUE

NLA support in PAM using the existing RDP-Relay MyAccess Web Console is not possible due to external limitations. As far as I know, Microsoft views this as a security risk and does not permit use to "scriptable clients" (i.e. javascript/web). More information can be found in the Remote Desktop ActiveX control reference > IMsRdpClientNonScriptable interface. This details an interface that will avoid the additional popup that one gets for a credential (IMsRdpClientNonScriptable3::PromptForCredentials), but the same can't be achieved in Javascript. Further discussion of this can be found here: https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/d52282ea-a3a4-4059-93d1-1c5b1140cf96/rdp-activex-in-ie-always-shows-login-prompt-nla-is-enabled-on-target-server?forum=windowsgeneraldevelopmentissues.

NLA mandates one to enter credentials on the client side, which cannot be automated as it would be outside of PAM control. If you really want to have automatic logon via RDP-Relay from MyAccess, the only thing available is to disable NLA on the server side. This can be achieved on a per server basis or through GPO, for more details, please refer to: https://social.technet.microsoft.com/Forums/sharepoint/en-US/cd01f009-f194-4a89-b135-5c42ccc8b491/how-do-i-configure-remote-desktop-settings-through-gpo?forum=winserverGP.
0 Likes
edbarrag Absent Member.
Absent Member.

Re: RDPRelay - Network Level Authentication - ISSUE

Tdharris, Thanks for the info

Regards!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.