collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?
« previous next »
Pages: [1]

Author Topic: Issues accessing system under ISE via Remote Desktop  (Read 25878 times)

Offline bberry

  • Cisco Newbie
  • *
  • Posts: 5
  • Reputation: 0
  • Certification: CCNA
Issues accessing system under ISE via Remote Desktop
« on: June 02, 2015, 09:10:14 AM »
Has anyone tried to use RDP (Remote Desktop) to a system that is also under ISE? Should it work? Does authentication and other things change when connecting through RDP to the system compared to being at the keyboard?

I have two users that have been under ISE for a couple weeks now and been working without any issues. They both tried to access their systems remotely over the weekend but ran into a small issue. They connect to the VPN just fine but when they try to access their systems via RDP they get kicked out of of the RDP session. If they try to reconnect via RDP they receive a message along the lines that the system is no longer part of the domain. When they come back into the office they log onto their system and they have also lost any other RDP sessions they may have had open to other systems as well.

One user is a system admin and normally has two or three other RDP sessions open to other systems to make it easier to manage the system. All these sessions were disconnected as well. It is almost as if when the RDP session kicked in ISE took the system completely off the network.

Brent

Logged

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Issues accessing system under ISE via Remote Desktop
« Reply #1 on: June 05, 2015, 09:03:41 PM »
RDP to Windows machine is a known issue where the computer perform machine authentication instead of user authentication. So when you RDP and look at the auth session on switch port, you will see computer name instead of username, and if you have machine auth profile setup to be too restrictive, you may lose access to network right after RDP session connects. A workaround is to obviously 'permit all' traffic for successful machine auth but that mean you just relaxed your security policy and you also will not be able to enforce differentiated user access during RDP since ISE will be authenticating machine instead of user.
Logged
Pages: [1]
« previous next »
 

Related Topics

  Subject / Started by Replies Last post
15 Replies
36851 Views 		Last post September 20, 2013, 10:02:32 PM
by MC
5 Replies
56656 Views 		Last post October 11, 2014, 05:10:57 AM
by adecisco
5 Replies
21905 Views 		Last post April 13, 2014, 09:10:08 AM
by MC
1 Replies
13995 Views 		Last post December 12, 2014, 12:00:56 AM
by MC
3 Replies
42211 Views 		Last post April 28, 2016, 09:28:17 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal