Skip to main content

RDP Authentication Issues with SecureAuth IdP

Applies to

SecureAuth IdP All Versions

Introduction

This document discusses an authentication issue that could prevent administrators from accessing a SecureAuth IdP Appliance via RDP.

Discussion

LAN Manager Authentication

SecureAuth IdP appliances are shipped to customers with a hardened configuration of the Windows Operating System. In the case of RDP, SecureAuth enforces the use of NTLM v2 for authentication attempts to provide additional security while administering the appliance. If unable to successfully establish an RDP connection to a SecureAuth IdP appliance, then it may be that the workstation is not configured to use the more secure version of NTLM. The setting can be changed either through GPO or through Local Security Policy. The option is called Network security: LAN Manager authentication level, and the suggested setting is Send NTLMv2 response Only.

35455953.png
Additional Information

See the Microsoft support document below for more information on configuring the LAN Manager feature of Windows.

Network security: LAN Manager authentication level

https://technet.microsoft.com/en-us/library/jj852207%28v=ws.10%29.aspx