![]() “The remote computer that you are trying to connect to When he tried to access his Azure VM throughĪn RDP session, he got the following message: I guess there are many technical ambiguities or errors in what I said.Today, I received an email from a colleague, saying that heĬould RDP into his Azure VM after he rebooted the machine through the OS I suspect there is also an automatic expiration if you never reboot the machine but from my experience, it takes more than a few days to happen. This explains why you need to log in at least once locally every time you reboot your AD computer. Consequently: for the RDP server to be able to generate a secret that only the proper user credentials can decrypt, it must receive the user credentials at least one time after it has rebooted.As this has nothing to do with cached logons, it has also no reason to be persistent across reboots: once the machine reboots, this information is lost.This is not the same and has nothing to do with cached logons: the actual password must be accessible to the host through some session level mechanism. For this, it needs to have the user's credentials cached. But to generate this challenge, the RDP host must also know the credentials.In that case, the protocol will in some way involve challenging the RDP client to decrypt a secret that only proper user credentials can decrypt. Therefore any authentication protocol that involves talking to a third-party will fail. ![]() Your scenario (and mine) involve a client computer that is not member of the AD.This token will be submitted to the RDP host. A KDS will be involved and your client will receive a key or token that will prove you have authenticated. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |