Forum Discussion

Guyver1's avatar
Guyver1
Copper Contributor
Jun 15, 2021

Cannot RDP in WAC when account is a member of Protected Users

WAC Gateway:

Version - 2103.2
Build - 1.3.2105.24004
RDP Extension version - 1.106.0 (wac-insiders)
 
I have tested and confirmed this issue on my home lab by adding and removing myself from Protected Users security group.
 
When using Server Manager to manage all my servers I can right click a server and select Remote Desktop and RDP to any of my servers without issue as a member of Protected Users.

Using WAC I am unable to RDP at all. What is the difference between WAC RDP and Server Manager RDP and normal RDP that stops WAC RDP from working when you are a member of Protected Users?
 
All my servers are added to WAC as FQDN's so should be using Kerberos rather than NTLM.
Is this related to the PowerShell double hop issue where some PowerShell commands such as Install-ADServiceAccount wont work via WAC due to the double hop?
 
Any documentation and possible solutions welcome as its stopping me from the slow migration away from ServerManager.
 

 

  • Nascoop's avatar
    Nascoop
    Brass Contributor

    Guyver1 Did you ever figure this out?  I don't use Server Manager or WAC, but I have discovered that the MS RD app (little red circle with GT and LT symbols) will NOT allow me to connect to anything remotely when I'm in the Protected Users group.  However, the original RDC app (aka MSTSC.EXE) will allow me to connect remotely, but only when I'm in the office on the local subnet.  If I connect at home, through our Sonicwall VPN, neither the RD nor the RDC app will allow me to connect.

Resources