Help needed: VNC/RDP from LAN to PERIMETER/EXTERNAL - session is not authenticated

·         Hi All,

Hope this is the right place to ask for some help?

This is what I have: FTMG SP1 on W2K8R2 - fully patched confiure as a tri-homes setup LAN, PERIMETER(DMZ) and INTERNET

Rule set up : VNC (TCP 5900 outbound) allow 'DMZ Admins' (AD group) from LAN to PERIMETER

Result:

Denied Connection

Log type: Firewall service

Status: The action cannot be performed because the session is not authenticated.

Rule: VNC to DMZ from LAN

Source: Internal (10.0.0.205:55305)

Destination: Perimeter (192.168.0.20:5900)

Protocol: VNC

 

I get a result back from VNC that it can not connect

 

When I change it to allow 'All Users' I get the following:

Initiated Connection

Log type: Firewall service

Status: The operation completed successfully.

Rule: VNC to DMZ from LAN

Source: Internal (10.0.0.205:55047)

Destination: Perimeter (192.168.0.20:5900)

Protocol: VNC

 

But, here is the catch:  I do not get a prompt for a password or any sort of connection

Does anyone know why this is happening? What I really want to do, is the get the rule set up to allow only a certain group to connect, not all users (even that does not work though)

The same issue (Status: The action cannot be performed because the session is not authenticated.) happens when I use RDP to EXTERNAL, and with 'All Users' RDP never comes back with a response.

Anyone have any ideas how to get the authentication to work?

September 23rd, 2010 11:46am

Hi,

 

Thank you for the post.

 

What about the firewall client type? SecureNAT or firewall client? The SecureNAT client is unable to send ISA Server firewall user credentials.

 

Regards,

Free Windows Admin Tool Kit Click here and download it now
September 24th, 2010 10:52am

Ah, that is why then.

This brings up the discussion: Is it best to make them firewall clients or keep SecureNET clients?

September 28th, 2010 12:14pm

Hi,

 

Thank you for the update.

 

“Is it best to make them firewall clients or keep SecureNET clients?”-it depends. If you want to use SecureNAT client, you should add “All users” on the Users tab of the access rule. You may read the following article to know about the firewall client type.

 

http://technet.microsoft.com/en-us/library/dd897009.aspx

 

Regards,

Free Windows Admin Tool Kit Click here and download it now
September 29th, 2010 5:58am

Hi Nick - Thanks for your help - things are shaping up nicely and I really like FTMG!

We are using SecureNA clients and it works a treat!

 

Anain, thanks!

October 4th, 2010 4:41pm

Hi, Amathus, Hi Nick,

Are you sure using SecureNAT to solve your problem. Due to as Nick said "If you want to use SecureNAT client, you should add All users on the Users tab of the access rule".

We have same problem (Status: The action cannot be performed because the session is not authenticated.)

Could you give me step by step to configure firewal client or SecureNAT client, so user group (not all user) can access RDP on perimeter network?

Regards,

Nana Sutisna

Free Windows Admin Tool Kit Click here and download it now
December 6th, 2013 3:24am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics