Azure AD RDG MFA prompt issue
We use a Microsoft Windows Remote Desktop Gateway server configured to require Azure MFA/2FA. When someone connects, they are first authenticated to the RDG, they receive an MFA prompt in their Microsoft Authenticator app, and when they approve it, the connection process continues to authenticate to the remove VM and connects.
If the end user misses the MFA prompt and it times out, they are not connected (as expected). Any future attempts to connect to any server through this RDG, fail to send an MFA prompt to the Microsoft Authenticator app. It's as though RDM is maintaining a failed connection to the RDG. The end user must close RDM completely (and all currently open sessions) to get the next MFA prompt to come through.
This issue does not happen with the Microsoft default mstsc.exe client. Is this a known issue with RDM? Do you have thoughts about how to troubleshoot/correct this?
Thank you.
All Comments (8)
Hello,
Thank you for reaching out to us regarding this. I would appreciate your assistance with the following inquiries:
- Could you please specify the version of RDM you are currently using?
- What type of data source are you using?
I'm also wondering if this previously worked for you without issue in RDM?
Let me know,
Best regards,
Samuel Dery
The version is 2023.3.24.0 64-bit and I'm using a Local database. This is the first time I'm using RDM, but we have multiple people that I'm supporting, and they've been mentioning this issue for a while now (many months).
Hello,
Thank you for your reply,
Would it be possible for you to create a recording of the behavior? I will provide you a link via private message so that you can send us the recording in a secure manner.
Let me know,
Best regards,
Samuel Dery
I uploaded the video. You'll see my computer and my mobile phone with my Microsoft Authenticator app that receives the MFA authentication notification.
- I initiate the connection at the beginning of the video
- At about 5 seconds, the authenticator app receives the MFA notification.
- I ignored the notification to simulate missing it and not approving it in time, and cleared the notification from my phone at about the 20 second mark
- At about 1:33, the connection fails. This makes sense because I didn't complete the MFA prompt
- I then reinitiated the connection
- You'll note that my phone receives no MFA prompt and the connection fails at 3:15
- I then close and re-open RDM, initiate the connection, and the MFA prompt appears on my phone
Hello,
Thank you for your reply and for the recording,
I see, I've opened a case with our QA department to see if they may be able to reproduce this,
I've linked this case to your thread and will keep you updated with any news I receive,
Best regards,
Samuel Dery
I just realized that we haven't conversed in a while. How are things going? Is there anything else I can provide to help?
Hello,
Thank you for your patience,
We've made a request with our IT department for a test environment that matches your configuration, we're currently waiting on this before we can attempt to reproduce the behavior.
I will keep you updated with any news I receive,
Best regards,
Samuel Dery
Hello,
We try to investigate this case and it appears that we are unable to setup this specific environment. It's not a simple deploy but I can try to help you.
We use the Microsoft RDP ActiveX but it seams that something get stuck. Could you verify if you try to open it in external mode if you reproduce the issue? You could also try to create another data source and verify if switching to it keep the same behavior.
Regards
David Hervieux