RDP issue with new organisation. Skip to main content
https://support.okta.com/help/answers?id=9060z00000078msqai&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Daniel SaultsDaniel Saults 

RDP issue with new organisation.

I am testing out te RDP MFA with a Windows 2016 Server and currently I am unable to get it to work. We are a new customer, so i am wondering if this is a tls 1.2 issue.  I am using the 1.1.3 agent per the documentation and have made sure .net 4.6.2 has TLS 1.2 enabled. Below is the errror message I am recieving in the logs, while the userjust gets multi factor authenticaion failed.

[7/8/2018 1:07:55 AM CHSITMGMT01]-Killing WinLogon pid=2672
[7/8/2018 1:07:55 AM CHSITMGMT01]-Killing WinLogon result=1
[7/8/2018 1:09:12 AM CHSITMGMT01]-AppUsername sent to Okta=sometestuser
[7/8/2018 1:09:12 AM CHSITMGMT01]-Minting JWT completed
[7/8/2018 1:09:13 AM CHSITMGMT01]-InvalidOperationException thrown System.Net.WebException: The remote server returned an error: (404) Not Found.
   at System.Net.HttpWebRequest.GetResponse()
   at OktaWidget.JwtService.GetStateTokenUsingJwt(String username)
   at OktaWidget.OktaWidgetForm..ctor(String username, Int64 parent, Boolean doMfaChallenge)
   at OktaWidget.OktaWidgetClass.displayWidget(Int64 parent, String username)

I was getting

[7/7/2018 11:14:20 PM CHSITMGMT01]-InvalidOperationException thrown System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
   at System.Net.HttpWebRequest.GetResponse()
   at OktaWidget.JwtService.GetStateTokenUsingJwt(String username)
   at OktaWidget.OktaWidgetForm..ctor(String username, Int64 parent, Boolean doMfaChallenge)
   at OktaWidget.OktaWidgetClass.displayWidget(Int64 parent, String username)
Daniel SaultsDaniel Saults
A little bit more digging and I found out if I add a single user to the MFA appliaction it works. If I base my policy off one of my AD groups it doesnt work and get the 404.