This article explains a potential cause for a Windows Remote Desktop Protocol (RDP) session configured with Okta ASA/OPA disconnecting with the following error.
Remote Desktop License Issue
There is a problem with your Remote Desktop license, and your session will be disconnected in 60 minutes. Contact your system administrator to fix this issue.
- Advanced Server Access (ASA)
- Okta Privileged Access (OPA)
- Windows Remote Desktop Protocol RDP)
- Per User CAL Licensing
Okta ASA/OPA (Advanced Server Access or Okta Privileged Access) is compatible with Windows Remote Desktop Protocol (RDP). However, ensure that the Microsoft RDP licenses are correctly provisioned. RDP can use either a “per user” or “per device” license. There must be a purchased RDS CAL (Client Access License) for every unique device (Per Device) or unique person (Per User) that connects to the RDP servers.
While using the RDS “Per User” CALs license on Windows Server 2019, the user’s session will be disconnected every 60 minutes if the server is not a member of an Active Directory Domain.
ASA will work with RDP "Per User" CALs on Windows 2019. However, the following conditions must be met:
- The user must be a domain user.
- The server must belong to an Active Directory Domain. It will not work with Workgroups.
- "Per User" CALs are not heavily regulated as per License RDS deployment with client access licenses (CALs) and should function even if licenses are depleted, but ensure to have the correct/compatible licenses.
- The RD Session Host server must be able to request an RDS CAL from the Remote Desktop license server.
- For more information on RDP Licensing, please contact a Microsoft representative.
