<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UeOSAVOkta Classic EngineMulti-Factor AuthenticationAnswered2025-03-31T09:00:57.000Z2018-07-08T01:10:57.000Z2019-05-07T04:31:47.000Z

DanielS.74256 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
RDP issue with new organisation.
I am testing out te RDP MFA with a Windows 2016 Server and currently I am unable to get it to work. We are a new customer, so i am wondering if this is a tls 1.2 issue.  I am using the 1.1.3 agent per the documentation and have made sure .net 4.6.2 has TLS 1.2 enabled. Below is the errror message I am recieving in the logs, while the userjust gets multi factor authenticaion failed.

 

[7/8/2018 1:07:55 AM CHSITMGMT01]-Killing WinLogon pid=2672

[7/8/2018 1:07:55 AM CHSITMGMT01]-Killing WinLogon result=1

[7/8/2018 1:09:12 AM CHSITMGMT01]-AppUsername sent to Okta=sometestuser

[7/8/2018 1:09:12 AM CHSITMGMT01]-Minting JWT completed

[7/8/2018 1:09:13 AM CHSITMGMT01]-InvalidOperationException thrown System.Net.WebException: The remote server returned an error: (404) Not Found.

   at System.Net.HttpWebRequest.GetResponse()

   at OktaWidget.JwtService.GetStateTokenUsingJwt(String username)

   at OktaWidget.OktaWidgetForm..ctor(String username, Int64 parent, Boolean doMfaChallenge)

   at OktaWidget.OktaWidgetClass.displayWidget(Int64 parent, String username)

 

I was getting

 

[7/7/2018 11:14:20 PM CHSITMGMT01]-InvalidOperationException thrown System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

   at System.Net.HttpWebRequest.GetResponse()

   at OktaWidget.JwtService.GetStateTokenUsingJwt(String username)

   at OktaWidget.OktaWidgetForm..ctor(String username, Int64 parent, Boolean doMfaChallenge)

   at OktaWidget.OktaWidgetClass.displayWidget(Int64 parent, String username)
  • 5 answers
  • 2.83K views

  • DanielS.74256 (Customer)

    A little bit more digging and I found out if I add a single user to the MFA appliaction it works. If I base my policy off one of my AD groups it doesnt work and get the 404.

  • l07vn (l07vn)

    I'm having the same issue, but it doesn't work with a single or group added user.

  • M (Customer)

    this fixed my ssl/tls secure channel problems but now i have a 404.

     

    open Powershell and check for supported protocols by using [Net.ServicePointManager]::SecurityProtocol

     

    Run the following 2 cmdlets to set .NET Framework strong cryptography registry keys:

     

    set strong cryptography on 64 bit .Net Framework (version 4 and above)

     

    Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

     

    set strong cryptography on 32 bit .Net Framework (version 4 and above)

     

    Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord

     

    Restart Powershell and check again for supported protocol by using [Net.ServicePointManager]::SecurityProtocol

    Expand Post

  • M (Customer)

    OK, so later on i found out my 404 was because I had initially set this up with okta username (full email address) instead of just samaccountname. deleted single user, readded single user (probably could have just edited the username) and now it works. Next step is to test with multi-users.

This question is closed.
Loading
RDP issue with new organisation.