OvidiuG.11271 (Customer) asked a question.
I have installed OKTA Credential Provider for Windows and setup RDP MFA on Windows Server 2012 following this article https://help.okta.com/en/prev/Content/Topics/Security/proc-mfa-win-creds-rdp.htm
I'm trying to access the server via RDP and I'm kicked out. A small window pops up with the title "Error" and the message "Multi Factor Authentication Failed".
The OktaWidget.log has the following content:
[2/14/2019 5:45:58 PM FT01]-Minting JWT completed
[2/14/2019 5:45:58 PM FT01]-InvalidOperationException thrown System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.HttpWebRequest.GetResponse()
at OktaWidget.JwtService.GetStateTokenUsingJwt(String username)
at OktaWidget.OktaWidgetForm..ctor(String username, Int64 parent, Boolean doMfaChallenge)
at OktaWidget.OktaWidgetClass.displayWidget(Int64 parent, String username)
Hi Ovidiu,
Usually that is caused by one of the following:
If this does not resolve the issue, please open a case with our Support team so we can troubleshoot the issue.
Thank you!
Mihai Burcea
Technical Support Engineer
Okta Global Customer Care
Hi,
We are having the same issue here when i try to set this up for my Okta Preview org.
I confirmed the app is assigned to the user and the username is set to samAccountName (what the user is logging in with)
When i set it to fail open with no internet connection however, it lets the user login bypassing MFA.
Regards,
Sam
This is a known issue with Windows 2012 related to enabling TLS1.2 in dot NET v4. Here is the link to the Okta document;
https://help.okta.com/en/prod/Content/Topics/Miscellaneous/okta-ends-browser-support-for-TLS-1.1.htm
This fixed the issue for me.