<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00009WnOVkCANOkta Classic EngineAdvanced Server AccessAnswered2025-10-11T09:00:47.000Z2023-08-15T19:14:22.000Z2023-08-17T17:07:54.000Z

f91xw (f91xw) asked a question.

August 15, 2023 at 7:14 PM
sft rdp connection was closed

Hello Okta gurus,

 

When I tried "sft rdp" to a remote Windows host the authentication seemed to go through fine. But then I got the below error message:

"rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: read tcp x.x.x.x:51915->x.x.x.x:4421: wsarecv: An existing connection was forcibly closed by the remote host.""

 

Please note that regular RDP works fine.

 

Any insight is appreciated. Many thanks in advance!

Luan

  • 3 answers
  • 824 views

  • User16594883467582706479 (Customer Support Online Experience)

    Hi, @f91xw (f91xw)​ 

     

    Thank you for posting on our Community page!

     

    Here is a useful response to your use case:

    https://devforum.okta.com/t/an-existing-connection-was-forcibly-closed-by-the-remote-host/13359

     

    Thank you for reaching out to our Community and have a great day!

    _____________________________________________________________________________

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    _____________________________________________________________________________

    Okta Identity Engine (OIE) Ask Me Anything: Get answers from product experts by clicking here.

     

    Expand Post

  • b5n6c (b5n6c)

    @f91xw (f91xw)​  This error is mostly due to On-Demand User TTL is enabled in the ASA project. When enabled, the server must be accessible on port 4421.

    There are two ways you can mitigate this issue;

    • If On-Demand User TTL is needed - create a firewall rule on the server to accept TCP connections on port 4421. 
    • In On-Demand User TTL is not needed- disable On-Demand User TTL in ASA project. It can be done by editing project details section and selecting value as disabled for On-Demand User TTL. 

     

    Community members help others by clicking Like or Select as Best on responses.

    Expand Post

  • f91xw (f91xw)

    Thank you @b5n6c (b5n6c)​  for taking your time to respond to my question! Yes, all our Projects have On-Demand TTL disabled by default.

This question is closed.
Loading
sft rdp connection was closed