Ing KiaP.81203 (Customer) asked a question.
Dear Community Member:
I am trying to perform RDP by using Okta Privilege Access, however it failed to RDP to domain controller. May I check if anyone successful RDP to domain controller using OPA? or RPA to domain controller is not supported yet? Thank You
Error Message: "rpc error code = Unknown desc = user cannot be enabled based on the agent configuration"
Had performed the below steps:
1. Enable the RDP Settings, and allow everyone for the RDP (Windows Server 2022)
2. Allow everyone to RDP
3. Install the SFT Server tool and SFT Clients on Windows Workstations (stable latest version: 1.98.1)
4. Added the enrolment token to the domain controller (Windows Server 2022)
5. Windows Server details shown under the OPA Project Resources
6. User has assigned to Teams Role (Pam Administrator)
7. Install the AD Agent on the Domain Controller
8. sync user from AD to Okta Directory
9. Assign OPA application to AD Admin user
10. Set the AD Admin as member of remote desktop user from Domain Controller
Installed latest SFT Server agent ScaleFT-Server-Tools-1.98.1 and Latest AD Agent-3.22.0-925
Installed Latest SFT Client ScaleFT-1.98.1
Hi @Ing KiaP.81203 (Customer) , Thank you for reaching out to the Okta Community!
The issue you are experiencing might be related to the following limitation mentioned in the below article:
"Domain controller access is managed exclusively through existing domain accounts and permissions. Individual Okta user accounts are neither created nor deleted on the server. For example, your org may have a policy that grants temporary server access to users for troubleshooting. However, this policy can't be applied to a domain controller, because the server agent doesn't create individual Okta user accounts in that case."
https://help.okta.com/oie/en-us/content/topics/privileged-access/pam-domain-controller.htm
That being said, I recommend opening a case to go over your implementation in detail with one of our colleagues from the Support team.
Regards.
--
Help others in the community by liking or hitting Select as Best if this response helped you.
Collect them all. Learn a new skill and earn a new Okta Learning badge.
Just released: More Okta Community badges just added