Remote Desktop Web Access

If you utilize 2FA protection of RDP on your server where Remote Desktop Web Access (RDWA) is hosted, default settings require 2FA authentication for the launch of applications available in your RDWA.

This means, if a user tries to access your RDWA web site, the user is prompted for an OTP. Once the user provides a valid OTP, logs in and tries to launch an application available in your web site, the user will be prompted again to provide an OTP.

If you do not want an authenticated user (used a valid OTP to enter your RDWA web site) to be prompted for an OTP when launching an application in your web site, take the following steps:

1.In the ESA Web Console navigate to Settings > IP Whitelisting.

2.Select the check-box next to Allow access without 2FA from:

3.Enter the localhost IP address: 127.0.0.1,::1 in the text box

4.Select the check-box next to RDP

5.Click Save.

note

Note

If RDWA is hosted on a different machine than ESA Authentication Server, you must whitelist the IP address of the RDWA host.

To make sure that you whitelist the correct IP address, look it up in the Esa.Core.log log file located at C:\ProgramData\ESET Secure Authentication\Esa.Core.log.

1.Clear the content of the  log file.

2.Attempt to log in to RDWA with a user account protected by 2FA.  

3.In that log file search for "_RDWeb".

4.A few rows below you should see a row saying "Starting two-factor authentication for user: username with ip 1.2.3.4" where "1.2.3.4" will be replaced with the real IP address of your RDWA host.