Remote Desktop Web Access
If you utilize 2FA protection of RDP on your server where Remote Desktop Web Access (RDWA) is hosted, default settings require 2FA authentication for the launch of applications available in your RDWA.
This means, if a user tries to access your RDWA web site, the user is prompted for an OTP. After the user provides a valid OTP, logs in and tries to launch an application available in your web site, the user will be prompted again to provide an OTP.
If you do not want an authenticated user (used a valid OTP to access your RDWA web site) to be prompted for an OTP when launching an application in your web site, take the following steps:
1.In the ESA Web Console navigate to Settings > IP Whitelisting.
2.Select the check-box next to Allow access without 2FA from:
3.Type the localhost IP address: 127.0.0.1,::1 in the text box.
4.Select the check-box next to RDP.
5.Click Save
RDWA and ESA Authentication Server on different hosts If RDWA is hosted on a different machine than ESA Authentication Server, you must whitelist the IP address of the RDWA host. |
To make sure that you whitelist the correct IP address, look it up in the EsaCore.log log file located at C:\ProgramData\ESET Secure Authentication On-Prem\EsaCore.log.
1.Clear the content of the log file.
2.Attempt to log in to RDWA with a user account protected by 2FA.
3.In that log file search for "_RDWeb".
4.A few rows below you should see a row saying "Starting two-factor authentication for user: username with ip 1.2.3.4" where "1.2.3.4" will be replaced with the real IP address of your RDWA host.
Remote Desktop Web Access HTML5
There are currently two ways to access the HTML5 version of Remote Desktop Web Access (RD Web Access).
A user with SMS OTPs or Mobile Application OTP enabled:
1.Log in to the classic RD Web Access (hostname.domain/rdweb) while authenticating with an OTP.
2.In the same browser, log in to the HTML5 version of RD Web Access (hostname.domain/rdweb/webclient).
A user who has Mobile Application Push enabled can directly access the HTML5 version of RD Web Access. Approve the push notification when prompted to authenticate.