ESET Online Help

Search English
Select the topic

Remote Desktop Web Access

If you utilize 2FA protection of RDP on your server where Remote Desktop Web Access (RDWA) is hosted, default settings require 2FA authentication for the launch of applications available in your RDWA.

This means, if a user tries to access your RDWA website, the user is prompted for an OTP. Once the user provides a valid OTP, logs in and tries to launch an application available in your website, the user will be prompted again to provide an OTP.

If you do not want an authenticated user (used a valid OTP to enter your RDWA website) to be prompted for an OTP when launching an application in your website, take the following steps:

  1. In the ESAC Web Console navigate to Settings > IP Whitelisting.
  2. If prompted, select a company.
  3. Select the check-box next to Allow access without 2FA from:
  4. Enter the localhost IP address: 127.0.0.1,::1 in the text box.
  5. Select the check-box next to RDP.
  6. Click Save

note

RDWA and ESA Authentication Server on different hosts

If RDWA is hosted on a different machine than ESA Authentication Server, you must whitelist the IP address of the RDWA host.

To make sure that you whitelist the correct IP address, look it up in the EsaCore.log log file located at C:\ProgramData\ESET Secure Authentication\EsaCore.log.

  1. Clear the content of the log file.
  2. Attempt to log in to RDWA with a user account protected by 2FA.
  3. In that log file search for "_RDWeb".
  4. A few rows below you should see a row saying "Starting two-factor authentication for user: username with ip 1.2.3.4" where "1.2.3.4" will be replaced with the real IP address of your RDWA host.

Remote Desktop Web Access HTML5

There are currently two ways to access the HTML5 version of Remote Desktop Web Access (RD Web Access).

A user with SMS OTPs or Mobile Application OTP enabled:

  1. Log in to the classic RD Web Access (hostname.domain/rdweb) while authenticating with an OTP.
  2. In the same browser, log in to the HTML5 version of RD Web Access (hostname.domain/rdweb/webclient).

A user who has Mobile Application Push enabled can directly access the HTML5 version of RD Web Access. Approve the push notification when prompted to authenticate.