Access Portal - Issues with RDP/Users Access Setting


I've been playing around with the new (to me) Access Portal feature; got SSLVPN set up, custom port, test user/group can use VPN no issues.

For Access Portal, I've configured an SSH connection (works) and a RDC connection to my internal workstation (Windows 10, RDC on standard port) (using NLA only works, everything else gives "Upstream_Not_Found" error).

Obviously, the problem is that in creating an NLA connection, you have to enter login credentials so I thought I would try using the Users Access configuration. However, once I set up connection using:

Authentication Server: Active Directory
Type: User
Name: username (without @domain)

and select the specific RDC connection, I'm no longer able to get to the application landing page after logging in; instead, I am presented with a "No applications for this user" error.

Any ideas what I might be doing incorrectly?


  • Options

    Did a little more reading & testing; turns out:

    User and group names on your Active Directory server are case-sensitive. When you add a user or group to your Firebox, the user or group name must have the same capitalization used in the name on the Active Directory server.

    https://www.watchguard.com/help/docs/fireware/12/en-US/Content/en-US/services/access portal/access_portal_config.html

    It's been a long week...!

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @JeffT

    Auth server usernames and groups are case sensitive. If given the choice, I generally recommend that admins use groups, as they'll always return from the auth server the same way, whereas UsEr@domAIN and USER@DOMAIN will both auth, but be treated as different users.

    There is a feature request to ignore case in RADIUS groups (that's FBX-3996,) however, at this time I'd suggest picking a convention (like all lower case) for the users to use.

    You can see how the user logged in in the authentication list -- it'll display it exactly how the user authenticated when they logged in.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.