MFA for local logon at computers or server


I'm currently testing AuthPoint for otp-logon for computers and server. As the guide states it requires "authentication when users log in to a computer or server. This includes protection for RDP and RD Gateway."

Interestingly it only asks me to provide my otp when logging into the devices via RDP but not when I am logging on at the console of the pc or server. I reviewed my configuration in respect of the setup guide but i can't find any issues or a specific configuration option where i could select that i only want the mfa logon using rdp but not the console.

Does anyone know what i might miss here?


  • james.carsonjames.carson Moderator, WatchGuard Representative


    Has the server in question been rebooted since the logon app was installed?
    If not, it's likely the process linked to the actual console logon hasn't restarted and pulled down the new configuration that points it at the AuthPoint process.

    -James Carson
    WatchGuard Customer Support

  • hi, thx for your reply.

    Yes the server has been rebooted multiple times. Meanwhile, by accident, i've got a new devolpment. I do have to hosts currently for testing. A physical notebook with windows 11 and the server with 2016.

    While trying to reprodice this issue, yesterday evening i connected the notebook to the wired network, instead of the wireless - which i disabled - to test the auth by using rdp. after that i unplugged the wired connection and rebooted and tried again. Suddenly i got asked to provide the otp on console login. After successfully loggin into i discovered that i've got no network connection - cause initialy i disabled wireless and unplugged the cable. After that i plugged in the cable and did the same again and this time it didn't requested the otp but logged me in normally.

    This morning i did the same with the server which is a virtual machine. I removed the network connection and it asked for the otp. I reconnected it to the network and again it does not ask.

    So for now it seems to be the issue that it only asks for the otp when there is no network or internet connection to the client. If i pull all plugs it ask for the otp, if i provide network connection it doesn't ask.

    At least, for now i can confirm that the console logon process can technically ask for the otp if the circumstances fit ;-)

    The question now would be, what is the difference in loggin into at the console while there is a network connection or not.

    My AuthPoint authentication policy does not make any assumptions regarding a network object or anything else. There is only the Groupname and the Resource configured.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    I'd suggest opening a support case so we can collect logs from that system and see what's going on. I'm not sure why this might be happening for you.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.