If you go read the Microsoft document that was posted above, if User Auth is attempted then the network connection will fail. Disabling SSO might allow for the connection to eventually come back, but you'll likely just break it again upon connection with RDP.
EAP-TLS or EAP-TEAP is the answer. But regardless of what gets chosen, get rid of any authentication that requires MSCHAPv2.
Original Message:
Sent: Sep 25, 2023 10:11 AM
From: cdelarosa
Subject: Switch-Siwthc block port when someone does rdp to the computer on that port
Hello Chulcher
Let me check on this but i saw that someone that had
This enabled did not that happen the issue
Just to make sure Carson, it will break the 802.1x connection even with that option on??
The only options are having the computer authenticaiton or go to EAP TLS
Original Message:
Sent: Sep 25, 2023 09:46 AM
From: chulcher
Subject: Switch-Siwthc block port when someone does rdp to the computer on that port
If they are using PEAP for 802.1X, the only option is to only enable Computer Authentication. If they have User enabled then the RDP session WILL BREAK THE 802.1X connection.
------------------------------
Carson Hulcher, ACEX#110
Original Message:
Sent: Sep 22, 2023 09:28 PM
From: cdelarosa
Subject: Switch-Siwthc block port when someone does rdp to the computer on that port
Hello thnks for your reply
Like i said on my previews post i already informed the client that we must move to EAP TLS, for now they are asking us to fix it because its urgent
As for the solution microsoft is proposing, is this?:
This is already configured, and they still have the issue
If its somewhere else where is it?
Thanks
Original Message:
Sent: Sep 22, 2023 08:32 PM
From: ahollifield
Subject: Switch-Siwthc block port when someone does rdp to the computer on that port
The customer should migrate to certificate based EAP methods instead.
https://learn.microsoft.com/en-us/troubleshoot/windows-client/remote/cannot-use-802dot1x-user-authentication-connect-rds
Original Message:
Sent: Sep 22, 2023 07:31 PM
From: cdelarosa
Subject: Switch-Siwthc block port when someone does rdp to the computer on that port
We have users that needs to connect with rdp but they are getting disconnected
Example:
Users have desktops in their company
Let say user X which is on his home connect to his desktop(this desktop authenticate with 802.1x) he connect to his desktop with a VPN. When they connect with RDP to that desktop get disconnected of the network and i see this error:
[4:26 p. m.] Jose Vindas Alfaro
ST1-CMDR: port 2/1 is Blocked by AAA
Same issue happens if someone in the internal network tries to remote desktop to that desktop, we get that error
Im wondering if this happen because of the credential guard and because they are using EAP PEAP(i iknow they need to move to EAP TLS but its something we have to work with the client after we fix this)
I notice that one computer is working fine but in that computer it has this enable
In most of the computers it has it disable like you see in the screenshot and in thos computers it seems it doesnt work
This only happens when they try to remote desktop
I dont know if when it try to autenticate and noone is on the computer it prompts the user and pass but as noone is there to do that it kick the device from the network because noone is putting the user and pass
You guys think its that?
Do you think there is a logic in what is happening and with the credential guard?