Step 3: Click on the Excluded Usernames tab. Step 2: Launch the User Agent user interface.
To mitigate this issue, if you are using User Agent 2.1 or above, you can exclude any accounts that you willīe using primarily for RDP in the User Agent Configuration. S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXXĬomplete these same steps after logging in via RDP and you will notice that you will receive another logon event(Event ID 4624) with the same IP address as shown by the following line from the logon event XML data from the original logon: 192.x.x.x Step 7: Click on the Logon Event and click on the Details tab.
#Remotepc com login Offline
Step 6: Enter the following XML query, substituting your IP address for and(Data='')]] Cannot connect to Trying opening but the site is not working and appears offline today Check. Step 5: Filter for the IP address of your workstation by clicking Filter Current Log, clicking the XML tab, and clicking edit query.
#Remotepc com login windows
Step 4: Drill down to Windows Logs > Security. Step 3: Go to Start > Administrative Tools > Event Viewer. Step 2: Using RDP log into the Domain Controller identified in Step 1 The line that starts "DC:" will be the name of the Domain Controller and the line that starts "Address:" will the IP address. Step 1: Determine the Domain Controller that you host is authenticating against:Įxample output: C:\Users\WinXP.LAB>nltest /dsgetdc:support.labĭom Guid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXįlags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST To find these events, you will need to follow the below steps: To verify this is what is occurring, you can verify that the IP address from the logon event from your original workstation and the RDP remote host have the same IP address. If you are logging into the remote host with a different user account, this will change the user associated with your original workstation's IP address. AD logs the authentication attempt for the RDP session against the originating host IP address rather than the RDP endpoint you are connecting to. This issue occurs due to the way Microsoft Active Directory(AD) logs RDP authentication attempts to the Windows Security Logs on the Domain Controller. If your network is live, make sure that you understand the potential impact of any command.
All of the devices used in this document started with a cleared (default) configuration. Note: The information in this document was created from the devices in a specific lab environment. This document provides a solution for this issue.Ĭisco recommends that you have knowledge on FireSIGHT System and User Agent. You will notice i ncorrect user is associated with workstation. It causes change in permissions for the user in relation to Access Control rules. If you log into a remote host using Remote Desktop Protocol (RDP), and the remote username is different than your user, FireSIGHT System changes the IP address of the user that is associated with your IP address on the FireSIGHT Management Center.