• State Not Answered
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 253 views
  • Users 0 members are here
Options
Related

RDP Session User Idle Timeout Causes Password Issue

walied shoaip
1 month ago

Hello, 

I have configured an entitlement that contains an RDP access request policy.

The RDP ARP has the following settings enabled:

  • Allow Simultaneous Access: 3
  • Close Expired Sessions

It uses the safeguard_rdp SPS connection policy which uses the following RDP settings:

  •  User idle timeout: 600 sec

Now the issue is here. I noticed that the accounts used for this policy get their RDP session locked after 600 secs of user inactivity, but after a while the connection stops.

When the user tries to RDP into the asset again it gives an error that "The computer can't connect to the remote computer", but then when I check the account's password on SPP, I find it changed!

How does the account's password change and I have disabled the "Change Password After Check-In" feature in the access request policy?

I have also made sure that no job changes the accounts' passwords during working hours so it means that password has not been changed by an automated task.

I have also checked the activity center searching for any other actions relating to any password change but couldn't find any. Nevertheless, the result of password check is failing until I change it from Safeguard.

Please help me understand about this issue.

Thank you in advance.

SPP version: 7.0.4

AD version: 2019

  • 0 1 month ago

    Hi Walied

    - SPS will only terminate the session when it reaches the inactivity timeout (Session will be in disconnected state on target machine but SPS does not log out the user)

    - If SPP has the option to (change password after check-in) disabled, then there will be no password change triggered based on access request expiry or check-in

    - To check if SPP changed the password, go to Asset Management > Accounts > find the account in question and double click on it > select the Check and Change log tab > here you will see all Check and Change tasks related to this account (By default it will show last 24 hours but this can be expanded to older events depending on SPP's Audit logs maintenance history retention) and these events will show the username which ran the task for example "Automated System" in case of Password Change schedule or a different username if an admin or owner user forced a password change from SPP either by using either (Set password or Change Password) security options.

    Thanks!

  • 0 1 month ago in reply to Tawfiq.Ahmad

    Hello Tawfiq,

    I checked the SPP logs as you said and found that it doesn't change the account's password after check-in.

    This brings up the main issue, how did the password change without SPP? And why did it change in the first place? Is there anyway I can track this?

    Thank you.

  • 0 1 month ago in reply to walied shoaip

    If the password changed outside of SPP then SPP would not be aware of that information in the audit logs.

    If the password was changed in SPP then the audit log will show the event evidence and also this can also be verified using the Password Archive:

    - In LTS > Select the Account > Account Security > Password Archive will show the password history for passwords changed in SPP

    - in Feature > Edit the account > Secrets tab > view archive

  • 0 1 month ago in reply to Tawfiq.Ahmad

    I noticed that Safeguard did not change the password of the account. However, I don't know why the issue happened. What made the account malfunction?

  • 0 1 month ago in reply to walied shoaip

    To investigate a root cause, this will require analyzing the logs from both SPP and SPS, otherwise, we can only guess what could be the issue.

    you may raise a support service request with a support bundle from the SPP and SPS appliances used in the RDP session request.

    Include the remote username and server ip used in the RDP session

    Keep in mind that the RDP files downloaded from SPP have a one-time token for security purposes so if a user disconnects from the RDP session they will need to download a new rdp file from the access request to reconnect again.