I'm facing a problem where I can't log into workstations through Remote Desktop Protocol (RDP) while using the OpenVPN client. I'm getting errors like 'your credentials did not work' and 'The logon attempt failed.' Here's the setup:
- I'm using Windows 11 Pro, and the devices are joined to the Entra domain.
- The OpenVPN client operates through a Pfsense Firewall.
- Local users can log in just fine via RDP and OpenVPN, but Azure AD users can't access via the VPN.
- Azure AD users can log in physically when not using the VPN client.
Some troubleshooting steps I've already taken:
- Added two lines to the RDP profile.
- Reset user passwords and checked Defender Firewall settings for RDP (port 3389).
- Disjoined the computer from the domain, deleted it from the Entra portal, and then rejoined.
- Added users to the RDP group with PowerShell and reset passwords again.
- Tried logging in with different formats: azuread\[email protected] and [email protected].
- For local users, .\user1 + password works fine.
- The computer can still ping and resolve Microsoft domains for authentication, so I don't think DNS is the problem.
- I even tried a Microsoft trick where I run Notepad, hold shift, and select 'run as' for the user.
Any fresh ideas on how to resolve this? Thanks a ton!
2 Answers
.\azuread\username format should work fine for Azure AD users (like .\azuread\user1). Make sure you’re including those extra lines in the RDP profile as well; that worked for me!
It sounds like you might need to enable the web login option on the RDP client. Make sure to check the advanced tab and tick the web login box. This can make a big difference!
Totally agree! That was the key step for us. Also, make sure your RDP client is updated, or you might not see that option. After ticking that box, I was able to log in using the full EntraID email with MFA.