Close
logodocs

Add an RDP Server

An Remote Desktop Protocol (RDP) Server in strongDM is the combination of an IP/DNS address and authentication information used to control a Microsoft Windows resource, such as a server running Windows Server 2019 or Windows 10 Professional. This guide will show you how to add an RDP Server as a resource in the Admin UI.

Resource Configuration

To add an RDP Server, select Servers from the left-hand navigation and click Add Server. Then set the following configuration properties.

Add RDP Server Configuration Properties
Add RDP Server Configuration Properties
  • Display Name (Required): Enter a meaningful name for this resource. Like other resource types, this is the name that is displayed in the CLI and GUI for any Users that are granted access.

  • Server Type (Required): Select RDP.

  • Hostname (Required): Enter the IP/DNS address used to connect to the resource from your Gateway/Relay (e.g. windows-server.strongdm.com).

  • Port (Required): Enter the port (default: 3389) on the target server that is listening for RDP connections. If you're unsure, leave it as the default.

  • Port Override: This is the port that strongDM will use to listen for connections for this server on a User's machine. This port value must be unique across the organization. After this resource has been created, this field will be automatically filled with a port between 1024-59999 that is not in use by another resource. You can optionally overwrite it with your own preferred port later in the Port Overrides settings.

  • Username (Required): Enter the username (e.g., administrator) or <DOMAIN>\\<USERNAME> to authenticate with (e.g., mydomain\administrator).

  • Password (Required): Enter the password for the provided username.

  • Resource Tags (Optional): Assign tags to this resource by entering key-value pairs in the format <KEY>=<VALUE> (e.g., env=dev).

    This password cannot be validated by the healthcheck. A green healthcheck for this resource indicates network reachability only.

After the RDP Server is created, the Admin UI will update and show your new server in a green or yellow state. Green indicates a successful connection. If it is yellow, click the pencil icon to the right of the server to re-open the Connection Details screen. Then click Diagnostics to determine where the connection is failing.

If any errors occur, please copy them into an email and send them to support@strongdm.com.

Windows Network Level Authentication (NLA)

Windows NLA is a security protocol used by the Remote Desktop Service. When enabled, it completes additional client-side verifications. Moreover, strongDM will automatically detect and use Windows NLA if it is enabled. However, some variations of NLA are not supported. For example, you may encounter error messages such as the following in your sdm.log file:

cannot extract server's sent public key: failed to handshake tls conn:
read tcp4 172.22.64.180:35118->172.22.20.44:3389: read: connection reset by peer"
cannot complete server NLA authentication: cannot parse ntlm echo packet:
cannot read class byte: remote error: tls: internal error

Users may also see similar errors when trying to connect to RDP Servers. If you do encounter problems like this, please contact our Support team, who may be able to perform additional configuration on the backend to address this.

Previous
Servers
Next
Add an SSH Server with a Public Key