Close
logodocs

Add an RDP Server

An RDP server in strongDM is the combination of an IP/DNS address and authentication information used to control a Windows resource, such as a server running Windows Server 2019 or Windows 10 Professional. From the Servers section, click Add Server then select RDP as the server type to show the resource configuration.

Resource configuration

RDP Settings
RDP Settings
  • Display Name (Required): Like other resource types, this is the name that is displayed in the CLI and GUI for any Users that are granted access.

  • Server Type (Required): Select RDP from the drop-down menu.

  • Hostname (Required): The IP/DNS address used to connect to the resource from your Gateway/Relay. (e.g. windows-server.strongdm.com)

  • Port (Required): The port on the target server that is listening for RDP connections. If you're unsure, leave this as the default: 3389.

  • Port Override (Required): The port that SDM will use to listen for connections for this server on a User's machine. This port value must be unique across the Organization. Leave blank to have a valid port number assigned by default.

  • Username (Required): The username or domain\username to authenticate with. (e.g. Administrator or mydomain\administrator)

  • Password (Required): The password for the provided username.

    This password cannot be validated by the healthcheck; a green healthcheck for this resource indicates network reachability only.

Windows Network Level Authentication (NLA)

Windows NLA is a security protocol used by the Remote Desktop Service; when enabled, it completes additional client-side verifications. SDM will automatically detect and use Windows NLA if it is enabled. However, some variations of NLA are not supported. For example, you may encounter error messages such as these in your sdm.log file:

cannot extract server's sent public key: failed to handshake tls conn:
read tcp4 172.22.64.180:35118->172.22.20.44:3389: read: connection reset by peer"
cannot complete server NLA authentication: cannot parse ntlm echo packet:
cannot read class byte: remote error: tls: internal error

Users may also see similar errors when trying to connect to RDP servers. If you do encounter problems like this, please contact our Support team, who may be able to perform additional configuration on the backend to address this.

Should you have any trouble or have general questions, please reach out to support@strongdm.com.

Previous
Add a TCP Connection
Next
Add an SSH Server with a Customer-Managed Key