Skip to main content
spitta
spitta
New Member
March 4, 2026
Question

RDP Secret Credential Injection Not Working When Using FortiPAM as Gateway (Native RDP)

  • March 4, 2026
  • 3 replies
  • 354 views

When launching an RDP session using a stored Secret through FortiPAM (via Proxy mode and NLA mode), the connection does not automatically inject the stored password.

Instead:

The RDP client pre-populates the username field with the currently logged-in Windows user from the client machine.

The session then prompts for a password.

The stored Secret credentials in FortiPAM are not injected.

Authentication must be completed manually.

3 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
March 8, 2026

Hello Maximo, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
March 9, 2026

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
March 10, 2026

Hello again Maximo,

 

I found this answer, can you tell us if it helps, please?

 

When using FortiPAM as a gateway for RDP sessions in proxy mode with NLA (Network Level Authentication), there are a few considerations and potential issues that could lead to the behavior you're experiencing. Here are some steps and checks you can perform to troubleshoot and resolve the issue:

 

Troubleshooting Steps

  1. Verify Proxy Mode Configuration: Ensure that FortiPAM is correctly configured to operate in proxy mode. This mode should handle credential injection automatically.

  2. Check NLA Settings: Confirm that both FortiPAM and the target server are configured to use NLA. Mismatched settings can cause authentication issues.

  3. Secret Configuration: Verify that the secret stored in FortiPAM is correctly configured with the appropriate username and password for the target server.

  4. RDP Client Configuration: Ensure that the RDP client on the user's machine is not set to automatically use the local Windows credentials. This setting can override the credentials injected by FortiPAM.

  5. FortiPAM Logs: Check FortiPAM logs for any errors or warnings related to the RDP session. This can provide insights into what might be going wrong during the credential injection process.

  6. Native RDP Diagnostics: Utilize the Native RDP Diagnostics feature in FortiPAM to diagnose connection issues. This tool can help identify if there are any specific errors during the connection process.

 

Additional Consideration

  • Credential Injection Limitations: Ensure that the RDP client supports credential injection. Some older or non-standard RDP clients may not fully support this feature.

  • User Permissions: Verify that the user has the necessary permissions in FortiPAM to use the proxy mode and perform credential injection.

Follow-ups and Clarification Questions

  • Have you verified that the secret in FortiPAM is correctly configured with the right credentials?
  • Are there any specific error messages in the FortiPAM logs when the RDP session fails to inject credentials?
  • Is the RDP client configured to use local Windows credentials by default, and can this setting be changed?
  • Have you tried using the Native RDP Diagnostics tool in FortiPAM to gather more information about the connection issue?

If these steps do not resolve the issue, further investigation into the specific configuration and logs may be necessary.

Jean-Philippe - Fortinet Community Team
Terms & ConditionsAccessibility statement