RDP connection to PC for remote access disconnects forticlient.

kazuki · ‎09-20-2023

■Customer Environment

・FortiGate 400E
・PC1 (RDP executor)
・PC2 (RDP receiver)

※Both PCs are windows 10.

※The firmware for the fortigate400E is v7.2.5. Also, the FortiClient firmware is v7.0.7.

※SSL-VPN connection is used.

※A policy has been added to allow communication from the internal segment to the VPN terminal segment.

■Inquiry

I want to make an RDP connection from inside the company to a remote access terminal outside the company.

However, when I RDP from an in-house terminal(PC1) to a remote access terminal(PC2), the FortiClient disconnects.

The forticlient notice states that the tunnel "SSL-VPN connection" has been disconnected because another user has logged in to this computer.

The screen on the PC1 side showed the RDP screen, but remained dark.

I would like to know why forticlient disconnects when I do RDP.

If anyone knows the cause of this, please let me know.

FortiGate FortiClient

xsilver_FTNT · ‎09-20-2023

Hi @kazuki

not quite sure WHERE is the FortiClient and that SSL-VPN.
I guess it is on PC2.
And as PC2 seems to be Windows 10, then it is NOT a terminal server kind of OS, and so one user at a time is expected behavior. Therefore if you logged into PC2 as userA, then initiated RDP from PC1 to PC2, then even if you'd attempt to login as UserA, it is detected as logon and some service might reinit. I think you could be able to either RDP to login screen and use VPN before login feature there. Or re-start SSL VPN after logon. If set properly (split) then it should not affect current network connection used for DRP session and you should not loose DRP session when SSL-VPN re-start.
If that PC2 is supposed to be some jump-host, I'd strongly recommend to use server class OS and Terminal Server services.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

View solution in original post

xsilver_FTNT · ‎09-20-2023

Hi @kazuki

not quite sure WHERE is the FortiClient and that SSL-VPN.
I guess it is on PC2.
And as PC2 seems to be Windows 10, then it is NOT a terminal server kind of OS, and so one user at a time is expected behavior. Therefore if you logged into PC2 as userA, then initiated RDP from PC1 to PC2, then even if you'd attempt to login as UserA, it is detected as logon and some service might reinit. I think you could be able to either RDP to login screen and use VPN before login feature there. Or re-start SSL VPN after logon. If set properly (split) then it should not affect current network connection used for DRP session and you should not loose DRP session when SSL-VPN re-start.
If that PC2 is supposed to be some jump-host, I'd strongly recommend to use server class OS and Terminal Server services.

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

kazuki · ‎09-20-2023

Sorry for the lack of explanation.
I have forticlient installed on PC2.
There is an SSL-VPN connection between PC2 and FortiGate.
A configuration diagram is shown below.

■configuration diagram

PC2---<SSL-VPN>---FGT---SW---PC1
　　　　　　　　　　　　　　|
　　　　　　　　　　　　　AD server

kazuki · ‎09-20-2023

The following is additional information.

I attempted to establish a Remote Desktop connection from PC1 to PC2, but the screen remains black,and I couldn't establish the Remote Desktop connection.

Additionally, FortiClient on PC2 was disconnected and logged out.

In addition, the VPN users are integrated with Active Directory, and authentication is performed using Active Directory user accounts.

In my own company's environment, I was able to establish a Remote Desktop connection from PC1 to PC2 without any issues.
However, in the customer's environment, I cannot establish a Remote Desktop connection.

RDP connection to PC for remote access disconnects forticlient.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website