When logging in manually to the RDP client, the domain is automatically selected, and the user logs in OK. (user does not have to specify the domain name)
However, when selecting SSO in the portal settings, clicking RDP fails login showing the local name of the server with the username. We would like to use domain credentials, not local computer name credentials.
Tried making the domain default on the Windows Server 2012R2 server, but this problem still exists.
Any ideas?
Hi gprentice,
If I got it well... You have a SSL VPN with LDAP/AD login. Right?
So, you want to log in to SSL VPN Portal and access an RDP environment with the same LDAP user. I have a similar demand and I use my login username like "username@domain.net" + password, or I configure a bookmark in Portal template.
I hope it helps.
Cheers,
Elthon Abreu
Elthon Abreu FCNSA v5
Thanks, that might be a good workaround, but I was hoping it would be simpler for the users (who sometimes have trouble remembering their username, let alone a domain name too)
Graham
Graham,
Try the second option... configure your Portal template with SSO... that will "use" the same login of VPN logon. It works for me... my users just click on bookmark link and the RDP session opens.
Cheers,
Elthon Abreu FCNSA v5
gprentice wrote:Thanks, that might be a good workaround, but I was hoping it would be simpler for the users (who sometimes have trouble remembering their username, let alone a domain name too)
Graham
Hello,
Same issue here !! I have tried everything... :(
Did you find a solution ?
Thanks for your help.
Valentin
I have the same issue on a FG200E running 6.0.4. I also tried forcing the default domain using GPO, but did not resolved the issue.
This is what worked for me:
1. On the server that you are trying to RDP to, make sure you force to use NLA.
2. on the Bookmark, select SSO and let the server pick the security.
Hope this helps,
Gabriel
(Updated to remove pics - sorry new to this forum)
I was having issues with remote accounts that have "Log On To" restrictions in AD (Consultants).
The solution was to add a DNS host entry for the FG host name and add the FG name to the computers the user is allowed to logon.
For example;
System->Setting
Host name: MyFirewall
Network->Interfaces
Port 1: 172.1.1.1/24 (This is my LAN interface that talks to AD - LDAP)
In my DNS server (AD), I added a host record;
MyFireall --> 172.1.1.1
in Users And Computers (AD) I added "MyFirewall" to the "Log On To" list ( Open user in AD, go to the Account tab to find the option)
Thanks man, works for me!
FGT 100D 6.0.3
If user have resticted access via Account -> Log on to - add DNS-name of FGT does't work for me
Solved by add domain controller, that's strange..
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.