OTPCP for Windows Server - Doesn't prompt for OTP

[cmacra...@gmail.com]

I have a working OTP/WebADM system that we use for our VPN access.  I'm trying to deploy the OTP Credential Provider for Windows on a Server 2012 R2 to have 2FA when we use Remote Desktop to access the server.

I've gotten it installed on the server with all the settings correct as far as I can tell, but when I try to Remote in to the server from a workstation, I never get the OTP challenge.  It just logins to the server like normal. Also, it's the regular RDP login screen.  Is there supposed to be a RCDEV login screen instead?

Anyone have any insights into this issue? I've looked in the forum but haven't found this specific issue.

Thanks for any help you can provide.

[Ibrahim MESLEM (RCDevs)]

Hello,

Have you installed the OTP Credential Provider as default Credential Provider on your server  ?

[cmacra...@gmail.com]

I have not made it the default. I didn't think that was a requirement based on the video I watched.  Does it have to be to get the OTP to work?

[cmacra...@gmail.com]

Sorry, it was actually the documentation that came with that said not to use Default while testing.  It wasn't the video.

[cmacra...@gmail.com]

Additional info:
I'm running this from the vmware appliance with OpenOTP and Radius servers.  WebADM v1.3, OTP & U2F Auth. Server v1.2.0-1
As far as I can see, it's setup correctly.  The OTP works fine when using the VPN clients.  I just can't get the Windows CP to work.  It's running on the server as a service.
Anything?

[francois...@rcdevs.com]

Hi,

Our CP is not used at all with RDP if it is not defined as default credential provider, you can only use it for a local login (but you can also use the default windows CP). If you define it as default CP (check that it works for local login before), you will be obliged to use it with RDP and local login.

[cmacra...@gmail.com]

OK.  I had been testing using RDP.  That explains why it didn't work with it not set to default CP on the server.  I went to the server console directly and it didn't prompt me.  I ran the config again and kept the same settings.  After logging off and attempting to logon it did come up with the RCDEVs splash login screen.  Only after entering my LDAP credentials it gives me an error "Endpoint could not be initialized.".  So, new problem.  I don't want to set it as default CP until I can successfully login on the console.  Where should I look?  I looked for the webadm.log file but there isn't one.

[cmacra...@gmail.com]

Ok!  BIg Thanks to Francois for letting me know that the CP doesn't work with RDP unless you have it set as the default.

I was able to resolve my other issues by digging through the forum and piecing together some info/fixes.

To fix the Endpoint issue:  The registry settings for ca_file and server_url had been blanked.  Once I reentered that info into regedit, it at least was able to contact the server. But the SOAP log file said the domain was invalid or disabled.

To fix the domain issue: I had to add my domain to the Domain Name Aliases field in the WebADM console-Admin-Local Domains-Configure.
I can now use the RCDevs CP on my server console and get the OTP prompt.  Login is successful.

Next step:  Configure it as default and see if I can connect via RDP.

[cmacra...@gmail.com]

Final Post:
Success!!!  I now have OTP working via RDP!  Set it to Default and tested on the local console, then via RDP.