Rohos Logon Key for Windows Remote Desktop logon with YubiKey token



Similar documents
BlackShield ID PRO. Steel Belted RADIUS 6.x. Implementation Guide. Copyright 2008 to present CRYPTOCard Corporation. All Rights Reserved

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

BlackShield ID Agent for Remote Web Workplace

How To Set Up Chime For A Coworker On Windows (Windows) With A Windows 7 (Windows 7) On A Windows 8.1 (Windows 8) With An Ipad (Windows).Net (Windows Xp

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

Implementation Guide for protecting

Strong Authentication for Microsoft TS Web / RD Web

Apache Server Implementation Guide

Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon

Strong Authentication for Microsoft SharePoint

September 25, Programming YubiKeys for Okta Adaptive Multi-Factor Authentication

NetMotion + YubiRADIUS Quick Start Guide

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

DIGIPASS Pack for Citrix on WI 4.5 does not detect a login attempt. Creation date: 28/02/2008 Last Review: 04/03/2008 Revision number: 2

Omniquad Exchange Archiving

Cloud Services ADM. Agent Deployment Guide

Oracle Enterprise Manager

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

Configuring a YubiKey for the YubiCloud

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Agent Configuration Guide

Active Directory Management. Agent Deployment Guide

Device LinkUP + Desktop LP Guide RDP

DOCUMENTATION MICROSOFT SQL BACKUP & RESTORE OPERATIONS

Copy Tool For Dynamics CRM 2013

Instant Chime for IBM Sametime High Availability Server Guide

Hyper-V Server 2008 Setup and Configuration Tool Guide

Copyright

Configuring IBM Cognos Controller 8 to use Single Sign- On

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

BlackShield ID MP Token Guide. for Java Enabled Phones

YubiKey & OATH- TOTP Verification

Cisco VPN Concentrator Implementation Guide

Strong Authentication for Juniper Networks SSL VPN

epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Website:

BES10 Self-Service. Version: User Guide

Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Oracle Enterprise Manager

Administration Guide. SafeWord for Internet Authentication Service (IAS) Agent Version 2.0

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Strong Authentication for Juniper Networks

HOTPin Integration Guide: DirectAccess

Archiving User Guide Outlook Plugin. Manual version 3.1

How to configure MAC authentication on a ProCurve switch

DIGIPASS Authentication for Windows Logon Getting Started Guide 1.1

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1

Check Point FW-1/VPN-1 NG/FP3

User Guide. BES12 Self-Service

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Using Apple Remote Desktop to Deploy Centrify DirectControl

Strong Authentication for Cisco ASA 5500 Series

Project management - integrated into Outlook

Installing Sage ACT! 2013 for New Users

Defender 5.7. Remote Access User Guide

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

User Guide Microsoft Exchange Remote Test Instructions

Windows BitLocker Drive Encryption Step-by-Step Guide

Setup and Configuration Guide for Pathways Mobile Estimating

Application Note. Gemalto s SA Server and OpenLDAP

VM-4 USB Desktop Audio Device Installation Guide

CA Spectrum and CA Embedded Entitlements Manager

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide

VM-8 USB Desktop Audio Device Installation Guide

NCD ThinPATH Load Balancing Startup Guide

PHD Virtual Backup for Hyper-V

Technical Brief for Windows Home Server Remote Access

How To Install Help Desk Premier

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

Monetra Payment Software

Password Manager Windows Desktop Client

NEO Manager Quick Start Guide

White Paper. Software version: 5.0

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

SQL 2014 Configuration Guide

2X Cloud Portal v10.5

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

Installing TestNav Mac with Apple Remote Desktop

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

DualShield Authentication Platform

Installing Act! for New Users

RSA SecurID Software Token 1.0 for Android Administrator s Guide

Defender EAP Agent Installation and Configuration Guide

HP A-IMC Firewall Manager

Dolphin Ocean Server and Dolphin Mobile Client Installation Guide for Android and ios. May 2012

DualShield. for. Microsoft TMG. Implementation Guide. (Version 5.2) Copyright 2011 Deepnet Security Limited

Setting up Hyper-V for 2X VirtualDesktopServer Manual

Citrix Receiver. Configuration and User Guide. For Macintosh Users

StarWind iscsi SAN & NAS: Configuring HA Storage for Hyper-V October 2012

Dell Statistica Statistica Enterprise Installation Instructions

SafeWord Domain Login Agent Step-by-Step Guide

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

File and Printer Sharing with Microsoft Windows

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

Creating a System DSN for Crystal Reports to Access a Sentinel Server Database. Configuration Guide Version 1.0

CS WinOMS Practice Management Software Server Migration Help Guide

Transcription:

Rohos Logon Key for Windows Remote Desktop logon with YubiKey token Step-by-Step Integration Guide. Tesline-Service S.R.L. 10 Calea Iesilor str., Chisinau, MD-2069, Moldova. Tel: +373-22-740-242 www.rohos.com Please check Rohos web site for updates to this or other documentation. Germany: www.rohos.net, Spain: www.rohos-es.com, France: www.rohos-fr.com

Table of Contents Overview: Rohos Logon Key for YubiKey.... 4 Installation Requirements... 4 Modes of YubiKey security... 4 Installation... 4 Rohos Logon Key server configuration... 5 YubiKey OTP configuration... 7 Test Windows Remote Desktop logon... 8 Troubleshooting... 9 Rohos Logon Key Integration Guide. 2

License and Warranty Information Tesline-Service S.R.L. retain all ownership rights to the computer program described in this manual and other computer programs offered by the company (hereinafter called Tesline-Service) and any documentation accompanying those programs. Use of Tesline-Service software is governed by the license agreement accompanying your original media. Tesline-Service software source code is a confidential trade secret of Tesline-Service. You may not attempt to decipher, de-compile, develop, or otherwise reverse engineer Tesline-Service software, or allow others to do so. Information needed to achieve interoperability with products from other manufacturers may be obtained from Tesline-Service upon request. This manual, as well as the software described in it, is furnished under license and may only be used or copied in accordance with the terms of such license. The material in this manual is furnished for information use only, is subject to change without notice, and should not be construed as a commitment by Tesline-Service. Tesline-Service assumes no liability for any errors or inaccuracies that may appear in this document. Tesline-Service reserves the right to make changes in design or to make changes or improvements to these products without incurring the obligation to apply such changes or improvements to products previously manufactured. In no event shall Tesline-Service or any of its agents be responsible for special, incidental, or consequential damages arising from the use of these products or arising from any breach of warranty, breach of contract, negligence, or any other legal theory. Such damages include, but are not limited to, loss of profits or revenue, loss of use of these products or any associated equipment, cost of capital, cost of any substitute equipment, facilities or services, downtime costs, or claims of customers of the Purchaser for such damages. The Purchaser may have other rights under existing federal, state, or provincial laws in the USA, Canada, or other countries or jurisdictions, and where such laws prohibit any terms of this warranty, they are deemed null and void, but the remainder of the warranty shall remain in effect. Copyright Copyright 2001-2009, Tesline-Service All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Tesline-Service Inc. Trademarks Tesline-Service, Rohos, are either registered trademarks or trademarks of Tesline-Service Inc. Microsoft Windows and Windows XP/2000/2003/NT/Vista are registered trademarks of Microsoft Corporation. YubiKey is a registered trademark of Yubico. All other trademarks, trade names, service marks, service names, product names, and images mentioned and/or used herein belong to their respective owners. Additional Information, Assistance, or Comments Tesline-Service technical support specialists can provide assistance when planning and implementing Rohos Logon Key in your network. In addition to aiding in the selection of the appropriate authentication products, Tesline-Service can suggest deployment procedures. This complimentary support service is available by email only. To contact Tesline-Service directly: support@rohos.com For information about obtaining a support contract, see our Support Web page at http://www.rohos.com. Rohos Logon Key Integration Guide. 3

Overview: Rohos Logon Key for YubiKey. Rohos Logon Key is a Windows login solution that offers hardware based and two-factor authentication login to Microsoft Windows as well as for Windows Remote Desktop. As a password replacement Rohos offers to use a variety of hardware tokens, for example YubiKey One Time Password token. Key features: Doesn t require to install anything on client computers; Support cross Remote Desktop connections. (Remote Desktop via Remote Desktop); Cross platform: Connect to Windows Remote Desktop from Mac or Linux also; Works with Windows Active Directory configurations; Support password update/renewal policies; Allows to quickly Add or disable certain YubiKey tokens from access. Installation Requirements Windows 2003/2008 as for Terminal Server; Internet connection on TS computer to verify OTP; Modes of YubiKey security Rohos Logon Key supports 3 types of authentication with YubiKey: Remote OTP validation Local OTP validation Yubikey as a static identifier (default) Rohos verifies each OTP string on the validation server. This mode requires to set up OTP validation server (Yubico server by default). Rohos verifies OTP string by itself (decrypts OTP and manages OTP counters). This mode requires to have a decryption key list for all YubiKeys. Verifies just first 12 characters of OTP string. This mode should be used for testing purposes or local Windows login only. Installation To install Rohos Logon Key on Terminal Server: 1. Install Rohos Logon Key on the Terminal Server computer (Windows restart is not needed) 2. Open Rohos Logon Key > Options > Change USB Key type to "YubiKey" > OK (don t restart) 3. Click Rohos Logon Key > Help > Get Registered and enter you license key. 4. Install Rohos Logon Key server version Rohos Logon Key Integration Guide. 4

5. Open USB Key Management tool > Add license key. Copy/Paste here at least one license key > OK Rohos Logon Key server configuration After installing Rohos Logon Key and Rohos Logon Key server version on the Terminal Server Computer you can set up first YubiKey token. 1. Open Rohos USB Key Management tool: 2. Click "Click here to Add new YubiKey..." In the dialog box Please touch your YubiKey click your Yubikey to generate OTP string. Rohos Logon Key Integration Guide. 5

the token OTP will be verified and allowed to add login profiles into it. 3. Click Add.. to add logon profile for user who will access Remote Desktop with this YubiKey. For example: user name: User_name. Attached to domain domain.com (this part is optional) will be allowed to access remote desktop of Terminal Server ZED Please note ZED is terminal server computer where Rohos is installed. After adding logon profile it will appear in profiles list. Please note ++REGKEY is a special entry showing that this token is licensed with Rohos Logon key license. Rohos Logon Key Integration Guide. 6

YubiKey OTP configuration Open Rohos USB Key Admin and choose OTP verification method. Click on OTP options button. It s recommended to use Yubico OTP validation server: Rohos Logon Key Integration Guide. 7

Test Windows Remote Desktop logon On any client workstation open Remote Desktop connection program. On the Windows 2003 Remote Desktop screen you should see the following. Click on the green key icon to start login with YubiKey: On the Windows Vista/2008 Remote Desktop screen you should see the following: Click on the arrow icon to start login with YubiKey: In the Please touch your YubiKey ' dialog box touch your YubiKey: Rohos Logon Key Integration Guide. 8

It may fail to auto-enter at the end, so you need to hit Enter on the keyboard (this is MS RDC issue). The login should begin. Troubleshooting If you are experiencing authentication issues, please contact us. Our support person may ask you to send Rohos log files at c:\program Files\Rohos\ welcome.log, rohos_ui.log, yubico_mod_welcome.exe.log. credprov2.log If no traffic appears in the log files, it is possible that the Rohos Logon was not configured correctly. Problem USB Key manager doesn t show "Click here to Add new YubiKey..." and OTP setting buttons The dialog Please touch your YubiKey accepts OTP string and then opens again Demo USB Key has been found message appears Green Rohos icon is not visible in remote desktop logon screen Solution Open Rohos Logon Key > Options > and choose YubiKey in USB type list box. Restart USB Key admin. this Yubikey is not accepted for logon or OTP verification failed. Check OTP options dialog box. Enter valid OTP verification URL or AES key. It means there were no license keys added into USB Key Manager tool. Rohos Logon Key should be installed on the terminal server. Support contact: info@rohos.com Rohos Logon Key Integration Guide. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information