Remote Access option

Question

Hello!

In the recent wks a couple users are unable to log in remotely using VPN.
The Dial-In/Remote Access Permission is set to allow access when viewing thru Adaxes.
It's also correct when viewing through AD, however the user was/is unable to logon.

When we deny access and save. Then allow access and save via AD, the user is able to login.
When this is done via Adaxes, the user is unable to login.

We also checked the msNPAllowDialin in both circumstances and it was set to true.

Is there something else in Adaxes that should be checked for this option to work when modified via Adaxes?

Please advise.

Thanks!

Answer 1

Hello,

It is a known issue in Adaxes that we are going to address in the nearest future. The thing is that when you enable Dial-in for a user, Adaxes sets the msNPAllowDialin property to True, which is sufficient in most cases. However, from our recent findings, in certain cases, when enabling Dial-in for a user, it is also necessary to set the Remote Desktop Settings (userParameters) property to the following value:

m:                    d                               

To workaround the issue until a fix is available, you can enable users for dial-in with the help of a PowerShell script. You can create a separate Custom Command that enables user for dial-in or add the script to your existing Business Rules, Custom Commands and Scheduled Tasks that enable the user for dial-in.

To create a Custom Command that enables Dial-in for users:

1. Create a new Custom Command.

2. On the 2nd step of the Create Custom Command wizard, select the User object type.
   

3. On the 3rd step, add the Run a program or PowerShell script action and paste the following script:
   

    $strValue = "m:                    d                              " # TODO: modify me
   
    $binaryValue = [System.Text.Encoding]::UTF8.GetBytes($strValue)
    $Context.TargetObject.Put("msNPAllowDialin", $True)
    $Context.TargetObject.Put("userParameters", $binaryValue)
    $Context.TargetObject.SetInfo()

   The script above sets the msNPAllowDialin property to True, and also modifies the Remote Desktop Settings property.

Comments

Thanks. I'll give that a try.

---

hi-

This does not work. I've implemented the script but still unable to use VPN.

Please advise.

---

Hello,

To help us troubleshoot the issue, can you do the following:

1. Export a user that is not enabled for VPN to a LDIF file. For information on how to do this, see Exporting Directory Objects.
2. Enable the user for VPN using Adaxes and export to another LDIF file.
3. Enable the user for VPN using AD native functionality and export to one more LDIF file.
4. Send all the three files to our support e-mail (support@adaxes.com).

---

files sent.

---

It looks like in your case, another default value is set for the Remote Desktop Settings property. Use the following version of the script in your Custom Command:

$strValue = "m:                    d`t                        " # TODO: modify me

$binaryValue = [System.Text.Encoding]::UTF8.GetBytes($strValue)
$Context.TargetObject.Put("msNPAllowDialin", $True)
$Context.TargetObject.Put("userParameters", $binaryValue)
$Context.TargetObject.SetInfo()

---

this works!

Thank You