トラブルシュート

トラブルシューティング

  1. サインイン時に下に示す[MFA Bypass(MFAバイパス)]画面が表示される場合、OktaでそのユーザーがMFAポリシーに含まれていることを確認してください。閉じたスクリーンショット

    MFAバイパス スクリーン

    注: App-SignOnポリシーは、Microsoft RDPアプリに関連する唯一のポリシーです。

  2. サインイン時に下に示す[Display Failed(ディスプレイに失敗しました)]という画面が表示されたら、以下を確認してください:閉じたスクリーンショット

    • クライアントID、クライアント シークレット、Okta URLが正しく設定されている。
    • Windowsサインインに入力されたユーザー名がOktaでのユーザー名に一致する。

  3. サーバーにRDPできない場合、下に示すように[System Properties(システムプロパティ)]画面でリモート接続を受け入れるようにセットアップされていることを確認してください。閉じたスクリーンショット

    [System Properties(システムプロパティ)]画面

  4. 下に示すようなSystem.Net.WebException画面が表示された場合:System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. . . .
    System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
    . . . 
    System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. 
    . . . 
    System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host.
    Cause is an older version of TLS, Required version is TLS 1.2.
    Open a PowerShell terminal as administrator and execute the following script:
    $is64bit = [IntPtr]::Size * 8 -eq 64
    Write-Host "Is 64-bit script: $is64bit"
    #helper function to check for if 0x800 bit is set
    function checkTls12Bit([Int] $regValue) {
        return ($regValue -band 0x800) -ne 0x800
    }
    
    function setRegKeyToBitValue([string] $regBranch, [string] $regKey) {
        $current = Get-ItemProperty -Path $regBranch
        $regValue = $current.$regKey
        if ($regValue -eq $null -or (checkTls12Bit $regValue) ) {
            if ($regValue -eq $null) {
    	        $regValue = 0x800
    	     } else	{
                 $regValue = $regValue -bor 0x800
     	     }
    
    	     $p = New-ItemProperty $regBranch -Name $regKey -PropertyType DWord -Value $regValue -ErrorAction Stop -Force
    	     Write-Host "Updated $regBranch\$regKey value to $regValue" 
    	     return $true
    	 }
    	Write-Host "$regBranch\$regKey value is $regValue. No change."
    	return $false
    }
    
    function setRegKeyToValueOfOne([string] $regBranch, [string] $regKey) {
        $current = Get-ItemProperty -Path $regBranch
    	if ($current.$regKey -ne 1) {
    		$p = New-ItemProperty $regBranch -Name $regKey -PropertyType DWord -Value 1 -ErrorAction Stop -Force
    		Write-Host "Updated $regBranch\$regKey value to 1"
    		return $true
    	 }
    	Write-Host "$regBranch\$regKey value is 1. No change."
    	return $false
    }
    
    #setup .net tls settings
    function setupTls4NET([boolean]$is64bit, [string]$regBranch, [string]$reg32bitBranch) {
    # https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls
        $updated = setRegKeyToValueOfOne $regBranch "SchUseStrongCrypto"
    	$updated = (setRegKeyToValueOfOne $regBranch "SystemDefaultTlsVersions") -or $updated
    
    	if ($is64bit) {
        	$updated = (setRegKeyToValueOfOne $reg32bitBranch "SchUseStrongCrypto") -or $updated
    		$updated = (setRegKeyToValueOfOne $reg32bitBranch "SystemDefaultTlsVersions") -or $updated
    	}
    
    	return $updated
    }							
    # https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed
    
    $version = Get-ItemProperty -Path "HKLM:\Software\Microsoft\NET Framework Setup\NDP\v4\Full" -Name Release
    # 394254 - .NET Framework 4.6.1, which is the current target of the installer
    if ($version.Release -ge 394254)  {
        $ev = [environment]::Version
    	$v = "v" + $ev.Major + "." + $ev.Minor + "." + $ev.Build
    	$updated = setupTls4NET $is64bit "HKLM:\SOFTWARE\Microsoft\.NETFramework\$v" "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\$v"
    # https://support.microsoft.com/en-ca/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in
    
    	$updated = (setRegKeyToBitValue "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" "DefaultSecureProtocols") -or $updated
    	$updated = (setRegKeyToBitValue "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" "SecureProtocols") -or $updated
    
    	# updated the 32-bit branches if we are on 64-bit machine
    	if ($is64bit) {
    		$updated = (setRegKeyToBitValue "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp" "DefaultSecureProtocols") -or $updated
    		$updated = (setRegKeyToBitValue "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings" "SecureProtocols") -or $updated
    	}
    
    	# current user settings
    	$updated = (setRegKeyToBitValue "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" "SecureProtocols") -or $updated
    
    	# local system account
    	$userSid = ".DEFAULT"
    	$updated = (setRegKeyToBitValue "Registry::HKEY_USERS\$userSid\Software\Microsoft\Windows\CurrentVersion\Internet Settings" "SecureProtocols") -or $updated
    
    	if ($updated) {
    		Write-Host "Done. Updated required settings."
    	}
    	else
    	{
    	    Write-Host "Done. No updates are required."
    	}
    }
    							else 
    							{
    							Write-Host "No changes were made. Your version of .NET Framework is earlier version than 4.6.1, please upgrade."
    }