We are currently performing the initial installation of the PAM machines. However, when we attempt to connect to any machine after completing the provisioning correctly, we open the RDP file that is created, but the attached error appears.
It looks like this will require some investigation of the environment (settings on the target resource, NPS server activity/resource configuration, etc.). Can you please open a ticket with our Support Team so they can assist?
While you wait for support to help, some things that you can review:
For troubleshooting enable the Connection Profile option that allows users to view the Password in the UI, try connecting directly to your target with your RDP client and the user for the session.
Make sure the group you are adding the user to is allowed RDP access.
Review the Windows event logs, look for logon failures.
If you have multiple sites and your target resource is not in the same site as your PDCe, it may be an AD replication issue. New users are added to the PDCe, groups are updated on the PDCe. Replication between sites happens at slower intervals than between same-site DCs. Add the Run AD Replication for User step to your activity after adding the user to the group.
I enabled what you instructed, and I managed to connect via PAM (no RDP) without copying the password, and it worked on both machines! Then, I tried disabling the password visibility again, restarted the servers, and it still works.
Is it possible that toggling this option has unlocked something?
Additionally, I noticed that previously, when the issue was still present, the “SIEM Service” entry was red on the problematic machine; now it appears as follows: