Remote Desktop Double Authentication Causing Issues With Unattended Robot

News Knowledge Base
1

Why is not possible to run Unattended Robot, even after setting the "LoginToConsole" option to "No"?

As known, in a FreeRDP session, the UiPath Robot creates a virtual Remote Desktop session on the machine it runs. It is possible to have the Robot connect to a FreeRDP session by disabling the "LoginToConsole" option. If anything causes hindrance in the creation of this session, the Unattended Robot would not execute as expected.

Root Cause: One such issue is caused by RDP double authentication. This means that the Robot machine requires that he login credentials need to be provided twice.

Unfortunately, the Robot would not be able to handle this scenario and hence, mostly error out with the following exception:

"A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)"

Resolution: The double authentication needs to be disabled. This has to be handled from the system settings and is usually organization-specific.

One or more of the following settings can be potentially responsible for this, and would have to be modified to resolve the issue.

  • RSA:
    • Should be disabled
    • If the organization requires Windows Network Level Authentication (NLA) enabled, the NLA might not allow the Unattended Robots to login to the Robot servers

  • Group Policy Setting:
    • Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security > Always prompt for password upon connection = Disabled
    • Click Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client > Do not allow passwords to be saved = Disabled
    • Click Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client > Prompt for credentials on the client computer = Disabled

  • Registry Settings:
    • Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
      • fInheritAutoLogon = 1
    • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
      • fInheritAutoLogon = 1
    • Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
      • fPromptForPassword = 0
    • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\PromptForPassword
      • fPromptForPassword = 0