Forum / Remote Desktop Manager Mac - Bug Report

Protected Users Security Group (AD)

  • Create an Issue
  • Cancel

Hello,

If the user account is added to the Protected Users group, it is impossible to authenticate using RDM. This problem does not exist on the version for Windows.

Application log:
[24.09.2018 11:39:09 - 5.5.1.0 64-bit]ERROR ERRCONNECT_ACCOUNT_RESTRICTION (0x00000017)

Session Log:
[12:05:25:027] [51640:07b4a000] [DEBUG][com.freerdp.channels.cliprdr.client] - VirtualChannelEntryEx
[12:05:25:027] [51640:07b4a000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[12:05:25:029] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - Enabling security layer negotiation: TRUE
[12:05:25:029] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - Enabling restricted admin mode: FALSE
[12:05:25:029] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - Enabling RDP security: TRUE
[12:05:25:029] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - Enabling TLS security: TRUE
[12:05:25:029] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - Enabling NLA security: TRUE
[12:05:25:029] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - Enabling NLA extended security: FALSE
[12:05:25:029] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_NLA
[12:05:25:029] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - Attempting NLA security
[12:05:26:034] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - RequestedProtocols: 3
[12:05:26:038] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - RDP_NEG_RSP
[12:05:26:038] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - selected_protocol: 2
[12:05:26:038] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_FINAL
[12:05:26:039] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - Negotiated NLA security
[12:05:26:039] [51640:07b4a000] [DEBUG][com.freerdp.core.nego] - nego_security_connect with PROTOCOL_NLA
[12:05:35:026] [51640:07b4a000] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExA
[12:05:35:027] [51640:07b4a000] [DEBUG][com.freerdp.core.nla] - nla_client_init 348 : packageName=Negotiate ; cbMaxToken=12256
[12:05:35:027] [51640:07b4a000] [DEBUG][com.freerdp.core.nla] - Sending Authentication Token
...
...
[12:05:35:028] [51640:07b4a000] [DEBUG][com.freerdp.core.nla] - CredSSP protocol support 6, peer supports 6
[12:05:35:029] [51640:07b4a000] [DEBUG][com.freerdp.core.nla] - Sending Authentication Token
...
...
[12:05:36:035] [51640:07b4a000] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_ACCOUNT_RESTRICTION [0x00020017]
[12:05:36:035] [51640:07b4a000] [ERROR][com.freerdp.core.rdp] - rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail
[12:05:36:035] [51640:07b4a000] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
[12:05:36:035] [51640:07b4a000] [DEBUG][com.freerdp.core.rdp] - transport_check_fds() - -1

For some reason, the debug in the profiler does not show anything:
Connection States: Refresh...
CreateConnectionStateDictionary : 0 ms
Connection States: Refresh : 5 ms

The problem disappears if you delete a user of their group.

App: Remote Desktop Manager Free (5.5.1.0)
RDP engine = Legacy
Activate sandboxing = True

Clock2 yrs

Hi,

We'll look into configuring a server on our side and I'll get back with you when I get more news.

Best regards,

Xavier Fortin

signaturesignature

Clock2 yrs

Hi,

After further investigation, at this moment, this seems to be a limitation with FreeRDP. We'll keep the issue opened, but this is unlikely to be fixed until further progress on the FreeRDP side.

Best regards,

Xavier Fortin

signaturesignature

Clock2 yrs

Hey Xavier,

Just for reference, I entered an upstream feature request with FreeRDP.

Thanks for pointing me in the right direction!

Clock10 mths

Hi,

Subscribed to it this instant.

Best regards,

Xavier Fortin

signaturesignature

Clock10 mths