Forum / Remote Desktop Manager - Support

SSL/TLS Connections Not Working from RDM, but DO Work Using Windows RDP Client

  • Create an Issue
  • Cancel

I have been trying to enable SSL/TLS connections on RDP for our hosting server farm. I deploy a certificate from our internal CA using GPO, with settings to enable NLA and require high security from the client. This works just fine with the Windows RDP client from a station that is outside the hosting domain. But RDM refuses to make the connection and perpetually prompts for credentials.

Curiously, we have enabled SSL/TLS for a collection of servers that are accessed via a jump host (with RDM installed). These connections work fine!

I have tried fiddling with the advanced connection properties on the RDM session object: CredSSP support, public mode... Nothing works.

I'm at my wits end. Any ideas?

-Matthew

Clock2 mths

Hello,

Thanks for reaching to Devolutions Support

What version of RDM are you using?
Have you tried with the Display : External setting?
Did you enable the "Activate Network Level Authentication" in the Connection Tab?

Thanks for letting us know.

Best rRegards,



Alex Belisle

signaturesignature

Clock2 mths

Hi Alex. Yes, I did try both of those options. Neither have proven successful.

Using v 2019.2.22.0 64-bit, by the way.

Clock2 mths

Hello,

Thanks for your quick response.

Can you test different RDP Engines? (session's property -> General Section -> Advanced -> RDP Version)
Would it be possible that you have Credentials in the Credential Manager of Windows that could interfere? (Just clear them if so)
Does it work outside of RDM with a regular RDP Connection? if so, can you save its setting and import it in RDM, we'll test them then, compare the result and apply what's missing...
To Import RDP, simply right clieck in your navigation pane -> Import -> Import Sessions From -> RDP Configuration File (.rdp).

Thanks for letting us know!


Best regards,



Alex Belisle

signaturesignature

Clock2 mths

Thanks Alex.

I think this problem is due to my inexperience in using SSL/TLS to secure RDP connections in remote domains.

It turns out that I had set up the RDM connection using the IP address, but I had used the DNS FQDN in the Windows client. When I change the RDM host to use the FQDN, it works fine.

Ok, I get that you would need to use an FQDN when securing RDP with a cert. But then, why is it that our connections to a network segment that are made via a jump host with RDM installed, and which use an IP address for the host, work just fine? What could the difference be?

Clock2 mths

Hello,

Indeed using IP address for certificates can cause errors. As you may know, utilization of certificate has more than one purpose, like encrypting the communication for once, but also protect the client, in that case certify that RDP Client is connecting to the legitimate server. This helps protecting you from Man-In-The-Middle attacks for example.
RDP Client can be set to ignore certificate errors, and so RDM RDP Client.
RDM will use MS RDP for external mode RDCMan Active X or FreeRDP for embedded / undocked mode. All these component can support / ignore certificate verification. This setting is found in the General Section -> Connection Tab.

I hope this helps!


Best regards,



Alex Belisle

signaturesignature

Clock2 mths