OS X 10.8.5 Unable to establish RDP - Error 131084

Hi,

When you turn off embedded mode do you set it to undock or external ?
If you set it to external and it doesn't work, there is a difference between the session you try to connect in Remote Desktop Manager and Microsoft Remote Desktop.

Hi,

I have the same problem.
It's alway when "Embedded", external it work's.

Thank You.

Hi,

The error number you get (131084) suggest an error with the security negotiation.
Since we don't pass any credential to the external app, it make sense.
To help me isolate the problem could you make a new session with only the host name configured?.

If this is working we'll look into the credential you have.

Thank you

Hi,

the same problem, but when I disable under the preferences „Manage RDP certificates internally“ it works.

Thank you.

Thank you d.metz you pointed me in the right direction.

The internal certificate validation didn't work properly.

It will be fixed in the next version

The next problem is, continues ping makes 4 pings.
I think continues ping makes infinitely pings.

Tank you.

Thanks for your responses Benoit, we tried the below to no avail. We are upgrading this machine to Yosemite to see if that makes a difference as it is currently working on our other Yosemite machine.

Yosemite resolved the issue, must have been something to do with 10.8.5.

Good news for your connection issue.

We will look into the continuous ping issue, it should ping indefinitely.

Thank you for your feedback.

Look here:

I have been having this issue for some time, and have resorted to using the MS version. I am already on Yosemity and the problem persists. I welcome suggestions. I would really like to use this app instead.

Hi,

The 131084 error is a security negotiation error. Most of the time our user get this error is when Network Level Authentication is activated.

To deactivate it you must go into your session configuration and uncheck the Network Level Authentication check box



Tell me if that resolve your issue
edited by mgoulet on 2/5/2015

Sorry for the long delay - yes that was the issue. Thank you.

Hi,


I have the same problem. I have tried disabling the SingleSignOn feature but the error did not has dissapeared.

Also, I've tried the not embedded connection and it did not rid out the error. If I choose External Connection it works.


I hope someone can help to fix this error.

Thanks.

Hi Luis,

The error number means that the security negotiation failed.
There could be a vast number of reasons that bring you to this error.

Are you using the latest version of Remote Desktop Manager ?
What version of windows are you trying to connect to ?
Is there a Gateway server, VPN or anything else between your mac and the distant computer?
Are you using a user/password or user/domain/password or anything else to authenticate?

Best Regards,

Hi Benoit,

I'm using the 3.0.2.0 version.
Trying to connect to W2K12 Enterprise Edition
There is not a gateway server or VPN
I'm using user/domain/password

The most strange is that some times the connection works and others times I get the error.

For example, at this moment I can connect to the server...I did not any change in the configuration, but it works now.

Thanks.

We now have options to log was is happening in an embedded RDP session.

You can configure it in the Advanced tab of your RDP session.

Simply put com.freerdp.*:debug in the filter field and the file you want in the File path.

Next time it fails send me the file i'll see if I can find what is going on

Thanks, Benoit.

I will configure the log. When the connection has failed I'll send you the log file.

Regards.

Did a resolution to this get published? I've just started using the Mac version of RDCM - I am getting this error specifically when trying to connect to RDP at AWS.

Hi Rodney,

No new fix were necessary to resolve those issue.
Did you try to activate or deactivate the Network Level Authentication?

If that didn't work for you, may I ask you to configure the log and send it to me in a private message?

Best Regards,

Benoit - I figured a way around my issue, imported the cert from the server.

Thanks

Great news!

Thank you for posting your solution

I'm getting this same error on OS X 10.11.4. I've tried disabling NLA and it doesn't change anything. I'm connecting to AWS. Microsoft RDP on the same machine connects immediately. I've enabled the log file so please let me know where I can send it.

Hi James,

You can send it to me in a private message.

Best Regards,

I am having the same issue with the most recent update. I did not have this issue before.
I also run a Windows 10 VM of the same client and do not have the issue at all. Something has broke on the Mac Client. In fact, If I export my same connections and import them on the window 10 side they work perfectly. Again, I did not have this issue prior to this latest 3.5.1 version. Nothing else had changed. Tried turning off NLM and on, no change.
Here is a log of the failure if that helps. I'm really in a bind here, any help would be appreciated.

[10:11:14:740] [737:b031d000] [INFO][com.freerdp.client.mac] -[MRDPIPCClient initLoggingWithFilter:filePath:fileName:] 117 - Log initialized headless
[10:11:14:741] [737:b031d000] [DEBUG][com.freerdp.client.mac] -[MRDPIPCClient configureInternal] 90 - configureInternal
[10:11:14:763] [737:b0421000] [DEBUG][com.freerdp.channels.cliprdr.client] cliprdr_VirtualChannelEntry 1362 - VirtualChannelEntry
[10:11:14:764] [737:b0421000] [INFO][com.freerdp.client.common.cmdline] freerdp_client_load_static_channel_addin 2368 - loading channel cliprdr
[10:11:14:764] [737:b0421000] [DEBUG][com.freerdp.core.nego] nego_set_negotiation_enabled 1186 - Enabling security layer negotiation: TRUE
[10:11:14:764] [737:b0421000] [DEBUG][com.freerdp.core.nego] nego_set_restricted_admin_mode_required 1198 - Enabling restricted admin mode: FALSE
[10:11:14:764] [737:b0421000] [DEBUG][com.freerdp.core.nego] nego_enable_rdp 1220 - Enabling RDP security: TRUE
[10:11:14:764] [737:b0421000] [DEBUG][com.freerdp.core.nego] nego_enable_tls 1232 - Enabling TLS security: TRUE
[10:11:14:764] [737:b0421000] [DEBUG][com.freerdp.core.nego] nego_enable_nla 1244 - Enabling NLA security: FALSE
[10:11:14:764] [737:b0421000] [DEBUG][com.freerdp.core.nego] nego_enable_ext 1256 - Enabling NLA extended security: FALSE
[10:11:14:764] [737:b0421000] [DEBUG][com.freerdp.core.nego] nego_connect 148 - state: NEGO_STATE_TLS
[10:11:14:764] [737:b0421000] [DEBUG][com.freerdp.core.nego] nego_attempt_tls 459 - Attempting TLS security
[10:11:14:072] [737:b0421000] [DEBUG][com.freerdp.client.mac] -[MRDPIPCClient validateX509Certificate:] 551 - validateX509Certificate
[10:11:14:142] [737:b0421000] [WARN][com.freerdp.core.gateway.http] http_response_recv 765 - http_response_recv: text/html unexpected body length: actual: 3151, expected: 1808
[10:11:14:142] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rdg] rdg_process_out_channel_response 352 - RDG not supported
[10:11:14:143] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_virtual_connection_transition_to_state 701 - VIRTUAL_CONNECTION_STATE_INITIAL
[10:11:14:456] [737:b0421000] [DEBUG][com.freerdp.client.mac] -[MRDPIPCClient validateX509Certificate:] 551 - validateX509Certificate
[10:11:14:457] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_in_channel_transition_to_state 421 - CLIENT_IN_CHANNEL_STATE_CONNECTED
[10:11:14:458] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_in_channel_transition_to_state 421 - CLIENT_IN_CHANNEL_STATE_SECURITY
[10:11:15:763] [737:b0421000] [DEBUG][com.freerdp.client.mac] -[MRDPIPCClient validateX509Certificate:] 551 - validateX509Certificate
[10:11:15:764] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_out_channel_transition_to_state 567 - CLIENT_OUT_CHANNEL_STATE_CONNECTED
[10:11:15:764] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_out_channel_transition_to_state 567 - CLIENT_OUT_CHANNEL_STATE_SECURITY
[10:11:15:764] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_in_channel_transition_to_state 421 - CLIENT_IN_CHANNEL_STATE_NEGOTIATED
[10:11:15:764] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rts] rts_send_CONN_B1_pdu 502 - Sending CONN/B1 RTS PDU
[10:11:15:764] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_in_channel_transition_to_state 421 - CLIENT_IN_CHANNEL_STATE_OPENED
[10:11:15:839] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_out_channel_transition_to_state 567 - CLIENT_OUT_CHANNEL_STATE_NEGOTIATED
[10:11:15:839] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rts] rts_send_CONN_A1_pdu 446 - Sending CONN/A1 RTS PDU
[10:11:15:839] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_out_channel_transition_to_state 567 - CLIENT_OUT_CHANNEL_STATE_OPENED
[10:11:15:839] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_virtual_connection_transition_to_state 701 - VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT
[10:11:15:918] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_virtual_connection_transition_to_state 701 - VIRTUAL_CONNECTION_STATE_WAIT_A3W
[10:11:15:120] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rts] rts_recv_CONN_A3_pdu 476 - Receiving CONN/A3 RTS PDU: ConnectionTimeout: 120000
[10:11:15:120] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_virtual_connection_transition_to_state 701 - VIRTUAL_CONNECTION_STATE_WAIT_C2
[10:11:15:120] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rts] rts_recv_CONN_C2_pdu 544 - Receiving CONN/C2 RTS PDU: ConnectionTimeout: 120000 ReceiveWindowSize: 65536
[10:11:15:120] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_virtual_connection_transition_to_state 701 - VIRTUAL_CONNECTION_STATE_OPENED
[10:11:15:120] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_client_transition_to_state 173 - RPC_CLIENT_STATE_ESTABLISHED
[10:11:15:120] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_send_bind_pdu 123 - Sending Bind PDU
[10:11:15:120] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_client_transition_to_state 173 - RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK
[10:11:15:324] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_recv_bind_ack_pdu 318 - Receiving BindAck PDU
[10:11:15:324] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_send_rpc_auth_3_pdu 355 - Sending RpcAuth3 PDU
[10:11:15:324] [737:b0421000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_client_transition_to_state 173 - RPC_CLIENT_STATE_CONTEXT_NEGOTIATED
[10:11:15:324] [737:b0421000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyCreateTunnelWriteRequest 190 - TsProxyCreateTunnelWriteRequest
[10:11:15:324] [737:b0421000] [DEBUG][com.freerdp.core.gateway.tsg] tsg_transition_to_state 1296 - TSG_STATE_INITIAL
[10:11:15:526] [737:b0421000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyCreateTunnelReadResponse 331 - TsProxyCreateTunnelReadResponse
[10:11:15:526] [737:b0421000] [DEBUG][com.freerdp.core.gateway.tsg] tsg_transition_to_state 1296 - TSG_STATE_CONNECTED
[10:11:15:526] [737:b0421000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyAuthorizeTunnelWriteRequest 645 - TsProxyAuthorizeTunnelWriteRequest
[10:11:16:730] [737:b0421000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyAuthorizeTunnelReadResponse 704 - TsProxyAuthorizeTunnelReadResponse
[10:11:16:730] [737:b0421000] [DEBUG][com.freerdp.core.gateway.tsg] tsg_transition_to_state 1296 - TSG_STATE_AUTHORIZED
[10:11:16:730] [737:b0421000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyMakeTunnelCallWriteRequest 819 - TsProxyMakeTunnelCallWriteRequest
[10:11:16:730] [737:b0421000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyCreateChannelWriteRequest 1014 - TsProxyCreateChannelWriteRequest
[10:11:16:933] [737:b0421000] [ERROR][com.freerdp.core.gateway.rpc] rpc_recv_fault_pdu 321 - RPC Fault PDU:
[10:11:16:933] [737:b0421000] [ERROR][com.freerdp.core.gateway.rpc] rpc_recv_fault_pdu 328 - status: RPC_S_INVALID_TAG (0x000006C5)
[10:11:16:933] [737:b0421000] [ERROR][com.freerdp.core.gateway.tsg] tsg_connect 1760 - tsg_check failure
[10:11:16:933] [737:b0421000] [ERROR][com.freerdp.core.nego] nego_connect 154 - Protocol Security Negotiation Failure
[10:11:16:933] [737:b0421000] [ERROR][com.freerdp.core] freerdp_set_last_error 692 - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x2000C]
[10:11:16:933] [737:b0421000] [ERROR][com.freerdp.core.connection] rdp_client_connect 275 - Error: protocol security negotiation or connection failure
[10:11:16:933] [737:b0421000] [DEBUG][com.freerdp.client.mac] -[MRDPIPCClient viewDidConnect:] 401 - viewDidConnect
[10:11:16:440] [737:a4197000] [DEBUG][com.freerdp.client.mac] __39-[MRDPClient invalidatePasteboardTimer]_block_invoke 132 - timer stop

@James: We use a third party for the embedded rdp sessions named FreeRDP. In your case it's trying to create a folder named in /Users/you/.config/ and fails. May I ask you to check your permission on this folder?

@Matthew: There were a few minor changes in the Gateway credentials in 3.5.1.0. Do you mind trying with 3.5.0.0
http://cdn.devolutions.net/download/Mac/Devolutions.RemoteDesktopManager.Mac.3.5.0.0.dmg

Best Regards,

@Benoit: Give it a try, noting, same issue. I even had a prior version in my download folder, 3.0.10, and that didnt work either.
I got to thinking. As I said, if i use the Microsoft RDP client, with TS gateway and same server, works just fine. Take the connection and export it from the Mac client, import it on the WIn10 client, and it works perfectly.
The thought was sometime in the last few weeks Apple released a security patch so I wonder if that might be something to check into, you can find the latest release here: https://support.apple.com/en-us/HT206167
I'm really stumped, I tried importing and trusting directly the certs, turn off and on NLA on the servers I connect to, no luck anywhere.

Old version: removed the cert data:

[15:07:53:607] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_in_channel_transition_to_state 421 - CLIENT_IN_CHANNEL_STATE_CONNECTED
[15:07:53:607] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_in_channel_transition_to_state 421 - CLIENT_IN_CHANNEL_STATE_SECURITY
[15:07:54:943] [2701:b039f000] [DEBUG][com.freerdp.client.mac] -[MRDPIPCClient validateX509Certificate:] 551 - validateX509Certificate
[15:07:54:944] [2701:b039f000] [ERROR][com.freerdp.crypto] tls_verify_certificate 1114 - (length = 1915) status: 1

-----BEGIN CERTIFICATE-----
removed
-----END CERTIFICATE-----

[15:07:54:944] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_out_channel_transition_to_state 567 - CLIENT_OUT_CHANNEL_STATE_CONNECTED
[15:07:54:944] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_out_channel_transition_to_state 567 - CLIENT_OUT_CHANNEL_STATE_SECURITY
[15:07:54:944] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_in_channel_transition_to_state 421 - CLIENT_IN_CHANNEL_STATE_NEGOTIATED
[15:07:54:944] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rts] rts_send_CONN_B1_pdu 502 - Sending CONN/B1 RTS PDU
[15:07:54:944] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_in_channel_transition_to_state 421 - CLIENT_IN_CHANNEL_STATE_OPENED
[15:07:54:036] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_out_channel_transition_to_state 567 - CLIENT_OUT_CHANNEL_STATE_NEGOTIATED
[15:07:54:036] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rts] rts_send_CONN_A1_pdu 446 - Sending CONN/A1 RTS PDU
[15:07:54:036] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_out_channel_transition_to_state 567 - CLIENT_OUT_CHANNEL_STATE_OPENED
[15:07:54:036] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_virtual_connection_transition_to_state 701 - VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT
[15:07:54:122] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_virtual_connection_transition_to_state 701 - VIRTUAL_CONNECTION_STATE_WAIT_A3W
[15:07:54:318] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rts] rts_recv_CONN_A3_pdu 476 - Receiving CONN/A3 RTS PDU: ConnectionTimeout: 120000
[15:07:54:318] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_virtual_connection_transition_to_state 701 - VIRTUAL_CONNECTION_STATE_WAIT_C2
[15:07:54:318] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rts] rts_recv_CONN_C2_pdu 544 - Receiving CONN/C2 RTS PDU: ConnectionTimeout: 120000 ReceiveWindowSize: 65536
[15:07:54:318] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_virtual_connection_transition_to_state 701 - VIRTUAL_CONNECTION_STATE_OPENED
[15:07:54:318] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_client_transition_to_state 173 - RPC_CLIENT_STATE_ESTABLISHED
[15:07:54:318] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_send_bind_pdu 123 - Sending Bind PDU
[15:07:54:318] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_client_transition_to_state 173 - RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK
[15:07:54:537] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_recv_bind_ack_pdu 318 - Receiving BindAck PDU
[15:07:54:537] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_send_rpc_auth_3_pdu 355 - Sending RpcAuth3 PDU
[15:07:54:537] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.rpc] rpc_client_transition_to_state 173 - RPC_CLIENT_STATE_CONTEXT_NEGOTIATED
[15:07:54:537] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyCreateTunnelWriteRequest 190 - TsProxyCreateTunnelWriteRequest
[15:07:54:537] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] tsg_transition_to_state 1296 - TSG_STATE_INITIAL
[15:07:55:756] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyCreateTunnelReadResponse 331 - TsProxyCreateTunnelReadResponse
[15:07:55:756] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] tsg_transition_to_state 1296 - TSG_STATE_CONNECTED
[15:07:55:756] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyAuthorizeTunnelWriteRequest 645 - TsProxyAuthorizeTunnelWriteRequest
[15:07:55:974] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyAuthorizeTunnelReadResponse 704 - TsProxyAuthorizeTunnelReadResponse
[15:07:55:974] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] tsg_transition_to_state 1296 - TSG_STATE_AUTHORIZED
[15:07:55:974] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyMakeTunnelCallWriteRequest 819 - TsProxyMakeTunnelCallWriteRequest
[15:07:55:975] [2701:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyCreateChannelWriteRequest 1014 - TsProxyCreateChannelWriteRequest
[15:07:55:177] [2701:b039f000] [ERROR][com.freerdp.core.gateway.rpc] rpc_recv_fault_pdu 321 - RPC Fault PDU:
[15:07:55:177] [2701:b039f000] [ERROR][com.freerdp.core.gateway.rpc] rpc_recv_fault_pdu 328 - status: RPC_S_INVALID_TAG (0x000006C5)
[15:07:55:177] [2701:b039f000] [ERROR][com.freerdp.core.gateway.tsg] tsg_connect 1760 - tsg_check failure
[15:07:55:178] [2701:b039f000] [ERROR][com.freerdp.core.nego] nego_connect 154 - Protocol Security Negotiation Failure
[15:07:55:178] [2701:b039f000] [ERROR][com.freerdp.core] freerdp_set_last_error 680 - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x2000C]
[15:07:55:178] [2701:b039f000] [ERROR][com.freerdp.core.connection] rdp_client_connect 275 - Error: protocol security negotiation or connection failure
[15:07:55:178] [2701:b039f000] [DEBUG][com.freerdp.client.mac] -[MRDPIPCClient viewDidConnect:] 401 - viewDidConnect
[15:07:56:737] [2701:a4197000] [DEBUG][com.freerdp.client.mac] __39-[MRDPClient invalidatePasteboardTimer]_block_invoke 132 - timer stop

Thank you for the information Matthew I will look into it.

@Matthew: The RDP client in Mac and Windows are not the same. On the Windows version we use a component distributed by Microsoft and on the Mac version we use a third party named FreeRDP.
From what we can see in your log your server is sending us a response that we can't decrypt.
What is your Gateway server version?
Did you update it recently?

Best Regards

@bsansregret I get access denied on the .config folder. I am an administrator on this machine.

@James Mayes:Even though you are administrator of your computer it doesn't gives you automatically access to every thing.
I have verified with a few of my colleagues and everybody has access to the .config folder. I don't know why you don't have access to the folder and I would suggest that you had access to folder to your user.

Best Regards,

What is your Gateway server version?
The gateways actually consist of a single 2008R2 Server and a 2012R2 server, behind a TMG that load balances the connections between the two. We have a few ways to test the connectivity through the TMG via url that prompts from user/pass, as well as being able to view or verify the certificate via the browser, all seems in working order and using any other client connect seems to be fine.

Did you update it recently?
No updates to speak of recently to the Gateway or servers attempting to connect through. Other than the update to the macbook i spoke of earlier.

I went back and started over, 3.5.1 and created a whole new connection for both the attempted RDP server connection object and the TS Gateway object, and the results were the same:

[10:42:05:559] [4763:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] tsg_transition_to_state 1296 - TSG_STATE_AUTHORIZED
[10:42:05:559] [4763:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyMakeTunnelCallWriteRequest 819 - TsProxyMakeTunnelCallWriteRequest
[10:42:05:559] [4763:b039f000] [DEBUG][com.freerdp.core.gateway.tsg] TsProxyCreateChannelWriteRequest 1014 - TsProxyCreateChannelWriteRequest
[10:42:06:763] [4763:b039f000] [ERROR][com.freerdp.core.gateway.rpc] rpc_recv_fault_pdu 321 - RPC Fault PDU:
[10:42:06:763] [4763:b039f000] [ERROR][com.freerdp.core.gateway.rpc] rpc_recv_fault_pdu 328 - status: RPC_S_INVALID_TAG (0x000006C5)
[10:42:06:763] [4763:b039f000] [ERROR][com.freerdp.core.gateway.tsg] tsg_connect 1760 - tsg_check failure
[10:42:06:763] [4763:b039f000] [ERROR][com.freerdp.core.nego] nego_connect 154 - Protocol Security Negotiation Failure
[10:42:06:763] [4763:b039f000] [ERROR][com.freerdp.core] freerdp_set_last_error 692 - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x2000C]
[10:42:06:763] [4763:b039f000] [ERROR][com.freerdp.core.connection] rdp_client_connect 275 - Error: protocol security negotiation or connection failure
[10:42:06:763] [4763:b039f000] [DEBUG][com.freerdp.client.mac] -[MRDPIPCClient viewDidConnect:] 401 - viewDidConnect
[10:42:06:281] [4763:a4197000] [DEBUG][com.freerdp.client.mac] __39-[MRDPClient invalidatePasteboardTimer]_block_invoke 132 - timer stop

I'm pretty stumped. I'd love to say the gateway's goofed up, but I come at it with anything else, including the roughly 50 others using it, doesnt seem to be the case.

@Matthew Grimes: We never tested our RDP connection behind a TMG server.

From what we see it might be caused by the conjunction of your load balancer and the 2008R2 server.
One possible work around is to add a rule to your load balancer to send all RDP session to the 2012R2 server and Force the Transport to Http


We need your help to resolve the issue. If you are able to provide us access to one of your server it would greatly help us debug and fix the issue. I understand that it might not be possible.

The second option to help us fix the issue is to provide us with as much information as possible for us to reproduce your environment:
- Server OS and version.
- What do you use as TMG server?
- Online guide as to how you have configured the TMG server.
-Anything else that might help us understand what might affect the network traffic.

If any of the information I ask of seem to sensitive to post on the forum feel free to send me a private message or an email at bsansregret@devolutions.net

Best Regards

@benoit I was able to give my user account read/write access and your application works perfectly now. Thanks!

Great news James glad I could help

I was able to resolve this on the server side. Because the internal server cert is not trusted, NLA will fail with external connections that do not trust the internal domain cert. Disabling "Allow connections only from computers running Remote Desktop with Network Level Authentication" on the remote server resolved it for me.