Devolutions ForumDevolutions Forum

Security Negotiation Error

Security Negotiation Error

avatar
jray
Disabled


I have a application vendor that provides desktops via an AWS hosted RDS Farm. We access the system through an RD Gateway and everything works fine for windows users. I cannot connect to this RDgateway using Remote Desktop Manager for Mac or Microsoft Remote Desktop for Mac. Here is the error that RDM throws when attempting to connect. ERROR ERRCONNECT_SECURITY_NEGO CONNECT FAILED (0x0000000C).

I have tried swapping the engine in combination with turning of NLA

Any help would be appreciated.

Thanks,

Josh

All Comments (3)

avatar
Xavier Fortin


Hi Josh,

Could you get us the session logs?

You can enable session logging for RDP entries via the Help -> Session Logs window (top left button). Just run your session again and the log should appear in the Session Logs window.

Could you provide the logs with both the NLA settings enabled and disabled? You will need to get the log twice from the Session Logs window as it gets cleared for each connection to the same entries.

Best regards,

Xavier Fortin

avatar
jray


With NLA enabled


[10:35:37:550] [38486:03f4b000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[10:35:37:550] [38486:03f4b000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[10:35:37:550] [38486:03f4b000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMJump
[10:35:37:550] [38486:03f4b000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMCmd
[10:35:37:550] [38486:03f4b000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMLog
[10:35:37:550] [38486:03f4b000] [DEBUG][com.freerdp.channels.cliprdr.client] - VirtualChannelEntryEx
[10:35:37:550] [38486:03f4b000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[10:35:37:550] [38486:03f4b000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:35:37:550] [38486:03f4b000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:35:37:550] [38486:03f4b000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:35:37:782] [38486:03f4b000] [DEBUG][com.freerdp.primitives] - primitives benchmark result:
[10:35:37:948] [38486:03f4b000] [DEBUG][com.freerdp.primitives] - * generic= 14
[10:35:38:100] [38486:03f4b000] [DEBUG][com.freerdp.primitives] - * optimized= 88
[10:35:38:100] [38486:03f4b000] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized
[10:35:38:105] [38486:03f4b000] [DEBUG][com.freerdp.core.nego] - Enabling security layer negotiation: TRUE
[10:35:38:105] [38486:03f4b000] [DEBUG][com.freerdp.core.nego] - Enabling restricted admin mode: FALSE
[10:35:38:105] [38486:03f4b000] [DEBUG][com.freerdp.core.nego] - Enabling RDP security: TRUE
[10:35:38:105] [38486:03f4b000] [DEBUG][com.freerdp.core.nego] - Enabling TLS security: TRUE
[10:35:38:105] [38486:03f4b000] [DEBUG][com.freerdp.core.nego] - Enabling NLA security: TRUE
[10:35:38:105] [38486:03f4b000] [DEBUG][com.freerdp.core.nego] - Enabling NLA extended security: FALSE
[10:35:38:105] [38486:03f4b000] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_NLA
[10:35:38:105] [38486:03f4b000] [DEBUG][com.freerdp.core.nego] - Attempting NLA security
[10:35:38:107] [38486:03f4b000] [INFO][com.freerdp.core] - freerdp_set_last_error resetting error state
[10:35:38:107] [38486:03f4b000] [DEBUG][com.freerdp.core] - connecting to peer **********
[10:35:38:243] [38486:03f4b000] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExA
[10:35:38:339] [38486:03f4b000] [DEBUG][com.freerdp.core.gateway.rdg] - RDG_OUT_DATA authorization result: 502
[10:35:38:339] [38486:03f4b000] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[10:35:38:339] [38486:03f4b000] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[10:35:38:339] [38486:03f4b000] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure
[10:35:38:781] [38487:03b30000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[10:35:38:781] [38487:03b30000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[10:35:38:781] [38487:03b30000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMJump
[10:35:38:781] [38487:03b30000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMCmd
[10:35:38:781] [38487:03b30000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMLog
[10:35:38:781] [38487:03b30000] [DEBUG][com.freerdp.channels.cliprdr.client] - VirtualChannelEntryEx
[10:35:38:781] [38487:03b30000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[10:35:38:781] [38487:03b30000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:35:38:781] [38487:03b30000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:35:38:781] [38487:03b30000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:35:38:015] [38487:03b30000] [DEBUG][com.freerdp.primitives] - primitives benchmark result:
[10:35:39:186] [38487:03b30000] [DEBUG][com.freerdp.primitives] - * generic= 14
[10:35:39:339] [38487:03b30000] [DEBUG][com.freerdp.primitives] - * optimized= 137
[10:35:39:339] [38487:03b30000] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized
[10:35:39:341] [38487:03b30000] [DEBUG][com.freerdp.core.nego] - Enabling security layer negotiation: TRUE
[10:35:39:341] [38487:03b30000] [DEBUG][com.freerdp.core.nego] - Enabling restricted admin mode: FALSE
[10:35:39:341] [38487:03b30000] [DEBUG][com.freerdp.core.nego] - Enabling RDP security: TRUE
[10:35:39:341] [38487:03b30000] [DEBUG][com.freerdp.core.nego] - Enabling TLS security: TRUE
[10:35:39:341] [38487:03b30000] [DEBUG][com.freerdp.core.nego] - Enabling NLA security: FALSE
[10:35:39:341] [38487:03b30000] [DEBUG][com.freerdp.core.nego] - Enabling NLA extended security: FALSE
[10:35:39:341] [38487:03b30000] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_TLS
[10:35:39:341] [38487:03b30000] [DEBUG][com.freerdp.core.nego] - Attempting TLS security
[10:35:39:343] [38487:03b30000] [INFO][com.freerdp.core] - freerdp_set_last_error resetting error state
[10:35:39:343] [38487:03b30000] [DEBUG][com.freerdp.core] - connecting to peer *********
[10:35:39:488] [38487:03b30000] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExA
[10:35:39:625] [38487:03b30000] [DEBUG][com.freerdp.core.gateway.rdg] - RDG_OUT_DATA authorization result: 502
[10:35:39:625] [38487:03b30000] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[10:35:39:625] [38487:03b30000] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]

[10:35:39:625] [38487:03b30000] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure

With NLA Disabled

[10:37:51:868] [38662:05bde000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[10:37:51:868] [38662:05bde000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[10:37:51:868] [38662:05bde000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMJump
[10:37:51:868] [38662:05bde000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMCmd
[10:37:51:868] [38662:05bde000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMLog
[10:37:51:868] [38662:05bde000] [DEBUG][com.freerdp.channels.cliprdr.client] - VirtualChannelEntryEx
[10:37:51:868] [38662:05bde000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[10:37:51:868] [38662:05bde000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:37:51:868] [38662:05bde000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:37:51:868] [38662:05bde000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:37:52:098] [38662:05bde000] [DEBUG][com.freerdp.primitives] - primitives benchmark result:
[10:37:52:263] [38662:05bde000] [DEBUG][com.freerdp.primitives] - * generic= 14
[10:37:52:415] [38662:05bde000] [DEBUG][com.freerdp.primitives] - * optimized= 89
[10:37:52:415] [38662:05bde000] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized
[10:37:52:419] [38662:05bde000] [DEBUG][com.freerdp.core.nego] - Enabling security layer negotiation: TRUE
[10:37:52:419] [38662:05bde000] [DEBUG][com.freerdp.core.nego] - Enabling restricted admin mode: FALSE
[10:37:52:419] [38662:05bde000] [DEBUG][com.freerdp.core.nego] - Enabling RDP security: TRUE
[10:37:52:419] [38662:05bde000] [DEBUG][com.freerdp.core.nego] - Enabling TLS security: TRUE
[10:37:52:419] [38662:05bde000] [DEBUG][com.freerdp.core.nego] - Enabling NLA security: FALSE
[10:37:52:419] [38662:05bde000] [DEBUG][com.freerdp.core.nego] - Enabling NLA extended security: FALSE
[10:37:52:419] [38662:05bde000] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_TLS
[10:37:52:419] [38662:05bde000] [DEBUG][com.freerdp.core.nego] - Attempting TLS security
[10:37:52:475] [38662:05bde000] [INFO][com.freerdp.core] - freerdp_set_last_error resetting error state
[10:37:52:475] [38662:05bde000] [DEBUG][com.freerdp.core] - connecting to peer **********
[10:37:52:623] [38662:05bde000] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExA
[10:37:52:724] [38662:05bde000] [DEBUG][com.freerdp.core.gateway.rdg] - RDG_OUT_DATA authorization result: 502
[10:37:52:724] [38662:05bde000] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[10:37:52:724] [38662:05bde000] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[10:37:52:725] [38662:05bde000] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure
[10:37:53:157] [38663:09e3a000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[10:37:53:158] [38663:09e3a000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[10:37:53:158] [38663:09e3a000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMJump
[10:37:53:158] [38663:09e3a000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMCmd
[10:37:53:158] [38663:09e3a000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx RDMLog
[10:37:53:158] [38663:09e3a000] [DEBUG][com.freerdp.channels.cliprdr.client] - VirtualChannelEntryEx
[10:37:53:158] [38663:09e3a000] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[10:37:53:158] [38663:09e3a000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:37:53:158] [38663:09e3a000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:37:53:158] [38663:09e3a000] [ERROR][com.freerdp.channels.virtual.channel] - Unhandled event type 0
[10:37:53:381] [38663:09e3a000] [DEBUG][com.freerdp.primitives] - primitives benchmark result:
[10:37:53:558] [38663:09e3a000] [DEBUG][com.freerdp.primitives] - * generic= 13
[10:37:53:709] [38663:09e3a000] [DEBUG][com.freerdp.primitives] - * optimized= 135
[10:37:53:709] [38663:09e3a000] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized
[10:37:53:711] [38663:09e3a000] [DEBUG][com.freerdp.core.nego] - Enabling security layer negotiation: TRUE
[10:37:53:711] [38663:09e3a000] [DEBUG][com.freerdp.core.nego] - Enabling restricted admin mode: FALSE
[10:37:53:711] [38663:09e3a000] [DEBUG][com.freerdp.core.nego] - Enabling RDP security: TRUE
[10:37:53:711] [38663:09e3a000] [DEBUG][com.freerdp.core.nego] - Enabling TLS security: TRUE
[10:37:53:711] [38663:09e3a000] [DEBUG][com.freerdp.core.nego] - Enabling NLA security: TRUE
[10:37:53:711] [38663:09e3a000] [DEBUG][com.freerdp.core.nego] - Enabling NLA extended security: FALSE
[10:37:53:711] [38663:09e3a000] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_NLA
[10:37:53:711] [38663:09e3a000] [DEBUG][com.freerdp.core.nego] - Attempting NLA security
[10:37:53:713] [38663:09e3a000] [INFO][com.freerdp.core] - freerdp_set_last_error resetting error state
[10:37:53:713] [38663:09e3a000] [DEBUG][com.freerdp.core] - connecting to peer *********
[10:37:53:846] [38663:09e3a000] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExA
[10:37:53:940] [38663:09e3a000] [DEBUG][com.freerdp.core.gateway.rdg] - RDG_OUT_DATA authorization result: 502
[10:37:53:940] [38663:09e3a000] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[10:37:53:940] [38663:09e3a000] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[10:37:53:940] [38663:09e3a000] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure

avatar
Xavier Fortin


Hi Josh,

With both NLA on and off, we can see that the gateway result is 502 (which is the "Bad Gateway" error). I'm not that familiar with RDP Gateways so I can only provide limited insight. But usually, if it does not work in MSRDP for Mac, this would point to a problem with the server itself. Is your server somehow refusing access from some host?

Best regards,

Xavier Fortin