RDP Session returns 0 for $DYNAMIC_PORT$ no matter what

Hello,

Thank you for reaching out to Devolutions Support.

Could you please send us a video of the issue so we can fully understand it? I will send you a link via email for uploading the video.

Best regards,

I would need to set up a separate environment in order to be able to record footage of the specific use-case in action -- but, the explanation for the use-case was more to demonstrate that there's a legitimate reason for needing this to work.

You can easily/simply reproduce the behavior if you create a RDP Session entry and configured Advanced > Custom host port. $DYNAMIC_PORT$ always returns 0, and any other numeric value here works as expected.

A quick search of the forum shows a similar issue has been previously reported for SSH VPN (Tunnel) entries: https://forum.devolutions.net/topics/30488/dynamic-port--is-always-0

My approach of using $DYNAMIC_PORT$ for RDP Session more or less is an attempt to address a requirement where I need to allocate a random port for an RDP session dynamically, each time the session is launched. This is because of multiple users logged onto a Remote Desktop Session Host, and if we all attempted to use the AWS SSM module to open the localhost port redirect for RDPing to AWS EC2's, then there would be port conflicts.

RDP Session has the option to use the 'Default' port, a specific port, or pick a free port from the "port generator" interface; if it's simpler for Devolutions to implement a "dynamic port" option for RDP Session entries that allocates an available port at the time of session connect, which could then be used by Macros or Scripts by $PORT$ or $HOST_PORT$ on enry connection events (beofre/after open actions, etc), then this would also address the issue.

Hello,

Upon reviewing the situation, I wanted to clarify that the `$DYNAMIC_PORT$` variable is designed to work specifically with SSH VPN entries that have dynamic port configurations. When used outside of that context, such as with RDP sessions, it will always return 0.

Currently, `$DYNAMIC_PORT$` is not supported for dynamically assigning ports in RDP sessions.

I will put this tread to the feature request forum so the developers can review it and consider potential implementations.

Best regards,

When used outside of that context, such as with RDP sessions, it will always return 0.

That doesn't seem to be the case, though. When used on a Host entry, which has an Event configured to run a "Before Open" action linked to a PowerShell script (entry type of "PowerShell Script (local) (Macro/Script/Tool)", $DYNAMIC_PORT$ is passed-through to the script variables without issue.

So in the instance of using AWS SSM to open the localhost port redirect to an EC2 instance, $DYNAMIC_PORT$ being passed as a parameter to the script does work, and a random port gets used for the AWS SSM session. When the Host entry then launches its linked session template, which happens to be an RDP Session in this instance, RDP Session doesn't get or isn't able to read(?) the variable from $DYNAMIC_PORT$, and returns 0 instead.

If it helps, the Host entry's "Before open" action links to the aforementioned PowerShell script and has "Wait for exit" ticked. The Host entry can have $DYNAMIC_PORT$configured either as a Custom variable, or in the Advanced > Custom host port variable. The script is an Embedded script which inherits the Custom variables of the Host entry; so the parameters are $CUSTOM_FIELD1$, $CUSTOM_FIELD2$, etc. The resulting PowerShell script is a simple one-liner that looks like:

aws ssm start-session --region {1} --profile {2} --target {3} --document-name AWS-StartPortForwardingSession --parameters portNumber="3389",localPortNumber="{4}"

The session window for this PowerShell script once executed actually stays open, because the port redirection exists until the PowerShell session exits. It's in this session window for PS that I can see the random port is actually being used and AWS SSM is waiting for a connection on that port. To tie things together, the RDP Session entry needs to connect to the port the AWS SSM command opened to the EC2 instance.

If $DYNAMIC_PORT$ can be passed-through to a PowerShell script, which I could also use to invoke mstsc and start an RDP Session manually (though not ideal since it wouldn't be an RDM session), I don't see why the RDP Session entry in RDM shouldn't also be able to interpret the value for $DYNAMIC_PORT$ if a PowerShell script can, even if it's supposed to be for an SSH VPN like you said. I get that there is no real purpose for an RDP Session entry on its own to be able to use a dynamic port on its own, but it at least should not ignore/return 0 when inheriting it from a linked Host entry.

I hope the use-case/scenario makes sense. If I can clarify anything else let me know.

Hello,

Would it be possible for you to recreate this setup with dummy data and export it to RDM format to send to us? I think having this to assist your description would make it easier for us to grasp how to recreate this internally, as well as finding what part of the resolving fails and what the best solution would be.

I will send you a link through private messaging so you can safely send us this information.

Regards,

I have done a little more testing today and have found that when using PowerShell Script (local), running as a linked Macro on Host entry's "Before open" event action, $DYNAMIC_PORT$actually working and getting passed through with a value when using aws ssm start-session seems to be the exception and not the norm.

This is with AWS Command Line Interface v2 and Session Manager Plugin applications installed, so aws would actually be calling aws.exe, though it's still within a PowerShell session. As previously mentioned, the PowerShell script/command is a one-liner that looks like:

aws ssm start-session --region {1} --profile {2} --target {3} --document-name AWS-StartPortForwardingSession --parameters portNumber="3389",localPortNumber="{4}"

For whatever reason, $DYNAMIC_PORT$ has no issue populating an actual value when called by PowerShell using the AWS SSM command like this. But even in the same script, if I use Write-Host {4} , or even cmd.exe /C "echo {4}" it returns 0. Ultimately this is the same behavior that the RDP Session uses; even though AWS SSM seems to take the dynamic port and opens the redirect session, it doesn't seem like the host/session entry variable is useable anywhere else.

I know that the original/intended use of $DYNAMIC_PORT$ was for SSH VPN entries; is it possible that RDM is somehow identifying aws.exe as something that is allowed to call the $DYNAMIC_PORT$ variable and exposing the value to it, whilst also preventing it from being used directly by PowerShell / other session types?

I understand that all of this is a bit long winded and the use-case may be convoluted, but the ask is basically this: can $DYNAMIC_PORT$ please be updated and be made useable for any entry type and not just for SSH VPN entries? It works almost perfectly as it is, except for the fact that it doesn't seem to work for other entry types, perhaps by design.

Hello,

Did you try using the $PORT$ variable itself? This one has no restriction on when it can be used at the moment, and will return the port of the entry.
If this doesn't work, I would really appreciate if you could give us a setup without real data so we could understand exactly how your entries interact with each other and what you're trying to accomplish within our own environments. From what I understand, simply making the $DYNAMIC_PORT$ variable resolve under any circumstance would not fix your underlying issue since you're also trying to have your RDP port generate dynamically, which using the variable by itself will not do. It would need to include a way to generate a random port for any entry which would involve a lot more work than tweaking when the $DYNAMIC_PORT$ variable is resolved.

Regards,

Hey Hubert,

I had tried using $PORT$ variable previously and the result is the same. I will try to get a demonstration file to you guys some time this month, do you need the AWS SSM component of it working in a reproducible manner? That part is a little trickier, but I think I should be able to at least getting it launching the PowerShell session window and bombing/erroring out (due to lack of AWS config) but still showing the attempted port ($DYNAMIC_PORT$). To fully reproduce the use-case end-to-end, you guys would need to tweak what I provide and test it to your own AWS instance.

Hello,

do you need the AWS SSM component of it working in a reproducible manner

I don't think this would be necessary in this case. It could simply error out, the goal here would be to see how the entries are linked and related to each other, and where in the equation the PORT/DYNAMIC_PORT variables come in. I think we could also find other ways to test it that don't involved AWS SSM, and just simulate its behavior.

Regards,