unable to connect to some Microsoft Servers
Hi,
from my Mac I'm unable to connect to some of our Windows Servers. My Admin User is in the "Protected Users" Group - just to mention.
By only changing the hostname - without changing any other settings - I am able to connect to some other Servers, though
[19:51:25:896] [19098:44fff000] [DEBUG][com.winpr.timezone] - [winpr_get_timezone_from_link]: tzid: Europe/Berlin
[19:51:25:896] [19098:44fff000] [DEBUG][com.winpr.timezone] - [winpr_get_timezone_from_link]: tzid: Europe/Berlin
[19:51:25:899] [19098:44fff000] [DEBUG][com.winpr.timezone] - [winpr_get_timezone_from_link]: tzid: Europe/Berlin
[19:51:25:899] [19098:44fff000] [DEBUG][com.winpr.timezone] - [winpr_get_timezone_from_link]: tzid: Europe/Berlin
[19:51:25:900] [19098:44fff000] [INFO][Devolutions.Rdp.Credentials] - [Parse]: parsing "a********@l****.d************.d*", "" (Mstsc) => "Username: "a********@l****.d************.d*" Domain: """
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_connect_begin]: resetting error state
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpdr
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMJump
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMCmd
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMLog
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpsnd
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.channels.channels.cliprdr.client] - [cliprdr_VirtualChannelEntryEx]: VirtualChannelEntryEx
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx cliprdr
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.channels.drdynvc.client] - [drdynvc_VirtualChannelEntryEx]: VirtualChannelEntryEx
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx drdynvc
[19:51:25:901] [19098:44fff000] [WARN][com.freerdp.settings] - [freerdp_settings_print_warnings]: [experimental] enabled GlyphSupportLevel GLYPH_SUPPORT_FULL[0x00000002], expect visual artefacts!
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpdr
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMJump
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMCmd
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMLog
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpsnd
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.channels.channels.cliprdr.client] - [cliprdr_VirtualChannelEntryEx]: VirtualChannelEntryEx
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx cliprdr
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.channels.drdynvc.client] - [drdynvc_VirtualChannelEntryEx]: VirtualChannelEntryEx
[19:51:25:901] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx drdynvc
[19:51:25:901] [19098:44fff000] [ERROR][com.freerdp.channels.virtual.channel] - [virtchan_virtual_channel_init_event_ex]: Unhandled event type 0
[19:51:25:901] [19098:44fff000] [ERROR][com.freerdp.channels.virtual.channel] - [virtchan_virtual_channel_init_event_ex]: Unhandled event type 0
[19:51:25:901] [19098:44fff000] [ERROR][com.freerdp.channels.virtual.channel] - [virtchan_virtual_channel_init_event_ex]: Unhandled event type 0
[19:51:25:901] [19098:44fff000] [WARN][com.freerdp.codec.nsc.neon] - [nsc_init_neon]: TODO: Implement neon optimized version of this function
[19:51:25:904] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_set_negotiation_enabled]: Enabling security layer negotiation: TRUE
[19:51:25:904] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_set_restricted_admin_mode_required]: Enabling restricted admin mode: FALSE
[19:51:25:904] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdp]: Enabling RDP security: TRUE
[19:51:25:904] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_tls]: Enabling TLS security: TRUE
[19:51:25:904] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_nla]: Enabling NLA security: TRUE
[19:51:25:904] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_ext]: Enabling NLA extended security: FALSE
[19:51:25:904] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdstls]: Enabling RDSTLS security: FALSE
[19:51:25:904] [19098:44fff000] [WARN][com.freerdp.core.nego] - [nego_enable_aad]: This build does not support AAD security, disabling.
[19:51:25:904] [19098:44fff000] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0x44e2eea00]: CONNECTION_STATE_INITIAL --> CONNECTION_STATE_NEGO
[19:51:25:905] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_tcp_is_hostname_resolvable]: resetting error state
[19:51:25:906] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: resetting error state
[19:51:25:906] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: connecting to peer xxx.xxx.xx.xx
[19:51:25:938] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_connect]: state: NEGO_STATE_NLA
[19:51:25:938] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_attempt_nla]: Attempting NLA security
[19:51:25:938] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_send_negotiation_request]: RequestedProtocols: [SSL|HYBRID][0x00000003]
[19:51:25:975] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_process_negotiation_response]: RDP_NEG_RSP::flags = { [0x1f] |EXTENDED_CLIENT_DATA_SUPPORTED|DYNVC_GFX_PROTOCOL_SUPPORTED|RDP_NEGRSP_RESERVED|RESTRICTED_ADMIN_MODE_SUPPORTED|REDIRECTED_AUTHENTICATION_MODE_SUPPORTED }
[19:51:25:975] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_recv]: selected_protocol: [HYBRID][0x00000002]
[19:51:25:975] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_attempt_nla]: state: NEGO_STATE_FINAL
[19:51:25:975] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_connect]: Negotiated [HYBRID][0x00000002] security
[19:51:25:975] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_try_connect]: nego_security_connect with PROTOCOL_HYBRID
[19:51:26:041] [19098:44fff000] [DEBUG][com.freerdp.core.nla] - [nla_set_early_user_auth]: Early User Auth active: false
[19:51:26:041] [19098:44fff000] [DEBUG][com.freerdp.core.nla] - [nla_set_state]: -- NLA_STATE_INITIAL --> NLA_STATE_INITIAL
[19:51:26:041] [19098:44fff000] [DEBUG][com.winpr.sspi] - [InitSecurityInterfaceExA]: InitSecurityInterfaceExA
[19:51:26:041] [19098:44fff000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_init]: Using package: Negotiate (cbMaxToken: 12256 bytes)
[19:51:26:041] [19098:44fff000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_setup_client]: Acquired client credentials
[19:51:26:042] [19098:44fff000] [WARN][com.winpr.sspi] - [winpr_InitializeSecurityContextA]: InitializeSecurityContextA status SEC_E_INTERNAL_ERROR [0x80090304]
[19:51:26:042] [19098:44fff000] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: InitializeSecurityContext failed with SEC_E_INTERNAL_ERROR [0x80090304]
[19:51:26:042] [19098:44fff000] [ERROR][com.freerdp.core.transport] - [transport_connect_nla]: NLA begin failed
[19:51:26:042] [19098:44fff000] [ERROR][com.freerdp.core] - [transport_connect_nla]: ERRCONNECT_AUTHENTICATION_FAILED [0x00020009]
[19:51:26:042] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_connect]: Failed to connect with [HYBRID][0x00000002] security
[19:51:26:042] [19098:44fff000] [DEBUG][com.freerdp.core.rdp] - [rdp_finalize_reset_flags][0x44e2eea00]: [CONNECTION_STATE_NEGO] reset finalize_sc_pdus
[19:51:26:042] [19098:44fff000] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0x44e2eea00]: CONNECTION_STATE_NEGO --> CONNECTION_STATE_INITIAL
[19:51:26:061] [19098:44fff000] [DEBUG][com.winpr.timezone] - [winpr_get_timezone_from_link]: tzid: Europe/Berlin
[19:51:26:061] [19098:44fff000] [DEBUG][com.winpr.timezone] - [winpr_get_timezone_from_link]: tzid: Europe/Berlin
[19:51:26:064] [19098:44fff000] [DEBUG][com.winpr.timezone] - [winpr_get_timezone_from_link]: tzid: Europe/Berlin
[19:51:26:064] [19098:44fff000] [DEBUG][com.winpr.timezone] - [winpr_get_timezone_from_link]: tzid: Europe/Berlin
[19:51:26:065] [19098:44fff000] [INFO][Devolutions.Rdp.Credentials] - [Parse]: parsing "a********@l****.d************.d*", "" (Mstsc) => "Username: "a********@l****.d************.d*" Domain: """
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_connect_begin]: resetting error state
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpdr
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMJump
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMCmd
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMLog
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpsnd
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.channels.channels.cliprdr.client] - [cliprdr_VirtualChannelEntryEx]: VirtualChannelEntryEx
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx cliprdr
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.channels.drdynvc.client] - [drdynvc_VirtualChannelEntryEx]: VirtualChannelEntryEx
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx drdynvc
[19:51:26:065] [19098:44fff000] [WARN][com.freerdp.settings] - [freerdp_settings_print_warnings]: [experimental] enabled GlyphSupportLevel GLYPH_SUPPORT_FULL[0x00000002], expect visual artefacts!
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpdr
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMJump
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMCmd
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx RDMLog
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpsnd
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.channels.channels.cliprdr.client] - [cliprdr_VirtualChannelEntryEx]: VirtualChannelEntryEx
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx cliprdr
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.channels.drdynvc.client] - [drdynvc_VirtualChannelEntryEx]: VirtualChannelEntryEx
[19:51:26:065] [19098:44fff000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx drdynvc
[19:51:26:065] [19098:44fff000] [ERROR][com.freerdp.channels.virtual.channel] - [virtchan_virtual_channel_init_event_ex]: Unhandled event type 0
[19:51:26:065] [19098:44fff000] [ERROR][com.freerdp.channels.virtual.channel] - [virtchan_virtual_channel_init_event_ex]: Unhandled event type 0
[19:51:26:065] [19098:44fff000] [ERROR][com.freerdp.channels.virtual.channel] - [virtchan_virtual_channel_init_event_ex]: Unhandled event type 0
[19:51:26:066] [19098:44fff000] [WARN][com.freerdp.codec.nsc.neon] - [nsc_init_neon]: TODO: Implement neon optimized version of this function
[19:51:26:069] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_set_negotiation_enabled]: Enabling security layer negotiation: TRUE
[19:51:26:069] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_set_restricted_admin_mode_required]: Enabling restricted admin mode: FALSE
[19:51:26:069] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdp]: Enabling RDP security: TRUE
[19:51:26:069] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_tls]: Enabling TLS security: TRUE
[19:51:26:069] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_nla]: Enabling NLA security: FALSE
[19:51:26:069] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_ext]: Enabling NLA extended security: FALSE
[19:51:26:069] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdstls]: Enabling RDSTLS security: FALSE
[19:51:26:069] [19098:44fff000] [WARN][com.freerdp.core.nego] - [nego_enable_aad]: This build does not support AAD security, disabling.
[19:51:26:069] [19098:44fff000] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0x474386000]: CONNECTION_STATE_INITIAL --> CONNECTION_STATE_NEGO
[19:51:26:070] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_tcp_is_hostname_resolvable]: resetting error state
[19:51:26:071] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: resetting error state
[19:51:26:071] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: connecting to peer xxx.xxx.xx.xx
[19:51:26:102] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_connect]: state: NEGO_STATE_TLS
[19:51:26:102] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_attempt_tls]: Attempting TLS security
[19:51:26:102] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_send_negotiation_request]: RequestedProtocols: [SSL][0x00000001]
[19:51:26:136] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_process_negotiation_failure]: RDP_NEG_FAILURE
[19:51:26:137] [19098:44fff000] [WARN][com.freerdp.core.nego] - [nego_process_negotiation_failure]: Error: HYBRID_REQUIRED_BY_SERVER
[19:51:26:137] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_connect]: state: NEGO_STATE_RDP
[19:51:26:137] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_attempt_rdp]: Attempting RDP security
[19:51:26:138] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_tcp_is_hostname_resolvable]: resetting error state
[19:51:26:139] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: resetting error state
[19:51:26:139] [19098:44fff000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: connecting to peer xxx.xxx.xx.xx
[19:51:26:167] [19098:44fff000] [DEBUG][com.freerdp.core.nego] - [nego_send_negotiation_request]: RequestedProtocols: [RDP][0x00000000]
[19:51:26:206] [19098:44fff000] [ERROR][com.freerdp.core.transport] - [transport_read_layer]: BIO_read returned a system error 54: Connection reset by peer
[19:51:26:206] [19098:44fff000] [ERROR][com.freerdp.core] - [transport_read_layer]: ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[19:51:26:206] [19098:44fff000] [DEBUG][com.freerdp.core.rdp] - [rdp_finalize_reset_flags][0x474386000]: [CONNECTION_STATE_NEGO] reset finalize_sc_pdus
[19:51:26:206] [19098:44fff000] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0x474386000]: CONNECTION_STATE_NEGO --> CONNECTION_STATE_INITIAL
can anyone help here?All Comments (5)
Hello
First, ensure you're connecting to the hostname of the server (not the IP address) and you're specifying the username in UPN format (username@domain).
Next, in the "Authentication" tab of the RDP session, under SSPI; change "SSPI Module" to "Portable".
This is also available as a global default in the application settings.
Let me know if that helps; if you still can't connect, please reply with an update log file as it might be needed to tweak some other settings.
I can't explain why some servers are working without knowing more details about your setup.
As a final note, you have this in your log:
> [experimental] enabled GlyphSupportLevel GLYPH_SUPPORT_FULL[0x00000002], expect visual artefacts!
Which suggests you have the "Enable glyph cache" option selected under "Advanced". I'd recommend turning that off, it's specifically to support some third party RDP servers (e.g. xrdp).
Please, let me know if something isn't clear or you have further questions
Kind regards,
Richard Markievicz
Screenshot 2024-10-30 at 15.07.58.png
Thanks man - you're my hero of the day :-)
SSPI module made the change 🥰
Will check if it'll work in the office tomorrow as well, but I think it should :-)
Hello
Good news, please let me know if you experience further difficulties or have other questions or feedback.
Kind regards,
Richard Markievicz
Hi Richard,
I'm happy to report, that my Mac in the office is now able to connect to all servers as well.
Tanks again for your quick help.
greetings
Marcel
Hi Marcel
Great news. Please don't hesitate with further questions or comments.
Kind regards,
Richard Markievicz