RDP via RD gateway with Entra MFA doesn't connect to RDP server after gw login

RDP via RD gateway with Entra MFA doesn't connect to RDP server after gw login

1 vote

avatar

My company uses an Entra MFA protected RD gateway.
You have to login at the gateway with domain\user and password and accept the login via Microsoft Authenticator.
On Windows, you're then forwarded to the RDP host and the desktop appears. On Linux, RDM is stuck with a blank session tab after the authentication.

[updated]

At the moment my problem is, that I have no clue where the setup process of the RDP connection stops. I need some information how to trace the setup of a RDP connection in RDM. The Application logs don't give any useful information.


Could anyone point out the way to troubleshoot RDP via RD gateway in RDM ?


Starting RDM in bash gives useful output, I'll provide it in the following posts.


My "feeling" is, RDM atm. cannot handle the connection setup via RD gateway, when an Entra MFA is needed. RDM seems not to proceed after the second factor has been prooven. I'd like to bring some evidence for that, but don't know how to setup the right logging / debugging.

I'm using Fedora 43 (Kernel 7.0.13) on Gnome 49.7 with wayland. RDM is on version 2026.2.0.7.

Best regards
Markus

All Comments (4)

avatar

Attached please find the cli-output when the RDP session is started.

In the log I found the message: "RDGatewaydoesnotsupportHTTPtransport", so I set the gateway transport to RPC with no change in behavior.

08b445f3-fca7-4319-b9a9-41a46ee375f5.png

rdm_rdp-via-rdgw-MFA_20260701.txt

avatar

Thank you for providing the logs.

From what I can see, the gateway authentication itself appears to succeed.

The failure seems to occur afterward, when the client attempts to establish the redirected RDP connection.

Could you also test the same connection using the latest xfreerdp3 directly from the same Linux machine? That would help determine whether this is specific to RDM or an upstream FreeRDP issue. It would also be useful to know:

  • whether the issue reproduces with a non-MFA account (if available for testing),
  • the RD Gateway server version,


Based on the logs so far, the issue appears to occur after successful gateway authentication during the redirected RDP connection rather than during the Entra MFA process itself.

Best regard

Carl Marien

avatar

After discussing this internally, it appears that what you're encountering is currently a limitation of RDM on Linux rather than a configuration issue on your side.

While FreeRDP has introduced support for Microsoft Entra ID / Azure AD authentication through Microsoft's MSAL libraries, that functionality has not yet been integrated into RDM Linux. As a result, scenarios involving an RD Gateway protected by Entra MFA are not fully supported at this time.

Based on your logs, the gateway authentication itself appears to complete successfully, but the connection does not progress to the final RDP session establishment. This is consistent with the current limitation.

We'll treat this as a feature request for Linux support rather than a bug in your configuration. In the meantime, using a native FreeRDP 3 client (if it supports your environment) or the Windows version of RDM are the available workarounds.

Thank you for taking the time to provide the logs they helped us narrow this down.

Carl Marien

avatar
Thank you for providing the logs.

From what I can see, the gateway authentication itself appears to succeed.

The failure seems to occur afterward, when the client attempts to establish the redirected RDP connection.

Could you also test the same connection using the latest xfreerdp3 directly from the same Linux machine? That would help determine whether this is specific to RDM or an upstream FreeRDP issue. It would also be useful to know:
  • whether the issue reproduces with a non-MFA account (if available for testing),
  • the RD Gateway server version,

Based on the logs so far, the issue appears to occur after successful gateway authentication during the redirected RDP connection rather than during the Entra MFA process itself.

Best regard


@Carl Marien
Hi,
despite this has been changed to a feature request (which I appreciate), I tested the RDP connection through the gateway with Entra MFA successfully via pure freerdp.
Best regards
Markus