• State Not Answered
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 631 views
  • Users 0 members are here
Options
Related

RDP Error - Authentication Failed N/A

mabdel aziz
4 months ago

Hello Gents,

I'm facing an "Authentication Failed N/A" error when trying to initiate RDP session using SPP-initated workflow -- The configuration of the appliances is OK in another environment.

Both the Telnet over TCP over port 3389 from client to SPS and from SG appliances to target server succeeds.

The RDP session is using multiple TCP connections over 3389 port.

As seen in the below log snippets the RDP authorization is succeeded at the "safeguard_rdp:174" connection then failed at "safeguard_rdp:176" connection.

2023-12-18T18:45:47+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(6): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/rdp): BaseSCBRdpProxy.authenticate_user; gateway_user='None', gateway_domain='None', remote_user='None', remote_domain='None'
2023-12-18T18:45:47+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(6): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Calling authenticate hook of AA plugin;

2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(8): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Plugin call finished; plugin_location='/opt/scb/var/plugins/aa/SGAA/main.py', input='b'{"jsonrpc": "2.0", "method": "authorize", "params": {"session_cookie": {"SessionId": "svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174", "SessionKey": "2LnLvbYAHkE8tRWYSp8muvyz8rStFk8NuR2SRVyJbK5nsyER97yfyb16HpSrUF:101-1494-1-1165-1-3CECEF45FB5E-0161", "VaultAddress": "10.33.10.194"}, "session_id": "svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174", "cookie": {"__plugin_sdk_private": {"authenticate_checkpoints": {"0": "_check_username", "1": "_check_user_list_whitelist", "2": "_check_ldap_group_whitelist", "3": "_check_authentication_cache", "4": "_map_username_explicit", "5": "_map_username_ldap", "6": "_transform_username", "7": "_ask_mfa_password", "8": "_log_authenticate_calculated_mfa_identity"}, "successful_authentication": true, "post_successful_authenticate_checkpoints": {"0": "_refresh_authentication_cache", "1": "_ask_questions"}}, "username": "Administrator", "mfa_identity": "Administrator"}, "protocol": "rdp", "connection_name": "safeguard_rdp", "client_ip": "10.215.194.23", "client_port": 53392, "client_hostname": null, "gateway_user": "Mabdulaziz", "gateway_domain": null, "gateway_groups": ["no_root", "all"], "server_ip": "10.33.11.34", "server_port": 3389, "server_hostname": null, "server_username": "Administrator", "server_domain": "localhost", "target_server": "10.33.11.34", "target_port": 3389, "target_username": "Administrator", "target_domain": "localhost", "key_value_pairs": {"server_port": 3389, "server_host": "10.33.11.34", "vaultaddress": "10.33.10.194", "token": "2LnLvbYAHkE8tRWYSp8muvyz8rStFk8NuR2SRVyJbK5nsyER97yfyb16HpSrUF", "username": "Administrator"}, "client_tags": [], "server_tags": []}, "id": 1}'', output='b'{"jsonrpc": "2.0", "result": {"verdict": "ACCEPT", "additional_metadata": "{\\"reason\\": \\"N/A\\"}", "cookie": {"__plugin_sdk_private": {"authenticate_checkpoints": {"0": "_check_username", "1": "_check_user_list_whitelist", "2": "_check_ldap_group_whitelist", "3": "_check_authentication_cache", "4": "_map_username_explicit", "5": "_map_username_ldap", "6": "_transform_username", "7": "_ask_mfa_password", "8": "_log_authenticate_calculated_mfa_identity"}, "successful_authentication": true, "post_successful_authenticate_checkpoints": {"0": "_refresh_authentication_cache", "1": "_ask_questions"}, "authorization_checkpoints": {"0": "_log_authorize_calculated_mfa_identity", "1": "_check_and_increase_client_connection_count"}}, "username": "Administrator", "mfa_identity": "Administrator"}, "session_cookie": {"SessionId": "svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174", "SessionKey": "2LnLvbYAHkE8tRWYSp8muvyz8rStFk8NuR2SRVyJbK5nsyER97yfyb16HpSrUF:101-1494-1-1165-1-3CECEF45FB5E-0161", "VaultAddress": "10.33.10.194", "WorkflowStatus": "token-granted", "token": "2LnLvbYAHkE8tRWYSp8muvyz8rStFk8NuR2SRVyJbK5nsyER97yfyb16HpSrUF"}}, "id": 1}''
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Plugin call log follows; plugin_location='/opt/scb/var/plugins/aa/SGAA/main.py'
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Plugin(aa/SGAA/main.py): Logging initialized to level=info
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Plugin(aa/SGAA/main.py): Authorizing user Administrator with MFA identity of Administrator
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Plugin(aa/SGAA/main.py): Authorize session
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Plugin(aa/SGAA/main.py): GET request; url=https://10.33.10.194:8649/service/SPSInteractive/v3/Plugin/Authorization, parameters={'token': '2LnLvbYAHkE8tRWYSp8muvyz8rStFk8NuR2SRVyJbK5nsyER97yfyb16HpSrUF', 'sessionId': 'svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174', 'clientIp': '10.215.194.23', 'clientPort': 53392, 'targetServer': '10.33.11.34', 'targetPort': 3389, 'targetUserName': 'Administrator', 'protocol': 'rdp'}, auth=PsmPlugin
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Plugin(aa/SGAA/main.py): Response to GET; data={'AuthResponse': '101-1494-1-1165-1-3CECEF45FB5E-0161', 'Groups': []}
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(6): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): AA plugin authorize hook finished;
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): AA plugin authorization hook result; verdict='ACCEPT'
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.session(5): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Emitting event; topic='proxy.gateway_authorization_success', parameters='[('connection_name', 'safeguard_rdp'), ('connection_policy_id', '66915a45-a032-45cb-a3e5-c65e052178fc'), ('protocol', 'rdp'), ('timestamp', 1702917948.0642872), ('session_id', 'svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174'), ('client_ip', '10.215.194.23'), ('client_hostname', None), ('client_port', 53392), ('username', 'Mabdulaziz'), ('domain', None)]'
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(6): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/stub): Event occured; event='proxy.gateway_authorization_success', parameters='[('connection_name', 'safeguard_rdp'), ('connection_policy_id', '66915a45-a032-45cb-a3e5-c65e052178fc'), ('protocol', 'rdp'), ('timestamp', 1702917948.0642872), ('session_id', 'svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174'), ('client_ip', '10.215.194.23'), ('client_hostname', None), ('client_port', 53392), ('username', 'Mabdulaziz'), ('domain', None)]'
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.debug(7): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/rdp): Connecting to remote host; protocol='1', local='NULL', remote='AF_INET(10.33.11.34:3389)'
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.debug(7): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174/rdp): Initiating connection; from='NULL', to='AF_INET(10.33.11.34:3389)'
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.debug(8): (notification-thread): Received notification batch; num_events='1'
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.debug(8): (notification-thread): Received notification; event='proxy.gateway_authorization_success'
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(6): (notification-thread): Sending event to RabbitMQ; event='proxy.gateway_authorization_success', parameters='[('connection_name', 'safeguard_rdp'), ('connection_policy_id', '66915a45-a032-45cb-a3e5-c65e052178fc'), ('protocol', 'rdp'), ('timestamp', 1702917948.0642872), ('session_id', 'svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:174'), ('client_ip', '10.215.194.23'), ('client_hostname', None), ('client_port', 53392), ('username', 'Mabdulaziz'), ('domain', None), ('sequence_number', 844)]'
2023-12-18T18:45:48+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(6): (notification-thread): Publishing event; event='proxy.gateway_authorization_success', delivery_tag='6'


2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(6): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/rdp): BaseSCBRdpProxy.authenticate_user; gateway_user='None', gateway_domain='None', remote_user='None', remote_domain='None'
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(6): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): Calling authenticate hook of AA plugin;

2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(8): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): Plugin call finished; plugin_location='/opt/scb/var/plugins/aa/SGAA/main.py', input='b'{"jsonrpc": "2.0", "method": "authenticate", "params": {"session_cookie": {}, "session_id": "svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176", "cookie": {}, "protocol": "rdp", "connection_name": "safeguard_rdp", "client_ip": "10.215.194.23", "client_port": 53456, "client_hostname": null, "key_value_pairs": {"server_port": 3389, "server_host": "10.33.11.34", "username": "Administrator"}, "gateway_user": null, "gateway_domain": null, "server_username": null, "server_domain": null, "target_username": null, "target_domain": null}, "id": 1}'', output='b'{"jsonrpc": "2.0", "result": {"verdict": "DENY", "additional_metadata": "{\\"reason\\": \\"Without \'token\' authentication is denied\\"}", "reason": "N/A", "cookie": {"__plugin_sdk_private": {"authenticate_checkpoints": {"0": "_check_username", "1": "_check_user_list_whitelist", "2": "_check_ldap_group_whitelist", "3": "_check_authentication_cache", "4": "_map_username_explicit", "5": "_map_username_ldap", "6": "_transform_username", "7": "_ask_mfa_password", "8": "_log_authenticate_calculated_mfa_identity"}}, "username": "Administrator", "mfa_identity": "Administrator"}, "session_cookie": {"SessionId": "svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176"}}, "id": 1}''
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): Plugin call log follows; plugin_location='/opt/scb/var/plugins/aa/SGAA/main.py'
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): Plugin(aa/SGAA/main.py): Logging initialized to level=info
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): Plugin(aa/SGAA/main.py): Authenticating user Administrator with MFA identity of Administrator
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): Plugin(aa/SGAA/main.py): Without 'token' authentication is denied
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(6): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): AA plugin authenticate hook finished;
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.info(4): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): AA plugin authenticate hook result; verdict='DENY', gateway_user='None', gateway_domain='None'
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.session(5): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): Emitting event; topic='proxy.gateway_authentication_failure', parameters='[('connection_name', 'safeguard_rdp'), ('connection_policy_id', '66915a45-a032-45cb-a3e5-c65e052178fc'), ('protocol', 'rdp'), ('timestamp', 1702917988.9128323), ('session_id', 'svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176'), ('client_ip', '10.215.194.23'), ('client_hostname', None), ('client_port', 53456), ('username', 'Administrator'), ('reason', 'N/A')]'
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(6): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): Event occured; event='proxy.gateway_authentication_failure', parameters='[('connection_name', 'safeguard_rdp'), ('connection_policy_id', '66915a45-a032-45cb-a3e5-c65e052178fc'), ('protocol', 'rdp'), ('timestamp', 1702917988.9128323), ('session_id', 'svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176'), ('client_ip', '10.215.194.23'), ('client_hostname', None), ('client_port', 53456), ('username', 'Administrator'), ('reason', 'N/A')]'
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: scb.debug(6): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub): Updating MetaDB with event; event_method='proxy.gateway_authentication_failure', parameters='{'connection': 'safeguard_rdp', 'connection_id': '66915a45-a032-45cb-a3e5-c65e052178fc', 'protocol': 'rdp', 'timestamp': 1702917988.9128323, 'session_id': 'svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176', 'src_ip': '10.215.194.23', 'client_hostname': None, 'src_port': 53456, 'username': 'Administrator', 'reason': 'N/A', '_channel_name': 'default-channel-name'}'
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.dump(7): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub/ctrl): Writing stream; stream='ZStreamFD', count='33'
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.dump(9): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub/ctrl): data line 0x0000: 94 01 01 C0 92 05 BA 41 75 74 68 65 6E 74 69 63  .......Authentic
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.dump(9): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub/ctrl): data line 0x0010: 61 74 69 6F 6E 20 66 61 69 6C 65 64 3A 20 4E 2F  ation failed: N/
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.dump(9): (svc/6eT8CGRK3wCxzh8Ad98mJ1/safeguard_rdp:176/stub/ctrl): data line 0x0020: 41                                               A
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.debug(8): (notification-thread): Received notification batch; num_events='1'
2023-12-18T18:46:28+02:00 sps-1.local.com zorp/scb_rdp[2015]: core.debug(8): (notification-thread): Received notification; event='proxy.gateway_authentication_failure'

Also, I have followed this KT.

Is there any other possible cause that can generate this error?