• State Not Answered
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 313 views
  • Users 0 members are here
Options
Related

One Identity Secure Remote Access SPS injecting workstation parameter

daemon
1 month ago

We have a One Identity Secure Remote Access appliance deployed acting as a Remote Desktop Gateway via the SPS.  When a user RDP's to a server using FreeRDP2 everything works.  But when they use FreeRDP3 the connection hits the gateway and then drops the connection.  During the authentication phase when FreeRDP3 is used the appliance adds to the connection string parameters the parameter workstation.  It is like this workstation={name of appliance}.  This is sent to the server and the server denies the connection.  Using FreeRDP2 the workstation parameter is not added.  My question is what is causing that to be added, has anyone else experienced this, and how do I stop it from adding the workstation parameter?

Parents
  • 0 16 days ago in reply to Tawfiq.Ahmad

    Ok, thanks for the link.  I am double checking the cert part of our configuration.  I think we are not using a sha1 so I think it is fine but will confirm.

    For the client, we have a MacOS Sequoia 15.5 computer running both Royal TSX 5.1.2 and 6.2.1.  The gateway is the same for both Royal TSX versions.

    On the 5.1.2 it connects just fine with out any issues.  On the 6.2.1 version it fails to connect.  When the connection is attempted it will reach the gateway, spin, and then disconnect.  When looking into the two connection attempts both 5 and 6 the only difference was the fact that the parameters sent to the destination server was different between the two.  On version 5 it had the basic IP, username, password and domain if needed to connect to the server.  On version 6 an additional parameter was added to the string sent to the server.  In addition to the IP, username, password, and domain if needed it added the parameter workstation with the name of the gateway host.  For example IP=127.0.0.1, username=administrator, password=adminpassword, domain=mydomain, workstation=OneIDGateway.  We did not send the workstation parameter, I am not sure where or why it is injecting that in the string sent to the server.  But once that is sent the server then denies the connection.

    So how do I prevent it from sending the workstation parameter in the string sent to the server?

  • 0 3 days ago in reply to daemon

    I would suggest opening a service request and provide reproduction test with a support bundle from SPS node that proxied the session so we can investigate this issue further.

    https://support.oneidentity.com/kb/4308749/creating-a-support-bundle-with-reproduction

    Please include the timestamp of the reproduction along with the target server ip and username used in the tests with the detail of the Royal TSX client versions working vs non-working 

    Thanks!

Reply Children
No Data