You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Willem van de Mheen <Wi...@workspace365.net> on 2022/06/30 14:50:38 UTC
ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
Hi all,
I'm having trouble connecting to a Windows Server 2019 RDS server at one of our clients. We've gone through all the logging we could find on the customer's RDS server but we didn't find any clear reason.
First I was using freerdp 2.2.0 on Ubuntu 20.04.3. I've attached the freerdp buildconfig in a txt file. When setting guacd to debug logging I see ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C].
When I run xfreedrp with a trace log it shows:
[11:54:52:654] [38080:38082] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExA
[11:54:52:654] [38080:38082] [TRACE][com.freerdp.core.gateway.ntlm] - InitializeSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
[11:54:52:671] [38080:38082] [TRACE][com.freerdp.core.gateway.ntlm] - InitializeSecurityContext status SEC_I_COMPLETE_NEEDED [0x00090313]
[11:54:52:690] [38080:38082] [ERROR][com.freerdp.core.gateway.http] - http_response_recv: Retries exceeded
[11:54:52:691] [38080:38082] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[11:54:52:691] [38080:38082] [ERROR][com.freerdp.core] - rdp_client_connect:freerdp_set_last_error_ex ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[11:54:52:691] [38080:38082] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure
This issue seems very much the same as the one r-barnett reported here: #5937<https://github.com/FreeRDP/FreeRDP/issues/5937>.
I tried adding credentials using /u /d and /p but that doesn't make a difference. I also tried /gt:rpc but that ends up in an error because of a 302 redirect, exactly like reported here: #4014<https://github.com/FreeRDP/FreeRDP/issues/4014>.
After installing freerdp 2.7.0, the xfreerdp trace logs changed but unfortunately still ends up in the same error:
[13:45:19:825] [6696:6697] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExA
[13:45:19:825] [6696:6697] [DEBUG][com.winpr.sspi.NTLM] - change state from NTLM_STATE_INITIAL to NTLM_STATE_INITIAL
[13:45:19:825] [6696:6697] [DEBUG][com.winpr.sspi.NTLM] - change state from NTLM_STATE_INITIAL to NTLM_STATE_NEGOTIATE
[13:45:19:825] [6696:6697] [DEBUG][com.winpr.sspi.NTLM] - Write flags [0xe20882b7] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_NEGOTIATE_OEM|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_LM_KEY|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[13:45:19:825] [6696:6697] [DEBUG][com.winpr.sspi.NTLM] - change state from NTLM_STATE_NEGOTIATE to NTLM_STATE_CHALLENGE
[13:45:19:825] [6696:6697] [TRACE][com.freerdp.core.gateway.ntlm] - InitializeSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
[13:45:19:841] [6696:6697] [DEBUG][com.winpr.sspi.NTLM] - Read flags [0xe2898235] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_TARGET_TYPE_DOMAIN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_TARGET_INFO|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[13:45:19:841] [6696:6697] [DEBUG][com.winpr.sspi.NTLM] - change state from NTLM_STATE_CHALLENGE to NTLM_STATE_AUTHENTICATE
[13:45:19:841] [6696:6697] [DEBUG][com.winpr.sspi.NTLM] - Write flags [0xe288b235] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED|NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_TARGET_INFO|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[13:45:19:841] [6696:6697] [DEBUG][com.winpr.sspi.NTLM] - change state from NTLM_STATE_AUTHENTICATE to NTLM_STATE_FINAL
[13:45:19:841] [6696:6697] [TRACE][com.freerdp.core.gateway.ntlm] - InitializeSecurityContext status SEC_E_OK [0x00000000]
[13:45:19:853] [6696:6697] [ERROR][com.freerdp.core.gateway.http] - http_response_recv: Retries exceeded
[13:45:19:853] [6696:6697] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[13:45:19:853] [6696:6697] [ERROR][com.freerdp.core] - rdp_client_connect:freerdp_set_last_error_ex ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[13:45:19:853] [6696:6697] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure
Can anyone provide any insight or maybe something to test? I've also posted this on the Discussions page of the FreeRDP github.
Best regards,
Willem van de Mheen