Can't connect to an external RDS TSG server from home
You need to make sure that the layout of the command you are typing is correct. If you have one thing messed up or in the wrong location then you will have an error no matter what you try.
the command you tried to run $ xfreerdp /f /rfx /cert-ignore /v:farm.company.com /d:company.com /g:rds.company.com /u:administrator /p:
you need to type the command like this-
xfreerdp /cert-ignore /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY
Now if you are not using the same account for the terminal server for the RD gateway then you will have to run this- xfreerdp /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY
/gd:GATEWAYDOMAIN /gu:GATEWAYUSERNAME /gp:GATEWAYPASSWORD
.
The reason this is needed is if the user that is connecting is not already saved in the rd gateway as an authorized account it will refuse to connect that user. so the main user for the gateway that has all the rights to access the connect will be able to force connect them through and it shoud make the full connection. This allows for a sort of force connection
Also make sure that your router you are using at the company is configured to have access from remote connections from outside the office. This will also cause for connection failures if it was never setup or configured incorrectly.
Related videos on Youtube
oshirowanen
Updated on September 18, 2022Comments
-
oshirowanen almost 2 years
We have a company RDS (Remote Desktop Server) TSG (Terminal Services Gateway) server, which allows employees to connect to an RDS session from home, so they can see a work RDS desktop from home.
This works fine on their home computers using windows 7 with the following settings:
However, some users have Linux at home and are trying to use freerdp 1.2.0.
I've tested this on a laptop connected to the internal company LAN using the following command and it works fine:
$ xfreerdp /f /rfx /cert-ignore /v:farm.company.com /d:company.com /u:administrator /p:
However, if I try to use that command on a laptop, which is not using the company LAN connection, i.e. a home connection, I get this:
freerdp_set_last_error 0x2000C Error: protocol security negotiation or connection failure
So I'm now trying to use some of the new TSG commands in freerdp 1.2.0 as follows, but that also doesn't work.
I can only see 4 TSG related commands:
/g:<gateway>[:port] Gateway Hostname /gu:[<domain>]<user> or <user>[@<domain>] Gateway username /gp:<password> Gateway password /gd:<domain> Gateway domain
I read somewhere that I only really need to use
/g
in my particular scenario, I may have read that incorrectly.So when I try:
$ xfreerdp /f /rfx /cert-ignore /v:farm.company.com /d:company.com /g:rds.company.com /u:administrator /p:
That will give me:
Could not open SAM file! Could not open SAM file! Could not open SAM file! Could not open SAM file! rts_connect: error! Status Code: 401 HTTP/1.1 401 Unauthorized Content-Type: text/plain Server: Microsoft-IIS/7.5 WWW-Authenticate: Negotiate WWW-Authenticate: NTLM WWW-Authenticate: Basic realm="rds.company" X-Powered-By: ASP.NET Date: Wed, 02 Jul 2014 12:36:41 GMT Content-Length: 13
Considering the original command:
$ xfreerdp /f /rfx /cert-ignore /v:farm.company.com /d:company.com /u:administrator /p:
This works on a Linux laptop, which is connected to the network within the company LAN.
Why can't I use a similar command (with the extra TSG parameters) on the same Linux laptop, which is connected to the internet at home?
Am I not using the new TSG switches correctly?
-
Admin almost 10 yearsWhat about when VPN'd into the company LAN? Does it work then?
-
Admin almost 10 years@sparticvs, I am not in the position to setup a VPN connection to test this unfortunately.
-
-
oshirowanen almost 10 yearsI think I need the /p: at the end, so when the user pressed the enter key, the user gets prompted for the password. If I don't have /p: at the end, they have to enter the password into the command string which stays in the history and is a security risk. Also, if you look at th screenshots, you will notice that the [use my rd gateway credentials for the remote computer] option is ticked, so it seems the the same credentials are used for both the user and the gateway.
-
Vinicius Woloszyn almost 10 yearsI did notice that. But that is for your windows 7 machines. so you might have to have the information in the command for the gateway log in on your linux machines. But if the /p at the end works for you then use it that way. Im just giving you the inforamtion that i use when remote connecting for my work and we use linux machines outside the office with remote connections.
-
oshirowanen almost 10 yearsThanks, now I just need to figure out how to not get the password to stay in the terminal history.