Can't connect to an external RDS TSG server from home

We have a company RDS (Remote Desktop Server) TSG (Terminal Services Gateway) server, which allows employees to connect to an RDS session from home, so they can see a work RDS desktop from home.

This works fine on their home computers using windows 7 with the following settings:

                        

                        

However, some users have Linux at home and are trying to use freerdp 1.2.0.

I've tested this on a laptop connected to the internal company LAN using the following command and it works fine:

$ xfreerdp /f /rfx /cert-ignore /v:farm.company.com /d:company.com /u:administrator /p:

However, if I try to use that command on a laptop, which is not using the company LAN connection, i.e. a home connection, I get this:

freerdp_set_last_error 0x2000C
Error: protocol security negotiation or connection failure

So I'm now trying to use some of the new TSG commands in freerdp 1.2.0 as follows, but that also doesn't work.

I can only see 4 TSG related commands:

/g:<gateway>[:port] Gateway Hostname
/gu:[<domain>&#93;<user> or <user>[@<domain>] Gateway username
/gp:<password> Gateway password
/gd:<domain> Gateway domain

I read somewhere that I only really need to use /g in my particular scenario, I may have read that incorrectly.

So when I try:

$ xfreerdp /f /rfx /cert-ignore /v:farm.company.com /d:company.com /g:rds.company.com /u:administrator /p:

That will give me:

Could not open SAM file!
Could not open SAM file!
Could not open SAM file!
Could not open SAM file!
rts_connect: error! Status Code: 401
HTTP/1.1 401 Unauthorized
Content-Type: text/plain
Server: Microsoft-IIS/7.5
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm="rds.company"
X-Powered-By: ASP.NET
Date: Wed, 02 Jul 2014 12:36:41 GMT
Content-Length: 13

Considering the original command:

$ xfreerdp /f /rfx /cert-ignore /v:farm.company.com /d:company.com /u:administrator /p:

This works on a Linux laptop, which is connected to the network within the company LAN.

Why can't I use a similar command (with the extra TSG parameters) on the same Linux laptop, which is connected to the internet at home?

Am I not using the new TSG switches correctly?

I think I need the /p: at the end, so when the user pressed the enter key, the user gets prompted for the password. If I don't have /p: at the end, they have to enter the password into the command string which stays in the history and is a security risk. Also, if you look at th screenshots, you will notice that the [use my rd gateway credentials for the remote computer] option is ticked, so it seems the the same credentials are used for both the user and the gateway.

I did notice that. But that is for your windows 7 machines. so you might have to have the information in the command for the gateway log in on your linux machines. But if the /p at the end works for you then use it that way. Im just giving you the inforamtion that i use when remote connecting for my work and we use linux machines outside the office with remote connections.

Thanks, now I just need to figure out how to not get the password to stay in the terminal history.