APM - Linux native client for RDP

What does your policy look like? I cannot get xfreerdp to work at all and receive the following errors:

transport_connect: getaddrinfo (Name or service not known)
Error: protocol security negotiation failure

I am leveraging multi-factor authentication for my gateway but not for my RDS Host.

Yes, I have been.

Is it working with native Windows clients?

Do you use FIP VSs and remembered to create a specific FIP VS for wildcard:3389 as noted in the guide:

https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/big-ip-access-policy-manager-implementations-14-0-0/10.html under "Overview: Processing RDP traffic on a device configured for explicit forward proxy?"

Other than that, our policy is plain and simple by the guides:

Authentication with MFA and a terminal that assigns:

-RDG Policy to both browser and rdp client.

-Browser gets Full Webtop with RDWeb resources in integrated mode

Just an update...

I was able to get passed the transport and security errors by disabling SSO on my RDP connection profiles. Then I run xfreerdp, call my *.rdp file, and manually define my credentials for the remote RDP server in the command.

Still no-go with any GUI clients.

I have SSO working also for Linux clients.

There was no need of doing anything other than to check that domain, username and password was available in the specified session variables.

However I have not made it work when the users are members of the protected users group in AD.

Other than that, you can fix nautilus or other X-file browsers to open up a .rdp file in xfreerdp by specifying a custom mime handle to open xfreerdp through gnome-terminal.