APM and native RDP session

Hi Ante, I just tried to upgrade my APM v12.1.2 config to a v13 and it is just not usable. A lot of errors in the config, description tag errors, irule variable not recognized, apm config problems, impossible to upgrade. I have the same error like you in one of my RDP settings.

v13 HF2 is absolutely not usable for an upgrade and it seems not even for a new installation! I will not recommend it to our customers until there's a better upgrade procedure and the problem you have is solved.

Waiting now for v13.1...

-> @F5: Figuring this out always takes a lot of time, so please do test your future release better before release!

Hi,

Basicaly, you cannot mix native RDP and user-defined RDP on the same RDP object.

I configured the native RDP with success for both an hostname or an ip address. The only things I had to take care is the use of a valid ssl certificate in the SSL client profile as this feature is using the SSL private key to sign the RDP request.

Otherwise, you should consider implementing a third party product like Guacamole. It works fine too for me.

Or a specific development using irules or iruleLX

Yann

I'm using 13.0 in a large-scale production environment without any problems. Started on 12.1.2 as well. I'm not a huge fan of "dot oh" code generally speaking... but I required functionality not present in 12.1.2 so here I am. I was able to work through any/all issues.

What I observed:

1-When you create, from the WEB GUI, a RDP native configuration (using hostname) from default partition and route domain, it working. But when you try to do that inner a partition using different route domain, it's fail.

2-Also, if you configure the RDP native config with IP or hostname(from CLI) inner a route domain different from the default route domain (0, 1) then your connection failed most of the time. But if you create the RDP object inner default partition and route domain, connections succeed.

Hi,

Thanks for the answers!

Progress so far:

Steph you are absolutely correct in that the native RDP resource need to be created in the default partition. Created without errors when I did it in the Common partition.

I can't say that I understand why there are so many functions/features that can not be created in a non default partition.... this is NOT the first thing that has this kind of behavior.

Anyhow, this will do for now.

The issue with "Your computer cannot connect to the the remote desktop gateway server" seems to be an issue with Microsoft WIndows. I have no problem connecting OSX clients via a predefined RDP resource in APM, but Win10 gets the error when trying to connect. Windows10 Enterprise, Version 1607. RDP client version 10.0.14393.

Anyone that has any thougts on this?

//A

Hi,

Finally got native RDP sessions working with windows.

The problem was that I requested the client certificate in the ssl profile on the VS. This was done so that the client certificate could be checked later on in the APM policy.

That was removed and I instead put in a "On-Demand Cert Auth" in the APM policy, and bingo!

This might be totally obvious to everyone else that this is how you need to do it, but it was news to me. So a big step towards final testing!

Thanks for the input in this thread!! Truly helpful in one way or the other.

//A

Would like to add a note to this discussion.

The issue above was discovered on our test system when upgrading to version 13. Some time later I did the v13 upgrade on our production system and the same problem was seen there even though the configuration was the same. After some troubleshooting together with f5, the solution was to disable cmp on the VS.

There apparently is a bug in the cmp function when running the VDI VS on a non default partition, so running the following command got the native rdp sessions back on track:

tmsh modify ltm virtual /"partition"/"virtual-server" name cmp-enabled no

Cheers!