Forum Discussion
BIG-IP v13 native RDP - VDI connection failure
We have a problem where the user clicks on a link in a webtop which is a native RDP link, their application opens but the connection fails. Tcpdumps show for failed connections client traffic arrives at the F5 but never leaves it. For successful connections they stay up for a long time. We cannot see why they are failing when the backend resource is available and accessible.
VDI debug logs ~ https://gist.github.com/rtfmoz/58d82b0887146ea3a2310eb32fea1428
The failed connections just sit there until they time out with the error
"Your computer cannot connect to the Remote Desktop Gateway server.
Contact your network administrator for assistance."
Summary
Version
Symptoms
"Your computer cannot connect to the Remote Desktop Gateway server. Contact your network administrator for assistance."
This occurs under the following conditions
- The virtual servers listens on a specific VLAN.
Workaround
Option 1: Enabled the virtual server to listen on all VLANS.
Option 2: Disable CMP on the virtual server - see K14358 Option 3: Virtual Edition only, set vCPU to one.Solution
- Kevin_Davies_40
Nacreous
The same native RDP connection can fail, then work, then fail to connect.
- Stanislas_Piro2
Cumulonimbus
Hi Kevin,
On my configuration, Native RDP fails when I configure SSO. it work like a charm without this configuration.
- SM_219936
Nimbostratus
Have you applied the default certificate on VS?
- Kevin_Davies_40
Nacreous
No, using a valid SSL certificate. For everyone elses knowledge ... a valid SSL cert is required by native RDP for the MSRDP client to trust the RDP file. This is because APM signs the RDP file with the SSL private key of the virtual server.
- smouzakis
Nimbostratus
Have you applied the default certificate on VS?
- Kevin_Davies_40
Nacreous
No, using a valid SSL certificate. For everyone elses knowledge ... a valid SSL cert is required by native RDP for the MSRDP client to trust the RDP file. This is because APM signs the RDP file with the SSL private key of the virtual server.
- Kevin_Davies_40
Nacreous
** Updated Answer Above **
- Kevin_Davies_40
Nacreous
I am testing the cmp disable with vCPU=2 tomorrow as I am not certain demoting a virtual server to tmm0 will disable threaded execution across tmm0.1/0.2/...
- Kevin_Davies_40
Nacreous
Disabling CMP is a successful workaround. We went back to vCPU = 2 and disabled CMP on the virtual server and all our RDPw/SSO connections are still working.
- Kevin_Davies_40
Nacreous
F5 have come back to us on this issue. Enable the virtual on all VLAN's. Updated solution posted.
- Kevin_Davies_40
Nacreous
Summary
Version
Symptoms
"Your computer cannot connect to the Remote Desktop Gateway server. Contact your network administrator for assistance."
This occurs under the following conditions
- The virtual servers listens on a specific VLAN.
Workaround
Option 1: Enabled the virtual server to listen on all VLANS.
Option 2: Disable CMP on the virtual server - see K14358 Option 3: Virtual Edition only, set vCPU to one.Solution
- Stanislas_Piro2
Cumulonimbus
Hi,
Thank you for the update.
Even if the last workaround is better than previous, in some circumstances, one of previous can help.
I suggest to add in workaround section previous ones (disable sso, disable cmp on VS)
- Kevin_Davies_40
Nacreous
Updated to reflect alternative workarounds.
- leonline_225556
Altostratus
I am still having this issue running 13.1.0.2, in my situation the vs is running in a non-default route domain.
F5 confirmed we are dealing with bug ID 623036 - Native RDP proxy does not work if Virtual Server is in non-default route domain and CMP enabled. This bug is linked to bug ID6 17929 Support non-default route domains when connecting to other tmm over backplane.
Unfortunately no fix is available yet.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com