Forum Discussion
F5 APM RDP
Without the /var/log/apm logs for that user's session, this is a guess, but it might be that the access is denied because there is another higher precedence ACL assigned to the user, or the system isn't noticing that it should be allowing that destination RDP server. Normally if the RDP host is statically assigned (just one IP:port) this "allow access" is automatic, but there may be some corner case issue.
Normally the RDG-RAP policy is used to authorize user access to dynamic RDP endpoints, like where you assign it with a session variable or the user chooses it. It seems weird, but this mechanism is used because of technical limitations: APM doesn't have knowledge of what RDP endpoints should be allowed, so RDG-RAP can be used to query servers to obtain authorized endpoints.
For testing we can just try to create a policy of type "RDG-RAP" that's just Start -> Allow so the connection is always allowed, then assign it during access policy execution.
Then assign it to the user in their access policy:
Hi Lucas,
I have tried to test a simple access policy that non-domain Windows would be assigned specified Windows RDP server (172.22.13.20) with Remote Desktop Session Host service, port 3389, however it still failed. From message, it still can't be inter-connected as below. Not sure if there some configuration is wrong or not? If wrong, how to set? Can list out the steps?
We can directly RDP this testing server 172.22.13.20 from intranet client, so if using VM F5 APM to connect, should we also allow internal IP of F5 APM to connect this testing server?
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
error log:
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com