For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Grayson_149410's avatar
Grayson_149410
Icon for Nimbostratus rankNimbostratus
Aug 18, 2014

Mac and RDP Issues

Currently running APM 11.4.1 with the latest hotfix. Hoping to replace our Firepass soon. I have setup everything in regards to Access Profile, VIP, etc.

 

I have everything working now except for Macs being able to RDP into VMs. I have a RDP setup for Windows machines that works great. However, I can't get the Macs to be able to RDP in. I have Java enabled on the VIP as well as on the RDP resource for it. When I log into the webtop I see the link to the java rdp session. When I click on it, it starts to load the java applet and then I get an error that states "Connection Exception" then craps out. I have not been able to figure out what is causing this.

 

When I run a tcpdump, I can see where it tries to start a connection, but gets a reject and ends. Not sure what is going on and F5 support hasn't been the greatest help in regards to this. Thanks.

 

application delivery
BIG-IP Access Policy Manager (APM)
deployment
LTM
rdp
security

5 Replies

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 19, 2014

    Basically java RDP is broken. Not F5's fault, blame Oracle and the ever changing requirements to try & shore up the security of the JVM's...

     

    One of the biggest issues is that on the Mac, java RDP really really really wants to be able to resolve the hostname (Of the Mac) to an IP. It doesn't need to, and doesn't use it when it does, but if the resolution is NOT available, then java RDP just won't work.

     

    To fix it, I usually make sure that the hostname is in the /etc/hosts file on the Mac. Then Java RDP should work (Unless you've found yet a other issue with it :)

     

    There's other postings around here (From about 18 months - 2 years ago IIRC) where this was discussed for a bit until I finally stumbled over the answer while running with tracing enabled and judicious tcpdumps...

     

    H

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 19, 2014

    In a shell/terminal window, type

    hostname

    That'll return the hostname of the Mac... e.g.

    bash-3.2 hostname
this-host.domain.com
bash-3.2

    So in /etc/hosts, the easiest thing to do is to add that (this-host.domain.com) as an alias for localhost... So the line in /etc/hosts that currently reads

    ::1      localhost

    should be changed to read

    ::1      localhost this-host.domain.com

    The important thing is that whatever the hostname command returns needs to be in /etc/hosts to make it resolvable (Actually that's a little white lie... if you're somewhere that has the output from hostname resolvable already.. e.g. DHCP with DDNS) would work already.

    You can test your entry by typing

    ping `hostname`

    The Backtick characters are important... If ping says it can't resolve the name, then /etc/hosts isn't correct.

    H

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 20, 2014

    What does the java console on the Mac say if you bump the log/tracing up to level 5

     

    H

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Aug 20, 2014

    Oh!

     

    You aren't behind a proxy are you? Check that the proxy settings for your JVM are set (Or not set) appropriately.

     

    H