F5 APM Webtop - RDP Session Logging
Hello F5 Experts, I am relatively new to the F5 advanced ecosystem, am trying to generate useful logs from our APM Webtop environment and am hoping that someone can point me in the correct direction. I am trying to log the following things from our environment: Initial login's to the Webtop including ClientIP, Webtop portal address, Browser UserAgent, Client Username. (Optional) Client group membership/published resources when they log into Webtop. When a client opens a Web Portal Access from within Webtop including,ClientIP, Webtop portal address, Browser UserAgent, Client Username, Web Portal Access Address. (It would be good to get their session duration for this but that might not be fesable). When a client opens a RDP link from within the Webtopincluding,ClientIP, Webtop portal address, Browser UserAgent, Client Username, RDP Address, SessionCookie(?). When a client connects to a RDP session though the Webtop using one of the downloaded links,ClientIP, Webtop portal address, Client Username, RDP Address, SessionCookie(?), Session start and end time (Maybe two different log events?). From what I can tell this is likely to be an iRule. I think I have an idea how to do the Webtop portal logging, but what is really eluding me is how to log the RDP session connection and duration. Any help or a direction where to look would be greatly appreciated. Thank you,425Views0likes1CommentAPM - User Defined RDP in version 13 - digital signature issue
I'm testing out v13 and User Defined RDP via webtop in my lab and am getting the following message when launching the .RDP file: "The digital signature of this RDP File cannot be verified. The remote connection cannot be started." Has anyone run into this at all? I'm wondering if it could be related to the use of default "clientssl" and "serverssl" profiles for the Virtual Server associated with the Access Policy.1.4KViews0likes7CommentsRDP connection via application access fails when client certificate is set to require
I've set up a VIP with a client SSL profile that requires a certificate. The access policy on this VIP has some resource assignments: network access, rdp application access and rdp via app tunnel access. All of these resources work just fine, except the rdp application access. The connection is not established and the handshake gives this failure: TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 269 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 3 Certificates Length: 0 Handshake Protocol: Client Key Exchange However, another resource works just fine: TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 269 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 3 Certificates Length: 2647 Handshake Protocol: Client Key Exchange In the first capture, the certificate length is 0. In the second one it is 2647. Now, I've set the client SSL profile to 'request' and all resources work just fine. Can someone shed some light on this issue? Why does it fail when set to 'require'?504Views0likes5CommentsAPM :: Remote Desktop List :: Monitor Span/Multimon
Has anybody been able to get monitor spanning to work with an RDP access resource? Neither of these parameters appear to work: I opened a support case with F5 - but the engineer was not entirely helpful. When asking about Java RDP spanning: The short answer is no, Span support isn't available for the Java RDP client. It is possible to configure the MSTSC.exe client to support span however if you absolutely need it. This has been brought up as an RFE on multiple occasions and is a limitation of the underlying Java RDP implementation that PD has said they won't change. When asking about RDP spanning with the native (Windows) client: I am certain I have seen the mstsc monitor span successful with the *span monitors:i:1*. I don't recall off hand if it was using an access portal or the client itself. When pressing about the response: I only saw it work in a lab environment when I was testing against a previous bug with the active x control RDP module. I hadn't configured it, one of my colleagues did and I may have been mistaking what I saw (he may have been connecting directly to a windows box, not through the F5). Does he just not feel like helping people today? If that was my answer to one of my customers I'd be getting some heat from my boss. Our SE says that Mac will have an official RDP launch client (non-Java) and the mstsc launcher has some updates in version 13 that's coming out soon. Not sure if that's the root of my problems or not - and I'm not really interested in upgrading to .0 code right now... so I'd really like to get this to work at least on Windows... Mac is what it is at the moment unless I buy the HOB client (which I likely won't get approval for from management - not to mention it will look really bad when I ask for more money to do something we already have working in the environment with the solution we're replacing ). Thanks-356Views0likes1CommentMicrosoft Server 2016 Remote Desktop Session Host
I have a customer who would like his MS Remote Desktop to be delivered through our LTMs. The issue that I'm running into is the servers he's using. The deployment guides include Server 2008/2012, but he's using 2016. Is there somewhere posted what the Send/Receive strings will be on the health monitors if the pool members are 2016 servers? https://www.f5.com/pdf/deployment-guides/microsoft-rds-session-host-dg.pdf595Views0likes2CommentsAPM Logging RDP Target hostname
Hi All, Have APM configured as an RDP gateway, clients use the native RDP client with a prompt for the target RDP hostname. How can log the the target RDP hostname in the APM log? The RDP target hostname is logged if I enable the debug logging profile for the RDG-RAP profile but I would prefer not to do this as I only want the RDP hostname logged. Thank you478Views0likes1CommentMultiple remote desktop (VMware View and RDP) on APM webtop
Hello, We use the F5 APM to present an portalaccess that present an RDP remote desktop to connect users to their RDP session for entreprise user's that need to do home office. We have now an new VDI VMware environement that going to replace the RDP environnement. So my question is : Can we present on the webtop portal both RDP remote desktop and VMware View remote desktop ? I trying to do that but if I present the RDP remote dektop the second VMware view desktop doesn't appear on my webtop ?? but if I present only the VMware view remote desktop it's appear on my webtop ?? Let my know if my question is not clear...my English is very bad. Thank you guys Regards,440Views0likes1CommentF5 APM and Remote Desktop Gateway
I'm having a weird issue with RDG and APM currently single sign on works internally and externally however when we try to launch any app externally it is saying unable to connect to the remote desktop gateway internally this works perfectly. Even weirder when I just load balance the RDG servers without APM everything works fine externally/internally which makes me think there is no firewall issue. Right now we have a VIP with APM and SSO is configured as below: NameRDS Partition / PathCommon SSO MethodForms Credentials Source Username Source session.sso.token.last.username Password Source session.sso.token.last.password SSO Method Configuration Start URI /RDWeb/Pages/en-US/login.aspx Pass ThroughEnable Form Method POST Form Action Form Parameter For User Name DomainUserName Form Parameter For Password UserPass Hidden Form Parameters/ValuesSuccessful Logon Detection Match Type None By Resulting Redirect URL By Presence Of Specific String In Cookie Successful Logon Detection Match Value /RDWeb/Pages/en-US/default.aspx560Views0likes2Commentschrome 84 blocking rdp native
chrome 84 being released publicly since july 14; has caused our home remote access users using chrome to be blocked form launch the f5 apm rdp native icon (.rdp file) "launch.rdp may be dangerous, so Chrome has blocked it" the only workaround we know of is to tell chrome to turn off safe browsing, there is not granular setting to only allow the remote access url site. anyone else have this issue recently?Solved622Views0likes2CommentsAPM - RDP AppTunnel with Multiple monitors
Hi, I'm trying to get the RDP Application Access to pick up on multiple monitors on the client side. (normally done by adding the parameter /multimon into the command). However, when adding this into the RDP Application Access object, no luck. You can get this to work by building your own "custom" AppTunnel, create standard AppTunnel, include application path to mstsc.exe, point to the local proxy IP and then add the /multimon parameter). Unfortunately, the AppTunnel doesn't seem to provide SSO integration (probably because it's too generic and it doesn't know how to intercept the authentication screen. So, does anyone know how to get RDP Application Access to work with multiple monitors, or failing that, how to implement SSO on a normal AppTunnel for RDP? Thanks in advance!Solved1.4KViews0likes5Comments