Trent Johnsn wrote, On 11/22/2010 02:38 PM:
> I having a problem reconnecting to a disconnected session on a server
> farm running server2008r2 behind a hardware load balancer.
>
> In my configuration I have a kemp hardware load balancer, a session
> broker and 2 terminal servers joined to the session broker.
>
> When I leave a connection on tsA, then reconnect on tsB the routing
> token should send me back to tsA to reconnect my existing session.
>
> I suspect there are two separate but related problems.
>
> 1. If tls is enabled, the server certificate and commonName will change
> to that of tsA.  I see the following errors
>
> TLS Encryption negotiated
> ssl_verify: error 20 (see 'man 1 verify' for more information)
> certificate details:
>    Subject:
>      commonName                = tsA.testwin.example.com
>    Issued by:
>      commonName                = tsA.testwin.example.com
> The server could not be authenticated. Connection security may be
> compromised!

That is not an error - "just" a warning. I'm sure Marc-André can explain 
more.

> TLS connection established
> freerdp_chanman_post_connect: server name [10.0.14.142]
> chan_man->num_libs [0]
> ui_error: ERROR: pduType version must be 0 and 1 but is 0 and 0

AFAICS that is in violation of 
http://msdn.microsoft.com/en-us/library/cc240576.aspx . Can you please 
contact the load balancer vendor and ask them to comply with the MS 
specification?

> ui_error: ERROR: - known bug for TLS mode - skipping rest of PDU

Can you try to modify libfreerdp/rdp.c and disable the check and skip we 
have in rdp_recv?

> Received Set Error Information PDU with reason 0
> run_xfreerdp: inst->rdp_check_fds failed
> main thread, all threads did exit
>
> 2. Because of the above, I have tried connecting with tls disabled
> (--no-tls)
> When doing this, I can see that the routing token is received, but
> reconnecting doesn't work quite right.  In this case, I see the
> following messages, and if I then abort the connection, and retry the
> hardware load balancer will send my subsequent connection to tsA as
> desired.
>
> freerdp_chanman_post_connect: server name [10.0.14.142]
> chan_man->num_libs [0]
> redirect flags: 31e
> redirect_cookie_len: 36
> 0000 43 6f 6f 6b 69 65 3a 20 6d 73 74 73 3d 31 37 37 Cookie: msts=177
> 0010 39 34 39 39 30 31 38 2e 31 35 36 32 39 2e 30 30 9499018.15629.00
> 0020 30 30 0d 0a                                     00..
> redirect_username: trentl3
> redirect_domain: TESTWIN
> redirect_password_len: 120
> redirect_target_fqdn: tsA.testwin.example.com
> redirect_target_netbios_name: tsA
> Redirecting to (null) as tren...@testwin
> Received Set Error Information PDU with reason 0
> connecting to 10.0.14.142:3389

And then nothing happens? Can you make a wireshark trace and verify that 
it creates a second connection and provides the cookie listed above in 
the first chunk?

> I can provide developers access to my test setup if needed.

Thank you. You are welcome to send it to me in private mail.

/Mads



------------------------------------------------------------------------------
Increase Visibility of Your 3D Game App & Earn a Chance To Win $500!
Tap into the largest installed PC base & get more eyes on your game by
optimizing for Intel(R) Graphics Technology. Get started today with the
Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs.
http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________
Freerdp-devel mailing list
Freerdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel

Reply via email to