Trent Johnsn wrote, On 11/22/2010 02:38 PM: > I having a problem reconnecting to a disconnected session on a server > farm running server2008r2 behind a hardware load balancer. > > In my configuration I have a kemp hardware load balancer, a session > broker and 2 terminal servers joined to the session broker. > > When I leave a connection on tsA, then reconnect on tsB the routing > token should send me back to tsA to reconnect my existing session. > > I suspect there are two separate but related problems. > > 1. If tls is enabled, the server certificate and commonName will change > to that of tsA. I see the following errors > > TLS Encryption negotiated > ssl_verify: error 20 (see 'man 1 verify' for more information) > certificate details: > Subject: > commonName = tsA.testwin.example.com > Issued by: > commonName = tsA.testwin.example.com > The server could not be authenticated. Connection security may be > compromised!
That is not an error - "just" a warning. I'm sure Marc-André can explain more. > TLS connection established > freerdp_chanman_post_connect: server name [10.0.14.142] > chan_man->num_libs [0] > ui_error: ERROR: pduType version must be 0 and 1 but is 0 and 0 AFAICS that is in violation of http://msdn.microsoft.com/en-us/library/cc240576.aspx . Can you please contact the load balancer vendor and ask them to comply with the MS specification? > ui_error: ERROR: - known bug for TLS mode - skipping rest of PDU Can you try to modify libfreerdp/rdp.c and disable the check and skip we have in rdp_recv? > Received Set Error Information PDU with reason 0 > run_xfreerdp: inst->rdp_check_fds failed > main thread, all threads did exit > > 2. Because of the above, I have tried connecting with tls disabled > (--no-tls) > When doing this, I can see that the routing token is received, but > reconnecting doesn't work quite right. In this case, I see the > following messages, and if I then abort the connection, and retry the > hardware load balancer will send my subsequent connection to tsA as > desired. > > freerdp_chanman_post_connect: server name [10.0.14.142] > chan_man->num_libs [0] > redirect flags: 31e > redirect_cookie_len: 36 > 0000 43 6f 6f 6b 69 65 3a 20 6d 73 74 73 3d 31 37 37 Cookie: msts=177 > 0010 39 34 39 39 30 31 38 2e 31 35 36 32 39 2e 30 30 9499018.15629.00 > 0020 30 30 0d 0a 00.. > redirect_username: trentl3 > redirect_domain: TESTWIN > redirect_password_len: 120 > redirect_target_fqdn: tsA.testwin.example.com > redirect_target_netbios_name: tsA > Redirecting to (null) as tren...@testwin > Received Set Error Information PDU with reason 0 > connecting to 10.0.14.142:3389 And then nothing happens? Can you make a wireshark trace and verify that it creates a second connection and provides the cookie listed above in the first chunk? > I can provide developers access to my test setup if needed. Thank you. You are welcome to send it to me in private mail. /Mads ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ Freerdp-devel mailing list Freerdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
