Hello All,
Do anyone have an idea why i get (Authentication Failed) while trying to initiate new RDP session from SPP.
We are connecting to Local workgroup machine with its administrator account. (i have tested RDP with the same account from local machine)
also confirmed 3389 port is open.
please check below logs:
2023-09-21T13:17:39+03:00 sps.add.local zorp/scb_rdp[2290]: scb.debug(6): (svc/wNzDjnAGcFeXUnJk9THNB6/safeguard_rdp:32/stub): Updating MetaDB with event; event_method='proxy.gateway_authentication_failure', parameters='{'connection': 'safeguard_rdp', 'connection_id': '54b38a6e-57ad-413b-9e41-f564eac51d1a', 'protocol': 'rdp', 'timestamp': 1695291459.2870202, 'session_id': 'svc/wNzDjnAGcFeXUnJk9THNB6/safeguard_rdp:32', 'src_ip': '10.90.11.249', 'client_hostname': None, 'src_port': 31657, 'username': 'Administrator', 'reason': 'N/A', '_channel_name': 'default-channel-name'}'
2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: rdp.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): Starting SSL layer; 2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: core.policy(1): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): Certificate verification failed; error='unable to get local issuer certificate', issuer='/CN=r11-mgm-65-demords', subject='/CN=r11-mgm-65-demords' 2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: core.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): TLS alert received; operation='write', alert_type='fatal', alert_reason='unknown CA' 2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: core.error(1): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): SSL handshake failed; side='server', error='error:1416F086:SSL routines:lib(20):tls_process_server_certificate:func(367):certificate verify failed:reason(134), supressed 1 messages' 2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: core.error(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/client): Shutdown failed; attempt='1', error='Transport endpoint is not connected' 2023-09-20T18:28:42+03:00 sps.add.local zorp/scb_rdp[2179]: scb.audit(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): Closing connection; connection='safeguard_rdp', protocol='rdp', connection_id='54b38a6e-57ad-413b-9e41-f564eac51d1a', client_ip='10.90.11.249', client_hostname='', client_port='36370', server_ip='10.1.65.1', server_hostname='', server_port='3389', gateway_username='sgadmin', remote_username='', verdict='ZV_REJECT', network_id='' 2023-09-20T18:28:42+03:00 sps.add.local zorp/scb_rdp[2179]: core.session(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53): Ending proxy instance; 2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: core.error(3): (dispatch(SA(proto=1,addr=AF_INET(127.0.0.2:53896)))): Could not reverse address; nameservers='[]', address='10.90.11.249', details='request timed out' 2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: core.session(3): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54): Starting proxy instance; client_fd='7', client_address='AF_INET(10.90.11.249:36375)', client_hostname='None', client_zone='Zone(internet)', client_local='AF_INET(10.1.61.1:3389)', client_protocol='TCP', network_id='' 2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: rdp.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/rdp): User data not found in cache; redirection_id='4040d72b-e5eb-4f45-9703-584685972f0c' 2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: stub.error(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): (stderr) QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-zorp' 2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: rdp.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/rdp): Inband data parsed; field='username', replacement_value='Administrator@localhost', server_port='3389', server_host='10.1.65.1' 2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: core.error(3): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Could not reverse address; nameservers='["10.1.63.1"]', address='10.1.65.1', details='request timed out' 2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Plugin call log follows; plugin_location='/opt/scb/var/plugins/aa/SGAA/main.py' 2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Plugin(aa/SGAA/main.py): Logging initialized to level=info 2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Plugin(aa/SGAA/main.py): Authenticating user Administrator with MFA identity of Administrator 2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Plugin(aa/SGAA/main.py): Without 'token' authentication is denied 2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): AA plugin authenticate hook result; verdict='DENY', gateway_user='None', gateway_domain='None'