• State Not Answered
  • +1 person also asked this people also asked this
  • Replies 1 reply
  • Subscribers 29 subscribers
  • Views 1090 views
  • Users 0 members are here
Options
Related

RDP failure - Authentication Failed

Mahmoud Emad
9 months ago

Hello All,

Do anyone have an idea why i get (Authentication Failed) while trying to initiate new RDP session from SPP.

We are connecting to Local workgroup machine with its administrator account. (i have tested RDP with the same account from local machine)

also confirmed 3389 port is open.

please check below logs:

2023-09-21T13:17:39+03:00 sps.add.local zorp/scb_rdp[2290]: scb.debug(6): (svc/wNzDjnAGcFeXUnJk9THNB6/safeguard_rdp:32/stub): Updating MetaDB with event; event_method='proxy.gateway_authentication_failure', parameters='{'connection': 'safeguard_rdp', 'connection_id': '54b38a6e-57ad-413b-9e41-f564eac51d1a', 'protocol': 'rdp', 'timestamp': 1695291459.2870202, 'session_id': 'svc/wNzDjnAGcFeXUnJk9THNB6/safeguard_rdp:32', 'src_ip': '10.90.11.249', 'client_hostname': None, 'src_port': 31657, 'username': 'Administrator', 'reason': 'N/A', '_channel_name': 'default-channel-name'}'
2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: rdp.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): Starting SSL layer;
2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: core.policy(1): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): Certificate verification failed; error='unable to get local issuer certificate', issuer='/CN=r11-mgm-65-demords', subject='/CN=r11-mgm-65-demords'
2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: core.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): TLS alert received; operation='write', alert_type='fatal', alert_reason='unknown CA'
2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: core.error(1): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): SSL handshake failed; side='server', error='error:1416F086:SSL routines:lib(20):tls_process_server_certificate:func(367):certificate verify failed:reason(134), supressed 1 messages'
2023-09-20T18:28:32+03:00 sps.add.local zorp/scb_rdp[2179]: core.error(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/client): Shutdown failed; attempt='1', error='Transport endpoint is not connected'
2023-09-20T18:28:42+03:00 sps.add.local zorp/scb_rdp[2179]: scb.audit(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53/rdp): Closing connection; connection='safeguard_rdp', protocol='rdp', connection_id='54b38a6e-57ad-413b-9e41-f564eac51d1a', client_ip='10.90.11.249', client_hostname='', client_port='36370', server_ip='10.1.65.1', server_hostname='', server_port='3389', gateway_username='sgadmin', remote_username='', verdict='ZV_REJECT', network_id=''
2023-09-20T18:28:42+03:00 sps.add.local zorp/scb_rdp[2179]: core.session(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:53): Ending proxy instance;
2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: core.error(3): (dispatch(SA(proto=1,addr=AF_INET(127.0.0.2:53896)))): Could not reverse address; nameservers='[]', address='10.90.11.249', details='request timed out'
2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: core.session(3): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54): Starting proxy instance; client_fd='7', client_address='AF_INET(10.90.11.249:36375)', client_hostname='None', client_zone='Zone(internet)', client_local='AF_INET(10.1.61.1:3389)', client_protocol='TCP', network_id=''
2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: rdp.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/rdp): User data not found in cache; redirection_id='4040d72b-e5eb-4f45-9703-584685972f0c'
2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: stub.error(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): (stderr) QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-zorp'
2023-09-20T18:28:46+03:00 sps.add.local zorp/scb_rdp[2179]: rdp.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/rdp): Inband data parsed; field='username', replacement_value='Administrator@localhost', server_port='3389', server_host='10.1.65.1'
2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: core.error(3): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Could not reverse address; nameservers='["10.1.63.1"]', address='10.1.65.1', details='request timed out'
2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Plugin call log follows; plugin_location='/opt/scb/var/plugins/aa/SGAA/main.py'
2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Plugin(aa/SGAA/main.py): Logging initialized to level=info
2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Plugin(aa/SGAA/main.py): Authenticating user Administrator with MFA identity of Administrator
2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): Plugin(aa/SGAA/main.py): Without 'token' authentication is denied
2023-09-20T18:28:51+03:00 sps.add.local zorp/scb_rdp[2179]: scb.info(4): (svc/t6wGgShbsB2PmzyRp4zzvZ/safeguard_rdp:54/stub): AA plugin authenticate hook result; verdict='DENY', gateway_user='None', gateway_domain='None'

  • 0 9 months ago

    Hi Mahmoud,

    This seems to be related to the target server RDP Certificate verification failed.

    Could you check if the target server RDP certificate is valid?

    If its not expired and all looks good then try adding the target server RDP certificate to SPS trusted CA certificates to see if that helps?

    Thanks!