cancel
Showing results for 
Search instead for 
Did you mean: 

Dynamic terminal services bookmark.

SOLVED
Highlighted
Occasional Contributor

Dynamic terminal services bookmark.

Hello team,

 

I've configured dynamic terminal services bookmarks as described in KB28693 but I'm not able to make it works.

 

When the user logins the bookmark is created, but there is always error launching it:

"An internal state error has occurred. The remote session will be disconnected. Your local computer might be low on memory. Close some programs, and then try connecting to the remote computer again."

 

I'm using ldap attribute "otherIpPhone" as in KB28693... But now, if I change the ldap attribute to "ipPhone" or "facsimileTelephoneNumber", the bookmark works and the terminal session is launched...

Also, I tried a html5 boookmark using "otherIpPhone" attribute and it also worked. So, the problem couldn't be the ldap attribute. What am I doing wrong? Could be a bug? (I'm running version 9.1R4).

 

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Occasional Contributor

Re: Dynamic terminal services bookmark.

Hi Ray,

 

I made the tcpdump and observed the following message in RDP negotiation:

 

RDP negotiation failure: server requires enhanced RDP security with CredSSP.

 

Then I checked the bookmark section and realized that the checkbox "Network Level Authentication" was unmarked. I marked it and then it started to work.

 

Thank you very much, the topic can be closed.

View solution in original post

4 REPLIES 4
Highlighted
Moderator

Re: Dynamic terminal services bookmark.

@ssimartim Did you notice any events related to ACL check failing for the Terminal Services bookmark when the otherIPphone attribute was used? Other than that, I don't see a reason how this is working when using other attribute value.

PCS Expert
Pulse Connect Secure Certified Expert
Highlighted
Occasional Contributor

Re: Dynamic terminal services bookmark.

Hi,

 

I don't see any events related to ACL. I get this from a trace:

 

Start Policy [HOSTPORT/WINTERMSERV] evaluation for resource workstation.local:3389
Applying Policy [RP_WTS_My_PC]...
Action [Allow access] is returned
Policy [RP_WTS_My_PC] applies to resource

 

In the user access log, I see that the connection is created:

 

Connected to workstation.local port 3389
Closed connection to workstation.local port 3389 after 0 seconds, with 19 bytes read (in 1 chunks) and 47 bytes written (in 1 chunks)
Login succeeded for User-test (session:5cdf523e) from a.b.c.d with Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36 Edg/81.0.416.53.
Primary authentication successful for User-test from a.b.c.d

 

I definitely have no idea why this happens.

Highlighted
Moderator

Re: Dynamic terminal services bookmark.

Connected to workstation port 3389 is the indication of successful ACL check, so ACL is blocking the connection. Closed the connection after 0 seconds, implies that the RDP got closed, can you please capture a TCP Dump on the Internal port of the VPN server and see the traffic pattern?

PCS Expert
Pulse Connect Secure Certified Expert
Highlighted
Occasional Contributor

Re: Dynamic terminal services bookmark.

Hi Ray,

 

I made the tcpdump and observed the following message in RDP negotiation:

 

RDP negotiation failure: server requires enhanced RDP security with CredSSP.

 

Then I checked the bookmark section and realized that the checkbox "Network Level Authentication" was unmarked. I marked it and then it started to work.

 

Thank you very much, the topic can be closed.

View solution in original post