- This topic has 54 replies, 16 voices, and was last updated 4 years, 8 months ago by
.
-
Posts
-
Hello,
Basically we have 3 Wyse 3040 models on WTOS 8.4_110 firmware connected via a Windows Server 2016 RD Gateway server to a Windows Server 2016 RDSH Broker finally to a Windows Server 2016 RDS farm.
We patched the RD Gateway/TS Gateway server against this Microsoft vulnerability this past weekend :- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1040
and since the patching of our RD Gateway servers, these Wyse boxes cannot authenticate via the RD Gateway server to reach the RDSH broker and RDS servers.
What we did is revert the snapshot taken prior to patch the RD Gateway servers last Saturday and then tested the connection from these 3 Wyse boxes which were all successful, meaning that the June Microsoft security update broke the RD Gateway server.
My question would be :- Is there a way to specify in the WNOS.ini file, a parameter to force Kerberos authentication inside an RDP session instead of NTML v2 and if yes, how to achieve this?
I have not seen similar posts about this, so may be no other Wyse customers have not yet got this issue. If other contributors have got similar issues, please share same.
Thank you.
Lsavripen
Same problem here, FW 8.6_024 is already deployed to our Clients. This is a BIG issue!
Since johhen has already tried with 8.6_024 and having the same issue, I won’t even test it since the outcome will be same.
Is there a fix to it? We do not want to leave our RD Gateway servers unpatched for a month, and most importantly MSFT will release new cumulative updates in July, so we wanted to know if there will be a fix to it.
Can we escalate same to Dell Wyse support team?
Hi, Same problem for us. 8.4 & 8.6 : same result : Unable to connect via TSG.
but it work fine on direct connect to RDS.
Hi,
ticket already open !
Waiting for DELL support… Or new Security Update Patch from Microsoft.
Gilles
Same here, ticket logged with TechDirect support and escalated to our Wyse reseller account manager for follow up. Hope to see some progress update on same.
Will definitely share same with you all if we manage to get a fix to it.
Hi everyone,
We ran into a simlair if not the same issue recently after updating our TS gateway/ RD gateway servers as well, so i thought i would add our solution to it, in case it might help some of you.
We resolved the issue by removeing the following parameter:
From the Thin Client:
1. Log on with adm
2. Edit your RDS shortcut under home (Click on the cog in the right side of your shortcut).
3. Go under the Tab “Logon”
4. Remove the mark in “Use TS Gateway”
5. Try afterwardsFrom WMS:
1. Go under the Advanced Tab
2. add this parameter to a line
SessionConfig=RDP TSGWEnable=noWe run with 2016 server enviorment and Dell Wyse 3040 clients.
Wink, that’s not a solution. Your config is not using the gateway anymore and will connect directly to RDS hosts instead.
Johhen, I’m well aware of what the parameter does.
I’m not mentioning it as a final solution to your auth issues, but it should rather be seen as a potential work around until you get it resolved.
If it doesn’t fit your setup, then don’t put it to use.
Hi,
I can also confirm this is an issue after installing the latest patches from Microsoft. After removing the patches 4503267 and 4503294 from Server 2016 (RD gateway), the 3040’s are able to connect again.
Regards,
MostWareHi everyone,
Just to let you know that I am sending the network dump of the affected Wyse boxes to Dell TechDirect support tomorrow morning for their internal analysis.
They have confirmed that once I send these to them, they will get the development team to look into it in view of developing a fix in a future firmware release, however no timeline as such given to me.
Will keep you updated on same.
Regards,
Lsavripen
- You must be logged in to reply to this topic.