2FA Wyse unable to connect to RDWeb

Tagged: , ,

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #46356
    franzblatt
    Participant
    • Total Post: 1
    • Newbie

    I’m currently testing out a Wyse 3030 running ThinOS PCoIP 8.5_009 which is set up to connect to a Microsoft RDP broker (terminal server). I’ve enabled sign on with smartcards as being optional (they will be required in our environment), loaded all certificates and connected the device to a NTP server.

    At the moment, I am able to “sign into” the RDP broker at the Wyse logon screen using my domain username and password. When I attempt to log on with my smartcard, the (Wyse) system event log records these two errors:

    ERROR: pdu_recv_data: err code 104
    KRB: Other error. Error code: -3001

    I can’t seem to find any information about these errors other than on this post:
    https://technicalhelp.de/forums/topic/pdu_recv-err-code-104/

    The IIS trace log on the server side seems to give a bit more information – the log reports that an ASPXAUTH session cookie is not being sent from the client to the server when logging in with a smartcard, but when logging in with a username/password, the log immediately reports the SID of the user and authenticates successfully.

    The IIS error I receive is (something like):

    w3wp.exe Info Verbose 26 FedAuth Module :In OnAuthenticateReq no .ASPXAUTH cookie supplied.
    w3wp.exe Info Verbose 26 FedAuth Module :Detected Unauthorized access, redirecting to logon page.

    I’ve enabled SSO on the RDWeb IIS page as well, but I still receive the same error.

    All of our Windows clients are functional with smartcard logon/auth, and the time seems to be correct on the 3030 device, from the date at the beginning of the log and the time that the errors occur. All smartcard authentication and passthrough works perfectly fine once connected to the terminal server.

    ~ Franz

    — wnos.ini —

    ;*************************************************************
    ;* *
    ;* This wnos.ini file was generated with the *
    ;* Configuration Generator 8.2.01 *
    ;* Copyright by Thomas Moellerbernd *
    ;* *
    ;* https://technicalhelp.de *
    ;* *
    ;*************************************************************

    ;*************************************************************
    ;* General 1 *
    ;*************************************************************

    autoload=2 LoadPkg=0

    ;*************************************************************
    ;* General 2 *
    ;*************************************************************

    Fastdisconnect=yes Altkey=yes
    FastDisconnectKey=F12
    Locale=English
    PlatformConfig=all EOLWarning=no

    ;*************************************************************
    ;* General 3 *
    ;*************************************************************

    NoticeFile=notice.txt Title=NOTICE ButtonCaption=I ACCEPT

    ;*************************************************************
    ;* Privilege *
    ;*************************************************************

    CoreDump=Disabled

    ;*************************************************************
    ;* Services *
    ;*************************************************************

    Service=SNMPD disable=yes
    Service=WDM disable=yes
    Service=VDA disable=yes

    ;*************************************************************
    ;* Time *
    ;*************************************************************

    Timeserver=ntp.testdomain.com Timeformat=”24-hour format” Dateformat=yyyy/mm/dd
    TimeZone=’GMT + 01:00′ ManualOverride=yes Daylight=yes Start=030507 End=100507 TimeZoneName=”Romance”

    ;*************************************************************
    ;* Network *
    ;*************************************************************
    ; If you are using a version of WTOS code < 7.1_133 please use:
    ; RapportDisable= instead of WDMService=
    WDMService=No Discover=no
    CCMEnable=No CAValidation=no Discover=no IgnoreMQTT=yes
    Device=Ethernet Speed=”Auto” MTU=1412

    AddCertificate=root.cer
    AddCertificate=intermediate.cer
    AddCertificate=termsrv.cer

    SecurityPolicy=warning

    VDIBroker=termsrv.testdomain.com
    ConnectionBroker=Microsoft

    SignOn=Yes ConnectionManager=Maximize RequireSmartcard=optional SCRemovalBehavior=0 ClearUser=yes
    ;DomainList=”testdomain”
    SelectServerList=VDI \
    Description=”TestdomainLogon” Host=”termsrv.testdomain.com” \

    ;*************************************************************
    ;* RDP *
    ;*************************************************************

    SessionConfig=ALL UnmapPrinters=no Smartcards=yes MapDisks=yes DefaultColor=2 EnableNLA=no EnableRecord=yes EnableGFX=yes

    ;————————————————————-
    ;- RDP Session 1 –
    ;- Each line but the last must end with a ‘\’ –
    ;————————————————————-

    CONNECT=RDP \
    Host=termsrv.testdomain.com \
    Description=”TerminalServer” \
    AutoConnect=yes \
    Domainname=TESTDOMAIN \
    LocalCopy=no

    ;*************************************************************
    ;* Troubleshooting *
    ;*************************************************************

    Privilege=High EnableTrace=yes

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.