Forum Replies Created
-
Posts
-
What’s confusing me is that NLA/Kerberos works just fine using userid/password, but fails using smart card. Are there any other smart card related settings (aside from RequireSmartCard=yes)?
Smart cards work just fine on Windows clients so it’s not network or server-related as far as I can tell.
Any help appreciated.
Thanks, Andrew.
Note: tcp chimney was already off but I disabled RSS and NetDMA on the virtualization host and also the RDSH virtual server and restarted them both. I still get the same error.
Apologies if forum rules don’t allow posting to existing questions.
I’m getting the same problem when I attempt to log on using a smart card. Password-based login appears to work. I’m using WMS to configure a C10LE running 8.3_109. NLA=Yes. Logon=Yes without NTLM.
Error message on Remote Desktop Services logon screen is “RD broker sign-on failed”.
The log records:
ERROR: pdu_recv_data: err code 104
KRB: Other error. Error code: -3001
I looked at MTU but everything appears okay there. I am loading the root (and intermediate) certificates which I’ve checked are okay. Time is set correcly. The RDSH servers are virtualized so don’t have NIC teaming (although the virtualization hosts have teamed NICs but I’m unable to touch those).
It appears to be a Kerberos negotiation issue (the wireshark trace found that it stops during TGS-REQ with an unreassembled packet) whereas the password-based negotiation succeeds.
I’ve looked extensively for more information on this issue but I’ve found very little. I’d be very grateful for any assistance please.
– Andrew.
I was able to get it to work. The CRL CDP in the certificate wasn’t good so I rebuilt the CA to have valid CDP information.
One thing that I came across might trip others up. The trick is that where it asks for an “Apache Intermediate Certificate” it is really asking for the ROOT certificate (in Base-64 format).
Thanks for the assistance.
Andrew.
