[Bug 264528] net/freerdp: NLA fails to connect through gateway after 13.1 upgrade: rdg_process_close_packet:freerdp_set_last_error_ex E_PROXY_INTERNALERROR [0x800759D8]

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 264528] net/freerdp NLA connection failure through gateway on 13.1 , works fine on 13.0"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 29 Jul 2022 21:44:33 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264528

--- Comment #10 from alt2600@icloud.com ---
(In reply to VVD from comment #9)

unfortunately no dice, i even tried adding +enforce-tlsv1_2 which seemed to
just delay the erroring out


this is just trying out the box with the same settings that work from 13.0
bhyve X!! forwarded to my desktop using the older version of freerdp. I'll take
a harder look at the changelog to see if any other options exist, but I have to
log into work now so cannot play around. Its has to be something that is
different between 13.0 and 13.1 , and beyond openssl in base and clang I don't
know what else it could be. 


[16:55:19:583] [44161:0f212700] [DEBUG][com.freerdp.core] -
freerdp_connect:freerdp_set_last_error_ex resetting error state
[16:55:19:583] [44161:0f212700] [DEBUG][com.freerdp.client.common.cmdline] -
loading channelEx rdpdr
[16:55:19:583] [44161:0f212700] [DEBUG][com.freerdp.client.common.cmdline] -
loading channelEx rdpsnd
[16:55:19:583] [44161:0f212700] [DEBUG][com.freerdp.channels.drdynvc.client] -
VirtualChannelEntryEx
[16:55:19:583] [44161:0f212700] [DEBUG][com.freerdp.client.common.cmdline] -
loading channelEx drdynvc
[16:55:19:587] [44161:0f212700] [DEBUG][com.freerdp.primitives] - primitives
benchmark result:
[16:55:20:755] [44161:0f212700] [DEBUG][com.freerdp.primitives] -  * generic=
17
[16:55:20:906] [44161:0f212700] [DEBUG][com.freerdp.primitives] -  * optimized=
105
[16:55:20:906] [44161:0f212700] [DEBUG][com.freerdp.primitives] - primitives
autodetect, using optimized
[16:55:20:911] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - Enabling
security layer negotiation: TRUE
[16:55:20:911] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - Enabling
restricted admin mode: FALSE
[16:55:20:911] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - Enabling RDP
security: TRUE
[16:55:20:911] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - Enabling TLS
security: TRUE
[16:55:20:911] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - Enabling NLA
security: TRUE
[16:55:20:911] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - Enabling NLA
extended security: FALSE
[16:55:20:911] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - state:
NEGO_STATE_NLA
[16:55:20:911] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - Attempting NLA
security
[16:55:20:034] [44161:0f212700] [DEBUG][com.freerdp.core] -
freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
[16:55:20:034] [44161:0f212700] [DEBUG][com.freerdp.core] - connecting to peer
<redacted>
GatewayPassword: 
[16:55:24:948] [44161:0f212700] [DEBUG][com.winpr.sspi] -
InitSecurityInterfaceExA
[16:55:24:948] [44161:0f212700] [DEBUG][com.winpr.sspi.NTLM] - change state
from NTLM_STATE_INITIAL to NTLM_STATE_INITIAL
[16:55:24:948] [44161:0f212700] [DEBUG][com.winpr.sspi.NTLM] - change state
from NTLM_STATE_INITIAL to NTLM_STATE_NEGOTIATE
[16:55:24:948] [44161:0f212700] [DEBUG][com.winpr.sspi.NTLM] - Write flags
[0xe20882b7]
NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_NEGOTIATE_OEM|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_LM_KEY|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[16:55:24:948] [44161:0f212700] [DEBUG][com.winpr.sspi.NTLM] - change state
from NTLM_STATE_NEGOTIATE to NTLM_STATE_CHALLENGE
[16:55:24:981] [44161:0f212700] [DEBUG][com.winpr.sspi.NTLM] - Read flags
[0xe2898235]
NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_TARGET_TYPE_DOMAIN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_TARGET_INFO|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[16:55:24:981] [44161:0f212700] [DEBUG][com.winpr.sspi.NTLM] - change state
from NTLM_STATE_CHALLENGE to NTLM_STATE_AUTHENTICATE
[16:55:24:981] [44161:0f212700] [DEBUG][com.winpr.sspi.NTLM] - Write flags
[0xe288b235]
NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED|NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_TARGET_INFO|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[16:55:24:981] [44161:0f212700] [DEBUG][com.winpr.sspi.NTLM] - change state
from NTLM_STATE_AUTHENTICATE to NTLM_STATE_FINAL
[16:55:24:027] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] -
RDG_OUT_DATA authorization result: 101
[16:55:24:027] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] -
Upgraded to websocket. RDG_IN_DATA not required
[16:55:24:059] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] -
Handshake response received
[16:55:24:059] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] -
errorCode=RPC_S_OK, verMajor=1, verMinor=0, serverVersion=0,
extendedAuth=HTTP_EXTENDED_AUTH_SC|HTTP_EXTENDED_AUTH_PAA|HTTP_EXTENDED_AUTH_SSPI_NTLM
[0007]
[16:55:24:101] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] - Tunnel
response received
[16:55:24:101] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] -
serverVersion=0, errorCode=RPC_S_OK,
fieldsPresent=HTTP_EXTENDED_AUTH_SC|HTTP_EXTENDED_AUTH_PAA|HTTP_EXTENDED_AUTH_SSPI_NTLM
[0007]|HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID|HTTP_TUNNEL_RESPONSE_FIELD_CAPS
[0003]
[16:55:24:101] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] -
capabilities=HTTP_EXTENDED_AUTH_SC|HTTP_EXTENDED_AUTH_PAA|HTTP_EXTENDED_AUTH_SSPI_NTLM
[0007]|HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID|HTTP_TUNNEL_RESPONSE_FIELD_CAPS
[0003]|HTTP_CAPABILITY_TYPE_QUAR_SOH|HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN|HTTP_CAPABILITY_MESSAGING_SERVICE_MSG
[000d]
[16:55:28:882] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] - Tunnel
authorization received
[16:55:28:883] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] -
errorCode=RPC_S_OK,
fieldsPresent=HTTP_EXTENDED_AUTH_SC|HTTP_EXTENDED_AUTH_PAA|HTTP_EXTENDED_AUTH_SSPI_NTLM
[0007]|HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID|HTTP_TUNNEL_RESPONSE_FIELD_CAPS
[0003]|HTTP_CAPABILITY_TYPE_QUAR_SOH|HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN|HTTP_CAPABILITY_MESSAGING_SERVICE_MSG
[000d]|HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS|HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT
[0003]
[16:55:28:936] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] - Channel
response received
[16:55:28:936] [44161:0f212700] [DEBUG][com.freerdp.core.gateway.rdg] - channel
response errorCode=RPC_S_OK,
fieldsPresent=HTTP_EXTENDED_AUTH_SC|HTTP_EXTENDED_AUTH_PAA|HTTP_EXTENDED_AUTH_SSPI_NTLM
[0007]|HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID|HTTP_TUNNEL_RESPONSE_FIELD_CAPS
[0003]|HTTP_CAPABILITY_TYPE_QUAR_SOH|HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN|HTTP_CAPABILITY_MESSAGING_SERVICE_MSG
[000d]|HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS|HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT
[0003]|HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID|HTTP_CHANNEL_RESPONSE_OPTIONAL|HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT
[0007]
[16:55:28:936] [44161:0f212700] [DEBUG][com.freerdp.core.nego] -
RequestedProtocols: 3
[16:55:28:985] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - RDP_NEG_RSP
[16:55:28:985] [44161:0f212700] [DEBUG][com.freerdp.core.nego] -
RDP_NEG_RSP::flags = { [0x1f]
|EXTENDED_CLIENT_DATA_SUPPORTED|DYNVC_GFX_PROTOCOL_SUPPORTED|RDP_NEGRSP_RESERVED|RESTRICTED_ADMIN_MODE_SUPPORTED|REDIRECTED_AUTHENTICATION_MODE_SUPPORTED
}
[16:55:28:985] [44161:0f212700] [DEBUG][com.freerdp.core.nego] -
selected_protocol: 2
[16:55:28:985] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - state:
NEGO_STATE_FINAL
[16:55:28:985] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - Negotiated NLA
security
[16:55:28:985] [44161:0f212700] [DEBUG][com.freerdp.core.nego] -
nego_security_connect with PROTOCOL_HYBRID
[16:55:28:016] [44161:0f212700] [ERROR][com.freerdp.core] -
rdg_process_close_packet:freerdp_set_last_error_ex E_PROXY_INTERNALERROR
[0x800759D8]
[16:55:28:052] [44161:0f212700] [DEBUG][com.freerdp.core.nego] - Failed to
connect with NLA security

-- 
You are receiving this mail because:
You are the assignee for the bug.