Hi everyone!
I am sorry for opening another thread on this, but None of the existing threads was exclusively written RDG :)
The Problem is straight forward, WAF used to publish RDP over RDG on Server2008R2 RDG and Sophos UTM 9.411-3.
I configured the firewall profile and exceptions for rpc but I did not add /remoteDesktopGateway as it seems to change communication to a new protocol not supported by utm (not rpc via HTTP anymore?)
Windows 7 - 10 RDP (mstsc): works great (fast!)
Android Microsoft RDP Client: totally random error 0x3000008 (iOS adds a Zero in hex - 0x03000008) or multiple (up to 10x) credentials wrong popups (although correctly entered)
iOS Microsoft RDP Client: same behavior as andorid!
thats really frustrating as I wasn't able to find a bahvior behind the errors... as I said totally random, from time to time the first login works but sometimes you have to enter 3x the credentials to getover the 0x300008 error.
As I found out, the iis logs and RemoteGateway - Operational logs ond RDG server are clear and don't record anything, when the client recieves the 0x3000008 error.
So I checked the Sophos logs and found this to be the cause:
2017:04:19-17:25:19 * reverseproxy: id="0299" srcip="xxxx" localip="yyyy" size="13" user="-" host="xxxx" method="RPC_IN_DATA" statuscode="401" reason="-" extra="-" exceptions="-" time="9802" url="/rpc/rpcproxy.dll" server="remote.*.*" referer="-" cookie="-" set-cookie="-"
2017:04:19-17:25:19 * reverseproxy: id="0299" srcip="xxxx" localip="yyyy" size="13" user="-" host="xxxx" method="RPC_IN_DATA" statuscode="401" reason="-" extra="-" exceptions="-" time="1183" url="/rpc/rpcproxy.dll" server="remote.*.*" referer="-" cookie="-" set-cookie="-"
2017:04:19-17:25:19 * reverseproxy: id="0299" srcip="xxxx" localip="yyyy" size="20" user="-" host="xxxx" method="RPC_IN_DATA" statuscode="200" reason="-" extra="-" exceptions="-" time="5517" url="/rpc/rpcproxy.dll" server="remote.*.*" referer="-" cookie="-" set-cookie="-"
Up to here is expected behavior and looks equally when using mstsc.
(110)Connection timed out: [client xxx:63301] RPC_IN_DATA: Failed to sync Outlook Session af5b438e-a5d3-e542-75ca-90be05a20271: -1
(70015)Could not find specified socket in poll list.: [client xxx:63301] RPC_IN_DATA: There is no registered Outlook Session af5b438e-a5d3-e542-75ca-90be05a20271 in Cache
Now this is strange... it looks like utm is not able to identify the current mobile session to a previously established one. why does this never happen with mstsc??
I hope some Sophos guy can comment this because in the current state I cannot let users use rdg via Sophos as it is too unstable...
This thread was automatically locked due to age.
