If you are Googling for software that allows you to use remote desktop from a Linux OS through a RD Gateway to another server – Stop! I spend hours doing the same with no luck. I tried out a bunch of tools with no luck either. Here is some of the tools I tried, which does NOT support this function:
- Remotedesktop Client
- Remote Desktop Viewer
- Remmina Remote Desktop Client
- 2X Client / Remote Desktop
- KRDC
- Jump Desktop
- Running MS mstsc through Wine
I have previously used iTap Mobile to set up connections through a Remote Gateway (also known as RD Gateway or TS Gateway) from a Mac. I read this could also be used for Linux OS’s. But when I went to their site, it turns out that iTap mobile has been discontinued because Microsoft released a new Microsoft Remote Desktop app. This Desktop App works for Windows, Mac and Android, but Linux is not mentioned anywhere. So I wrote the iTap team asking them for advice:
Hi iTap team
I’m looking for software which can connect me through an RD Gateway
(or TS gateway) to a terminal server. I can see you are referring to the new “Microsoft Remote Desktop app”
for Macs and Android.But what about Linux users like myself, is there an alternative to iTap now that you guys discontinued iTap?
This was their reply:
Hello
Thank you very much for your interest in iTap mobile RDP.
Unfortunately, not that I know of. As far as I know iTap mobile RDP was the only RDP client for Linux that offered RD Gateway support.We are very sorry for the inconvenience.
Best regards,
Stefan
So what did I do ? turned to the wonderful world of opensource software. FreeRDP is an awesome project started by Awake Coding aka Marc-André Moreau. It is still in development so bugs and missing documentation is to be expected. This tutorial will show you how to compile and use FreeRDP to connect to through a RD Gateway to a terminal server from Ubuntu 13.10 32 bit.
First thing is to install Git, if you already have this installed you can skip this step.
1. Open a terminal an type sudo apt-get install git
Ones we have Git installed, let?s get the source files from GitHub
2. Type git clone git://github.com/FreeRDP/FreeRDP.git
3. Type cd FreeRDP
We also need a bunch of dependencies for compiling and running FreeRDP
4. Type the following and press Enter
sudo apt-get install build-essential git-core cmake libssl-dev libx11-dev libxext-dev libxinerama-dev \
libxcursor-dev libxdamage-dev libxv-dev libxkbfile-dev libasound2-dev libcups2-dev libxml2 libxml2-dev \
libxrandr-dev libgstreamer0.10-dev libgstreamer-plugins-base0.10-dev
Now that we have all we need, the makefile must be generated.
5. Type cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON .
Finally start the build
6. Type make
Ones the installer had been build we can start installing the software itself
7. Type sudo make install
It will take a while to install but hopefully will without any errors. Ones FreeRDP is installed, there is just a little tweaking needed. We need to create a config file for FreeRDP which tells it where the FreeRDP library is placed.
8. Type sudo nano /etc/ld.so.conf.d/freerdp.conf
9. Inset the line /usr/local/lib/freerdp
10. Save and exit the file
We need to check that the line we inserted is read correctly by the system. For this we start the ldconfig function, and check the path with the which command.
11. Type sudo ldconfig
12. Type which xfreerdp
13. Start FreeRDP by typing xfreerdp
FreeRDP should now be installed correctly. If you have any problems doing this, please check the wiki a GitHub.
Let’s try using FreeRDP to connet to a terminal server though a RD Gateway server. The syntax is like this:
xfreerdp /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY
/gd:GATEWAYDOMAIN /gu:GATEWAYUSERNAME /gp:GATEWAYPASSWORDBut since I?m using then same account to identify myself to the RD Gateway, and the terminal server I only need to give one username and password.
14. Type xfreerdp /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY
15. When asked if you trust the certificate press y
So I get error that the Gateway certificate has changed. Someone has suggested that it is a bug in FreeRDP, because it has to handle both the RD gateways certificate and the terminal servers certificate. Anyway it is an easy fix since we can just use the /cert-ignore option.
16. Type xfreerdp /cert-ignore /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY
Success ! we have connected though the RD gateway to a Terminal server in a protected environment. Remember though that FreeRDP is still in development, so it might be buggy. If anybody knows other software or an easier way to connect to a Terminal Server though an RD Gateway please let me know.
Wow thank you very much this worked with Debian 7. At first it did not connect but it is working for now. I will continue to test it. This worked better than Remmina but it could be that Remmina uses an older version of freerdp.
Ever so close. Connection has issues with accessing win2003 term. server through a win2008 domain server: RPC Fault PDU:
status: RPC_S_INVALID_TAG (0x000006C5) Any thoughts?
Hi gord, thanks for your reply.
As I wrote it’s still in development and might be buggy. my best bed would be to have a look here: https://github.com/FreeRDP/FreeRDP/issues
Hi gord,
I have exactly the same issue.
I assume we can point to this document as well:
http://msdn.microsoft.com/en-us/library/cc231199.aspx
though I have no idea to overcome this.
After using the session succesfully in sporadically disconnects each time with this error:
rpc_client_frag_read: invalid fragment size: 13600 (max: 4088)
0000 48 54 54 50 2f 31 2e 30 20 35 30 33 20 52 50 43 HTTP/1.0 503 RPC
I am not sure if both are related.
for full disclosure: the failure occured running linux mint 16 cinnamon 32bit
This worked for me and saved me so much time. Thank you.
Hi Kinit
you are welcome, Glad you liked it!
This worked pretty well on Ubuntu 12.04; I only had to keep on working/ using my mouse otherwise the app frooze and I had to close terminal and reconnect.
After a complete reinstall of Ubuntu I reinstalled same way, using same script, suddenly does not work anymore…! I get:
transport_connect: getaddrinfo (Name or service not known)
Error: protocol security negotiation failure
Any ideas how to solve this?
Thanks
Hi PipoKoeien
What script are you referring to?
Try adding “-nego” flag.
SSL_read: Failure in SSL library (protocol error?)
SSL_read: Failure in SSL library (protocol error?)
SSL_read: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
rpc_client_frag_read: error reading fragment body
Unexpected RPC PDU type: 0
SSL_read: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
rpc_client_frag_read: error reading header
I am getting this error any idea?
Well im getting protocol security negotiation failure, im conecting to server 2012r2 terminal services 🙁
Hi Alejo
Hmm is Network Level Authentication (NLA) enabled on the server?
Try adding “-nego” flag.
I’m om Linux mint and I installed freerd-x11 with the synaptic package manager. Is this the same tool as described here and if yes why compile it from source?
Hi Mark
Couldn’t say, don’t have a mint box.
But if it works for you – No why would you compile for source?
I was getting “Error: protocol security negotiation or connection failure”.
Adding “-nego” flag to the command solved the problem:
xfreerdp /v:WORKSTATION /d:DOMAIN /u:USERNAME /p:PASSWORD /g:GATEWAY -nego
Hi Utopia
Thanks for your comment, hopefully it will helo resove sime of the issues people are having.
Awesome. This worked for me. Thank you.
Yikes, that laptop’s touchpad is annyoing. So my name is Thomas not ketThomas. Also that ! between the line “segmentation fault” and my final line doesn’t exist.
Hi Thomas
Are you using the same credentials to identify yourself to the gateway and the server itself? Maybe try out using the parematers /g:GATEWAY /gd:GATEWAYDOMAIN /gu:GATEWAYUSERNAME /gp:GATEWAYPASSWORD
I have the same error. I put in the gd and gu parameters but it’s the same.
It goes:
unable to connect to [computername]:3389
connected to [gateway]:443
connected to [gateway]:443
fatal_handler: signum=11
Segmentation fault (core dumped)
mint@mint ~ $ xfreerdp /cert-ignore /v:workstation /g:gateway /gd:domain /gu:username /gp:password
connected to gateway:443
connected to gateway:443
fatal_handler: signum=11
Segmentation fault
The username for the workstation and the gateway are the same.
I think freerdp has been updated. Now I’m getting something more than I was. I haven’t been able to duplicate the above error since reinstalling Mint 16 and xfreerdp. I’ve put it all in a script now called “filename.rdp” which just makes testing changes easier since you don’t have to type it all out every time. Inside the file is this information:
/cert-ignore
/v:computer
/d:domain
/u:user
/p:password
/g:gateway
/f
When I run xfreerdp filename.rdp, it returns this:
connected to gateway:443
connected to gateway:443
RPC Fault PDU:
status: RPC_S_INVALID_TAG (0x000006C5)
TsProxyCreateChannel: error reading response
freerdp_set_last_error 0x2000C
Error: protocol security negotiation or connection failure
I have another domain / system that we can successfully get connected to using the same format. The ONLY difference I can think of off the top of my head, is this secondary domain that we have has a fully qualified domain name, where the one that doesn’t work has an older .local domain name. I wonder if xfreerdp is designed to work with FQDN only?
I’m connecting to many different terminal server gateways and mostly this work fine. However I’ve noticed the pattern can’t connect to all machines which are Windows Server 2008 (not R2), rest are working fine. I’m getting error:
RPC Fault PDU:
status: RPC_S_INVALID_TAG (0x000006C5)
TsProxyCreateChannel: error reading response
freerdp_set_last_error 0x2000C
Error: protocol security negotiation or connection failure
Any advice?
Tried again today after a long time away. I can connect to a local windows machine but when I try to connect to one with a gateway using the following command I get the error listed below.
Anyone see anything wrong here?
Thanks!
xfreerdp /cert-ignore /v:myservername /d:domain /u:username /p:password /g:gateway-server -nego
——————————-
RPC Fault PDU:
status: RPC_S_INVALID_TAG (0x000006C5)
TsProxyCreateChannel: error reading response
freerdp_set_last_error 0x2000C
Error: protocol security negotiation or connection failure
Have you tried without the /cert-ignore flag?
Back to try again.
Yes, Same results.
Have you tried specifying the gateways domain, username and password?
Nice! Has anyone got this working in combination with smartcard support.
Built and connected today! Very nice.
Thanks for the great work!
One question, are there other configuration options that could be used, ie, to expand the screen and relay sound?
The RDP session is rather small and everything is compacted, and no sound comes through. Would be nice if those two things were possible to configure.
Hi RGIskard
You can use the /f flag for fullscreen. Dunno about th sound though.
Working beautifully with Xubuntu 12.04 and 14.04 – many thanks. Just one query … there is no /usr/local/lib/freerdp on my system, so what does it do in /etc/ld.so.conf.d/freerdp.conf?
This is amazing, it works! I’m using it on Gentoo, and it worked on the first try.
I think it’s pretty amazing that we have a software that works immediately, but has no GUI. I mean, you don’t need much of a GUI to be able to get input there instead of having to provide a long command. I also really don’t like writing my password on the command line, in clear text.
I wish the client had a “ask for password” setting.
I had same concern so a bit of searching found this:
http://unix.stackexchange.com/questions/119880/make-freerdp-prompt-user-for-username-and-password
Basically I edited the code to prompt for remote computer, username, domain, gateway etc. I had a little trouble with passwords that include special characters so escaped the password with double quotes (” “).
#!/bin/bash
xfreerdp \
/v:$(zenity \
--entry \
--title="Remote Computer" \
--text="Enter the computer name") \
/u:$(zenity \
--entry \
--title="Username" \
--text="Enter your Username") \
/p:"$(zenity \
--entry \
--title="Domain Password" \
--text="Enter your password:" \
--hide-text)" \
/d:$(zenity \
--entry \
--title="Domain Name" \
--text="Enter the Domain Name") \
/f \
/g:$(zenity \
--entry \
--title="Gateway" \
--text="Enter the Gateway") \
/cert-ignore
So if you have zenity installed this may be a solution – it worked for me.
Nice work…
Before I dig in and try this I need to get a Cisco VPN client working. Assuming I succeed witll this use the VPN to link to the remote RDP server?
Can’t see why it would’nt work over a vpn connection.
You’re a life saver!
thank you, thank you!
Finally a way to get connected to my work-windows server environment.
But does anybody know how to change the screen resolution? becaus now its a really small window
Hi Dick
You can use the /f flag for fullscreen.
I followed the tutorial but I still have a mistake
[ERROR][com.freerdp.core] – freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[ERROR][com.freerdp.core.connection] – Error: protocol security negotiation or connection failure
[ERROR][com.freerdp.client.x11] – Freerdp connect error exit status 1
Do you have an idea ?
Thank you
Steeven.