Hi,
I'm trying to get Microsoft Remote Desktop for Mac OS X 8.0.12 (Build 25282) to work with our Remote Desktop Gateway (WS2012R2). It works as expected with Windows PCs and even IOS devices but not the with Macs. Below is the error message we get on the Macs when trying to connect:

HTTPEndointException: 4, The non-Proxy http connection failed to connect with the message: DeniedHTTP/1.1 401 Unauthorized

Looking further at the log on the Macs we get this (names and IPs anonymized):

[2015-Jan-07 09:26:43] RDP (0): correlation id: 5aa39615-78dc-3a42-3101-5b18bd680000
[2015-Jan-07 09:26:43] RDP (0): Resolved 'rdg.ourdomain.net' to '10.10.10.10' using NameResolveMethod_DNS(1)
[2015-Jan-07 09:26:43] RDP (0): Resolved 'rdg.ourdomain.net' to '10.10.10.10' using NameResolveMethod_DNS(1)
[2015-Jan-07 09:26:43] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2015-Jan-07 09:26:43] RDP (0): Exception caught: Exception in file '../../librdp/private/httpendpoint.cpp' at line 315
    User Message : HTTPEndpointException: 4, The non-proxy http connection failed to connect with the message: DeniedHTTP/1.1 401 Unauthorized
[2015-Jan-07 09:26:43] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2015-Jan-07 09:26:43] RDP (0): Protocol state changed to: ProtocolDisconnected(8)

If I VPN in to the corp net from a Mac and specify the RD Gateway for the connection all is fine but as soon as I try to connect from the outside (Microsoft WAP with pass-through auth) things fail.

The WAP publishes the application as follows:

PS C:\Windows\system32> Get-WebApplicationProxyApplication -id a6414432-e93e-b515-4570-93943848a530| fl

ADFSRelyingPartyID                           :
ADFSRelyingPartyName                         :
BackendServerAuthenticationMode              : NoAuthentication
BackendServerAuthenticationSPN               :
BackendServerCertificateValidation           : None
BackendServerUrl                             : https://rdg.ourdomain.net/
ClientCertificateAuthenticationBindingMode   : None
ClientCertificatePreauthenticationThumbprint :
DisableHttpOnlyCookieProtection              : True
DisableTranslateUrlInRequestHeaders          : True
DisableTranslateUrlInResponseHeaders         : True
ExternalCertificateThumbprint                : 1D00299622A441A00A662D3ADC32092612466B96
ExternalPreauthentication                    : PassThrough
ExternalUrl                                  : https://rdg.ourdomain.net/
ID                                           : a6414432-e93e-b515-4570-93943848a530
InactiveTransactionsTimeoutSec               : 300
Name                                         : https://rdg.ourdomain.net
UseOAuthAuthentication                       : False
PSComputerName                               :

PS C:\Windows\system32>

Looking at the RD Gateway IIS logs I can see this:

2015-01-07 08:26:40 192.168.2.68 RPC_OUT_DATA /rpc/rpcproxy.dll localhost:3388 443 - 192.168.1.100 MSRPC - 401 2 5 15
2015-01-07 08:26:40 192.168.2.68 RPC_IN_DATA /rpc/rpcproxy.dll localhost:3388 443 - 192.168.1.100 MSRPC - 401 2 5 15
2015-01-07 08:26:40 192.168.2.68 RPC_OUT_DATA /rpc/rpcproxy.dll localhost:3388 443 - 192.168.1.100 MSRPC - 401 1 2148074254 15
2015-01-07 08:26:40 192.168.2.68 RPC_IN_DATA /rpc/rpcproxy.dll localhost:3388 443 - 192.168.1.100 MSRPC - 401 1 2148074254 15

The RPC directory is set up to use basic and Windows auth (HTTP 401 Challenge). It's as if the Mac client does not understand that it is supposed to provide credentials as reply to the 401 or the WAP is somehow interfering.

Any assistance would be greatly appreciated. Thanks in advance,

/Chris

Hi Christopher,

Thus from your description it appears that you can use the connection from MAC within internal network, but once you try to connect from internet then facing issue. 

As also this happens with MAC device, for this case suggest you try connecting with IP address instead of Servername and check whether there is any difference. If you can get any correct output then might your DNS issue not getting resolved from MAC end and for this you can clear the MAC App cache so that it can resolve the name and get you easily connected. 

Also you can try temporary disabling firewall on your system side to whom you are trying to remote access and check the difference. 

Hope it helps!

Thanks.

Hi Dharmesh and thanks for your reply. I tried connecting to RDS Desktop using IP via external RD Gateway (published via WAP) but it fails in the same way. Looking at the application log the external IP of the RD Gateway resolves correctly. I still get the DeniedHTTP/1.1 401 Unauthorized error which leads me to believe that the application is not responding correctly to an AUTH Challenge or at least that something is interfering with the response (Possible WAP). In addition, this environment have been working with TMG before we replaced it with WAP. However, I assume the version of the Mac RDS Client were different at that time as well.

Also, looking at ~/Library/Caches/ I cannot find anything that looks like the RDS Client cache. Do you know the name of the folder?

Br,

Christopher

I'm having exactly the same problem, very annoying...

Regards,

Kaare

I'm having exactly the same problem.

I replaced the Microsoft Remote Desktop app version 8.0.12 with version 8.08 and now it is working again. This leeds me to believe there is a problem with the App.

• Edited by JackbWP Monday, January 12, 2015 12:23 PM
• Proposed as answer by JackbWP Monday, January 12, 2015 12:23 PM

Hi,Can anyone from Microsoft confirm this? This is not really a real life workaround for companies and travelers where the apps auto update but interesting none the less.

Exactly the same problem here with Gateway 2012 R2 published behind squid reverseproxy (setup very similar to WAP setup mentioned here).

With Mac RDP 8.0.10 connections work without problems - with 8.0.12 it fails to connect with HTTPEndPointException.

However if i remove squid, directly port forwarding 443 from internet to Gateway 2012 R2 it works - both mac clients without any error. But as soon as a reverse proxy comes into play, 8.0.12 Mac Client fails.

No solution yet :-(

Regards, Martin.

Where can you get hold of an older version of Mac RDP? Preferably 8.0.10. I'm on 8.0.12 and have no backup from where I can extract an older version. Appstore only holds the current version...

Regards

Kaare

• Edited by Kaarecc Tuesday, January 13, 2015 3:01 PM

I have the same problem. The android Remote Desktop App just got updated and now is unusable when attempting to connect via a Terminal Services Gateway. Keep in mind that Windows Remote Desktop Clients still work as expected. I am not using the "Remote Desktop Market Place App" in windows though.

Microsoft please elaborate on what you did in your app so we can resolve this. The business world relies on your services (that we pay for), so arbitrarily pushing updates that are not fully tested is not acceptable.

Same problem here. OSX client and Android client. Here i'm running through a Sophos UTM Web Application Firewall (glorified reverse proxy).

@Joakim

We use Sophos too and I created a DNAT rule for the RD Gateway (instead of reverse proxy). Then it works.

• Edited by JackbWP Friday, January 23, 2015 12:39 PM

@Joakim

We use Sophos too and I created a DNAT rule for the RD Gateway (instead of reverse proxy). Then it works.

Of course DNAT means "simple" port forwarding. So you have absolutely *no* control over URLs or preauthentication. So it's not the same from the security perspective and in most scenarios not acceptable. MS should fix it's clients!

There is another discussion about the same problem with the mac osx remote desktop app. We are running a Sophos UTM with waf as well. No Connection with 8.0.12. 8.0.10 works.