Hi,
I'm trying to get Microsoft Remote Desktop for Mac OS X 8.0.12 (Build 25282) to work with our Remote Desktop Gateway (WS2012R2). It works as expected with Windows PCs and even IOS devices but not the with Macs. Below is the error message we get on the
Macs when trying to connect:
HTTPEndointException: 4, The non-Proxy http connection failed to connect with the message: DeniedHTTP/1.1 401 Unauthorized
Looking further at the log on the Macs we get this (names and IPs anonymized):
[2015-Jan-07 09:26:43] RDP (0): correlation id: 5aa39615-78dc-3a42-3101-5b18bd680000
[2015-Jan-07 09:26:43] RDP (0): Resolved 'rdg.ourdomain.net' to '10.10.10.10' using NameResolveMethod_DNS(1)
[2015-Jan-07 09:26:43] RDP (0): Resolved 'rdg.ourdomain.net' to '10.10.10.10' using NameResolveMethod_DNS(1)
[2015-Jan-07 09:26:43] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
[2015-Jan-07 09:26:43] RDP (0): Exception caught: Exception in file '../../librdp/private/httpendpoint.cpp' at line 315
User Message : HTTPEndpointException: 4, The non-proxy http connection failed to connect with the message: DeniedHTTP/1.1 401 Unauthorized
[2015-Jan-07 09:26:43] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
[2015-Jan-07 09:26:43] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
If I VPN in to the corp net from a Mac and specify the RD Gateway for the connection all is fine but as soon as I try to connect from the outside (Microsoft WAP with pass-through auth) things fail.
The WAP publishes the application as follows:
PS C:\Windows\system32> Get-WebApplicationProxyApplication -id a6414432-e93e-b515-4570-93943848a530| fl
ADFSRelyingPartyID :
ADFSRelyingPartyName :
BackendServerAuthenticationMode : NoAuthentication
BackendServerAuthenticationSPN :
BackendServerCertificateValidation : None
BackendServerUrl :
https://rdg.ourdomain.net/
ClientCertificateAuthenticationBindingMode : None
ClientCertificatePreauthenticationThumbprint :
DisableHttpOnlyCookieProtection : True
DisableTranslateUrlInRequestHeaders : True
DisableTranslateUrlInResponseHeaders : True
ExternalCertificateThumbprint : 1D00299622A441A00A662D3ADC32092612466B96
ExternalPreauthentication : PassThrough
ExternalUrl :
https://rdg.ourdomain.net/
ID :
a6414432-e93e-b515-4570-93943848a530
InactiveTransactionsTimeoutSec : 300
Name :
https://rdg.ourdomain.net
UseOAuthAuthentication : False
PSComputerName :
PS C:\Windows\system32>
Looking at the RD Gateway IIS logs I can see this:
2015-01-07 08:26:40 192.168.2.68 RPC_OUT_DATA /rpc/rpcproxy.dll localhost:3388 443 - 192.168.1.100 MSRPC - 401 2 5 15
2015-01-07 08:26:40 192.168.2.68 RPC_IN_DATA /rpc/rpcproxy.dll localhost:3388 443 - 192.168.1.100 MSRPC - 401 2 5 15
2015-01-07 08:26:40 192.168.2.68 RPC_OUT_DATA /rpc/rpcproxy.dll localhost:3388 443 - 192.168.1.100 MSRPC - 401 1 2148074254 15
2015-01-07 08:26:40 192.168.2.68 RPC_IN_DATA /rpc/rpcproxy.dll localhost:3388 443 - 192.168.1.100 MSRPC - 401 1 2148074254 15
The RPC directory is set up to use basic and Windows auth (HTTP 401 Challenge). It's as if the Mac client does not understand that it is supposed to provide credentials as reply to the 401 or the WAP is somehow interfering.
Any assistance would be greatly appreciated. Thanks in advance,
/Chris