bolkedebruin/rdpgw

RDS Session Collection

Opened this issue · 3 comments

Hello, first off thank you for this amazing project.

I have been looking for a way to add MFA support to RDGateway without having to use NPS and Azure MFA
we have RDS Collections with multiple Session Host in each Collection.
I added the collection DNS name under the Host section but was running into an issue with the policy handler when the session was redirected to another session host.

2023/12/08 18:32:38 Verifying 192.168.1.111:3389 host connection
2023/12/08 18:32:38 Client specified host 192.168.1.111:3389 does not match token host 192.168.1.113:3389
2023/12/08 18:32:38 Not allowed to connect to 192.168.1.111:3389 by policy handler
2023/12/08 18:32:43 Error reading from local conn EOF

so, I removed the code that checks the policy. if p.gw.CheckHost != nil { }
now I get "connection terminated because an unexpected server authentication certificate was received." when redirected to any of the other session hosts. it appears to only connect when I'm connected to the first A record resolved by DNS for the collection name.

are there any plans to support the use of a connection broker and multiple Session Host?

You can try setting HostSelection: any in the config, that might get around it.

Nope, tested it but no go. If you remove all the checks from the CheckSession function in cmd/rdpgw/security/jwt.go you can get it work, but probably not what you want.

Hello @svinson1121
same use case for me as you mentionned here
Did you find something for working with rdpgw ?

Also the RDP file being generated seems to be missing collection information:
use redirection server name:i:1
loadbalanceinfo:s:tsv://MS Terminal Services Plugin.1.Collection