tjbradford
Technical User
Error: Must authenticate before using this service.
if you have this error passing rdp through your pix/asa and you suspect it to be an issue with the version of rdp your using, and its telling you the following:
because of a protocol error detected at the client (code 0x1104)
then think again, it's most lightly the pix/asa playing man in the middle.
first off you can try to telnet the ip of the rdp box
telnet svr-rdp 23 - yeah 23 is the correct port for this test(and no you dont need the telnet port open on the svr)
if your prompted with a username and password prompt then enter the credentials that you would use to login to the firewall, this is actually authorizing you to passthrough the pix/asa
if you telnet svr-rdp 3389 (rdp port) and it says:
Error: Must authenticate before using this service.
again the firewall is stopping you.
in the pix/asa config look for something like the following
aaa authorization include tcp/0 inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 TACACS+
it may also say outside
remove this command and it should fix your issue's
hope this is of use, there are alot of posts on the internet about this problem and they all blame rdp when infact it's not microsoft (for a change)
if you have this error passing rdp through your pix/asa and you suspect it to be an issue with the version of rdp your using, and its telling you the following:
because of a protocol error detected at the client (code 0x1104)
then think again, it's most lightly the pix/asa playing man in the middle.
first off you can try to telnet the ip of the rdp box
telnet svr-rdp 23 - yeah 23 is the correct port for this test(and no you dont need the telnet port open on the svr)
if your prompted with a username and password prompt then enter the credentials that you would use to login to the firewall, this is actually authorizing you to passthrough the pix/asa
if you telnet svr-rdp 3389 (rdp port) and it says:
Error: Must authenticate before using this service.
again the firewall is stopping you.
in the pix/asa config look for something like the following
aaa authorization include tcp/0 inside 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 TACACS+
it may also say outside
remove this command and it should fix your issue's
hope this is of use, there are alot of posts on the internet about this problem and they all blame rdp when infact it's not microsoft (for a change)