FreeRDP: Protocol Security Negotiation Failure

I cloned the latest repository and built the source locally as mentioned here

I have done that successfully. Now I’m trying to connect to Hyper-V VM

My command is

xfreerdp -nego -sec-nla /u:<domain>\<user> /p:<pass> /v:10.44.96.117 /vmconnect:b510551d-1aed-4946-8f7b-9a5e0bcbc9be

Output I get is

[14:29:42:194] [16478:16479] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[14:29:42:194] [16478:16479] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x2000C]
[14:29:42:194] [16478:16479] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure
[14:29:42:194] [16478:16479] [ERROR][com.freerdp.client.x11] - Authentication only, exit status 1

I’m sure username and password are correct.

About this issue

  • Original URL
  • State: closed
  • Created 9 years ago
  • Comments: 40 (11 by maintainers)

Most upvoted comments

Please re-open the bug

Still broken in:

freerdp-nightly_2.0.0+0~20190305024829.637~1.gbp435872_amd64.deb

$ xfreerdp --version
This is FreeRDP version 2.0.0-dev5 (n/a)

$ xfreerdp /u:sfhr\spalmer2 /p:topsecret /v:pc06306
[15:18:40:601] [17035:17036] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[15:18:40:601] [17035:17036] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[15:18:40:601] [17035:17036] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[15:18:43:664] [17035:17036] [ERROR][com.freerdp.core.transport] - BIO_should_retry returned a system error 32: Broken pipe
[15:18:43:664] [17035:17036] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[15:18:43:664] [17035:17036] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[15:18:43:664] [17035:17036] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure
+2
skewty on Mar 7, 2019

Can this ticket be re-opened? or is there a different one:

The connection says: ERRCONNECT_PASSWORD_CERTAINLY_EXPIRED Which is incorrect. a) my passwords works just fine with when logging into windows. b) logging in as domain administrator still the same problem, and that password never expires.

I’m unable to login into the server, it looks like after recent reboot after MS updates.

Can anybody tell me what the issue might be? (This is also affecting remmina)

aptitude show remmina Package: remmina
Version: 1.2.0-rcgit.27+dfsg-3~bpo9+1

xfreerdp /u:"myuser" /v:"server1" /d:"mydomain"
Password: 


[14:11:52:552] [17987:17988] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_PASSWORD_CERTAINLY_EXPIRED [0x0002000F]
[14:11:52:552] [17987:17988] [ERROR][com.freerdp.core.transport] - BIO_read returned an error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
[14:11:52:552] [17987:17988] [ERROR][com.freerdp.client.x11] - Freerdp connect error exit status 1


zzzz@e7470:~$ xfreerdp /u:"zzz" /v:"zzzz" /d:"zzzz" /log-level:TRACE

[14:13:01:549] [18003:18004] [DEBUG][com.freerdp.client.x11] - Searching for XInput pointer device
[14:13:01:549] [18003:18004] [DEBUG][com.freerdp.client.x11] - Pointer device: 11
[14:13:01:549] [18003:18004] [DEBUG][com.freerdp.core.nego] - Enabling security layer negotiation: TRUE
[14:13:01:549] [18003:18004] [DEBUG][com.freerdp.core.nego] - Enabling restricted admin mode: FALSE
[14:13:01:549] [18003:18004] [DEBUG][com.freerdp.core.nego] - Enabling RDP security: TRUE
[14:13:01:549] [18003:18004] [DEBUG][com.freerdp.core.nego] - Enabling TLS security: TRUE
[14:13:01:549] [18003:18004] [DEBUG][com.freerdp.core.nego] - Enabling NLA security: TRUE
[14:13:01:550] [18003:18004] [DEBUG][com.freerdp.core.nego] - Enabling NLA extended security: FALSE
[14:13:01:550] [18003:18004] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_NLA
[14:13:01:550] [18003:18004] [DEBUG][com.freerdp.core.nego] - Attempting NLA security
[14:13:01:551] [18003:18004] [DEBUG][com.freerdp.core.nego] - RequestedProtocols: 3
[14:13:01:553] [18003:18004] [DEBUG][com.freerdp.core.nego] - RDP_NEG_RSP
[14:13:01:553] [18003:18004] [DEBUG][com.freerdp.core.nego] - selected_protocol: 2
[14:13:01:553] [18003:18004] [DEBUG][com.freerdp.core.nego] - state: NEGO_STATE_FINAL
[14:13:01:553] [18003:18004] [DEBUG][com.freerdp.core.nego] - Negotiated NLA security
[14:13:01:553] [18003:18004] [DEBUG][com.freerdp.core.nego] - nego_security_connect with PROTOCOL_NLA
[14:13:01:558] [18003:18004] [DEBUG][com.winpr.utils] - Could not open SAM file!
Password: 
[14:13:09:773] [18003:18004] [DEBUG][com.winpr.sspi] - InitSecurityInterfaceExA
[14:13:09:773] [18003:18004] [TRACE][com.freerdp.core.nla] -  InitializeSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
[14:13:09:773] [18003:18004] [DEBUG][com.freerdp.core.nla] - Sending Authentication Token
[14:13:09:775] [18003:18004] [TRACE][com.freerdp.core.nla] - InitializeSecurityContext  
........
SEC_I_COMPLETE_NEEDED [0x00090313]
[14:13:09:775] [18003:18004] [DEBUG][com.freerdp.core.nla] - Sending Authentication Token
......
......
[14:13:09:777] [18003:18004] [ERROR][com.freerdp.core] - **freerdp_set_last_error ERRCONNECT_PASSWORD_CERTAINLY_EXPIRED [0x0002000F]**
[14:13:09:777] [18003:18004] [ERROR][com.freerdp.core.transport] - BIO_read returned an error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
[14:13:09:777] [18003:18004] [DEBUG][com.freerdp.core.transport] - transport_check_fds: transport_read_pdu() - -1
[14:13:09:777] [18003:18004] [DEBUG][com.freerdp.core.rdp] - transport_check_fds() - -1
[14:13:09:777] [18003:18004] [ERROR][com.freerdp.client.x11] - Freerdp connect error exit status 1
+2
mrinterestfull on Mar 22, 2018

I have the same problem as @lszyba1. Adding /sec:rdp to the beginning of the command line helped.

+1
nerijus on Mar 24, 2018

Ok.

Same problem to connect to windows server 2012 R2: nla doesn’t works here.With remmina either.

You have to force rdp. But command flags order is quite important. /sec-rdp doesn’t work either. So I can using this order:

xfreerdp +clipboard /log-level:TRACE /sec:rdp /v:xxxx /d:Ixxxx /u:xxxxx /p:xxxxx

user and password should escape special characters.

Screen options are affected by order too: xfreerdp +clipboard /log-level:TRACE /sec:rdp /v:xxxx /d:Ixxxx /u:xxxxx /p:xxxxx /f doesn’t work. but: xfreerdp +clipboard /f /log-level:TRACE /sec:rdp /v:xxxx /d:Ixxxx /u:xxxxx /p:xxxxx works perfectly.

+1
masip85 on Jan 25, 2018

From your output it looks like protocol security negotiation failed. You can try with the following command: xfreerdp +nego +sec-rdp +sec-tls +sec-nla /u:<domain><user> /p:<pass> /v:10.44.96.117 /vmconnect:b510551d-1aed-4946-8f7b-9a5e0bcbc9be or xfreerdp +nego +sec-rdp +sec-tls +sec-nla /d:<domain> /u:<user> /p:<pass> /v:10.44.96.117 /vmconnect:b510551d-1aed-4946-8f7b-9a5e0bcbc9be

+1
jojonewnew on Sep 2, 2015

Use +nego, -nego will disable protocol security negotiation

+1
jojonewnew on Sep 2, 2015
Read more comments on GitHub
← FreeRDP: Long term test - Freerdp disconnects with fastpath error
FreeRDP: Redirection to URL with a scheme that is not HTTP(S) →