FreeRDP: Unexpected RTS PDU: Expected CONN/C2

As reported e.g. in #2100, I keep having random issues connecting through clustered gateways:

xfreerdp /v:xxx /u:xxx\\xxx /p:xxx /gateway:g:xxx,u:xxx,d:xxx,p:xxx /log-level:TRACE

[23:48:22:220] [20134:5566c700] [DEBUG][com.freerdp.client.common] - [freerdp_client_settings_parse_command_line]: This is 3.0.0-dev5 Build configuration: BUILD_TESTING=OFF WINPR_HAVE_AIO_H=1 WINPR_HAVE_EXECINFO_BACKTRACE=1 WINPR_HAVE_EXECINFO_BACKTRACE_SYMBOLS=1 WINPR_HAVE_EXECINFO_BACKTRACE_SYMBOLS_FD=1 WINPR_HAVE_EXECINFO_HEADER=1 WINPR_HAVE_FCNTL_H=1 WINPR_HAVE_GETLOGIN_R=1 WINPR_HAVE_GETPWUID_R=1 WINPR_HAVE_INTTYPES_H=1 WINPR_HAVE_POLL_H=1 WINPR_HAVE_PTHREAD_MUTEX_TIMEDLOCK_LIB= WINPR_HAVE_PTHREAD_MUTEX_TIMEDLOCK_LIBS= WINPR_HAVE_PTHREAD_MUTEX_TIMEDLOCK_SYMBOL= WINPR_HAVE_STDBOOL_H=1 WINPR_HAVE_STDINT_H=1 WINPR_HAVE_STRNDUP=1 WINPR_HAVE_SYSLOG_H=1 WINPR_HAVE_SYS_EVENTFD_H= WINPR_HAVE_SYS_FILIO_H=1 WINPR_HAVE_SYS_SELECT_H=1 WINPR_HAVE_SYS_SOCKIO_H=1 WINPR_HAVE_SYS_TIMERFD_H= WINPR_HAVE_TM_GMTOFF=1 WINPR_HAVE_UNISTD_H=1 WINPR_HAVE_UNWIND_H=1 WITH_AAD=OFF WITH_CAIRO=OFF WITH_CCACHE=ON WITH_CHANNELS=ON WITH_CLANG_FORMAT=ON WITH_CLIENT=ON WITH_CLIENT_AVAILABLE=1 WITH_CLIENT_CHANNELS=ON WITH_CLIENT_CHANNELS_AVAILABLE=1 WITH_CLIENT_COMMON=ON WITH_CLIENT_INTERFACE=OFF WITH_CLIENT_MAC=ON WITH_CLIENT_SDL=ON WITH_CLIENT_SDL_AVAILABLE=1 WITH_CUPS=ON WITH_DEBUG_ALL=OFF WITH_DEBUG_CAPABILITIES=OFF WITH_DEBUG_CERTIFICATE=OFF WITH_DEBUG_CHANNELS=OFF WITH_DEBUG_CLIPRDR=OFF WITH_DEBUG_CODECS=OFF WITH_DEBUG_DVC=OFF WITH_DEBUG_EVENTS=OFF WITH_DEBUG_KBD=OFF WITH_DEBUG_LICENSE=OFF WITH_DEBUG_MUTEX=OFF WITH_DEBUG_NEGO=OFF WITH_DEBUG_NLA=OFF WITH_DEBUG_NTLM=OFF WITH_DEBUG_RAIL=OFF WITH_DEBUG_RDP=OFF WITH_DEBUG_RDPDR=OFF WITH_DEBUG_RDPEI=OFF WITH_DEBUG_RDPGFX=OFF WITH_DEBUG_REDIR=OFF WITH_DEBUG_RFX=OFF WITH_DEBUG_RINGBUFFER=OFF WITH_DEBUG_SCARD=OFF WITH_DEBUG_SCHANNEL=OFF WITH_DEBUG_SND=OFF WITH_DEBUG_SVC=OFF WITH_DEBUG_SYMBOLS=OFF WITH_DEBUG_THREADS=OFF WITH_DEBUG_TIMEZONE=OFF WITH_DEBUG_TRANSPORT=OFF WITH_DEBUG_TSG=OFF WITH_DEBUG_TSMF=OFF WITH_DEBUG_TSMF_AVAILABLE=0 WITH_DEBUG_URBDRC=OFF WITH_DEBUG_WND=OFF WITH_DEBUG_X11=OFF WITH_DEBUG_X11_LOCAL_MOVESIZE=OFF WITH_DEBUG_XV=OFF WITH_DSP_EXPERIMENTAL=OFF WITH_DSP_FFMPEG=OFF WITH_DSP_FFMPEG_AVAILABLE=0 WITH_FAAC=OFF WITH_FAAD2=OFF WITH_FFMPEG=OFF WITH_FREERDP_DEPRECATED=OFF WITH_FREERDP_DEPRECATED_COMMANDLINE=OFF WITH_FUSE=OFF WITH_GFX_H264=OFF WITH_GPROF=OFF WITH_GSM=OFF WITH_GSSAPI=ON WITH_INTERNAL_MD4=OFF WITH_INTERNAL_MD5=OFF WITH_INTERNAL_RC4=OFF WITH_JPEG=ON WITH_KRB5=OFF WITH_LAME=OFF WITH_LIBRARY_VERSIONING=ON WITH_LODEPNG=OFF WITH_MACAUDIO=ON WITH_MACAUDIO_AVAILABLE=1 WITH_MANPAGES=OFF WITH_MBEDTLS=OFF WITH_NATIVE_SSPI=OFF WITH_OPENCL=OFF WITH_OPENH264=OFF WITH_OPENSC_PKCS11_LINKED=OFF WITH_OPENSSL=ON WITH_PCSC=ON WITH_PKCS11=ON WITH_PLATFORM_SERVER=ON WITH_POLL=ON WITH_PROFILER=OFF WITH_PROXY=ON WITH_PROXY_APP=ON WITH_PROXY_EMULATE_SMARTCARD=OFF WITH_PROXY_MODULES=ON WITH_RDTK=ON WITH_SAMPLE=ON WITH_SANITIZE_ADDRESS=OFF WITH_SANITIZE_ADDRESS_AVAILABLE=1 WITH_SANITIZE_MEMORY=OFF WITH_SANITIZE_MEMORY_AVAILABLE=1 WITH_SANITIZE_THREAD=OFF WITH_SANITIZE_THREAD_AVAILABLE=1 WITH_SERVER=ON WITH_SERVER_CHANNELS=ON WITH_SERVER_INTERFACE=ON WITH_SHADOW=ON WITH_SMARTCARD_EMULATE=ON WITH_SMARTCARD_INSPECT=OFF WITH_SMARTCARD_PCSC=ON WITH_SOXR=OFF WITH_SSE2=ON WITH_SWSCALE=OFF WITH_SYSTEMD=OFF WITH_THIRD_PARTY=OFF WITH_UNICODE_BUILTIN=OFF WITH_URIPARSER=OFF WITH_VAAPI=OFF WITH_VAAPI_AVAILABLE=0 WITH_VALGRIND_MEMCHECK=OFF WITH_VALGRIND_MEMCHECK_AVAILABLE=1 WITH_VERBOSE_WINPR_ASSERT=ON WITH_VIDEO_FFMPEG=OFF WITH_VIDEO_FFMPEG_AVAILABLE=0 WITH_WINPR_DEPRECATED=OFF WITH_WINPR_TOOLS=ON WITH_X11=ON WITH_XCURSOR=ON WITH_XEXT=ON WITH_XFIXES=ON WITH_XI=ON WITH_XINERAMA=ON WITH_XRANDR=ON WITH_XRENDER=ON WITH_XV=ON
Build type:          Release
CFLAGS:               -Weverything -Wall -Wpedantic -Wno-padded -Wno-cast-align -Wno-declaration-after-statement -Wno-unsafe-buffer-usage -Wno-reserved-identifier -Wno-covered-switch-default
Compiler:            AppleClang, 15.0.0.15000040
Target architecture: x64

[23:48:22:221] [20134:06d84000] [DEBUG][com.freerdp.core] - [freerdp_connect_begin]: resetting error state
[23:48:22:223] [20134:06d84000] [TRACE][com.freerdp.client.x11] - [xf_setup_x11]: XGetWindowProperty(0x7febef808200, 464, _NET_SUPPORTED [295], 0, 1024, 0, ATOM [4], 0x700006d83b10, 0x700006d83b0c, 0x700006d83ae0, 0x700006d83ad8, 0x700006d83af0)
[23:48:22:338] [20134:06d84000] [TRACE][com.freerdp.client.x11] - [xf_GetWindowProperty]: XGetWindowProperty(0x7febef808200, 464, _NET_CURRENT_DESKTOP [298], 0, 1, 0, Atom_None [0], 0x700006d83958, 0x700006d83964, 0x700006d839b0, 0x700006d839b8, 0x700006d839c0)
[23:48:22:338] [20134:06d84000] [DEBUG][com.freerdp.client.x11] - [xf_GetWindowProperty]: Property 298 does not exist
[23:48:22:339] [20134:06d84000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpdr
[23:48:22:339] [20134:06d84000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx rdpsnd
[23:48:22:339] [20134:06d84000] [DEBUG][com.freerdp.channels.channels.cliprdr.client] - [cliprdr_VirtualChannelEntryEx]: VirtualChannelEntryEx
[23:48:22:339] [20134:06d84000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx cliprdr
[23:48:22:339] [20134:06d84000] [DEBUG][com.freerdp.channels.drdynvc.client] - [drdynvc_VirtualChannelEntryEx]: VirtualChannelEntryEx
[23:48:22:339] [20134:06d84000] [DEBUG][com.freerdp.client.common.cmdline] - [freerdp_client_load_static_channel_addin]: loading channelEx drdynvc
[23:48:22:344] [20134:06d84000] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]: primitives benchmark result:
[23:48:22:513] [20134:06d84000] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]:  * generic= 16
[23:48:22:665] [20134:06d84000] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]:  * optimized= 81
[23:48:22:665] [20134:06d84000] [DEBUG][com.freerdp.primitives] - [primitives_autodetect_best]: primitives autodetect, using optimized
[23:48:22:677] [20134:06d84000] [DEBUG][com.freerdp.core.nego] - [nego_set_negotiation_enabled]: Enabling security layer negotiation: TRUE
[23:48:22:677] [20134:06d84000] [DEBUG][com.freerdp.core.nego] - [nego_set_restricted_admin_mode_required]: Enabling restricted admin mode: FALSE
[23:48:22:677] [20134:06d84000] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdp]: Enabling RDP security: TRUE
[23:48:22:677] [20134:06d84000] [DEBUG][com.freerdp.core.nego] - [nego_enable_tls]: Enabling TLS security: TRUE
[23:48:22:677] [20134:06d84000] [DEBUG][com.freerdp.core.nego] - [nego_enable_nla]: Enabling NLA security: TRUE
[23:48:22:677] [20134:06d84000] [DEBUG][com.freerdp.core.nego] - [nego_enable_ext]: Enabling NLA extended security: FALSE
[23:48:22:677] [20134:06d84000] [DEBUG][com.freerdp.core.nego] - [nego_enable_rdstls]: Enabling RDSTLS security: FALSE
[23:48:22:677] [20134:06d84000] [WARN][com.freerdp.core.nego] - [nego_enable_aad]: This build does not support AAD security, disabling.
[23:48:22:677] [20134:06d84000] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0x7fec1000d000]: CONNECTION_STATE_INITIAL --> CONNECTION_STATE_NEGO
[23:48:22:679] [20134:06d84000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: resetting error state
[23:48:22:679] [20134:06d84000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: connecting to peer xxxx
[23:48:22:813] [20134:06d84000] [DEBUG][com.winpr.sspi] - [InitSecurityInterfaceExA]: InitSecurityInterfaceExA
[23:48:22:813] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_init]: Using package: Negotiate (cbMaxToken: 12256 bytes)
[23:48:22:813] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_setup_client]: Acquired client credentials
[23:48:22:813] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_INITIAL to NTLM_STATE_INITIAL
[23:48:22:813] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_INITIAL to NTLM_STATE_NEGOTIATE
[23:48:22:813] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_write_negotiate_flags]: Write flags [0xe20882b7] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_NEGOTIATE_OEM|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_LM_KEY|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[23:48:22:813] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_NEGOTIATE to NTLM_STATE_CHALLENGE
[23:48:22:813] [20134:06d84000] [DEBUG][com.winpr.negotiate] - [negotiate_InitializeSecurityContextW]: Available mechanism: NTLM (1.3.6.1.4.1.311.2.2.10)
[23:48:22:813] [20134:06d84000] [DEBUG][com.winpr.negotiate] - [negotiate_InitializeSecurityContextW]: Using direct NTLM
[23:48:22:813] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_authenticate]: Authentication in progress... (output token size: 40)
[23:48:22:843] [20134:06d84000] [INFO][com.freerdp.core.gateway.rdg] - [rdg_establish_data_connection]: RD Gateway does not support HTTP transport.
[23:48:22:844] [20134:06d84000] [DEBUG][com.freerdp.core] - [transport_connect]: resetting error state
[23:48:22:844] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_virtual_connection_transition_to_state]: VIRTUAL_CONNECTION_STATE_INITIAL
[23:48:22:844] [20134:06d84000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: resetting error state
[23:48:22:844] [20134:06d84000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: connecting to peer xxx
[23:48:22:940] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_in_channel_transition_to_state]: CLIENT_IN_CHANNEL_STATE_CONNECTED
[23:48:22:941] [20134:06d84000] [DEBUG][com.winpr.sspi] - [InitSecurityInterfaceExA]: InitSecurityInterfaceExA
[23:48:22:941] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_init]: Using package: NTLM (cbMaxToken: 2888 bytes)
[23:48:22:941] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_setup_client]: Acquired client credentials
[23:48:22:941] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_INITIAL to NTLM_STATE_INITIAL
[23:48:22:941] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_INITIAL to NTLM_STATE_NEGOTIATE
[23:48:22:941] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_write_negotiate_flags]: Write flags [0xe20882b7] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_NEGOTIATE_OEM|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_LM_KEY|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[23:48:22:941] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_NEGOTIATE to NTLM_STATE_CHALLENGE
[23:48:22:941] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_authenticate]: Authentication in progress... (output token size: 40)
[23:48:22:941] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_in_channel_transition_to_state]: CLIENT_IN_CHANNEL_STATE_SECURITY
[23:48:22:941] [20134:06d84000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: resetting error state
[23:48:22:941] [20134:06d84000] [DEBUG][com.freerdp.core] - [freerdp_tcp_default_connect]: connecting to peer xxx
[23:48:22:43] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_out_channel_transition_to_state]: CLIENT_OUT_CHANNEL_STATE_CONNECTED
[23:48:22:43] [20134:06d84000] [DEBUG][com.winpr.sspi] - [InitSecurityInterfaceExA]: InitSecurityInterfaceExA
[23:48:22:43] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_init]: Using package: NTLM (cbMaxToken: 2888 bytes)
[23:48:22:43] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_setup_client]: Acquired client credentials
[23:48:22:44] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_INITIAL to NTLM_STATE_INITIAL
[23:48:22:44] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_INITIAL to NTLM_STATE_NEGOTIATE
[23:48:22:44] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_write_negotiate_flags]: Write flags [0xe20882b7] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_NEGOTIATE_OEM|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_LM_KEY|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[23:48:22:44] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_NEGOTIATE to NTLM_STATE_CHALLENGE
[23:48:22:44] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_authenticate]: Authentication in progress... (output token size: 40)
[23:48:22:44] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_out_channel_transition_to_state]: CLIENT_OUT_CHANNEL_STATE_SECURITY
[23:48:22:44] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_read_negotiate_flags]: Read flags [0xe2898235] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_TARGET_TYPE_DOMAIN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_TARGET_INFO|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[23:48:22:44] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_CHALLENGE to NTLM_STATE_AUTHENTICATE
[23:48:22:44] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_write_negotiate_flags]: Write flags [0xe288b235] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED|NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_TARGET_INFO|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[23:48:22:44] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_AUTHENTICATE to NTLM_STATE_FINAL
[23:48:22:44] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_authenticate]: Authentication complete (output token size: 492 bytes)
[23:48:22:44] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_authenticate]: Context sizes: cbMaxSignature=16, cbSecurityTrailer=16
[23:48:22:44] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_in_channel_transition_to_state]: CLIENT_IN_CHANNEL_STATE_NEGOTIATED
[23:48:22:44] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_send_CONN_B1_pdu]: Sending CONN/B1 RTS PDU
[23:48:22:44] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_in_channel_transition_to_state]: CLIENT_IN_CHANNEL_STATE_OPENED
[23:48:22:75] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_read_negotiate_flags]: Read flags [0xe2898235] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_TARGET_TYPE_DOMAIN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_TARGET_INFO|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[23:48:22:75] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_CHALLENGE to NTLM_STATE_AUTHENTICATE
[23:48:22:75] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_write_negotiate_flags]: Write flags [0xe288b235] NTLMSSP_NEGOTIATE_UNICODE|NTLMSSP_REQUEST_TARGET|NTLMSSP_NEGOTIATE_SIGN|NTLMSSP_NEGOTIATE_SEAL|NTLMSSP_NEGOTIATE_NTLM|NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED|NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED|NTLMSSP_NEGOTIATE_ALWAYS_SIGN|NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY|NTLMSSP_NEGOTIATE_TARGET_INFO|NTLMSSP_NEGOTIATE_VERSION|NTLMSSP_NEGOTIATE_128|NTLMSSP_NEGOTIATE_KEY_EXCH
[23:48:22:75] [20134:06d84000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_AUTHENTICATE to NTLM_STATE_FINAL
[23:48:22:75] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_authenticate]: Authentication complete (output token size: 492 bytes)
[23:48:22:75] [20134:06d84000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_authenticate]: Context sizes: cbMaxSignature=16, cbSecurityTrailer=16
[23:48:22:75] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_out_channel_transition_to_state]: CLIENT_OUT_CHANNEL_STATE_NEGOTIATED
[23:48:22:75] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_send_CONN_A1_pdu]: Sending CONN/A1 RTS PDU
[23:48:22:75] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_out_channel_transition_to_state]: CLIENT_OUT_CHANNEL_STATE_OPENED
[23:48:22:75] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_virtual_connection_transition_to_state]: VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT
[23:48:23:119] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_virtual_connection_transition_to_state]: VIRTUAL_CONNECTION_STATE_WAIT_A3W
[23:48:23:120] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header]: Reading PDU type PTYPE_RTS
[23:48:23:120] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header]: Reading PDU type PTYPE_RTS
[23:48:23:120] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_recv_CONN_A3_pdu]: Receiving CONN/A3 RTS PDU: ConnectionTimeout: 120000
[23:48:23:120] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_virtual_connection_transition_to_state]: VIRTUAL_CONNECTION_STATE_WAIT_C2
[23:49:23:125] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header]: Reading PDU type PTYPE_RTS
[23:49:23:125] [20134:06d84000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header]: Reading PDU type PTYPE_RTS
[23:49:23:125] [20134:06d84000] [ERROR][com.freerdp.core.gateway.rpc] - [rpc_client_recv_pdu]: unexpected RTS PDU: Expected CONN/C2
[23:49:23:125] [20134:06d84000] [ERROR][com.freerdp.core.gateway.tsg] - [tsg_connect]: tsg_check failure
[23:49:23:126] [20134:06d84000] [ERROR][com.freerdp.core.nego] - [nego_connect]: Failed to connect
[23:49:23:126] [20134:06d84000] [ERROR][com.freerdp.core] - [rdp_client_connect]: ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[23:49:23:126] [20134:06d84000] [ERROR][com.freerdp.core.connection] - [rdp_client_connect]: Error: protocol security negotiation or connection failure
[23:49:23:127] [20134:06d84000] [DEBUG][com.freerdp.core.rdp] - [rdp_finalize_reset_flags][0x7fec1000d000]: [CONNECTION_STATE_NEGO] reset finalize_sc_pdus
[23:49:23:127] [20134:06d84000] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0x7fec1000d000]: CONNECTION_STATE_NEGO --> CONNECTION_STATE_INITIAL
[23:49:23:131] [20134:06d84000] [TRACE][com.freerdp.api] - [freerdp_channels_process_message]: IFCALL(message->Free) == NULL

Sometimes it works immediately, sometimes it doesn’t work at all. Wierdly enough, it seems I’m getting better chances when using log level TRACE instead of INFO (I know, it doesn’t make any sense… but still, on average, repeating the test multiple times, out of 10 tries with TRACE I got 5 working, with 10 INFO I got 1 working)

Application details

  • FreeRDP version (xfreerdp /version): this is FreeRDP version 3.0.0-dev5 (a927bb8b6), compiled myself today on macos with brew

About this issue

  • Original URL
  • State: closed
  • Created 8 months ago
  • Comments: 26 (15 by maintainers)

Commits related to this issue

Most upvoted comments

Hi @akallabeth, tried with 9bdf45119, I confirm now it connects almost always without any issues (tried several times, I would say 9/10 of times the connection is successful, huge improvement compared with what we started with).

Rarely it happens again that the client is left for dead “Retries exceeded”, but since I have no way to provide gateway logs I guess there’s nothing more we could do to identify this weird case:

[11:26:56:334] [26003:07314000] [DEBUG][com.winpr.sspi.NTLM] - [ntlm_change_state]: change state from NTLM_STATE_AUTHENTICATE to NTLM_STATE_FINAL
[11:26:56:334] [26003:07314000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_authenticate]: Authentication complete (output token size: 460 bytes)
[11:26:56:334] [26003:07314000] [DEBUG][com.freerdp.core.auth] - [credssp_auth_authenticate]: Context sizes: cbMaxSignature=16, cbSecurityTrailer=16
[11:26:56:334] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_out_channel_transition_to_state]: CLIENT_OUT_CHANNEL_STATE_NEGOTIATED
[11:26:56:334] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_send_CONN_A1_pdu]: Sending CONN/A1 RTS PDU
[11:26:56:334] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_out_channel_transition_to_state]: CLIENT_OUT_CHANNEL_STATE_OPENED
[11:26:56:334] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_virtual_connection_transition_to_state]: VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT
[11:26:56:392] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_virtual_connection_transition_to_state]: VIRTUAL_CONNECTION_STATE_WAIT_A3W
[11:26:56:643] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header_ex]: Reading PDU type PTYPE_RTS
[11:26:56:643] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rpc_client_recv_pdu]: RPC PDU parsing 28 bytes
[11:26:56:643] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rpc_client_recv_pdu_int]: client state RPC_CLIENT_STATE_INITIAL, vc state VIRTUAL_CONNECTION_STATE_WAIT_A3W
[11:26:56:643] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header_ex]: Reading PDU type PTYPE_RTS
[11:26:56:643] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rts_print_pdu_signature]: RTS PDU Signature: Flags: 0x0000 NumberOfCommands: 1
[11:26:56:643] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rts_print_pdu_signature]: Identified CONN/A3 RTS PDU
[11:26:56:643] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_recv_CONN_A3_pdu]: Receiving CONN/A3 RTS PDU: ConnectionTimeout: 2
[11:26:56:643] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rpc] - [rpc_virtual_connection_transition_to_state]: VIRTUAL_CONNECTION_STATE_WAIT_C2
[11:27:56:392] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header_ex]: Reading PDU type PTYPE_RTS
[11:27:56:392] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rpc_client_recv_pdu]: RPC PDU parsing 20 bytes
[11:27:56:392] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rpc_client_recv_pdu_int]: client state RPC_CLIENT_STATE_INITIAL, vc state VIRTUAL_CONNECTION_STATE_WAIT_C2
[11:27:56:392] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header_ex]: Reading PDU type PTYPE_RTS
[11:27:56:392] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rts_print_pdu_signature]: RTS PDU Signature: Flags: 0x0001 NumberOfCommands: 0
[11:27:56:392] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rts_print_pdu_signature]: Identified Ping RTS PDU
[11:27:56:392] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header_ex]: Reading PDU type PTYPE_RTS
[11:28:56:393] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header_ex]: Reading PDU type PTYPE_RTS
[11:28:56:393] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rpc_client_recv_pdu]: RPC PDU parsing 20 bytes
[11:28:56:393] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rpc_client_recv_pdu_int]: client state RPC_CLIENT_STATE_INITIAL, vc state VIRTUAL_CONNECTION_STATE_WAIT_C2
[11:28:56:393] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header_ex]: Reading PDU type PTYPE_RTS
[11:28:56:393] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rts_print_pdu_signature]: RTS PDU Signature: Flags: 0x0001 NumberOfCommands: 0
[11:28:56:393] [26003:07314000] [TRACE][com.freerdp.core.gateway.rpc] - [rts_print_pdu_signature]: Identified Ping RTS PDU
[11:28:56:393] [26003:07314000] [DEBUG][com.freerdp.core.gateway.rts] - [rts_read_pdu_header_ex]: Reading PDU type PTYPE_RTS
[11:29:00:628] [26003:07314000] [ERROR][com.freerdp.core.gateway.http] - [http_response_recv]: Retries exceeded
[11:29:00:628] [26003:07314000] [ERROR][com.freerdp.core.gateway.tsg] - [tsg_connect]: tsg_check failure
[11:29:00:628] [26003:07314000] [ERROR][com.freerdp.core.nego] - [nego_connect]: Failed to connect
[11:29:00:628] [26003:07314000] [ERROR][com.freerdp.core] - [rdp_client_connect]: ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[11:29:00:628] [26003:07314000] [ERROR][com.freerdp.core.connection] - [rdp_client_connect]: Error: protocol security negotiation or connection failure
[11:29:00:629] [26003:07314000] [DEBUG][com.freerdp.core.rdp] - [rdp_finalize_reset_flags][0x7fb36c00a000]: [CONNECTION_STATE_NEGO] reset finalize_sc_pdus
[11:29:00:629] [26003:07314000] [DEBUG][com.freerdp.core.rdp] - [rdp_client_transition_to_state][0x7fb36c00a000]: CONNECTION_STATE_NEGO --> CONNECTION_STATE_INITIAL
[11:29:00:633] [26003:07314000] [TRACE][com.freerdp.api] - [freerdp_channels_process_message]: IFCALL(message->Free) == NULL

Thanks again for all your support!

+1
gygabyte017 on Nov 3, 2023
Read more comments on GitHub
← FreeRDP: Unable to swap WIN and CAPS
FreeRDP: [various window managers] Window focus management breaks mouse dragging →