Connection failure when trying to access RDP connection - HAproxy

Question

I just deployed HAproxy on an Ubuntu server LTS 18.04.2 I configured remote desktop balancing for two TS servers. When trying to connect to the ip of my HAproxy server through a server with windows 10, it presents the following error:

The connection has been terminated because an unexpected server authentication certificate has been installed on the remote computer.

I tried connecting through Windows Server 2008 R2 and a computer with Windows Server 2012 R2 installed and did not have this problem.

Now any computer with Windows 10 displays this message when I try to connect.

Follows the lines of my HAproxy.cfg file:

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
    stats timeout 30s
    user haproxy
    group haproxy
    daemon
    ssl-server-verify none
    # Default SSL material locations
    ca-base /etc/ssl/certs
    crt-base /etc/ssl/private

    # Default ciphers to use on SSL-enabled listening sockets.
    # For more information, see ciphers(1SSL). This list is from:
    #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
    # An alternative list with additional directives can be obtained from
    #  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3

defaults
    log global
    mode    http
    option  httplog
    option  dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http


frontend ft_rdp
  mode tcp
  bind ip_haproxy:3389 name rdp
  timeout client 1h
  log global
  option tcplog
  tcp-request inspect-delay 2s
  tcp-request content accept if RDP_COOKIE
  default_backend bk_rdp
backend bk_rdp
  mode tcp
  balance leastconn
  persist rdp-cookie
  timeout server 1h
  timeout connect 4s
  log global
  option tcplog
  option tcp-check
  #tcp-check connect port 3389 ssl
  default-server inter 3s rise 2 fall 3
  server srv**  ip_server:3389 weight 10 check
  server srv**2 ip_server:3389 weight 10 check

Formatting this more clearly would help a lot. – Paul Gear Mar 19 '19 at 20:41 — Paul Gear, Mar 19 '19 at 20:41

user970517 · Answer 1 · 2022-06-16T04:38:55.600

I had the same issue and tried all sorts of things. This started working for me. I think it is the default-server line and the inter to 30s that fixed it.

backend bk_rdp
  mode tcp
  balance leastconn
  #persist rdp-cookie
  timeout server 1h
  timeout connect 10s
  log global
  option tcplog
  option tcp-check
  tcp-check connect port 3389 ssl
  default-server inter 30s rise 2 fall 3
  stick-table type string len 32 size 10k expire 8h
  stick on rdp_cookie(mstshash)
  server serv01 IPADDRESS:3389 weight 10 check verify none
  server serv02 IPADDRESS:3389 weight 10 check verify none

Connection failure when trying to access RDP connection - HAproxy

1 Answers1