Troubleshooting Clientless RDP

Table of Contents

 

For the most frequently asked questions about Clientless RDP, please refer to the FAQ for admins.

 

Basic troubleshooting

  1. Check if the connection works via regular RDP, without using Clientless RDP. If so, please resolve any issues there first, then try again with Clientless RDP.
  2. Check your Clientless RDP connection by editing the connection and verify if all fields have been filled in correctly.
  3. Valid SSL certificate check:
    • The Clientless RDP gateway must have a valid SSL certificate for CRDP to work. You can check if the gateway has a valid SSL certificate by entering the URL in an SSL checker.
    • For CRDP gateways hosted by us, we offer a service to automatically renew the SSL certificate when necessary via Let's Encrypt, as described in Automatic provisioning of SSL certificates.

 

The screen is stuck on: "Incorrect password or server configuration"

Explanation: this may occur when there is something wrong with the used integration credentials or a configuration issue within the RDS/Gateway properties.

Solution:

  1. Remove the integrations credentials that are being used for the connection. Re-enter the credentials. Click here for further information.
  2. Check your Firewall settings and verify if the IP address from the Clientless RDP Gateway is allowed to access your network. For more information, go to: Clientless RDP whitelisting.
  3. Or check the setting below:

Back to top

 

Check timezone

Explanation: after changing the VM's settings, the time zone may change.

Solution:

  • Run the following command to check the timezone:
timedatectl
  • The local time zone needs to be set to UTC. Run the following command to change it:
sudo timedatectl set-timezone UTC


Incorrect time zone forwarded to the RDP connection

Explanation: an incorrect time zone can cause RDP connection problems. 

Solution: check out the time zone, which is specified on the Linux machine hosting the Clientless RDP software:

  • Sign in on the Linux machine via SSH and run the following command:
date
  • This will display the current time zone set on the machine. If this is incorrect, run the following command change it to the correct time zone:
dpkg-reconfigure tzdata
  • Recheck the time zone on the Linux machine. Correct time zone? Restart the RDP connection via Workspace 365.

Back to top


Not able to open multiple tabs with different applications

Explanation: Group policy settings on the RDS Farm allow multiple connections per user.

Solution: a solution can be found in one of the articles below.

Note: bear in mind that the same integration credentials cannot be used in a different Workspace environment. For more information, take a look at our FAQ

Back to top

 

Error 404

Explanation: when you try to open a CRDP app, you get an error 404.

Solution:

  1. Log in to the CRDP gateway as the ServiceUser or admin
  2. Click the username in the top right and go to Settings
  3. Click the Users tab
  4. Find and open the user that gets the 404 error
  5. Scroll down and click Delete, then click Delete again to delete the user
  6. Open the CRDP app again, the login will now succeed and the user is saved in the gateway again
  7. If multiple users get this error, repeat steps 4-6 for each user

Back to top

 

Error 500

Explanation: you may encounter an error 500 error when creating or opening a CRDP connection. An error 500 can have various reasons. One of them is when the same integration credentials have been used multiple times in different Workspace environments. The same credentials cannot be used in multiple environments.

Another reason is when creating a CRDP connection, the server address does not match exactly with the RDP file.

Solution:

  • Use one integration credential set per environment. Delete the other credentials sets, so that they cannot be used in another Workspace environment or use different credentials.
  • Make sure the server address matches exactly with the RDP file when creating the RDP connection. It is case sensitive. 

Back to top

 

Only a UPN is accepted as a username for Clientless RDP apps

UPN.PNG

Explanation: when filling in the credentials for the RDP connection, Workspace looks for credentials present on the RDS server (UPN). When this is not present, it will result in an error. 

Solution: connect the RDS server to a Active Directory domain. We cannot authenticate with the local user, it must be a user (UPN) present in the Active Directory domain.

Back to top


Blurry screen in CRDP environment 

Explanation: in CRDP, this is a known issue. When scaling in a CRDP environment, the screen can become blurry.

Solution: set the scaling of the webbrowser to 100%.

Back to top


"Failed to retrieve the connections from the gateway. Please check the gateway settings"

Explanation: this error occurs (or an unknown error) when adding a new connection to the gateway.

Solution: make sure the service account has been setup correctly.

Bear in mind that the 'Connection group' name must match exactly with the Workspace environment name, e.g.:
https://subdomain.workspacedomain.net/environmentname -> environmentname will be the Connection group name."

When creating the user, the name should be:
{Environmentname}ServiceUser  (EnvironmentName=name of workspace environment). 

Back to top


Connection Time-out

Explanation: when starting the remote application, you may experience a connection time-out. 

Solution:

  • Make sure the configuration settings are filled in correctly (from creating a service account, configuring the gateway and connections to adding the connection in app management.
  • Check if the user integration credentials are set correctly.
  • Make sure your Firewall is not blocking traffic from RDS/RDP. 

Back to top


Black screen & Disconnected

Explanation: when you click on a tile (remote/published app), you may see a black screen and the browser tab closes.

Solution: check the name of the remote app. You can download/edit the .rdp file to check the name of the app. This needs to match with the Remote app settings in Clientless RDP settings > Manage connection > edit > Remote app > Program. When you leave the program (published app) blank, the full desktop version should open.

Back to top


TLS/SSL error message

Certificate needs to be fixed from the RDS Terminal Server Gateway. 

Back to top


Logs (self-hosted)

When checking the logs, always start with checking the local time on the server with the date command:

date

This allows you to calculate any time difference with your current timezone. For instance, if your personal timezone is UTC +2 hours and you want to see logging from 09:00 to 10:00, you would need to look at the logs recorded between timestamps 07:00 and 08:00. The journalctl command allows you to specify those start and end times using the since and until parameters. You need to use the timestamp format YYYY-MM-DD HH:MM:SS where the seconds are optional. For instance, to view the logs of the 30th of May 2023 between 07:00 and 08:00 the command will be:

journalctl --no-pager -u tomcat9 -u guacd --since "2023-05-30 07:00" --until "2023-05-30 08:00"

Note: If you omit the date, this will default to the current date. If you omit the timestamp, this will default to midnight.

The journal also understands some relative values and named shortcuts. These include:

  • The words “yesterday”, “today”, “tomorrow”, or “now”
  • Relative times by prepending “-” or “+” to a numbered value and a letter to specify the unit of time
    • m for minutes
    • h for hours
    • d for days
  • Using words like “ago” in a sentence construction such as "2 hours ago"

For example, to view the logs for today between midnight and 02:00 you can use:

journalctl --no-pager -u tomcat9 -u guacd --since today --until 02:00

To view the logs for the last 30 minutes, you can use:

journalctl --no-pager -u tomcat9 -u guacd --since -30m

 

Back to top