mirror of
https://github.com/1Remote/1Remote.git
synced 2026-04-25 13:36:03 +03:00
[GH-ISSUE #962] Connection denied over TS Web Gateway with custom root CA #3699
Labels
No labels
area-configuration
area-ct-app
area-ct-rdp
area-ct-remoteapp
area-ct-ssh
area-ct-vnc
area-launcher
area-list
area-tags
area-teamwork
bug
chore
dependencies
general-build/ci
general-performance
general-refactor
general-security
general-supportive
general-ux
meta-documentation
meta-enhancement
meta-enhancement
meta-feature
meta-help-wanted
meta-unknown-error
priority-hi
priority-low
pull-request
question
resolution-duplicate
resolution-invalid
resolution-wontfix
stale
task-put-off
task-still-considering
task-working-in-progress
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/1Remote#3699
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @ScrumMasterProvis on GitHub (Jul 23, 2025).
Original GitHub issue: https://github.com/1Remote/1Remote/issues/962
Originally assigned to: @VShawn on GitHub.
Describe the bug
When connecting to a TS Web Gateway, and using custom CA's, I can't connect. The root CA is trusted on the windows machine via GPO (and working also via mstsc). It seems 1remote is using it's own trust store?
To Reproduce
Steps to reproduce the behavior:
Expected behavior
That the program would use the windows trust store, or have an option to add custom root ca.
Screenshots
see log entries below
Desktop (please complete the following information):
Additional context
Log entry:
[T:001][16:49:12.680]
Warning[AxMsRdpClient09Host.cs(OnRdpClientDisconnected:148)] RDP(XYZ) exit with error code 50331653(This computer can't verify the identity of the RD Gateway "CUSTOMDOMAIN". It's not safe to connect to servers that can't be identified. Contact your network administrator for assistance.)@VShawn commented on GitHub (Jul 26, 2025):
I'm sorry, but since I've never used Gateway, I'm not sure how to fix the issue you've reported. The current Gateway functionality was developed based on the RDP configuration documentation and validated with the help of other users. I clearly remember that I did not set up a custom CA, so it should automatically use the credentials stored in Windows. However, since there is a issue now, it seems that something is not configured correctly.
At the moment, I've looked into the Gateway-related configurations, but I'm not sure which ones are related to the CA:
https://learn.microsoft.com/en-us/windows/win32/termserv/imsrdpclienttransportsettings2
As I've never used Gateway, so I can't test it. If you're interested in participating in the development, you can download the source code and try modifying the Gateway-related properties to see if that resolves the issue (the relevant properties are in the link above, and there aren't many, so you should be able to test them quickly).
Or you could try using mRemoteNG; if it connects to your Gateway correctly, I might be able to port its source code over.
@ScrumMasterProvis commented on GitHub (Jul 29, 2025):
Thanks for the quick reply! So, I've tried out mRemoteNG (Version 1.76.20.24615) and I was able to connect without any issues. If I try to use 1remote now, it also works! I have no idea why?? I mean, I've installed a lot of rdp managers to see which ones work and are nice to handle. (maybe some of those installs fixed something)
I'd need to test further, cause I had the same issues on other PC's.
@ScrumMasterProvis commented on GitHub (Aug 5, 2025):
I've set up a new pc, installed the certificate and tried 1Remote and everything worked perfectly. So the issue had to be on my side, maybe I used the wrong trust store... Sorry for the waste of time :D
btw. love the product, for me the best rdp tool out there!