Skip to content

Troubleshooting: Session Errors

In this troubleshooting topic, we focus specifically on resolving issues related to remote session connectivity between the 12Port Gateway and target host machines. If you are encountering errors like 519 or 769 session errors or "Connection Timeout," please review this topic to troubleshoot and resolve the issues.

Session Error 519 or 769

When you encounter 519 or 769 errors, it typically indicates an issue with the credentials or access permissions for the target host machine. This can be caused by invalid credentials, insufficient permissions, or misconfigurations in the user account. To resolve these errors, follow the suggestions below:

 

Ensure Correct Credentials and Permissions for Remote Access

The 519/769 errors often arise due to issues with the credentials or permissions assigned to the account being used to establish the connection. These errors can also occur when there is a misconfiguration in the username or incorrect domain usage.

Suggestions:

  • Verify that the username and password being used by 12Port are correct.
  • Ensure the account being used has the necessary permissions to connect to the target host:
    • For Windows hosts: Confirm that the user has native RDP permissions.
    • For Linux hosts: Confirm SSH access is enabled.
  • If you are using a local account on a Windows host, try removing the domain from the username. For example:
    • Instead of using contoso\user, try entering just user.
    • Conversely, if you're using just the username (e.g., user), try prepending the domain (e.g., contoso\user).
  • If you are using a domain account in the format contoso\domainuser, try the following alternatives:
    • Enter the username as domainuser@contoso.com.
    • Alternatively, try just entering the username as domainuser, without the domain prefix or suffix.
  • If you entered the host as a computer name, try replacing it with the host’s IP address instead to eliminate potential DNS issues.
  • Check that the username is not locked or disabled on the target system.
  • Make sure that your software is up-to-date by verifying that you are running the latest available version.

 

Connection Timeout

When a connectivity timeout occurs, it means the 12Port module was unable to establish a connection to the target host machine. This error may be caused by network configuration issues, firewall settings, or an offline target system. To resolve this error, follow the suggestions below:

Ensure the Target Host is Online and Firewall Ports are Open

The "Connection Timeout" error usually occurs when the target host is unreachable due to network or firewall settings. It's important to verify that the target machine is online and reachable from the PAM host, and that the required firewall ports are open.

Suggestions:

  • Verify that the target host is online and reachable by attempting to ping the machine from the PAM host.
  • Confirm that there is an enabled Peer Node configured for the target asset:
    • Go to Configuration > Peer Nodes and ensure there is an enabled Peer Node for the asset you're connecting to and it has a Verified Trust status. If the trust is not verified, the connection may be blocked. By default, Local Gateway (localhost:4822) should be present and enabled.
    • In the Asset, navigate to Manage > Peer Nodes and confirm that an enabled Peer Node is available.
  • Check the firewall configuration on the target host to ensure that it is not blocking the connection.
    • For RDP, ensure that TCP port 3389 is open.
    • For SSH, ensure that TCP port 22 is open.
  • Confirm that there are no network issues or outages affecting the connection.
  • If there is a firewall between the 12Port Gateway and the target machine, ensure that the appropriate ports are open to allow remote access.
  • Update your software to the latest version to ensure any known connectivity issues are addressed.

 

RDP Proxy Authentication Failure

If authentication fails when connecting through the RDP Proxy using your RDP client, perform the following validation steps:

RDP Proxy Authentication Failure Error

  1. Validate User Credentials
    Confirm that the User account specified in the RDP connection string exists in the tenant and is not locked.
    Verify that the Password provided is correct and matches the user's current tenant password.
  2. Verify RDP Proxy Status
    Ensure the RDP Proxy is enabled for the tenant:
    Configuration > RDP Proxy > Enabled
  3. Validate RDP Proxy Port Configuration
    Confirm that the port configured in the tenant settings matches the port specified in your RDP client configuration. The configured port is displayed on the same RDP Proxy settings page (Configuration > RDP Proxy).
    For example: pam.contoso.com:3318
  4. Confirm Network Accessibility
    Verify that the configured RDP Proxy port is open and reachable from the host where the RDP client is installed. Confirm that firewall rules and network security groups allow connectivity to this port.
  5. Verify Asset Identifier
    Confirm that the assetID or assetName included in the RDP connection string is accurate and corresponds to a valid asset within the tenant.
  6. Validate User Permissions and Access Profile
    Ensure the user account specified in the RDP connection string meets the following requirements on this Asset, defined by the identifier mentioned previously:
    • Assigned Asset Role: Minimum Asset Viewer
    • Assigned Access Profile: Native Session set to Allowed
  7. Update Transit Credentials
    Ensure the user has successfully logged into the tenant via the web interface at least once. Then navigate to: My Profile > Account > Transit Credentials
    Click Update Transit Credentials and enter the user's 12Port account password (the same credentials used in the RDP Proxy connection string).
    You may find an error message similar to the examples below in the 12Port server logs for this issue:
    TENANT:<tenantName>; MSG-02151: Unable to fetch credential for user <domain\user>

    MSG-02143: Unknown user login attempt user#36c02489-e8bb-4427-81b6-6523de4e8b96 from /192.168.1.60:42782

    MSG-01363: Error saving transit credentials

By following these troubleshooting steps, you should be able to resolve the connection error. If the issue persists after trying these steps, please contact the 12Port support team at support@12port.com for further assistance.