When I connect directly, there is no problem, only when I pass the proxy.
INFO (3871/3871) -- Listen: binding socket 3 on 0.0.0.0:8008
INFO (3871/3871) -- Listen: listening on socket 3
INFO (3871/3871) -- Starting FrontServer
INFO (3881/3881) -- Recording front connection in dump-0001.out
INFO (3881/3881) -- connecting to 10.8.18.29:3389
INFO (3881/3881) -- connection to 10.8.18.29:3389 (10.8.18.29) succeeded : socket 5
INFO (3881/3881) -- front step 1
INFO (3881/3881) -- CR Recv: PROTOCOL TLS
INFO (3881/3881) -- CR Recv: PROTOCOL HYBRID
INFO (3881/3881) -- CC Send: PROTOCOL HYBRID
INFO (3881/3881) -- SocketTransport::enable_server_tls() start (front)
INFO (3881/3881) -- Enable server TLS
INFO (3881/3881) -- TLSContext::enable_server_tls() set SSL options
INFO (3881/3881) -- TLSContext::X509_get_pubkey()
INFO (3881/3881) -- TLSContext::i2d_PublicKey()
INFO (3881/3881) -- TLSContext::i2d_PublicKey()
INFO (3881/3881) -- Incoming connection to Bastion using TLS version TLSv1.2
INFO (3881/3881) -- TLSContext::Server cipher 1: TLS_AES_256_GCM_SHA384
INFO (3881/3881) -- TLSContext::Server cipher 2: TLS_CHACHA20_POLY1305_SHA256
INFO (3881/3881) -- TLSContext::Server cipher 3: TLS_AES_128_GCM_SHA256
INFO (3881/3881) -- TLSContext::Server cipher 4: ECDHE-ECDSA-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 5: ECDHE-RSA-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 6: DHE-RSA-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 7: ECDHE-ECDSA-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 8: ECDHE-RSA-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 9: DHE-RSA-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 10: ECDHE-ECDSA-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 11: ECDHE-RSA-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 12: DHE-RSA-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 13: ECDHE-ECDSA-AES256-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 14: ECDHE-RSA-AES256-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 15: DHE-RSA-AES256-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 16: ECDHE-ECDSA-AES128-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 17: ECDHE-RSA-AES128-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 18: DHE-RSA-AES128-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 19: ECDHE-ECDSA-AES256-SHA
INFO (3881/3881) -- TLSContext::Server cipher 20: ECDHE-RSA-AES256-SHA
INFO (3881/3881) -- TLSContext::Server cipher 21: DHE-RSA-AES256-SHA
INFO (3881/3881) -- TLSContext::Server cipher 22: ECDHE-ECDSA-AES128-SHA
INFO (3881/3881) -- TLSContext::Server cipher 23: ECDHE-RSA-AES128-SHA
INFO (3881/3881) -- TLSContext::Server cipher 24: DHE-RSA-AES128-SHA
INFO (3881/3881) -- TLSContext::Server cipher 25: RSA-PSK-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 26: DHE-PSK-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 27: RSA-PSK-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 28: DHE-PSK-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 29: ECDHE-PSK-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 30: AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 31: PSK-AES256-GCM-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 32: PSK-CHACHA20-POLY1305
INFO (3881/3881) -- TLSContext::Server cipher 33: RSA-PSK-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 34: DHE-PSK-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 35: AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 36: PSK-AES128-GCM-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 37: AES256-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 38: AES128-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 39: ECDHE-PSK-AES256-CBC-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 40: ECDHE-PSK-AES256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 41: SRP-RSA-AES-256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 42: SRP-AES-256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 43: RSA-PSK-AES256-CBC-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 44: DHE-PSK-AES256-CBC-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 45: RSA-PSK-AES256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 46: DHE-PSK-AES256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 47: AES256-SHA
INFO (3881/3881) -- TLSContext::Server cipher 48: PSK-AES256-CBC-SHA384
INFO (3881/3881) -- TLSContext::Server cipher 49: PSK-AES256-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 50: ECDHE-PSK-AES128-CBC-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 51: ECDHE-PSK-AES128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 52: SRP-RSA-AES-128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 53: SRP-AES-128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 54: RSA-PSK-AES128-CBC-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 55: DHE-PSK-AES128-CBC-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 56: RSA-PSK-AES128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 57: DHE-PSK-AES128-CBC-SHA
INFO (3881/3881) -- TLSContext::Server cipher 58: AES128-SHA
INFO (3881/3881) -- TLSContext::Server cipher 59: PSK-AES128-CBC-SHA256
INFO (3881/3881) -- TLSContext::Server cipher 60: PSK-AES128-CBC-SHA
INFO (3881/3881) -- TLSContext::Negociated cipher used ECDHE-RSA-AES256-GCM-SHA384
INFO (3881/3881) -- SocketTransport::enable_server_tls() done
INFO (3881/3881) -- RdpNego: TLS=Enabled NLA=Disabled adminMode=Disabled
INFO (3881/3881) -- recvNTLMNegotiateMessage full dump--------------------------------
INFO (3881/3881) -- /* 0000 */ "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\xb7\x82\x08\xe2" // NTLMSSP.........
INFO (3881/3881) -- /* 0010 */ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" // ................
INFO (3881/3881) -- /* 0020 */ "\x06\x01\xb1\x1d\x00\x00\x00\x0f" // ........
INFO (3881/3881) -- recvNTLMNegotiateMessage hexdump end - START PARSING DATA-------------
INFO (3881/3881) -- negotiateFlags "0xE28A8235"{
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_56, // (31)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_KEY_EXCH, // (30)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_128, // (29)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_VERSION, // (25)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_TARGET_INFO, // (23)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY, // (19)
INFO (3881/3881) -- |NTLMSSP_TARGET_TYPE_SERVER, // (17)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_ALWAYS_SIGN, // (15)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_NTLM, // (9)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_SEAL, // (5)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_SIGN, // (4)
INFO (3881/3881) -- |NTLMSSP_REQUEST_TARGET, // (2)
INFO (3881/3881) -- |NTLMSSP_NEGOTIATE_UNICODE, // (0)
INFO (3881/3881) -- }
INFO (3881/3881) -- NTLM Message Authenticate Dump (Recv)
INFO (3881/3881) -- /* 0000 */ 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, // NTLMSSP.........
INFO (3881/3881) -- /* 0010 */ 0x80, 0x00, 0x00, 0x00, 0xbe, 0x00, 0xbe, 0x00, 0x98, 0x00, 0x00, 0x00, 0x16, 0x00, 0x16, 0x00, // ................
INFO (3881/3881) -- /* 0020 */ 0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, // X.......n.......
INFO (3881/3881) -- /* 0030 */ 0x76, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x56, 0x01, 0x00, 0x00, 0x35, 0xb2, 0x88, 0xe2, // v.......V...5...
INFO (3881/3881) -- /* 0040 */ 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0xc9, 0x62, 0xfc, 0x8e, 0x48, 0xd1, 0x8a, 0xef, // .........b..H...
INFO (3881/3881) -- /* 0050 */ 0xdb, 0xce, 0x89, 0x46, 0xa9, 0xfc, 0x3e, 0x85, 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, // ...F..>.1.0...2.
INFO (3881/3881) -- /* 0060 */ 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x6e, 0x00, // 1.1...5.5...6.n.
INFO (3881/3881) -- /* 0070 */ 0x69, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x79, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x68, 0x00, // i.c.o.y.a.n.g.h.
INFO (3881/3881) -- /* 0080 */ 0xc6, 0x4a, 0x2b, 0x4c, 0xbc, 0xc8, 0x6c, 0xba, 0xb1, 0x4e, 0xea, 0x51, 0x10, 0xe7, 0x17, 0xd6, // .J+L..l..N.Q....
INFO (3881/3881) -- /* 0090 */ 0xf2, 0x1f, 0x62, 0x85, 0xd5, 0xa5, 0xb2, 0xc9, 0x90, 0x6c, 0x60, 0x2e, 0x26, 0x9a, 0xc9, 0xcb, // ..b......l`.&...
INFO (3881/3881) -- /* 00a0 */ 0xe3, 0xc3, 0x7f, 0x2d, 0x14, 0x13, 0x92, 0xea, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ...-............
INFO (3881/3881) -- /* 00b0 */ 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, 0xf2, 0x1f, 0x62, 0x85, 0xd5, 0xa5, 0xb2, 0xc9, // g..ZNVv...b.....
INFO (3881/3881) -- /* 00c0 */ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, // ........W.I.N.7.
INFO (3881/3881) -- /* 00d0 */ 0x01, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, 0x04, 0x00, 0x08, 0x00, // ....W.I.N.7.....
INFO (3881/3881) -- /* 00e0 */ 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, 0x03, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, // w.i.n.7.....w.i.
INFO (3881/3881) -- /* 00f0 */ 0x6e, 0x00, 0x37, 0x00, 0x07, 0x00, 0x08, 0x00, 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, // n.7.....g..ZNVv.
INFO (3881/3881) -- /* 0100 */ 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, // ................
INFO (3881/3881) -- /* 0110 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x26, 0x00, // ..............&.
INFO (3881/3881) -- /* 0120 */ 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x4d, 0x00, 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2f, 0x00, // T.E.R.M.S.R.V./.
INFO (3881/3881) -- /* 0130 */ 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, // 1.0...2.1.1...5.
INFO (3881/3881) -- /* 0140 */ 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 5...6...........
INFO (3881/3881) -- /* 0150 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xad, 0x6e, 0xc8, 0x8c, 0xe9, 0xd9, 0xe0, 0xa4, 0x47, 0xff, // .......n......G.
INFO (3881/3881) -- /* 0160 */ 0x96, 0xc1, 0x8a, 0x1c, 0x1e, 0x8a, // ......
INFO (3881/3881) -- LmChallengeResponse: offset=128 len=24 buffer_len=24
INFO (3881/3881) -- /* 0000 */ 0xc6, 0x4a, 0x2b, 0x4c, 0xbc, 0xc8, 0x6c, 0xba, 0xb1, 0x4e, 0xea, 0x51, 0x10, 0xe7, 0x17, 0xd6, // .J+L..l..N.Q....
INFO (3881/3881) -- /* 0010 */ 0xf2, 0x1f, 0x62, 0x85, 0xd5, 0xa5, 0xb2, 0xc9, // ..b.....
INFO (3881/3881) -- : offset=152 len=190 buffer_len=190
INFO (3881/3881) -- /* 0000 */ 0x90, 0x6c, 0x60, 0x2e, 0x26, 0x9a, 0xc9, 0xcb, 0xe3, 0xc3, 0x7f, 0x2d, 0x14, 0x13, 0x92, 0xea, // .l`.&......-....
INFO (3881/3881) -- /* 0010 */ 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, // ........g..ZNVv.
INFO (3881/3881) -- /* 0020 */ 0xf2, 0x1f, 0x62, 0x85, 0xd5, 0xa5, 0xb2, 0xc9, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, // ..b.............
INFO (3881/3881) -- /* 0030 */ 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, 0x01, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, // W.I.N.7.....W.I.
INFO (3881/3881) -- /* 0040 */ 0x4e, 0x00, 0x37, 0x00, 0x04, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, // N.7.....w.i.n.7.
INFO (3881/3881) -- /* 0050 */ 0x03, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, 0x07, 0x00, 0x08, 0x00, // ....w.i.n.7.....
INFO (3881/3881) -- /* 0060 */ 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, // g..ZNVv.........
INFO (3881/3881) -- /* 0070 */ 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ................
INFO (3881/3881) -- /* 0080 */ 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x26, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x4d, 0x00, // ......&.T.E.R.M.
INFO (3881/3881) -- /* 0090 */ 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2f, 0x00, 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, // S.R.V./.1.0...2.
INFO (3881/3881) -- /* 00a0 */ 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x00, 0x00, // 1.1...5.5...6...
INFO (3881/3881) -- /* 00b0 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ..............
INFO (3881/3881) -- DomainName: offset=88 len=22 buffer_len=22
INFO (3881/3881) -- /* 0000 */ 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, // 1.0...2.1.1...5.
INFO (3881/3881) -- /* 0010 */ 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, // 5...6.
INFO (3881/3881) -- UserName: offset=110 len=8 buffer_len=8
INFO (3881/3881) -- /* 0000 */ 0x6e, 0x00, 0x69, 0x00, 0x63, 0x00, 0x6f, 0x00, // n.i.c.o.
INFO (3881/3881) -- Workstation: offset=118 len=10 buffer_len=10
INFO (3881/3881) -- /* 0000 */ 0x79, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x68, 0x00, // y.a.n.g.h.
INFO (3881/3881) -- EncryptedRandomSessionKey: offset=342 len=16 buffer_len=16
INFO (3881/3881) -- /* 0000 */ 0xad, 0x6e, 0xc8, 0x8c, 0xe9, 0xd9, 0xe0, 0xa4, 0x47, 0xff, 0x96, 0xc1, 0x8a, 0x1c, 0x1e, 0x8a, // .n......G.......
ERR (3881/3881) -- Recording front connection ending: NLA Authentication Failed
INFO (3881/3881) -- Exiting FrontServer (1)
INFO (3871/3871) -- Starting FrontServer
INFO (3900/3900) -- Recording front connection in dump-0002.out
INFO (3900/3900) -- connecting to 10.8.18.29:3389
INFO (3900/3900) -- connection to 10.8.18.29:3389 (10.8.18.29) succeeded : socket 5
INFO (3900/3900) -- front step 1
INFO (3900/3900) -- CR Recv: PROTOCOL TLS
INFO (3900/3900) -- CR Recv: PROTOCOL HYBRID
INFO (3900/3900) -- CC Send: PROTOCOL HYBRID
INFO (3900/3900) -- SocketTransport::enable_server_tls() start (front)
INFO (3900/3900) -- Enable server TLS
INFO (3900/3900) -- TLSContext::enable_server_tls() set SSL options
INFO (3900/3900) -- TLSContext::X509_get_pubkey()
INFO (3900/3900) -- TLSContext::i2d_PublicKey()
INFO (3900/3900) -- TLSContext::i2d_PublicKey()
INFO (3900/3900) -- Incoming connection to Bastion using TLS version TLSv1.2
INFO (3900/3900) -- TLSContext::Server cipher 1: TLS_AES_256_GCM_SHA384
INFO (3900/3900) -- TLSContext::Server cipher 2: TLS_CHACHA20_POLY1305_SHA256
INFO (3900/3900) -- TLSContext::Server cipher 3: TLS_AES_128_GCM_SHA256
INFO (3900/3900) -- TLSContext::Server cipher 4: ECDHE-ECDSA-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 5: ECDHE-RSA-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 6: DHE-RSA-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 7: ECDHE-ECDSA-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 8: ECDHE-RSA-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 9: DHE-RSA-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 10: ECDHE-ECDSA-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 11: ECDHE-RSA-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 12: DHE-RSA-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 13: ECDHE-ECDSA-AES256-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 14: ECDHE-RSA-AES256-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 15: DHE-RSA-AES256-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 16: ECDHE-ECDSA-AES128-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 17: ECDHE-RSA-AES128-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 18: DHE-RSA-AES128-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 19: ECDHE-ECDSA-AES256-SHA
INFO (3900/3900) -- TLSContext::Server cipher 20: ECDHE-RSA-AES256-SHA
INFO (3900/3900) -- TLSContext::Server cipher 21: DHE-RSA-AES256-SHA
INFO (3900/3900) -- TLSContext::Server cipher 22: ECDHE-ECDSA-AES128-SHA
INFO (3900/3900) -- TLSContext::Server cipher 23: ECDHE-RSA-AES128-SHA
INFO (3900/3900) -- TLSContext::Server cipher 24: DHE-RSA-AES128-SHA
INFO (3900/3900) -- TLSContext::Server cipher 25: RSA-PSK-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 26: DHE-PSK-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 27: RSA-PSK-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 28: DHE-PSK-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 29: ECDHE-PSK-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 30: AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 31: PSK-AES256-GCM-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 32: PSK-CHACHA20-POLY1305
INFO (3900/3900) -- TLSContext::Server cipher 33: RSA-PSK-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 34: DHE-PSK-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 35: AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 36: PSK-AES128-GCM-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 37: AES256-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 38: AES128-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 39: ECDHE-PSK-AES256-CBC-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 40: ECDHE-PSK-AES256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 41: SRP-RSA-AES-256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 42: SRP-AES-256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 43: RSA-PSK-AES256-CBC-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 44: DHE-PSK-AES256-CBC-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 45: RSA-PSK-AES256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 46: DHE-PSK-AES256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 47: AES256-SHA
INFO (3900/3900) -- TLSContext::Server cipher 48: PSK-AES256-CBC-SHA384
INFO (3900/3900) -- TLSContext::Server cipher 49: PSK-AES256-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 50: ECDHE-PSK-AES128-CBC-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 51: ECDHE-PSK-AES128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 52: SRP-RSA-AES-128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 53: SRP-AES-128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 54: RSA-PSK-AES128-CBC-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 55: DHE-PSK-AES128-CBC-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 56: RSA-PSK-AES128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 57: DHE-PSK-AES128-CBC-SHA
INFO (3900/3900) -- TLSContext::Server cipher 58: AES128-SHA
INFO (3900/3900) -- TLSContext::Server cipher 59: PSK-AES128-CBC-SHA256
INFO (3900/3900) -- TLSContext::Server cipher 60: PSK-AES128-CBC-SHA
INFO (3900/3900) -- TLSContext::Negociated cipher used ECDHE-RSA-AES256-GCM-SHA384
INFO (3900/3900) -- SocketTransport::enable_server_tls() done
INFO (3900/3900) -- RdpNego: TLS=Enabled NLA=Disabled adminMode=Disabled
INFO (3900/3900) -- recvNTLMNegotiateMessage full dump--------------------------------
INFO (3900/3900) -- /* 0000 */ "\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\xb7\x82\x08\xe2" // NTLMSSP.........
INFO (3900/3900) -- /* 0010 */ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" // ................
INFO (3900/3900) -- /* 0020 */ "\x06\x01\xb1\x1d\x00\x00\x00\x0f" // ........
INFO (3900/3900) -- recvNTLMNegotiateMessage hexdump end - START PARSING DATA-------------
INFO (3900/3900) -- negotiateFlags "0xE28A8235"{
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_56, // (31)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_KEY_EXCH, // (30)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_128, // (29)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_VERSION, // (25)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_TARGET_INFO, // (23)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY, // (19)
INFO (3900/3900) -- |NTLMSSP_TARGET_TYPE_SERVER, // (17)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_ALWAYS_SIGN, // (15)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_NTLM, // (9)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_SEAL, // (5)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_SIGN, // (4)
INFO (3900/3900) -- |NTLMSSP_REQUEST_TARGET, // (2)
INFO (3900/3900) -- |NTLMSSP_NEGOTIATE_UNICODE, // (0)
INFO (3900/3900) -- }
INFO (3900/3900) -- NTLM Message Authenticate Dump (Recv)
INFO (3900/3900) -- /* 0000 */ 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x03, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, // NTLMSSP.........
INFO (3900/3900) -- /* 0010 */ 0x80, 0x00, 0x00, 0x00, 0xbe, 0x00, 0xbe, 0x00, 0x98, 0x00, 0x00, 0x00, 0x16, 0x00, 0x16, 0x00, // ................
INFO (3900/3900) -- /* 0020 */ 0x58, 0x00, 0x00, 0x00, 0x08, 0x00, 0x08, 0x00, 0x6e, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x0a, 0x00, // X.......n.......
INFO (3900/3900) -- /* 0030 */ 0x76, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x56, 0x01, 0x00, 0x00, 0x35, 0xb2, 0x88, 0xe2, // v.......V...5...
INFO (3900/3900) -- /* 0040 */ 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0x1c, 0xd9, 0xd4, 0xc6, 0x52, 0x9b, 0x43, 0x04, // ............R.C.
INFO (3900/3900) -- /* 0050 */ 0x5c, 0x0b, 0x58, 0xfe, 0x56, 0x97, 0x18, 0xc2, 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, // ..X.V...1.0...2.
INFO (3900/3900) -- /* 0060 */ 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x6e, 0x00, // 1.1...5.5...6.n.
INFO (3900/3900) -- /* 0070 */ 0x69, 0x00, 0x63, 0x00, 0x6f, 0x00, 0x79, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x68, 0x00,
INFO (3900/3900) -- /* 0080 */ 0xb8, 0x4c, 0xf7, 0x0d, 0x6a, 0xba, 0x96, 0xde, 0x17, 0x44, 0x05, 0xb3, 0x23, 0x0c, 0x85, 0xd7, // .L..j....D..#...
INFO (3900/3900) -- /* 0090 */ 0xd9, 0x3e, 0x00, 0x94, 0x76, 0x92, 0x48, 0x8e, 0xc0, 0xfd, 0x85, 0x06, 0x2b, 0x5b, 0xb3, 0xd3, // .>..v.H.....+[..
INFO (3900/3900) -- /* 00a0 */ 0x34, 0x10, 0xf9, 0xd2, 0x0a, 0xed, 0xba, 0x0d, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 4...............
INFO (3900/3900) -- /* 00b0 */ 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, 0xd9, 0x3e, 0x00, 0x94, 0x76, 0x92, 0x48, 0x8e, // g..ZNVv..>..v.H.
INFO (3900/3900) -- /* 00c0 */ 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, // ........W.I.N.7.
INFO (3900/3900) -- /* 00d0 */ 0x01, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, 0x04, 0x00, 0x08, 0x00, // ....W.I.N.7.....
INFO (3900/3900) -- /* 00e0 */ 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, 0x03, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, // w.i.n.7.....w.i.
INFO (3900/3900) -- /* 00f0 */ 0x6e, 0x00, 0x37, 0x00, 0x07, 0x00, 0x08, 0x00, 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, // n.7.....g..ZNVv.
INFO (3900/3900) -- /* 0100 */ 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, // ................
INFO (3900/3900) -- /* 0110 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x26, 0x00, // ..............&.
INFO (3900/3900) -- /* 0120 */ 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x4d, 0x00, 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2f, 0x00, // T.E.R.M.S.R.V./.
INFO (3900/3900) -- /* 0130 */ 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, // 1.0...2.1.1...5.
INFO (3900/3900) -- /* 0140 */ 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // 5...6...........
INFO (3900/3900) -- /* 0150 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xbf, 0x1a, 0xc4, 0x1b, 0x92, 0xfa, 0xc5, 0x9b, 0x04, 0x4a, // ...............J
INFO (3900/3900) -- /* 0160 */ 0xf5, 0x8e, 0xc6, 0x13, 0xe1, 0x94, // ......
INFO (3900/3900) -- LmChallengeResponse: offset=128 len=24 buffer_len=24
INFO (3900/3900) -- /* 0000 */ 0xb8, 0x4c, 0xf7, 0x0d, 0x6a, 0xba, 0x96, 0xde, 0x17, 0x44, 0x05, 0xb3, 0x23, 0x0c, 0x85, 0xd7, // .L..j....D..#...
INFO (3900/3900) -- /* 0010 */ 0xd9, 0x3e, 0x00, 0x94, 0x76, 0x92, 0x48, 0x8e, // .>..v.H.
INFO (3900/3900) -- : offset=152 len=190 buffer_len=190
INFO (3900/3900) -- /* 0000 */ 0xc0, 0xfd, 0x85, 0x06, 0x2b, 0x5b, 0xb3, 0xd3, 0x34, 0x10, 0xf9, 0xd2, 0x0a, 0xed, 0xba, 0x0d, // ....+[..4.......
INFO (3900/3900) -- /* 0010 */ 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, // ........g..ZNVv.
INFO (3900/3900) -- /* 0020 */ 0xd9, 0x3e, 0x00, 0x94, 0x76, 0x92, 0x48, 0x8e, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x08, 0x00, // .>..v.H.........
INFO (3900/3900) -- /* 0030 */ 0x57, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x37, 0x00, 0x01, 0x00, 0x08, 0x00, 0x57, 0x00, 0x49, 0x00, // W.I.N.7.....W.I.
INFO (3900/3900) -- /* 0040 */ 0x4e, 0x00, 0x37, 0x00, 0x04, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, // N.7.....w.i.n.7.
INFO (3900/3900) -- /* 0050 */ 0x03, 0x00, 0x08, 0x00, 0x77, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x37, 0x00, 0x07, 0x00, 0x08, 0x00, // ....w.i.n.7.....
INFO (3900/3900) -- /* 0060 */ 0x67, 0x95, 0x0e, 0x5a, 0x4e, 0x56, 0x76, 0xd6, 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, // g..ZNVv.........
INFO (3900/3900) -- /* 0070 */ 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ................
INFO (3900/3900) -- /* 0080 */ 0x00, 0x00, 0x00, 0x00, 0x09, 0x00, 0x26, 0x00, 0x54, 0x00, 0x45, 0x00, 0x52, 0x00, 0x4d, 0x00, // ......&.T.E.R.M.
INFO (3900/3900) -- /* 0090 */ 0x53, 0x00, 0x52, 0x00, 0x56, 0x00, 0x2f, 0x00, 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, // S.R.V./.1.0...2.
INFO (3900/3900) -- /* 00a0 */ 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00, 0x00, 0x00, // 1.1...5.5...6...
INFO (3900/3900) -- /* 00b0 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // ..............
INFO (3900/3900) -- DomainName: offset=88 len=22 buffer_len=22
INFO (3900/3900) -- /* 0000 */ 0x31, 0x00, 0x30, 0x00, 0x2e, 0x00, 0x32, 0x00, 0x31, 0x00, 0x31, 0x00, 0x2e, 0x00, 0x35, 0x00, // 1.0...2.1.1...5.
INFO (3900/3900) -- /* 0010 */ 0x35, 0x00, 0x2e, 0x00, 0x36, 0x00,
INFO (3900/3900) -- UserName: offset=110 len=8 buffer_len=8
INFO (3900/3900) -- /* 0000 */ 0x6e, 0x00, 0x69, 0x00, 0x63, 0x00, 0x6f, 0x00,
INFO (3900/3900) -- Workstation: offset=118 len=10 buffer_len=10
INFO (3900/3900) -- /* 0000 */ 0x79, 0x00, 0x61, 0x00, 0x6e, 0x00, 0x67, 0x00, 0x68, 0x00,
INFO (3900/3900) -- EncryptedRandomSessionKey: offset=342 len=16 buffer_len=16
INFO (3900/3900) -- /* 0000 */ 0xbf, 0x1a, 0xc4, 0x1b, 0x92, 0xfa, 0xc5, 0x9b, 0x04, 0x4a, 0xf5, 0x8e, 0xc6, 0x13, 0xe1, 0x94, // .........J......
ERR (3900/3900) -- Recording front connection ending: NLA Authentication Failed
INFO (3900/3900) -- Exiting FrontServer (1)