Socket access policy under Vista

Hi, for a long time I could easily make socket connections
from my swf files tom simples java servers on various ports (swfs
embeded from activex, for example). I used the simple python server
policy file provided at this article to open the needed tcp ports
to my flash applications.
http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
This works ok on Windows XP machines, Flash player 9 or 10.
However, no single Vista machine seems able to find the 843 port to
load the policy file. I tried to use another server for the policy
file, tried to use another port for the policy
(Security.loadPolicyFile("xmlsocket://localhost:8008");) but
nothing seems to work - I just can't make my flash applications
connect on Windows Vista.
Is this a known problem? What am I doing wrong?
Thank you!

I have finally solved it... it seems to be a problem with Windows Vista Firewall.
The Phyton server proposed by Adobe does not work (it seems to be blocked even with the firewall disabled).
Nevertheless, the Perl server works properly.

Similar Messages

  • 8.0.6-119 on S160 can no longer see past the second access policy

    We upgraded an S160 to 8.0.6-119 today and now the appliance is not authenticating groups beyond restricted internet and information technology.  For example Access Policy #6 is called Marketing.  It has access to Streaming Media and Social Media (like youtube, facebook, twitter).  They are the marketing department that needs this access to do their job.  The identity policy is authenticated_users but it keeps falling under the last access policy "Global Access Policy" which results in request blocked based on URL category.
    I just don't get it.  Authenticated Users is selected to windows realm which the wsa joined to the domain and has 3 DC's and a CDA virtual appliance tied to it.  I don't see that being the issue because the policy trace correctly brings back all AD groups the user is tied to.  The scheme is Use Kerberos or NTLMSSP.  
    Next under access policies there are 14 of them before the global policy.  They are all authenticated users and pointed to the proper active directory groups.  Marketing is 6 out of 14 (not counting the non-numbered Global Policy at the bottom).
    So what could the issue be?

    I opened a case with TAC but have not heard back.  However it seems things are working now.  Perhaps they contacted in and corrected an issue but haven't had the chance to tell me what they did.  I have remote access enabled for Cisco TAC.
    Now when I do the policy trace, It actually applies the Marketing access policy, and AVC actually see's this is Facebook General (Facebook) in this case.  Before I think it said none for everything and access policy was global.

  • Changes in Solaris 10 Patch Access Policy

    Solaris 10 x86 User Community
    As of November 29th, Sun will be changing its Solaris 10 patch access policy. Now that Solaris 10 is freely available, support services require the purchase of a Sun Service Plan.
    Under this new policy, access to patches is restricted. Security fixes and hardware driver updates are publicly available for free, but access to all other patches requires a Sun Service Plan.
    Please see http://www.sun.com/service/sunconnection/solaris10patches.html for available access options.
    Please send any questions to [email protected]

    hi,
    As a technical specialist I can understand everyone needs revenues to keep on going. But $120 for a min. level service plan it's really foolish on the policy makers. This would result in severe dent for the Solaris initiative itself in the long run. There should be reasonable pricing model, especially when Sun is projecting Solaris as an alternative to Linux! I do strongly suggest as a loyal Sun developer since 1996 to re-consider the service plan rates.
    thanks,
    Su37

  • Issue with UAG/TMG communication to published SharePoint application is blocked by access policy settings

    We have a UAG/TMG server set up with SharePoint published. The UAG is also doing load balancing for the SharePoint farm. We have an MDM application that is trying to connect to our SharePoint but our SharePoint is routed through the UAG. The MDM application
    does not need to be published neither is there any component that can be accessed directly by end users. It is more of a proxy to relay content to mobile devices. It is using 443 and two other secondary ports.
    On the TMG logs, we can see requests hitting the TMG over port 443 from the MDM application server. We can also see that it is trying to be routed to our SharePoint but we get the following error in the TMG log:
    “Filter information: A request from source IP address xx.xx.xx.xx, user to trunk portal; Secure=1 for application SharePoint of type SharePoint15 failed. The endpoint device does not comply with access policy settings ([%PolicyId%]) for session [%SessionId]”
    The source IP is the internal IP of the host running the MDM application. In the UAG side, under the SharePoint publishing rule, for Access Policy Settings we have tried selecting the 'Always' option but that had no effect. It appears like there is a policy
    blocking communication to SharePoint. Does anyone have a suggestion on which policy or where the policy that is controlling this is located so that we can try to resolve this issue? Thanks.

    Looking at the UAG Web Monitor, it says that the access policy is 'Hybrid_Default_Session_Access' and the URL is /_vti_bin/Webs.asmx. 
    We can't find a 'Hybrid Default Session Access' policy. In the Endpoint Policy Settings tab, we tried using 'Always' for the Access Policy for the published SharePoint application but that did not make any difference. 

  • Secure Web.Show_Document with forms10.1.2.3 under vista Need authentication

    Hi All
    I installed forms 10.1.2.3 successfully under Windows Vista , i use Java Bean described in the OTN Forms document titled "Oracle Forms Services - Secure Web.Show_Document calls to Oracle Reports" ,but when the form calls the report, the following error message :
    "REP-51018: Need database user authentication" is presented to the user.
    note : I did this before successfully with forms 10.1.2.0.2 under windows xp
    What is wrong with me please under Vista ?
    Note :The Java console give this :
    Java Plug-in 1.5.0_12
    Using JRE version 1.5.0_12 Java HotSpot(TM) Client VM
    User home directory = C:\Users\crizma1
    network: Loading user-defined proxy configuration ...
    network: Done.
    network: Loading proxy configuration from Internet Explorer ...
    network: Done.
    network: Loading direct proxy configuration ...
    network: Done.
    network: Proxy Configuration: No proxy
    basic: Cache is enabled
    basic: Location: C:\Users\crizma1\AppData\LocalLow\Sun\Java\Deployment\cache\javapi\v1.0
    basic: Maximum size: unlimited
    basic: Compression level: 0
    basic: Plugin modality.register
    c: clear console window
    f: finalize objects on finalization queue
    g: garbage collect
    h: display this help message
    l: dump classloader list
    m: print memory usage
    o: trigger logging
    p: reload proxy configuration
    q: hide console
    r: reload policy configuration
    s: dump system and deployment properties
    t: dump thread list
    v: dump thread stack
    x: clear classloader cache
    0-5: set trace level to <n>
    basic: Registered modality listener
    liveconnect: Invoking JS method: document
    liveconnect: Invoking JS method: URL
    basic: Referencing classloader: sun.plugin.ClassLoaderInfo@e34726, refcount=1
    basic: Added progress listener: sun.plugin.util.GrayBoxPainter@7be8c2
    basic: Loading applet ...
    basic: Initializing applet ...
    basic: Starting applet ...
    basic: Referencing classloader: sun.plugin.ClassLoaderInfo@e34726, refcount=2
    basic: Releasing classloader: sun.plugin.ClassLoaderInfo@e34726, refcount=1
    network: Connecting http://mostafa:8889/forms/java/frmall.jar with proxy=DIRECT
    basic: Loading http://mostafa:8889/forms/java/frmall.jar from cache
    basic: Reading cached JAR file from JRE 1.5 release
    basic: Certificates for http://mostafa:8889/forms/java/frmall.jar is read from JAR cache
    security: Loading Root CA certificates from C:\PROGRA~1\Java\JRE15~2.0_1\lib\security\cacerts
    security: Loaded Root CA certificates from C:\PROGRA~1\Java\JRE15~2.0_1\lib\security\cacerts
    security: Loading Deployment certificates from C:\Users\crizma1\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
    security: Loaded Deployment certificates from C:\Users\crizma1\AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs
    security: Loading certificates from Deployment session certificate store
    security: Loaded certificates from Deployment session certificate store
    security: Loading certificates from Internet Explorer ROOT certificate store
    security: Loaded certificates from Internet Explorer ROOT certificate store
    security: Loading certificates from Internet Explorer TrustedPublisher certificate store
    security: Loaded certificates from Internet Explorer TrustedPublisher certificate store
    security: Checking if certificate is in Deployment permanent certificate store
    basic: Loaded image: jar:http://mostafa:8889/forms/java/frmall.jar!/oracle/forms/icons/splash.gif
    basic: Loaded image: jar:http://mostafa:8889/forms/java/frmall.jar!/oracle/forms/icons/oracle_logo.gif
    basic: Loaded image: jar:http://mostafa:8889/forms/java/frmall.jar!/oracle/forms/icons/bgnd.gif
    network: Connecting http://mostafa:8889/forms/java/oracle/forms/registry/Registry.dat with proxy=DIRECT
    network: Connecting http://mostafa:8889/forms/java/oracle/forms/registry/default.dat with proxy=DIRECT
    proxyHost=null
    proxyPort=0
    connectMode=HTTP, native.
    network: Connecting http://mostafa:8889/forms/frmservlet?form=d:%5CFEMTOSOFT%5CACC%5Cmainmenu&separateframe=true&acceptLanguage=ar-eg&ifcmd=startsession with proxy=DIRECT
    network: Connecting http://mostafa:8889/forms/lservlet;jsessionid=0125fc1e6334c60e076ddfdd063a1d231270ff1507db8a2efc0666273e237011?ifcmd=getinfo&ifhost=Mostafa&ifip=192.168.1.2 with proxy=DIRECT
    network: Connecting http://mostafa:8889/forms/lservlet;jsessionid=0125fc1e6334c60e076ddfdd063a1d231270ff1507db8a2efc0666273e237011 with proxy=DIRECT
    network: Connecting http://mostafa:8889/forms/java/frmrwinteg.jar with proxy=DIRECT
    java.io.FileNotFoundException: http://mostafa:8889/forms/java/frmrwinteg.jar
         at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
         at sun.plugin.net.protocol.http.HttpUtils.followRedirects(Unknown Source)
         at sun.plugin.cache.CachedJarLoader.isUpToDate(Unknown Source)
         at sun.plugin.cache.CachedJarLoader.loadFromCache(Unknown Source)
         at sun.plugin.cache.CachedJarLoader.load(Unknown Source)
         at sun.plugin.cache.JarCache.get(Unknown Source)
         at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
         at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
         at sun.misc.URLClassPath$JarLoader.getJarFile(Unknown Source)
         at sun.misc.URLClassPath$JarLoader.<init>(Unknown Source)
         at sun.misc.URLClassPath$3.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at sun.misc.URLClassPath.getLoader(Unknown Source)
         at sun.misc.URLClassPath.getLoader(Unknown Source)
         at sun.misc.URLClassPath.getResource(Unknown Source)
         at java.net.URLClassLoader$1.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at java.net.URLClassLoader.findClass(Unknown Source)
         at sun.applet.AppletClassLoader.findClass(Unknown Source)
         at java.lang.ClassLoader.loadClass(Unknown Source)
         at sun.applet.AppletClassLoader.loadClass(Unknown Source)
         at java.lang.ClassLoader.loadClass(Unknown Source)
         at java.util.ResourceBundle.loadBundle(Unknown Source)
         at java.util.ResourceBundle.findBundle(Unknown Source)
         at java.util.ResourceBundle.getBundleImpl(Unknown Source)
         at java.util.ResourceBundle.getBundle(Unknown Source)
         at oracle.forms.registry.MessageManager.getMessage(Unknown Source)
         at oracle.forms.registry.MessageManager.getMessage(Unknown Source)
         at oracle.forms.engine.Runform.createInitialMessage(Unknown Source)
         at oracle.forms.engine.Runform.sendInitialMessage(Unknown Source)
         at oracle.forms.engine.Runform.startRunform(Unknown Source)
         at oracle.forms.engine.Main.createRunform(Unknown Source)
         at oracle.forms.engine.Main.start(Unknown Source)
         at sun.applet.AppletPanel.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    basic: WARNING: error reading http://mostafa:8889/forms/java/frmrwinteg.jar from cache.
    basic: httpCompression = true
    basic: Downloading http://mostafa:8889/forms/java/frmrwinteg.jar to cache
    basic: encoding = null for http://mostafa:8889/forms/java/frmrwinteg.jar
    network: Connecting http://mostafa:8889/forms/java/myappicons.jar with proxy=DIRECT
    basic: Loading http://mostafa:8889/forms/java/myappicons.jar from cache
    basic: No certificate info, this is unsigned JAR file.
    network: Connecting http://mostafa:8889/forms/java/oracle/forms/engine/RunformBundle_ar_EG.class with proxy=DIRECT
    network: Connecting http://mostafa:8889/forms/java/oracle/forms/engine/RunformBundle_ar_EG.properties with proxy=DIRECT
    إصدار بريمج Forms هو : 10.1.2.3
    network: Connecting http://mostafa:8889/forms/lservlet;jsessionid=0125fc1e6334c60e076ddfdd063a1d231270ff1507db8a2efc0666273e237011 with proxy=DIRECT
    network: Connecting http://mostafa:8889/forms/lservlet;jsessionid=0125fc1e6334c60e076ddfdd063a1d231270ff1507db8a2efc0666273e237011 with proxy=DIRECT
    basic: Loaded image: jar:http://mostafa:8889/forms/java/frmall.jar!/oracle/forms/icons/frame.gif
    network: Connecting http://mostafa:8889/forms/lservlet;jsessionid=0125fc1e6334c60e076ddfdd063a1d231270ff1507db8a2efc0666273e237011 with proxy=DIRECT
    network: Connecting http://mostafa:8889/forms/lservlet;jsessionid=0125fc1e6334c60e076ddfdd063a1d231270ff1507db8a2efc0666273e237011 with proxy=DIRECT
    Edited by: Mostafa Abolaynain on Jun 18, 2009 7:50 PM

    If I am remembering correctly, some changes were necessary in order to make this work with 10.1.2.3. So, if you are using the old jar which you used in previous versions, I would recommend obtaining the one specifically updated for 10.1.2.3. Refer back to the OTN page which has the download and choose the link that references the new version:
    http://www.oracle.com/technology/products/forms/techlisting10gR2.html
    Be sure to clear the client Jar cache before re-testing. This is not the same as the browser cache.

  • Patch Access Policy Change

    Solaris 10 x86 User Community
    As of November 29th, Sun will be changing its Solaris 10 patch access policy. Now that Solaris 10 is freely available, support services require the purchase of a Sun Service Plan.
    Under this new policy, access to patches is restricted. Security fixes and hardware driver updates are publicly available for free, but access to all other patches requires a Sun Service Plan.
    Please see
    http://www.sun.com/service/sunconnection/solaris10patches.html for available access options.
    Kayo Granillo
    Sun Microsystems

    Please see
    http://www.sun.com/service/sunconnection/solaris10patc
    hes.html for available access options.Isn't Patch Manager available only for Solaris 8/9?
    Does this mean that Sun isn't providing anything to automate patching for peope who wish to remain "anonymous"?

  • Access Policy and Resources -11gR2

    Hi all,
    I have create an Access policy in 11gR2, its working fine and as per requirement the Resource is getting provisioned / revoked properly.
    In *11gR1* resources provisioned through the Access policy were used to be displayed / listed in the User's Resources tab, In *11gR2* the resources provisioned by Access Policy are not being displayed / listed in under the Accounts tab. is it the default behavior of 11gR2? or some bug? or I need to make any configurations to have it displayed here?
    Regards

    nothing special has to do for showing under Accounts tab. Have you created *'Application Instance'* for the Resource. You have to create Application Instance and run the "catalog sync' job. and once Application Instance is provisioned to user. It will be available under Accounts tab.
    Follow 11gr2 doc for creating application instance
    http://docs.oracle.com/cd/E27559_01/dev.1112/e27150/resmgt.htm#CBBFAIEC

  • Limited access message on Vista laptop

    I have a linksys wireless g 2.4 router. I recently setup WEP security on this router.
     When our Vista laptop connects to our network, it shows a "Limited Access" message below the SSID name. What does the limited access message mean?
    Also, we noticed that around 8pm-11pm every night, our wireless speed slows down drastically. Every website we go to takes a few minutes to display. This happens on all of our PCs connecting wirelessly. Any ideas what to look for on my router that may cause this?
    Thanks,
    Jerry

    Whats the Model number of your Router ?
    If you are getting "Limited Access" on your Vista computer, these indicates that your computer is not connected to the Internet and its having only Limited access. So in these case you can change the security Mode on your Router to WPA Personal and then try to connect to your wireless network. 
    If you are facing intermittent connection problem on your wireless computer, then i think you need to change some settings on your router. Follow the settings bellow. 
    Open an Internet Explorer browser page on your wired computer(desktop).In the address bar type - 192.168.1.1 and press Enter...Leave Username blank & in Password use admin in lower case...
    Set the Wireless channel to 11-2.462GHz...Wireless SSID broadcast should be Enabled and then click on Save Settings...
    Click on Advanced Wireless Settings
    Change the Beacon Interval to 75 >>Change the Fragmentation Threshold to 2304, Change the RTS Threshold to 2304 >>Click on "Save Settings"...
    Now on your vista computer... Click on the Start button >>> Control Panel >>> Network and Sharing Center >>>Under tak you need to click on "Manage Wireless Network" and Remove all the Preferred Networks from the List and close the window. 
    Now try to re-connect to your wireless network using the WPA security key. 

  • OIM access policy not evaluating a boolean

    I have a test for a boolean in Access Policy
    booleanvariable == true
    but it does not evaluate
    I tried booleanvariable == 1
    and this does not work either.
    If I have a string field instead of a boolean, then it works
    stringvariable == TRUE
    this works.
    Is there something wrong with booleans in Access Policy?

    I'm currently using Boolean with access policies, though maybe a little different.
    In the OIM Design Console, I've created a rule (Resource Management -> Rule Designer) named TestRule
    Add Element:
    - Attribute: booleanvariable
    - Operation: ==
    - Attribute Value: 1
    I have groups that mirror access policies, so let's say that we've also created a group (User Groups->Create via OIM AU Console - Web)
    - Under 'Membership Rules' in the dropdown box for group details, assign the rule you just created
    - Then under 'Access Policies' add the policy you created under Access Policies -> Manage
    Then when a user is in OIM with booleanvariable checked, the Access Policy is applied to that user.

  • [OIM 9.1.0.2] Access Policy being evaluated to an OIM user disabled.

    Hi Gurus,
    I have an Access Policy being evaluated and provisioning resource (AD) to an OIM user disabled.
    Any tip on what I should take a look?
    Thanks in advance.

    Hi all,
    I have configured out the XL.EvaluateMembershipForInactiveUser System Property as TRUE, but the membership rule does not get evaluated for disabled users. So the user still remain into the group. I have restarted the OIM.
    I need to active the Evaluate User Policies schedule task for this configuration be effective. Or should I do something more?
    Thanks a lot.

  • How to track a request id through an access policy in OIM

    lets say User-A requests a job role on behalf of User-B and this job role has a access policy attached to it, to provision the user to AD and SAP.
    Now we want an email sent to user-A (i.e the user-A who is responsible for job role assignment which made the access policy to trigger the provisioning of User-B to the SAP ) once User-B is provisioned to an Resource for the first time.

    You can find the personA usr_key from upp and upd table.
    In upp table it is Coulmn name UPP_UPDATEBY
    In upd table Coulmn name is UPD_CREATEBY
    and for the status check the coulmns (UPD_ALLOW_LIST,UPP_ALLOW_LIST)
    Thanks..
    Edited by: IDMuser19 on Sep 2, 2010 3:27 PM

  • Not able to get the AD organizations list while creating access policy

    Hi All,
    Had created IT Resource for AD server, and was able to successfully connect to it. And Now when I try to create a access policy, where I am not able to view any organization from AD.
    Can someone please let me know how to resolve this.
    Thanks in advance.....
    Regards
    Arun

    Please check the error log which I am getting when I ran the schedule job
    ======= Start Stack Trace =======================>
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.schedule.tasks.ADLookupReconTask : performReconciliation>
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]>
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <Description : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecu
    rityContext error, data 52e, vece ]>
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <com.thortech.xl.exception.ConnectionException: [LDAP: error code 49 - 80090308: LdapErr: D
    SID-0C090334, comment: AcceptSecurityContext error, data 52e, vece ]
    at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.searchResultPageEnum(Unknown Source)
    at com.thortech.xl.schedule.tasks.ADLookupReconTask.performReconciliation(Unknown Source)
    at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Source)
    at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.execute(SchedulerBaseTask.java:384)
    at oracle.iam.scheduler.vo.TaskSupport.executeJob(TaskSupport.java:145)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at oracle.iam.scheduler.impl.quartz.QuartzJob.execute(QuartzJob.java:196)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
    >
    <Aug 3, 2012 2:30:55 PM GMT+05:30> <Error> <OIMCP.ADCS> <BEA-000000> <================= End Stack Trace =======================>
    Based on which I had checked the credentials I provided, and they are correct. I am able to connect to AD with same credentials when I create new IT Resource.
    Not sure what went wrong
    Regards
    Arun

  • ACS 5.3 Authorization problem with using Identity Groups in Access Policy Rule

    Hello guys, I am found a problem which I can't solve regarding authorization with using Identity Groups in Access Policy rule.
    ACS version: 5.3.0.40.6 (internal build B.839)
    I have very simple RADIUS Authorization rule which authorize user on behalf of right Identity Group.
    Requested Identity Group exist
    Testing user is created in Internal Users and has assigned requested Identity Group
    Radius Access Policy: 
    Authentication against Identity Store Sequence, where authorization server is external RSA SecurID device and additional attributes retrieval is configured from Internal Users.
    Authorization is very simple – One Rule with only one Condition which is: Identity Group - in - Requested_Testing_Rule. Then Default rule is set to Deny.
    When I will try login with my testing user then authentication against RSA SecurID is OK, but authorization will be denied by Default rule – It looks like my Rule with Identity Group is totally omitted.
    I am managing several other ACS servers (version 5.3 but with older patches) where similar rules are working without problem.
    What I am tested:
    Remove testing user and create his account again.
    Rename Identity Group
    Use another Identity Group
    Remove Access Policy rule and create it again
    Use Compound Condition: System:Identity Group
    Use Compound Condition: System:UserID instead of Identity Group in Rule (it is working without problem)
    Do you have any idea where problem can be?

    OK guys, it started working yesterday without any configuration change. Maybe it was some database inconsistence wich was solved by ACS itself.

  • Android MS RDP - RPC Error: Your connection was denied because of a Resource Access Policy (TS_RAP). Please contact your server administrator. (2147965402).

    I love iTap Mobile.  Paid for the app.  Sorry to see them discontinue it, but now I know why.  Microsoft bought them out!  But even though free, I am getting an error: RPC Error: Your connection was denied because of a Resource Access
    Policy (TS_RAP). Please contact your server administrator. (2147965402).  I worked with iTap to fix this so I guess they sold Microsoft their older buggy code...  Microsoft, please fix!
    PS: This is the Android version.  Mac and iOS are both okay.
    EDIT:  After an update a few months ago, iOS is no longer working.  Not sure if the problem is related to the Android MSRDP issue.
    UPDATE - Relevant posts (need Android RDP software engineer to fix):
    Event Viewer Log when using Android client:
    The user
    "DOMAIN\testuser", on client computer "10.x.x.x", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM". (This
    is most likely for logging into RD Web - icons shows up).
    The
    user "DOMAIN\testuser", on client computer "10.x.x.x", did not meet resource authorization policy requirements and was therefore not authorized to resource"localhost".
    The following error occurred: "23002".  (This is after clicking on any
    of the icons).
    I
    think the Android MS RDP client is providing the incorrect resource.  It shouldn't be "localhost".
     It should be the RD Connection Broker's hostname, I believe.
    Here's what it should look like (connected using a Windows PC going
    through the RD Web portal via Internet Explorer):
    The user "DOMAIN\testuser", on client computer "10.x.x.x", met connection
    authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM".
    The user "DOMAIN\testuser", on client computer "10.x.x.x", met resource
    authorization policy requirements and was therefore authorized to connect to resource "rdsfarm.domain.com".
    The user "DOMAIN\testuser", on client computer "10.x.x.x", connected
    to resource "rdsfarm.domain.com".
    Stephan,
    Do you have any way to contact the software engineer who worked on the Android version of the RDP client?  Please
    have them read this thread.  They need to fix the hard coded "localhost" resource to be a variable (namely whatever the user put in for the server).
    This is why the MS RDP app is failing in situations where the FQDN for the RD Gateway and Connection Broker uses
    the same host name.
    Again, this is not a configuration problem on our end as it works as intended with the native Windows RDP client
    as well as the Mac and iOS version of the mobile RDP client (all based on iTap Mobile's RDP app).
    This is a problem specific to the Android RDP app.
    PS: No matter how hard I try, the WYSIWYG editor is not very WYSIWYG at all, and so everything here looks messed up even though it looked right when I posted it (it is deleting new blank lines I'm inserting to make it spaced out and easier to read). See
    below to read the post in context.

    Thanks for the bumps, everyone.  I haven't check this thread in a while because I basically gave up on Microsoft's ability to respond.  Unlike paid apps, there's no number to call or ticket to open when an app like this malfunctions.
    Just to give you an update, iOS users started having issues connecting a few months ago.  I don't remember what version started this.  I'm not sure if it's the same problem.
    Also, the newest version now gives a slightly different error message:  RpcOverHttpEndpointException: 2, Your connection was denied because of a Resource Access Policy (TS_RAP).  Please contact your server administrator.
    For Android users, I am starting to recommend Xtralogic Remote Desktop Client.  It's a paid app, but it works great.  I don't know of any alternative for iOS.
    MSRDP for Mac OSX (was also an iTap application) continues to work throughout the many updates.
    We need a software engineer from MS to read my first post.  All the information that will point to a fix is there.  I strongly believe someone hardcoded the string "localhost" instead of using a variable to point to the FQDN of the rdsfarm
    name.
    Here's that info again (copied/pasted).  It doesn't take an engineer to understand the issue.  If you know how to decipher Event Logs, you can see where the problem is.
    Event
    Viewer Log when using Android client:
    The
    user "DOMAIN\testuser", on client computer "10.x.x.x", met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM". (This
    is most likely for logging into RD Web - icons shows up).
    The
    user "DOMAIN\testuser", on client computer "10.x.x.x", did not meet resource authorization policy requirements and was therefore not authorized to resource"localhost".
    The following error occurred: "23002".  (This
    is after clicking on any of the icons).
    I
    think the Android MS RDP client is providing the incorrect resource.  It shouldn't be "localhost".
     It should be the RD Connection Broker's hostname, I believe.
    Here's
    what it should look like (connected using a Windows PC going through the RD Web portal via Internet Explorer):
    The user "DOMAIN\testuser", on client computer "10.x.x.x",
    met connection authorization policy requirements and was therefore authorized to access the RD Gateway server. The following authentication method was used: "NTLM".
    The user "DOMAIN\testuser", on client computer "10.x.x.x",
    met resource authorization policy requirements and was therefore authorized to connect to resource "rdsfarm.domain.com".
    The user "DOMAIN\testuser", on client computer "10.x.x.x",
    connected to resource "rdsfarm.domain.com".

  • RemoteApps Error "Your connection was denied because of a Network Access Policy (TS_NAP). Please contact your server administrator."

    Hello All,
    Good day. May I ask if anyone experienced this error when trying to access remoteapps in Azure? We are using IaaS and set-up RDS using Windows 2012 R2 but we are getting an error below.
    "Your connection was denied because of a Network Access Policy (TS_NAP). Please contact your server administrator.
    Various roles and services (Broker, Session Host, RD Gateway and Web Access are installed on each VMs).
    Please advise.
    Thanks,
    Glenn

    Hi Glen;
    Looks like the set up was not done correctly. Please follow the guidelines given on this
    blog by Keith Mayer.
    Regards;
    Prasant

Maybe you are looking for