Hi Everyone,
I am trying to find out how to report a possible bug in the RDP protocol in regards to the X224 PDU as detailed at http://msdn.microsoft.com/en-us/library/cc240470 where it says the following
routingToken (variable): An optional and variable-length routing token (used for load balancing) terminated by a 0x0D0A two-byte sequence. For more information about the routing token format, see[MSFT-SDLBTS]"Routing Token Format". The length of the routing token and CR+LF sequence is included in theX.224 Connection Request Length Indicator field. If this field is present, then thecookie field MUST NOT be present.
cookie (variable): An optional and variable-length ANSI character string terminated by a 0x0D0A two-byte sequence. This text string MUST be "Cookie: mstshash=IDENTIFIER", where IDENTIFIER is an ANSI character string (an example cookie string is shown in section4.1.1). The length of the entire cookie string and CR+LF sequence is included in theX.224 Connection Request Length Indicator field. This field MUST NOT be present if theroutingToken field is present.
So from what I can tell here, the Cookie or a routingToken should always be sent however :-
We seam to have found a potential bug in the RDP client shipped withwindows 7 and above (and windows XP with the latest rdp client installed) where it would appearer the following is happening.
Windows7
Starting the RDP client and clicking connect and using the cached username - No cookie is sent
Starting the RDP client and setting a username - Cookie is sent correctly
Starting the RDP client and setting a username then disconnecting and using another username without restarting mstsc - Original username is used for the cookie and not the new username, only way to get the client to send the correct cookie is to close the
client and restart it.
Windows XP - Latest version from Microsoft website
Starting the RDP client and clicking connect and using the caches username - No cookie is sent
Starting the RDP client and setting a username - Cookie is sent corretcly
Starting the RDP client and setting a username then disconnecting andusing another username - Original username is used for the cookie and not the new username, only way to get the client to send the correct cookie is to close the client and restart it.
However the original XP version (Windows XP SP3) that was not upgraded behaves correctly and sends the cookie as it should.
This is then effecting any hardware loadbalancer we use in RDP cookie mode and is resulting in duplicate sessions on multiple servers.