The Remote Desktop Protocol (RDP) connection fails when trying to Remote Desktop (RD) to a Windows Server via Advanced Server Access (ASA) using a Project configured to forward traffic through the ASA Gateway. Nothing noteworthy is seen by client or logged by ASA client/server, but within the logs of ASA Gateway, the following signature might be observed:


"MESSAGE" : "2023-05-11T20:33:00.319Z\tERROR\tsecurityFlags=SEC_AUTODETECT_REQ[0x00001000], missing required flag SEC_LICENSE_PKT[0x00000080]\t{\"peerchild\": \"gatewayd-agent\", \"source\": \"rdp_internal\"}",
"MESSAGE" : "2023-05-11T20:33:00.319Z\tERROR\tCONNECTION_STATE_LICENSING status STATE_RUN_FAILED [-1]\t{\"peerchild\": \"gatewayd-agent\", \"source\": \"rdp_internal\"}",


This is seen when the Windows Server has the RD Licensing Role configured and runs the RD Licensing service. To verify this, some possible workarounds that should resolve the problem would be to stop the RD Licensing service on the Windows server or configure the ASA Project not to forward traffic through the ASA Gateway.

• Advanced Server Access (ASA)
• ASA Gateway version below 1.79.2
• Target Windows server has "Remote Desktop Licensing Role" and/or "Remote Desktop Session Host" role configured

The RDP client used within the ASA Gateway in affected versions had an issue that did not support the encryption methods that Windows servers use for the licensing packets within RDP negotiation.

Upgrade ASA Gateway to version 1.79.2 or later.

NOTE: For Mac clients, in addition to installing the upgraded ASA Gateway with the fix, the clients will also need to use MacFreeRDP version 1.72.1 or later.