By default HTML5 server is able to forward RDP requests from default web ports 80/443 to target RDP server. Some hacker tools reuse this fact to run RDP brute force attacks against these ports. As countermeasure you got in such case two choices, either completely disable RDP forwarding as described in this FAQ or alternatively you may  disable RDP forwarding but enable at same time RDP cookie approved connections. That means, initial RDP connection packet must contain special cookie string known to the server in order to be successfully passed through. To enable this cookie approvement do following.


(0. firstly upgade to latest TSplus version since in older versions this feature may be not available)


1. follow this FAQ to disable RDP forwarding if not yet done


2. open with Notepad *\Clients\webserver\balance.bin


3. add as next line (and save changes)

/~~mySpecificRDPcookie=127.0.0.1:3389 RDPPORT;

(this would mean RDP client must send cookie /~~mySpecificRDPcookie to be passed to 127.0.0.1:3389, the /~~mySpecificRDPcookie is just an example, it could be any string except preceding /~~ which is mandatory)


4. if you use mstsc.exe to connect, then create and edit file *.rdp and add as next line

loadbalanceinfo:s:/~~mySpecificRDPcookie

(by other clients than mstsc.exe the cookie support may be lacking, we do not maintain the list of third part clients supporting cookies)


(5). if you use load balancing in half balancing mode (when gateway takes the role of RDP client and not subserver) then without knowing that cookie RDP client part of HTML5 client would fail to connect. To get over it open with Notepad *\Clients\webserver\setting.bin directly on gateway server and insert as next line following content with final changes saving

default_rdp_cookie="/~~mySpecificRDPcookie"


6. restart HTML5 server in AdminTool GUI.