I am experiencing a problem with
Cloudflare Access (client machine) while attempting to connect through RDP. I am running my console as an admin - I have tried both cmd and ps7.
On my client machine (the machine from which I want to connect):
- I create the websocket listener with:
cloudflared access rdp --hostname rdp.domain.cc --url rdp://localhost:4489
- It responds with:
INF Start Websocket listener host=localhost:4489
- I attempt to connect with Microsoft’s Remote Desktop Connection:
I never see a web login that others speak of. Instead, I see this error message in the console:
ERR failed to connect to origin error="remote error: tls: handshake failure" originURL=https://rdp.domain.cc
A FEW NOTES:
- I can ping
rdp.domain.ccfrom the client and the server, and it returns the same IPv6 address.
- The tunnel status is
- Nothing appears when streaming the
live logsunder the
tunnels > tunnel name > connector ID > connector diagnostics.
- The client (laptop) is connected via my phone’s hotspot.
- When I connect the client (laptop) to my home network, I can RDP fine to the server (using the actual IP).
- I purchased this domain an hour ago as I struggled the entire day with the error:
ERR failed to connect to origin error="dial tcp: lookup domain.cc: no such host" originURL=https://domain.cc. I discovered that, even though my domain was in my Cloudflare portal, I no longer owned it.
- I can resolve the
rdp.domain.ccon both my client and the RDP server.
- If I browse with Firefox to https://rdp.domain.cc, I get this error message:
Secure Connection Failed: An error occurred during a connection to rdp.domain.cc. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
- My domain is a full setup (Cloudflare nameservers)
Thank you for your help in advance,
EDIT1: I believe I am currently awaiting the addition of Edge certificates. I presume that within 24 hours, I should see the active certificates, not just the backup ones.
However, should I not see “Pending” for the non-backup certificates? I have set all my proxied dns records to unproxied because of this tip in this article: Keep DNS records unproxied until your certificate is active.
To resolve timeout issues, try one or more of the following options:
- Change the Proxy status of related DNS records to DNS only (gray-clouded) and wait at least a minute. Then, change the Proxy status back to Proxied (orange-clouded).
- Disable Universal SSL and wait at least a minute. Then, re-enable Universal SSL.
- Send a PATCH request to the validation endpoint using the same DCV method (API only).
- Follow the APEX validation method.
EDIT3: Problem solved, effectively from EDIT2 and #6 above.