Some time ago I wrote a post on how to get a Cisco IP-Sec VPN working with client certificates on OS-X Lion. Now I upgraded to Mavericks and of course this broke my VPN connection again. Fortunately a friend already had the same problem on Mountain Lion and his fix also worked on Mavericks. To get my connections working on Mavericks I followed the instructions from my previous post: . After that I had to “allow all applications to access this item” on the certificate in Keychain.

Also see the last comment in saying to allow all access to the cert in Keychain.

I had already set the cert to be always “Trusted” but you have to expand the cert to get to the private key and always “Allow” access to it. It’s a different setting.

See the screenshot below.
VPN cert

Last week I tried to connect to a Windows 2012 server with the Microsoft Remote Desktop Client (2.1.1). This failed with an error: “You were disconnected from the Widows-based computer because of problems during the licensing protocol.”

Screen Shot 2013-07-23 at 3.51.54 PM

I’ve searched online and some people suggest installing a beta version of the Microsoft RDP Client (version 2.1.2 or 2.12). This is not yet release by Microsoft but available from several sites. Before you try this, make sure the md5sum is consistent with known good versions.

I did try this version, but it did not make any difference. I tried switching to Cord, as this was working for some people. For me, again, it was not. This might be due to the version of Windows I was connecting to, which is Windows 2012 Server with the Licensing server enabled to allow multiple simultaneous logins.

It seems like Windows 2012 is configured by default to use NLA (Network Level Authentication). The only way I could connect from my Mac to this server is by disabling NLA in the group policy on the 2012 server:

Disable the Require user authentication for remote connections by using Network Level Authentication Group Policy setting.

This Group Policy setting is located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC). Note that the Group Policy setting will take precedence over the setting configured in Remote Desktop Session Host Configuration or on the Remote tab.


other reference:

Mac OSX uses a DNS cache. This cache stores the nameserver responses. While this is useful in general cases, it can be a pain when testing a website that is being moved to a different server. The cache will still serve the old ip address of the site, even if the DNS server already has the new ip address configured. To overrule the cache, and request the latest information with the authoritive DNS server, you can flush the DNS cache. To do this, open a Terminal window and enter the following command:

$ sudo dscacheutil -flushcache