Microsoft Remote Desktop Mac Error Code 0x407

2 views
Skip to first unread message

Madox Valdivia

unread,
Jul 18, 2024, 8:01:13 PM7/18/24
to emwebpiasmug

Begin by updating your Mac Remote Desktop Client to the most recent version. This action is crucial as updates frequently carry new bug fixes and enhancements, potentially addressing the Mac Microsoft Remote Desktop error code 0x407 issue. Go to the App Store and get the latest version of Mac Remote Desktop Client.

microsoft remote desktop mac error code 0x407


DESCARGAR ––– https://shoxet.com/2zoqJq



To address the Microsoft Remote Desktop Mac error code 0x407, consider employing a trustworthy substitute. One viable option is the no-cost Chrome Remote Desktop, or you can explore alternatives like TeamViewer. Additionally, using a VPN is also a potential course of action.

For those seeking a Remote Desktop alternative tailored for Windows computers, AnyViewer comes highly recommended. Choose AnyViewer, a versatile and free remote desktop software that seamlessly aligns with both Windows OS and Windows Server OS. This software's remarkable performance guarantees swift, steady, and error-immune remote connections.

Don't be disheartened by the Mac Microsoft Remote Desktop error code 0x407. With these solutions in your toolkit, you can overcome the error and relish seamless remote connections. Plus, if you're inclined towards Windows, AnyViewer has the potential to enhance your remote desktop experience even further.

I'm trying to remote onto a Windows 2012 Server using Remote Desktop Connection for Mac. Using the same credentials, it works from my Windows PC (using Remote Desktop for Windows), but trying to do it from my Mac I get the error:

That's the ticket... if you check your version of remote desktop for mac it says it's up to date... you have to know that the new version of RDP for mac is called Microsoft Remote Desktop.... maddening!!

I doubt this a 'problem' with the mac as such nor does it have anything to do with Remote Desktop for Mac which is an entirely different product and for which this forum is for. Questions about RDC for Mac should be put on the relevant Microsoft forum rather than here. However your problem may be with your understanding of the secure remote connections requirements between your server and remote connections. I doubt you'd be aware of any of this as generally server administrators won't necessarily discuss them. By default a mac will not have server-client trust certificates installed simply because the exchange won't happen transparently between an MS based server and non MS-OS such as OS X.

You begin to solve the problem by asking your server administrator for the server's root certificate. He/she has to export this using the built-in tools. They should know how to do this? Once exported save it to a memory stick, insert it into your mac, double click on the .cer file and when prompted install it as a system keychain. On further prompts make sure you select 'Always Trust'. Launch RDC for Mac and you should be OK?

Thanks jaredfs. Im running Mac OS X Yosemite and just upgraded to Win10. I used to use the Remote Desktop Connection App but after the upgrade to Win10, I couldnt connect from my Mac. I installed Microsoft Remote Desktop and now I can connect to my Win 10 machine with no issues. Thanks for the quick fix!

So i HAVE been using CORD to log into my PCs from OSX. But it was not working on the Win10 box. I was in the insiders Beta program. and after some update CORD finaly started working. Well as said above, that was short lived with the next update CORD stopped working again. I can remote desktop in from a PC but not from CORD on my Mac.

So following the advice above i downloaded MICROSOFTS's remote desktop. and as soon as i tried to remote into my Win10 box, a message come up about generating a security certificate for this user. I said Yes, and boom! remote desktop ed in perfectly!

Sadly CORD (my preferred client) is still NOT working, but now we know WHY! Win 10 looks for this "security certificate" and if it doesnt find it Win10 will REFUSE the connection. This must be a PC to PC handshake that we never see.

Again the only lead I have is that Microsoft Remote Desktop app works on the original box, but not CORD. And i THINK this is due to a security certificate issue. Problem is I have not idea where to find that in Windows 10

As error 0x104 is a networking-related issue, the Network Adapter troubleshooter could help some users resolve it. That troubleshooter can resolve network adapter issues causing error 0x104. These are the steps for applying that troubleshooting:

Network Discovery is a feature that enables your PC to see networked devices and be visible to others. That's another feature that must be activated for remote desktop connections to work right. This is how you can enable Network Discovery in Windows 11/10:

The 0x104 error can arise because certain services needed for RDP connections aren't enabled and running. Remote Desktop Services allow users to connect to remote PCs. Check that it's enabled and running like this:

Remote Desktop has a default 3389 port for connections. Error 0x104 can be caused by the Windows firewall blocking port 3389. This is how you can unblock the 3389 port if Windows Defender Firewall is blocking it:

Did you set up a custom DNS server on your PC? If so, consider choosing the automatic DNS server option instead. These are the steps for selecting the Obtain DNS server automatically option:

There's a reasonably decent chance those potential error code 0x104 solutions will get that issue sorted so you can connect to your remote computer again. However, remember that you don't have to utilize Microsoft's Remote Desktop Protocol with the RDC app.

In early September 2022 Kaspersky experts discovered several detections of malware from the MATA cluster, previously attributed to the Lazarus group, compromising defense contractor companies in Eastern Europe. This campaign remained active until May 2023. Expanding our research scope, we investigated and discovered additional, new, active actor campaigns with full-infection chains, including an implant designed to work within air-gapped networks over USB sticks, as well as a Linux MATA backdoor.

In September 2022, Kaspersky experts monitoring the telemetry of security solutions using Kaspersky Security Network detected several dozen previously unknown malware samples associated with the MATA cluster.

In particular, the malware samples that caught our attention contained strings indicating an organization that may have been the victim of the attack, which looked like an industrial entity in Eastern Europe. We immediately contacted the organization that was likely to have been attacked to communicate the risk of compromise and share information about the detected threat and the Indicators of Compromise available at the time.

Meanwhile, as we were collecting and analyzing the relevant telemetry data in the lab, we realized the campaign had been launched in mid-August 2022. The attackers used spear-phishing techniques to target several victims, while others were infected with Windows executable malware by downloading files through an internet browser. The attackers continued to send malicious documents via email until the end of September.

The attackers also utilized a user-mode rootkit to elevate privileges and bypass endpoint security products. This added layer of complexity allowed them to operate undetected and achieve their objectives more effectively.

From several victims, we observed the actor sending spear-phishing documents. Our investigation revealed that in certain instances, the attackers were impersonating legitimate employees of the targeted organizations, indicating that they had conducted extensive reconnaissance and gathered sensitive information prior to launching the attacks.

The contents of the lure documents were not related to the targeted businesses. The attackers obtained the text in the document from third-party sites available on the internet. The tactic had already been used by Lazarus earlier in attacks on defense industry facilities in 2020.

According to our analysis, the fetched HTML page contains a CVE-2021-26411 exploit which was previously used by the Lazarus group in their campaign against security researchers. The exploit code is similar to what Enki, a Korean security company, published before. This time, trivial obfuscation was added and the code was modified to fetch the next stage payload (a Loader in this case) rather than spawning shellcode in memory.

One of the victims was compromised by a Windows executable type Downloader. Notably, this malware was fetched by a Chromium-based browser, which means the victim downloaded the malware by clicking a malicious link. We suspect the actor sent a malicious link to the potential victim via email or other messaging platform.

This module has been written in C++ with STL; and libcurl is statically linked inside. Upon launch, the malware decrypts embedded strings. It includes the following C2 server addresses and recon commands to profile the victim.

In this malware, there are nine whoami commands with various options executed at startup. Based on the options, we can guess that the malware operator wants to get Active Directory information and privileges of the current user.

There are seven plugins embedded into the malware. Depending on the response from the C2 server, the malware calls the plugins to execute commands. These are addressed by a paired ID: pluginID/commandID.

From one victim, we discovered a Loader malware exhibiting several similarities with past MATA malware. In the MATA cluster, the actor used two types of loaders: directly loading a DLL file, or loading an encrypted payload after decrypting it. The developer calls them differently in its internal name:

Most of the loaders are protected by the Themida protector to hinder detection and analysis. It seems to be registered and executed by a Windows service based on its export function name: ServiceMain. The Loader that loads the intact DLL file acquires the DLL file path via AES decryption and simply loads it. The other type of Loader acquires a target file path with the same method. However, the target file is in encrypted format loading it after XOR or AES decryption. The payload loaded by both of the Loaders is the MATA malware we describe in the next section.

Reply all
Reply to author
Forward
0 new messages