Hello @sswirski
Which authentication provider are you using?
ThinLinc requires the passcode to be used twice due to how the ThinLinc client first connects and authenticates to the master server and then reconnects and authenticates to the agent server.
We have a post in our Knowledge Base, How to set up One-Time-Password (OTP) authentication in ThinLinc describing how this can be achieved with Google Authenticator.
Port 22,904 and 9000 needs to be open for communication between the master and agent.
Since the master will direct your user to the agent, this seems to be the case already.
Kind regards,
Martin