Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rdp session does not achieve "sesman connect ok" state #3074

Open
aoprea1982 opened this issue May 16, 2024 · 4 comments
Open

rdp session does not achieve "sesman connect ok" state #3074

aoprea1982 opened this issue May 16, 2024 · 4 comments
Labels
bug

Comments

@aoprea1982
Copy link

xrdp version

0.9.17

Detailed xrdp version, build options

xrdp 0.9.17
  A Remote Desktop Protocol Server.
  Copyright (C) 2004-2020 Jay Sorg, Neutrino Labs, and all contributors.
  See https://github.com/neutrinolabs/xrdp for more information.

  Configure options:
      --enable-ipv6
      --enable-jpeg
      --enable-fuse
      --enable-rfxcodec
      --enable-opus
      --enable-painter
      --enable-vsock
      --build=x86_64-linux-gnu
      --prefix=/usr
      --includedir=${prefix}/include
      --mandir=${prefix}/share/man
      --infodir=${prefix}/share/info
      --sysconfdir=/etc
      --localstatedir=/var
      --disable-silent-rules
      --libdir=${prefix}/lib/x86_64-linux-gnu
      --libexecdir=${prefix}/lib/x86_64-linux-gnu
      --disable-maintainer-mode
      --disable-dependency-tracking
      --with-socketdir=/run/xrdp/sockdir
      build_alias=x86_64-linux-gnu
      CFLAGS=-g -O2 -ffile-prefix-map=/build/xrdp-asBei3/xrdp-0.9.17=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security 
      LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
      CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -Wno-error=deprecated-declarations
      PKG_CONFIG_PATH=/build/xrdp-asBei3/xrdp-0.9.17/pkgconfig

  Compiled with OpenSSL 3.0.2 15 Mar 2022

Operating system & version

Ubuntu 22.04.4 LTS

Installation method

dnf / apt / zypper / pkg / etc

Which backend do you use?

No response

What desktop environment do you use?

any

Environment xrdp running on

VM in AWS cloud

What's your client?

Windows 10 official rdp client

Area(s) with issue?

Session manager (sesman)

Steps to reproduce

  1. Client from windows 10 rdp client to xrdp server on ubuntu in aws cloud
  2. But does not connect, rdp session does not achieve "sesman connect ok" state
  3. Restart xrdp and sesman etc but still
[20240405-04:18:52] [INFO ] Connected client computer name: windowsMachine
[20240405-04:18:52] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20240405-04:18:52] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20240405-04:18:56] [ERROR] xrdp_sec_recv: xrdp_mcs_recv failed
[20240405-04:18:56] [ERROR] xrdp_rdp_recv: xrdp_sec_recv failed
[20240405-04:18:56] [ERROR] libxrdp_process_data: xrdp_rdp_recv failed
[20240405-04:18:56] [ERROR] xrdp_process_data_in: xrdp_process_loop failed
[20240405-04:18:56] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20240405-04:18:56] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed

Client connects to a private IP address over a VPN connection.
Can not access client environment to verify more.

Connections to the instance public IP are working.

✔️ Expected Behavior

Expecting to achieve "sesman connect ok" state and connect.

❌ Actual Behavior

[20240405-04:18:56] [ERROR] xrdp_sec_recv: xrdp_mcs_recv failed
[20240405-04:18:56] [ERROR] xrdp_rdp_recv: xrdp_sec_recv failed
[20240405-04:18:56] [ERROR] libxrdp_process_data: xrdp_rdp_recv failed
[20240405-04:18:56] [ERROR] xrdp_process_data_in: xrdp_process_loop failed
[20240405-04:18:56] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20240405-04:18:56] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed

Anything else?

No response
@aoprea1982 aoprea1982 added the bug label May 16, 2024
@matt335672
Copy link
Member

These messages are generated by xrdp when the client sends basic settings:-

[20240405-04:18:52] [INFO ] Connected client computer name: windowsMachine
[20240405-04:18:52] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20240405-04:18:52] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)

So it looks like your connection over the VPN is working OK,

Following that, xrdp sends its own basic settings back. The client is disconnecting at that point and xrdp generates the remainder of the messages.

It's not at all clear why the client would disconnect at this point.

  1. What are you seeing on the Windows 10 machine?
  2. Is there anything useful in the Windows event log?
  3. Can you stop xrdp, make a note of the time with the date command, and then restart xrdp. Try to connect once from the client and then paste the complete xrdp.log from the time noted earlier.

@aoprea1982
Copy link
Author

aoprea1982 commented May 22, 2024
edited

Thank you for contacting.

Appreciate your help.

1, 2, 3
#########################################
Do not have access to the windows machine.
It is in a remote location, no internet connection etc.
Live sessions are not possible.
The person in there says only that can observe the rdp client not connecting.
Will try to obtain more data and do "3."

Thank you!

@matt335672
Copy link
Member

Understood.

The system may have fairly restrictive (and unusual) group policies applied which are causing this. If this is the case we may not be able to come up with a satisfactory solution.

I'm aware of the following two restricted scenarios which we can't offer a solution for at present:-

  1. We don't support NLA, so clients which are configured with this as a hard requirement will fail.
  2. The VNC backend can't be used with FIPS enabled (VNC backend fails to work on FIPS-enabled machines #2518)

At present this doesn't look like either of these as the logging isn't consistent and we're not getting that far. If however either of the above do apply we can stop now and stop wasting your time.

You've probably thought of this, but is it possible for a video of the process to be obtained by you over a secure channel? You can then at least see what's happening and describe it to me.

@aoprea1982
Copy link
Author

aoprea1982 commented May 23, 2024
edited

Thank you for contacting.

Appreciate your help.

enabled "LogLevel=DEBUG" in "xrdp.ini", "sesman.ini", Ubuntu 22.04.4 LTS xrdp server.

We don't support NLA, so clients which are configured with this as a hard requirement will fail.
The VNC backend can't be used with FIPS enabled (#2518)
##############################################################################
Verified FIPS, not the case, not enabled for Ubuntu.
Need to verify FIPS and NLA in the windows client.

You've probably thought of this, but is it possible for a video of the process to be obtained by you over a secure channel? You can then at least see what's happening and describe it to me.
################################################################################################
Yes. Will ask for a video.

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aoprea1982 @matt335672