Microsoft RDP error code 0x4 extended 0x0

[superbonaci]

xrdp version

0.9.25

Detailed xrdp version, build options

$ xrdp --version
xrdp 0.9.25
  A Remote Desktop Protocol Server.
  Copyright (C) 2004-2020 Jay Sorg, Neutrino Labs, and all contributors.
  See https://github.com/neutrinolabs/xrdp for more information.

  Configure options:
      --build=x86_64-redhat-linux-gnu
      --host=x86_64-redhat-linux-gnu
      --program-prefix=
      --disable-dependency-tracking
      --prefix=/usr
      --exec-prefix=/usr
      --bindir=/usr/bin
      --sbindir=/usr/sbin
      --sysconfdir=/etc
      --datadir=/usr/share
      --includedir=/usr/include
      --libdir=/usr/lib64
      --libexecdir=/usr/libexec
      --localstatedir=/var
      --runstatedir=/run
      --sharedstatedir=/var/lib
      --mandir=/usr/share/man
      --infodir=/usr/share/info
      --enable-fuse
      --enable-pixman
      --enable-painter
      --enable-vsock
      --enable-ipv6
      --with-socketdir=/run/xrdp
      --with-imlib2
      build_alias=x86_64-redhat-linux-gnu
      host_alias=x86_64-redhat-linux-gnu
      CC=gcc
      CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wno-complain-wrong-lang -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64   -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer 
      LDFLAGS=-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes 
      LT_SYS_LIBRARY_PATH=/usr/lib64:
      PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig

  Compiled with OpenSSL 3.1.1 30 May 2023

I have xrdp installed on Fedora 39, and connect to it from Windows 11. It connects perfectly and works if I have activity. However if I minimize the Windows RDP window, even using Windows 11 normally, after a while I get the error. May be related to some timeout, screen locking, etc.? Doesn't look like a connectivity issue.

Operating system & version

Windows 11 22621.1413

Installation method

dnf / apt / zypper / pkg / etc

Which backend do you use?

No response

What desktop environment do you use?

KDE/Plasma

Environment xrdp running on

No response

What's your client?

No response

Area(s) with issue?

Authentication

Steps to reproduce

connect from Windows to Linux and stop activity.

✔️ Expected Behavior

keep working

❌ Actual Behavior

error

Anything else?

No response

[matt335672]

@superbonaci - which backend are you using?

[superbonaci]

It's Xvnc

[matt335672]

Thanks.

Also, when the error happens, can you reconnect to your previous session, or when you try, do you get a new session?

[superbonaci]

I don't know what means a new session or same session, how can I figure it out?

[matt335672]

Imagine you're logged in and doing stuff.

You go away and come back, and you've got the above error.

When you log back in, can you pick up where you left off, or does it look as if you're starting again?

[superbonaci]

I continue where I left it with all the same windows open and everything, unless I reboot which takes much longer and I can see the logo:

[matt335672]

So you're being disconnected from your session.

When the error happens, can you do the following:-

1. Paste the last 50 lines or so of the log file /var/log/xrdp.log
2. Paste the last 50 lines or so of the log file /var/log/xrdp-sesman.log

Thanks.

[superbonaci]

Here are the logs just after the error and reconnecting:

# tail -n 50 /var/log/xrdp.log
[20240326-12:22:50] [WARN ] xrdp_mm_chansrv_connect: connect failed trying again...
[20240326-12:22:50] [INFO ] Socket 12: AF_INET6 connection received from _ port 59038
[20240326-12:22:50] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20240326-12:22:50] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20240326-12:22:50] [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|RDP], selected [SSL]
[20240326-12:22:50] [ERROR] SSL_accept: I/O error
[20240326-12:22:50] [ERROR] trans_set_tls_mode: ssl_tls_accept failed
[20240326-12:22:50] [ERROR] xrdp_sec_incoming: trans_set_tls_mode failed
[20240326-12:22:50] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20240326-12:22:50] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20240326-12:22:50] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20240326-12:22:50] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20240326-12:22:54] [WARN ] xrdp_mm_chansrv_connect: connect failed trying again...
[20240326-12:22:55] [INFO ] Socket 12: AF_INET6 connection received from _ port 63461
[20240326-12:22:55] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20240326-12:22:55] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20240326-12:22:55] [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|RDP], selected [SSL]
[20240326-12:22:55] [ERROR] SSL_accept: I/O error
[20240326-12:22:55] [ERROR] trans_set_tls_mode: ssl_tls_accept failed
[20240326-12:22:55] [ERROR] xrdp_sec_incoming: trans_set_tls_mode failed
[20240326-12:22:55] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20240326-12:22:55] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20240326-12:22:55] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20240326-12:22:55] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20240326-12:22:58] [WARN ] xrdp_mm_chansrv_connect: connect failed trying again...
[20240326-12:23:02] [INFO ] Socket 12: AF_INET6 connection received from _ port 56568
[20240326-12:23:02] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20240326-12:23:02] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20240326-12:23:02] [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|RDP], selected [SSL]
[20240326-12:23:02] [ERROR] SSL_accept: I/O error
[20240326-12:23:02] [ERROR] trans_set_tls_mode: ssl_tls_accept failed
[20240326-12:23:02] [ERROR] xrdp_sec_incoming: trans_set_tls_mode failed
[20240326-12:23:02] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20240326-12:23:02] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20240326-12:23:02] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20240326-12:23:02] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20240326-12:23:02] [WARN ] xrdp_mm_chansrv_connect: connect failed trying again...
[20240326-12:23:02] [ERROR] xrdp_mm_chansrv_connect: error in trans_connect chan
[20240326-12:23:02] [INFO ] Layout from OldLayout (geom=1280x1024 #screens=1) : 1804289383:(1280x1024+0+0)
[20240326-12:23:07] [INFO ] Socket 12: AF_INET6 connection received from _ port 50818
[20240326-12:23:07] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20240326-12:23:07] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20240326-12:23:07] [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|RDP], selected [SSL]
[20240326-12:23:07] [ERROR] SSL_accept: I/O error
[20240326-12:23:07] [ERROR] trans_set_tls_mode: ssl_tls_accept failed
[20240326-12:23:07] [ERROR] xrdp_sec_incoming: trans_set_tls_mode failed
[20240326-12:23:07] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20240326-12:23:07] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20240326-12:23:07] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20240326-12:23:07] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed

# tail -n 50 /var/log/xrdp-sesman.log
[20240325-09:19:34] [INFO ] AUTHFAIL: user=ABCDEF-abcdefgh ip=_ time=1711358374
[20240325-09:19:34] [ERROR] sesman_data_in: scp_process_msg failed
[20240325-09:19:34] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20240325-09:19:45] [INFO ] Socket 12: AF_INET6 connection received from ::1 port 60512
[20240325-09:19:45] [INFO ] ++ reconnected session: username tbn, display :10.0, session_pid 4218, ip _:25469 - socket: 12
[20240325-09:19:45] [ERROR] sesman_data_in: scp_process_msg failed
[20240325-09:19:45] [INFO ] Starting session reconnection script on display 10: /usr/libexec/xrdp/reconnectwm.sh
[20240325-09:19:45] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20240325-09:19:45] [INFO ] Process 172343 has exited
[20240325-15:22:52] [INFO ] Socket 12: AF_INET6 connection received from ::1 port 45704
[20240325-15:22:52] [INFO ] ++ reconnected session: username tbn, display :10.0, session_pid 4218, ip _:54601 - socket: 12
[20240325-15:22:52] [ERROR] sesman_data_in: scp_process_msg failed
[20240325-15:22:52] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20240325-15:22:52] [INFO ] Starting session reconnection script on display 10: /usr/libexec/xrdp/reconnectwm.sh
[20240325-15:22:53] [INFO ] Process 196185 has exited
[20240325-15:29:59] [INFO ] Socket 12: AF_INET6 connection received from ::1 port 59124
[20240325-15:30:02] [ERROR] pam_authenticate failed: Authentication failure
[20240325-15:30:02] [INFO ] AUTHFAIL: user=tbn ip=_ time=1711380602
[20240325-15:30:02] [ERROR] sesman_data_in: scp_process_msg failed
[20240325-15:30:02] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20240325-15:33:53] [INFO ] Socket 12: AF_INET6 connection received from ::1 port 40122
[20240325-15:33:53] [INFO ] ++ reconnected session: username tbn, display :10.0, session_pid 4218, ip _:54640 - socket: 12
[20240325-15:33:53] [ERROR] sesman_data_in: scp_process_msg failed
[20240325-15:33:53] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20240325-15:33:53] [INFO ] Starting session reconnection script on display 10: /usr/libexec/xrdp/reconnectwm.sh
[20240325-15:33:53] [INFO ] Process 196571 has exited
[20240325-17:11:09] [INFO ] Socket 12: AF_INET6 connection received from ::1 port 33598
[20240325-17:11:09] [INFO ] ++ reconnected session: username tbn, display :10.0, session_pid 4218, ip _:2527 - socket: 12
[20240325-17:11:09] [ERROR] sesman_data_in: scp_process_msg failed
[20240325-17:11:09] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20240325-17:11:09] [INFO ] Starting session reconnection script on display 10: /usr/libexec/xrdp/reconnectwm.sh
[20240325-17:11:09] [INFO ] Process 200200 has exited
[20240325-21:15:04] [INFO ] Socket 12: AF_INET6 connection received from ::1 port 41780
[20240325-21:15:04] [INFO ] ++ reconnected session: username tbn, display :10.0, session_pid 4218, ip _:63891 - socket: 12
[20240325-21:15:04] [ERROR] sesman_data_in: scp_process_msg failed
[20240325-21:15:04] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20240325-21:15:04] [INFO ] Starting session reconnection script on display 10: /usr/libexec/xrdp/reconnectwm.sh
[20240325-21:15:04] [INFO ] Process 207804 has exited
[20240326-11:47:14] [INFO ] Socket 12: AF_INET6 connection received from ::1 port 46630
[20240326-11:47:14] [INFO ] ++ reconnected session: username tbn, display :10.0, session_pid 4218, ip _:60222 - socket: 12
[20240326-11:47:14] [ERROR] sesman_data_in: scp_process_msg failed
[20240326-11:47:14] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20240326-11:47:14] [INFO ] Starting session reconnection script on display 10: /usr/libexec/xrdp/reconnectwm.sh
[20240326-11:47:14] [INFO ] Process 229387 has exited
[20240326-12:22:46] [INFO ] Socket 12: AF_INET6 connection received from ::1 port 51776
[20240326-12:22:46] [INFO ] ++ reconnected session: username tbn, display :10.0, session_pid 4218, ip _:20158 - socket: 12
[20240326-12:22:46] [ERROR] sesman_data_in: scp_process_msg failed
[20240326-12:22:46] [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
[20240326-12:22:46] [INFO ] Starting session reconnection script on display 10: /usr/libexec/xrdp/reconnectwm.sh
[20240326-12:22:46] [INFO ] Process 233940 has exited

[matt335672]

Those don't seem to contain anything useful I'm afraid, which is partly my fault.

• xrdp.log is showing a number of failing connection attempts which have removed anything useful regarding your connection.
• xrdp-sesman.log doesn't contain any information about the session starting.

I think we'll need complete logs.

Can you do the following:-

1. Log out from xrdp
2. Stop the services with sudo systemctl stop xrdp xrdp-sesman
3. Remove existing logs with sudo rm /var/log/xrdp.log /var/log-xrdp-sesman.log
4. Restart the services with sudo systemctl restart xrdp xrdp-sesman
5. Log in over xrdp

When the problem re-occurs, attach both complete logs to another post.

Thanks.

[superbonaci]

I had to reboot the computer with xrdp because I was stuck in a black screen with the KDE mouse X icon. After the reboot I logged in fine.

[matt335672]

@superbonaci - thanks for the logs.

It's still not clear what's happening. In your xrdp.log file, the following messages are repeated every few seconds:-

[20240326-11:25:58] [INFO ] Socket 12: AF_INET6 connection received from _ port 55314
[20240326-11:25:58] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20240326-11:25:58] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20240326-11:25:58] [INFO ] Security protocol: configured [SSL|RDP], requested [SSL|HYBRID|RDP], selected [SSL]
[20240326-11:25:58] [ERROR] SSL_accept: I/O error
[20240326-11:25:58] [ERROR] trans_set_tls_mode: ssl_tls_accept failed
[20240326-11:25:58] [ERROR] xrdp_sec_incoming: trans_set_tls_mode failed
[20240326-11:25:58] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20240326-11:25:58] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20240326-11:25:58] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20240326-11:25:58] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed

These messages are caused by a regular port scanner, or health test. See #2040 for more details on why.

Some questions for you:-

1. Are you able to disable this port scan?
2. Are you running on any kind of corporate network?

Thanks.

[superbonaci]

The test computer which I connect to could be in some kind of corporate network.

1. The port scan could be done by the same computer, by some admin monitoring the network, or just people trying to connecter over RDP to my computer using a different user and password each time?
2. Now sure how to disable the port scan unless the machine itself is doing it.
3. Could be using sharing some IP address from the log?

[matt335672]

I can't tell you where the port scan is coming from as you've sensibly replaced the IP address in the log with an underscore character:-

[20240326-11:25:58] [INFO ] Socket 12: AF_INET6 connection received from _ port 55314

If you've got an IT support organisation in your company I suggest you contact them and ask them.

The reason I'm asking about the corporate network is that if you're routing over it, it's possible that idle TCP connections are being dropped. We've got a FAQ about this - see https://github.com/neutrinolabs/xrdp/wiki/Tips-and-FAQ#how-can-i-prevent-connections-being-dropped-by-my-corporate-firewall. The symptoms match your problem description.

[superbonaci]

I will try that, but I think that if I connect to a remove Windows instead of xrdp that doesn't happen. Maybe the Windows RDP server automatically does the keep alive thing, or maybe the corporate firewalls can detect something different and don't drop it?

This is the value of Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections when the remote computer is Windows 11 Pro:

Setting	State	Comment
Automatic reconnection	Not configured	No
Allow users to connect remotely by using Remote Desktop Services	Not configured	No
Deny logoff of an administrator logged in to the console session	Not configured	No
Configure keep-alive connection interval	Not configured	No
Limit number of connections	Not configured	No
Suspend user sign-in to complete app registration	Not configured	No
Set rules for remote control of Remote Desktop Services user sessions	Not configured	No
Select network detection on the server	Not configured	No
Select RDP transport protocols	Not configured	No
Restrict Remote Desktop Services users to a single Remote Desktop Services session	Not configured	No

[matt335672]

There's more traffic between a Window RDP server and a Windows RDP client as there are more features supported.