-
Notifications
You must be signed in to change notification settings - Fork 14.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[server terminates connection] Upgrading from 2.x to 3.x SSL read errors after connect #10059
Comments
I suspect a |
Yes, just the same issue. freerdp2_nla.txt - working as expected.
Yes, Remmina was build with |
Hum that's so strange, the connection seems to work perfectly and then we have that |
@dolfinus which openssl are you linking against?
|
$ openssl version
OpenSSL 3.2.1 30 Jan 2024 |
@dolfinus and your command line? (might help understanding what is going on here, this is very strange) |
xfreerdp /v:host:port /cert:ignore /sec:nla /d:myrealm /u:username RDP server uses self-signed certificate |
@dolfinus ok, then where is the auto-reconnect in the logs from? |
I don't understand the question. I've changed log level to TRACING and redirected all the outputs to a file. That's it. |
log entries like these are not possible with your command line:
|
Why do you think so? |
because of the settings required to reach that code? |
My I didn't pass |
@dolfinus ok, did find the reason for that, need to check if that is actually what should happen. FreeRDP/libfreerdp/core/capabilities.c Line 226 in 1f3a49c
followed by FreeRDP/libfreerdp/core/capabilities.c Line 171 in 1f3a49c
can activate it too. anyway, the main thing is I can´t find anything in the logs that details why the connection breaks up. can you do a
then for each commit in the bisect:
and depending on if it works/does not work/does not compile NOTE: you might need to install build dependencies. |
Tracked down to 7cef0cb |
@dolfinus does not look like the commit is correct, no changes to transport or similar. |
b5e8b419b is fine:
7cef0cb8d is failing:
|
I cannot compile commits from 2021 and 2022 because they are not compatible with modern OpenSSL and FFmpeg 6. So there can be a commit with kerberos/auth issue, but I cannot even build it. But
So this may be related. |
@dolfinus to me this looks like the remote end has a bug.
we did fix a lot of protocol violations and that might be one of these cases. (might be wrong, but I got a strong suspicion) |
I have no access to remote server logs, I'm not an administrator. |
do you know, by chance, which software is running there? might be able to check if that is known. (doubt it is a direct connection to |
as for where there might be the reason: |
I've build xfreerdp with cmake -GNinja -Bbuild-freerdp -S. --fresh -DCMAKE_INSTALL_PREFIX=/tmp/freerdp -DWITH_DEBUG_CAPABILITIES=1 Here are logs: The difference is here:
vs.
This is caused by: If I patch master: diff --git a/libfreerdp/core/capabilities.c b/libfreerdp/core/capabilities.c
index f59b956a8..0762e30d7 100644
--- a/libfreerdp/core/capabilities.c
+++ b/libfreerdp/core/capabilities.c
@@ -166,6 +166,7 @@ static BOOL rdp_apply_general_capability_set(rdpSettings* settings, const rdpSet
settings->OsMinorType = src->OsMinorType;
}
+ settings->CapsProtocolVersion = src->CapsProtocolVersion;
settings->NoBitmapCompressionHeader = src->NoBitmapCompressionHeader;
settings->LongCredentialsSupported = src->LongCredentialsSupported;
settings->AutoReconnectionPacketSupported = src->AutoReconnectionPacketSupported; then RDP is working properly: This solves #10060 as well. |
Created #10130 |
@dolfinus nice catch, great work! thank you! |
Describe the bug
I'm connecting from Manjaro Linux laptop to Windows Server 2016 Standard using Remmina with RDP protocol. Windows server is a part of the domain, but my laptop is not a part of domain (that's important). NLA security protocol is used.
When using FreeRDP 2.11.4 everything is fine: freerdp2_nla.txt
Few days ago Manjaro package
freerdp
was upgraded:After upgrade RDP connections started to fail: freerdp3_nla.txt
FreeRDP 3.x started using Kerberos for NLA security scheme, but my laptop is not a part of domain, it does not have properly configured
/etc/krb5.conf
.kinit
command is failing with the same errorCannot find KDC for realm "MYREALM"
as the RDP does.To Reproduce
Internal network, cannot provide full connection description.
Expected behavior
Users should be able to connect to Windows Server with domain, without adding device there RDP client is running to the same domain. As it was on FreeRDP 2.x.
Screenshots
Application details
xfreerdp /version
): libfreerdp 3.4.0xfreerdp /buildconfig
: -/log-level:trace 2>&1 | tee log.txt
: see abovecompiler can help
Environment (please complete the following information):
Additional context
Thank you for reporting a bug!
The text was updated successfully, but these errors were encountered: