xRDP connection fails with "Reconnection attempt [0-1] of 20"

Need to setup xrdp to connect from a Windows machine, but anyl connection fails with a black screen and “Reconnection attempt [0-1] of 20”. The only notes available are either too old (i.e. 42.3), or just have the xrdp installation notes.

There are ssl_tls_print_error: SSL_write: Failure in SSL library (protocol error?) errors in /var/log/messages, … but there don’t seem to be any notes about configuring SSL/TLS for xRDP.

Any suggestions would be appreciated.

TIA!

I have been running xrdp with no issues for a long time on Leap 15.2 and Tumbleweed connecting to it from both windows and an iPad. Can you give more details of what you installed and how; along with how you are trying to make the connection from the windows box? Have you enabled the xrdp service and opened the service in the firewall?

zypper install -t pattern gnome (on Azure VM, also tested on a physical machine w/Gome, … and a local VM)

Install and start xrdp:

  1. zypper in xrdp
  2. systemctl enable xrdp
  3. systemctl start xrdp
  4. Yast: “Network Services” enable “Remote Administration with VNC”

At one point, there were errors about the cert & key in xrdp, so I testing with a manually created cert & key per the note in /etc/xrdp.ini. No change.

The desktop is Gnome, … testing with Remmina, with and without login credentials.

The only result is the flashing black screen described above indicating connection failure.

Part of the issue may be the lack of any definitive documentation, … xrdp has a configuration to connect to a window manager via xorg, yet the docs seem to show VNC connections. In this case, we need an RDP connection as the client machines are Windows.

Thanks!

Firstly, if you have a firewall have you enabled RDP to pass through it or if not sure temporarily disable it.

XRDP is just a protocol and a wrapper for the session which is normally VNC. So some form of VNC needs to be installed too and I use tigervnc.

Now when you connect via RDP (I use the windows client but Remmina I sure will be similar) if you do not provide credentials you should get a splash screen - the top item should be a dropdown list for session with options like Xvnc/Xorg/vnc-any/etc… Select ‘Xvnc’ and enter username and password. Are you getting this far?

If you get past that it should start a vnc session and run a window manager as defined in /etc/xrdp/startwm.sh. Note this script does not necessarily do what the default setting are for the system. I have found several versions of this script so you may need to have a plough through it but it should start something.

Ok, given what I have said, how far are you getting?

Firewall is open, 3389, 3350;

Installed: novnc, tigervnc, vncmanager, vncmanager-controller, vncmanager-controller-gnome, vncmanager-greeter, xorg-X11-Xvnc, + libraries & modules.

Nope, … just the black screen described. The black screen seems to indicate a connection is happening, … but something is broken between X, VNC, & xRDP.

wm_start is set for gnome.

Reinstalled xrdp:

in xrdp_wm_init:
xrdp_wm_init: channel cliprdr channel id 0 is allowed
xrdp_wm_init: channel drdynvc channel id 1 is allowed
got XRDP SIGPIPE(13)
ssl_tls_print_error: SSL_write: I/O error
xrdp_rdp_send_fastpath: xrdp_fastpath_send failed
ssl_tls_print_error: SSL_write: Failure in SSL library (protocol error?)
xrdp_rdp_send_fastpath: xrdp_fastpath_send failed

That would seem to indicate an ssl error, … but creating a cert manually did not change the symptoms or errors.

I have never worried about SSL certificates with regard to RDP. Maybe try the Widows client as a test?

Bingo! RDP from Windoze works!!

So, … the next question is why does Remmina not connect? Tried a new profile, same problem originally described.

Thanks!

OK, progress … and even in the right direction. Looks like I need to run up a copy of Remmina or other clients and see what I find.

In the past I seem to remember having to set:

max_bpp=32

in /etc/xrdp/xrpd.ini to get it to work with the iPad client. Also I have checked and I don’t have any ssl set up as I have (in the same file)


; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate


; minimum security level allowed for client for classic RDP encryption
; use tls_ciphers to configure TLS encryption
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high   


; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
certificate=
key_file=


; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
ssl_protocols=TLSv1.2, TLSv1.3
; set TLS cipher suites
#tls_ciphers=HIGH

OK, installed Remmina on a Tumbleweed virtual machine.

  • RDPed to an openSUSE box and got a blank screen.

  • RDPed to a Windows 7 box, it asked me to confirm the identity of the machine as being OK and then asked for my credentials. It then entered a reconnection loop exactly as you have in your subject line of this thread.

  • RDPed again to the openSUSE box and it now works! I got the splash screen, selected Xvnc and username and password and it’s all fine.

  • Completely exited Remmina and RDPed into the openSUSE box and it works. As does connecting by setting up a Quick Connect profile.

  • RDPing into my Raspberry Pi (running raspian) however also enters the reconnection loop.

So sum success and some failure … that’s life I guess.