Issues with RDP access
LTDR : xrdp on centos7 it used to work now it dont.
It had been a minute since I last had my server up and running. It’s a Centos 7 machine running as a kvm server/ kde desktop environment. It was originaly intended to be a network Lab and general "playground" After shutting it down for several months and moving it to it's new location graphical remote access no longer works.
output from /var/log/xrdp.log when connection is initiated.
Code:
[20180501-14:24:46] [INFO ] Socket 12: AF_INET connection received from 64.125.150.254 port 19616
[20180501-14:24:46] [DEBUG] Closed socket 12 (AF_INET 192.168.1.214:3389)
[20180501-14:24:46] [DEBUG] Closed socket 11 (AF_INET 0.0.0.0:3389)
[20180501-14:24:46] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20180501-14:24:46] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20180501-14:24:46] [DEBUG] TLSv1.2 enabled
[20180501-14:24:46] [DEBUG] TLSv1.1 enabled
[20180501-14:24:46] [DEBUG] TLSv1 enabled
[20180501-14:24:46] [DEBUG] Security layer: requested 11, selected 1
[20180501-14:24:46] [DEBUG] Closed socket 12 (AF_INET 192.168.1.214:3389)
[20180501-14:24:46] [INFO ] Socket 12: AF_INET connection received from 64.125.150.254 port 36487
[20180501-14:24:46] [DEBUG] Closed socket 12 (AF_INET 192.168.1.214:3389)
[20180501-14:24:46] [DEBUG] Closed socket 11 (AF_INET 0.0.0.0:3389)
[20180501-14:24:46] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20180501-14:24:46] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20180501-14:24:46] [DEBUG] TLSv1.2 enabled
[20180501-14:24:46] [DEBUG] TLSv1.1 enabled
[20180501-14:24:46] [DEBUG] TLSv1 enabled
[20180501-14:24:46] [DEBUG] Security layer: requested 11, selected 1
[20180501-14:24:46] [INFO ] connected client computer name: 15-LP-7P-1636
[20180501-14:24:46] [INFO ] TLS connection established from 64.125.150.254 port 36487: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384
[20180501-14:24:47] [DEBUG] xrdp_00002917_wm_login_mode_event_00000001
[20180501-14:24:47] [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
[20180501-14:24:47] [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
[20180501-14:24:47] [DEBUG] xrdp_wm_log_msg: connecting to sesman ip 127.0.0.1 port 3350
[20180501-14:24:48] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20180501-14:24:48] [DEBUG] xrdp_wm_log_msg: sending login info to session manager, please wait...
[20180501-14:24:48] [DEBUG] return value from xrdp_mm_connect 0
[20180501-14:24:48] [INFO ] xrdp_wm_log_msg: login successful for display 11
[20180501-14:24:48] [DEBUG] xrdp_wm_log_msg: VNC started connecting
[20180501-14:24:48] [DEBUG] xrdp_wm_log_msg: VNC connecting to 127.0.0.1 5911
[20180501-14:24:51] [DEBUG] VNC error 1 after security negotiation
[20180501-14:24:51] [DEBUG] VNC error before sending share flag
[20180501-14:24:51] [DEBUG] VNC error before receiving server init
[20180501-14:24:51] [DEBUG] VNC error before receiving pixel format
[20180501-14:24:51] [DEBUG] VNC error before receiving name length
[20180501-14:24:51] [DEBUG] VNC error before receiving name
[20180501-14:24:51] [DEBUG] xrdp_wm_log_msg: VNC error - problem connecting
[20180501-14:24:51] [DEBUG] Closed socket 19 (AF_INET 0.0.0.0:48328)
[20180501-14:24:51] [DEBUG] xrdp_wm_log_msg: some problem
[20180501-14:24:51] [DEBUG] xrdp_mm_module_cleanup
[20180501-14:24:51] [DEBUG] VNC mod_exit
[20180501-14:24:51] [DEBUG] Closed socket 18 (AF_INET 127.0.0.1:55164)
output /var/log/xrdp-sesman.log
Code:
[20180501-14:25:23] [INFO ] A connection received from 127.0.0.1 port 55180
[20180501-14:25:24] [INFO ] ++ created session (access granted): username user, ip 64.125.150.254:53434 - socket: 12
[20180501-14:25:24] [INFO ] starting Xvnc session...
[20180501-14:25:24] [DEBUG] Closed socket 9 (AF_INET 0.0.0.0:5910)
[20180501-14:25:24] [DEBUG] Closed socket 9 (AF_INET 0.0.0.0:6010)
[20180501-14:25:24] [DEBUG] Closed socket 9 (AF_INET 0.0.0.0:6210)
[20180501-14:25:24] [DEBUG] Closed socket 9 (AF_INET 0.0.0.0:5911)
[20180501-14:25:24] [DEBUG] Closed socket 9 (AF_INET 0.0.0.0:6011)
[20180501-14:25:24] [DEBUG] Closed socket 9 (AF_INET 0.0.0.0:6211)
[20180501-14:25:24] [DEBUG] Closed socket 8 (AF_INET 127.0.0.1:3350)
[20180501-14:25:24] [INFO ] calling auth_start_session from pid 10797
[20180501-14:25:24] [DEBUG] Closed socket 7 (AF_INET 127.0.0.1:3350)
[20180501-14:25:24] [DEBUG] Closed socket 8 (AF_INET 127.0.0.1:3350)
[20180501-14:25:24] [INFO ] Xvnc :11 -auth .Xauthority -geometry 1920x1080 -depth 24 -rfbauth /home/user/.vnc/sesman_passwd-user@slugfish.box1:11 -bs -nolisten tcp -localhost -dpi 96
[20180501-14:25:24] [CORE ] waiting for window manager (pid 10799) to exit
[20180501-14:25:24] [CORE ] window manager (pid 10799) did exit, cleaning up session
[20180501-14:25:24] [INFO ] calling auth_stop_session and auth_end from pid 10797
[20180501-14:25:24] [DEBUG] cleanup_sockets:
[20180501-14:25:24] [DEBUG] cleanup_sockets: deleting /tmp/.xrdp/xrdp_chansrv_socket_11
[20180501-14:25:24] [DEBUG] cleanup_sockets: failed to delete /tmp/.xrdp/xrdp_chansrv_socket_11
[20180501-14:25:25] [INFO ] ++ terminated session: username user, display :11.0, session_pid 10797, ip 64.125.150.254:53434 - socket: 12
I could use a point in the right direction cause I'm at a loss right now. I have verified that the firewall on the box has the ports open
Code:
public (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0f0
sources:
services: tftp vnc-server dhcpv6-client ssh
ports: 1022/tcp 10666/udp 25565/tcp 3389/tcp 2022/tcp 2342/udp
protocols:
masquerade: yes
forward-ports: port=1022:proto=tcp:toport=22:toaddr=192.168.122.85
source-ports:
icmp-blocks:
rich rules:
and I've checked that the connection is being issues and responded to by rdp by running wireshark. ( I had a fear that my misunderstanding of how xrdp,vnc,sesman worked was the cause of this all).
thanks again for your help and shame'ing
