Ubuntu 22.04 无法接受来自 mstsc.exe 以外的客户端的 RDP 连接

2024-6-11 • tag-icon

rdp

Ubuntu 22.04 无法接受来自 mstsc.exe 以外的客户端的 RDP 连接

环境：

远程操作系统：Ubuntu 22.04.02 GNOME
客户端操作系统：Windows 10

Ubuntu/var/log/syslog如下：

从 MobaXterm 的 RDP 客户端连接，日志：

May 20 16:54:38 bc gnome-remote-desktop-daemon[952]: [16:54:38:934] [952:18610] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
May 20 16:54:38 bc gnome-remote-desktop-daemon[952]: [16:54:38:942] [952:18610] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_COMPLETE_NEEDED [0x00090313]
May 20 16:54:39 bc gnome-remote-de[952]: [RDP.RDPGFX] CapsAdvertise: Accepting capability set with version RDPGFX_CAPVERSION_106, Client cap flags: H264 (AVC444): true, H264 (AVC420): true
May 20 16:54:39 bc gnome-remote-desktop-daemon[952]: [16:54:39:318] [952:18614] [ERROR][com.freerdp.channels.rdpgfx.server] - WTSVirtualChannelRead failed!
May 20 16:54:39 bc gnome-remote-desktop-daemon[952]: [16:54:39:318] [952:18614] [ERROR][com.freerdp.channels.rdpgfx.server] - rdpgfx_server_handle_messages failed with error 1359
May 20 16:54:39 bc gnome-remote-desktop-daemon[952]: [16:54:39:319] [952:18610] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 104: Connection reset by peer
May 20 16:54:39 bc gnome-remote-desktop-daemon[952]: [16:54:39:319] [952:18610] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
May 20 16:54:39 bc gnome-remote-de[952]: Unable to check file descriptor, closing connection
May 20 16:54:39 bc systemd[1]: run-user-1000-gnome\x2dremote\x2ddesktop-cliprdr\x2dYu7GBZ.mount: Deactivated successfully.
May 20 16:54:39 bc gnome-remote-desktop-daemon[952]: [16:54:39:331] [952:952] [ERROR][com.freerdp.core.transport] - BIO_should_retry returned a system error 32: Broken pipe

从 mstsc.exe 的 RDP 客户端连接，log1：

May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:594] [952:18667] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:603] [952:18667] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_COMPLETE_NEEDED [0x00090313]
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:609] [952:18667] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 104: Connection reset by peer
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:609] [952:18667] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:609] [952:18667] [ERROR][com.freerdp.core.nla] - [nla_recv] error: -1
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:609] [952:18667] [ERROR][com.freerdp.core.transport] - client authentication failure
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:609] [952:18667] [ERROR][com.freerdp.core.peer] - peer_recv_callback: CONNECTION_STATE_INITIAL - rdp_server_accept_nego() fail
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:609] [952:18667] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
May 20 17:04:07 bc gnome-remote-de[952]: Unable to check file descriptor, closing connection
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:610] [952:952] [ERROR][com.freerdp.core.transport] - BIO_should_retry returned a system error 32: Broken pipe
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:659] [952:18673] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
May 20 17:04:07 bc gnome-remote-desktop-daemon[952]: [17:04:07:668] [952:18673] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_COMPLETE_NEEDED [0x00090313]
May 20 17:04:08 bc gnome-remote-de[952]: [RDP.CLIPRDR] Client capabilities: long format names, stream file clip, file clip no file paths, can lock clip data, huge file support
May 20 17:04:08 bc gnome-remote-de[952]: [RDP.RDPGFX] CapsAdvertise: Accepting capability set with version RDPGFX_CAPVERSION_106, Client cap flags: H264 (AVC444): true, H264 (AVC420): true

从 mstsc.exe 的 RDP 客户端连接，日志 2：

May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:522] [952:18625] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:530] [952:18625] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_COMPLETE_NEEDED [0x00090313]
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:538] [952:18625] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 104: Connection reset by peer
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:538] [952:18625] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:538] [952:18625] [ERROR][com.freerdp.core.nla] - [nla_recv] error: -1
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:538] [952:18625] [ERROR][com.freerdp.core.transport] - client authentication failure
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:538] [952:18625] [ERROR][com.freerdp.core.peer] - peer_recv_callback: CONNECTION_STATE_INITIAL - rdp_server_accept_nego() fail
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:538] [952:18625] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:538] [952:952] [ERROR][com.freerdp.core.transport] - BIO_should_retry returned a system error 32: Broken pipe
May 20 16:55:08 bc gnome-remote-de[952]: Unable to check file descriptor, closing connection
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: ] [952:17475] [INFO][com.freerdp.core.connection] - Accepted channels:
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:05:916] [952:17475] [INFO][com.freerdp.core.connection] -  rdpdr
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:05:916] [952:17475] [INFO][com.freerdp.core.connection] -  rdpsnd
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:05:916] [952:17475] [INFO][com.freerdp.core.connection] -  cliprdr
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:05:916] [952:17475] [INFO][com.freerdp.core.connection] -  drdynvc
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:05:916] [952:17475] [INFO][com.freerdp.core.gcc] - Active rdp encryption level: NONE
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:05:916] [952:17475] [INFO][com.freerdp.core.gcc] - Selected rdp encryption method: NONE
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:500] [952:17489] [INFO][com.freerdp.core.connection] - Client Security: NLA:1 TLS:1 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:500] [952:17489] [INFO][com.freerdp.core.connection] - Server Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:500] [952:17489] [INFO][com.freerdp.core.connection] - Negotiated Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:593] [952:17489] [INFO][com.freerdp.core.connection] - Accepted client: DESKTOP-GVM1HH4
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:593] [952:17489] [INFO][com.freerdp.core.connection] - Accepted channels:
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:593] [952:17489] [INFO][com.freerdp.core.connection] -  rdpdr
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:593] [952:17489] [INFO][com.freerdp.core.connection] -  rdpsnd
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:593] [952:17489] [INFO][com.freerdp.core.connection] -  cliprdr
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:593] [952:17489] [INFO][com.freerdp.core.connection] -  drdynvc
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:593] [952:17489] [INFO][com.freerdp.core.gcc] - Active rdp encryption level: NONE
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [09:15:35:593] [952:17489] [INFO][com.freerdp.core.gcc] - Selected rdp encryption method: NONE
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:08:352] [952:18263] [INFO][com.freerdp.core.connection] - Client Security: NLA:1 TLS:1 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:08:352] [952:18263] [INFO][com.freerdp.core.connection] - Server Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:08:352] [952:18263] [INFO][com.freerdp.core.connection] - Negotiated Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:653] [952:18269] [INFO][com.freerdp.core.connection] - Client Security: NLA:1 TLS:1 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:653] [952:18269] [INFO][com.freerdp.core.connection] - Server Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:653] [952:18269] [INFO][com.freerdp.core.connection] - Negotiated Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:701] [952:18269] [INFO][com.freerdp.core.connection] - Accepted client: DESKTOP-GVM1HH4
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:701] [952:18269] [INFO][com.freerdp.core.connection] - Accepted channels:
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:701] [952:18269] [INFO][com.freerdp.core.connection] -  rdpdr
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:701] [952:18269] [INFO][com.freerdp.core.connection] -  rdpsnd
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:701] [952:18269] [INFO][com.freerdp.core.connection] -  cliprdr
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:701] [952:18269] [INFO][com.freerdp.core.connection] -  drdynvc
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:701] [952:18269] [INFO][com.freerdp.core.gcc] - Active rdp encryption level: NONE
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:51:14:701] [952:18269] [INFO][com.freerdp.core.gcc] - Selected rdp encryption method: NONE
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:142] [952:18610] [INFO][com.freerdp.core.connection] - Client Security: NLA:1 TLS:1 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:142] [952:18610] [INFO][com.freerdp.core.connection] - Server Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:142] [952:18610] [INFO][com.freerdp.core.connection] - Negotiated Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:951] [952:18610] [INFO][com.freerdp.core.connection] - Accepted client: DESKTOP-GVM1HH4
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:951] [952:18610] [INFO][com.freerdp.core.connection] - Accepted channels:
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:951] [952:18610] [INFO][com.freerdp.core.connection] -  rdpdr
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:951] [952:18610] [INFO][com.freerdp.core.connection] -  rdpsnd
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:951] [952:18610] [INFO][com.freerdp.core.connection] -  cliprdr
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:951] [952:18610] [INFO][com.freerdp.core.connection] -  drdynvc
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:951] [952:18610] [INFO][com.freerdp.core.gcc] - Active rdp encryption level: NONE
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:54:38:951] [952:18610] [INFO][com.freerdp.core.gcc] - Selected rdp encryption method: NONE
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:03:031] [952:18625] [INFO][com.freerdp.core.connection] - Client Security: NLA:1 TLS:1 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:03:031] [952:18625] [INFO][com.freerdp.core.connection] - Server Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:03:031] [952:18625] [INFO][com.freerdp.core.connection] - Negotiated Security: NLA:1 TLS:0 RDP:0
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:572] [952:18631] [INFO][com.f[16:55:08:602] [952:18631] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
May 20 16:55:08 bc gnome-remote-desktop-daemon[952]: [16:55:08:610] [952:18631] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_COMPLETE_NEEDED [0x00090313]
May 20 16:55:09 bc gnome-remote-de[952]: [RDP.CLIPRDR] Client capabilities: long format names, stream file clip, file clip no file paths, can lock clip data, huge file support
May 20 16:55:09 bc gnome-remote-de[952]: [RDP.RDPGFX] CapsAdvertise: Accepting capability set with version RDPGFX_CAPVERSION_106, Client cap flags: H264 (AVC444): true, H264 (AVC420): true
May 20 16:55:10 bc gnome-remote-desktop-daemon[952]: [16:55:10:382] [952:18631] [ERROR][com.freerdp.core.peer] - peer_recv_callback: CONNECTION_STATE_ACTIVE - peer_recv_pdu() fail
May 20 16:55:10 bc gnome-remote-desktop-daemon[952]: [16:55:10:382] [952:18631] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
May 20 16:55:10 bc gnome-remote-de[952]: Unable to check file descriptor, closing connection
May 20 16:55:10 bc gnome-remote-desktop-daemon[952]: [16:55:10:392] [952:952] [ERROR][com.freerdp.core.transport] - BIO_should_retry returned a system error 104: Connection reset by peer
May 20 16:55:10 bc gnome-remote-desktop-daemon[952]: [16:55:10:392] [952:952] [ERROR][com.freerdp.core] - transport_write:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
May 20 16:55:10 bc systemd[1]: run-user-1000-gnome\x2dremote\x2ddesktop-cliprdr\x2dAsMCcw.mount: Deactivated successfully.

答案1

gnome-remote-desktop 可与多种客户端配合使用，不仅仅是 mstsc，还有 xfreerdp、Remmina 或 Thincast 客户端（另请参阅https://help.ubuntu.com/stable/ubuntu-help/sharing-desktop.html）。

关于您的日志：

您使用 mstsc 的第二个日志看起来很好，您已经建立了会话。

在您第一次使用 mstsc 进行登录时，要么是凭证错误，要么是您在 FreeRDP 中遇到了问题（gnome-remote-desktop 的身份验证处理发生在 FreeRDP 中），其中生成了错误的密码哈希，因此，尽管凭证错误，身份验证仍会失败。
该错误已于https://github.com/FreeRDP/FreeRDP/commit/a23a24fe068c37d20c254fe393d4fe5d4c6ab31d，并且该提交是 FreeRDP 2.10.0 版本的一部分。
不幸的是，Ubuntu 桌面团队拒绝在 Ubuntu 22.04 中发布该安全和维护更新。
但是，它包含在 Ubuntu 23.04 中。

编辑：没有查看第一个 mstsc 日志中身份验证失败的时间戳。
身份验证失败的连接尝试是 mstsc 首先发送其他凭据，然后才要求您输入密码。因此，这没什么问题，但是，如果您在输入凭据时收到身份验证错误，则上述情况仍然适用。

现在，查看您的 MobaXterm 日志：
身份验证成功。这很清楚，因为图形管道已建立（从消息中可见[RDP.RDPGFX]）。
但是，看起来这里的客户端向服务器端发送了格式错误的消息。这在和以下消息
中可见。FreeRDP 处理 RDP 中所有虚拟通道的协议 PDU 解析（这里包括图形管道），gnome-remote-desktop 处理实际消息。如果失败，则表示客户端收到了格式错误的消息。如果已经失败，也会自动失败。这里什么也做不了，只能向 MobaXterm 报告错误。WTSVirtualChannelRead failed!rdpgfx_server_handle_messages failed with error 1359

WTSVirtualChannelRead
rdpgfx_server_handle_messagesWTSVirtualChannelRead

答案2

gnome-remote-desktop升级到之后42.9-0ubuntu0.22.04.1，这个问题就消失了。

答案1

答案2

相关内容