Ask Your Question

Configuring RDP access for Windows hosts

asked 2018-05-03 20:22:44 -0500

hsljo gravatar image

updated 2018-05-19 09:27:20 -0500

This F26 host has xrdp installed and no firewall running, SElinux is disabled for the purpose of this experiment. xrdp.ini has Xorg enabled only and in autorun, and disabled clipboard channel for now. When I connected initially from Windows RDP client, there was a message shown right after login saying that there was a problem logging in.

Then I ran xhost + for that user, and now the session disconnects immediately after login. I do not see any errors or anything suspicious in the /var/log/xrdp.log below. This setup worked fine on the same physical machine under Fedora 19 which I can still dual boot and it still is working without issues. The only difference is that F19 has KDE, but F26 has Mate. I have since created a KDE VM and it also demonstrates the same problem OOB.

What am I missing?

The F26 host has everything current as of 15 min ago:

Linux localhost.localdomain 4.15.17-200.fc26.x86_64 #1 SMP Thu Apr 12 18:28:26 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


[20180503-21:06:35] [INFO ] Socket 12: AF_INET connection received from port 11626
[20180503-21:06:35] [DEBUG] Closed socket 12 (AF_INET
[20180503-21:06:35] [DEBUG] Closed socket 11 (AF_INET
[20180503-21:06:35] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20180503-21:06:35] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20180503-21:06:35] [DEBUG] TLSv1.2 enabled
[20180503-21:06:35] [DEBUG] TLSv1.1 enabled
[20180503-21:06:35] [DEBUG] TLSv1 enabled
[20180503-21:06:35] [DEBUG] Security layer: requested 3, selected 1
[20180503-21:06:35] [DEBUG] Closed socket 12 (AF_INET
[20180503-21:06:35] [INFO ] Socket 12: AF_INET connection received from port 11627
[20180503-21:06:35] [DEBUG] Closed socket 12 (AF_INET
[20180503-21:06:35] [DEBUG] Closed socket 11 (AF_INET
[20180503-21:06:35] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20180503-21:06:35] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20180503-21:06:35] [DEBUG] TLSv1.2 enabled
[20180503-21:06:35] [DEBUG] TLSv1.1 enabled
[20180503-21:06:35] [DEBUG] TLSv1 enabled
[20180503-21:06:35] [DEBUG] Security layer: requested 3, selected 1
[20180503-21:06:36] [INFO ] connected client computer name: WIN19
[20180503-21:06:36] [INFO ] TLS connection established from port 11627: TLSv1 with cipher ECDHE-RSA-AES256-SHA
[20180503-21:06:36] [DEBUG] xrdp_0000159a_wm_login_mode_event_00000001
[20180503-21:06:36] [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
[20180503-21:06:36] [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
[20180503-21:06:43] [DEBUG] xrdp_wm_log_msg: connecting to sesman ip port 3350
[20180503-21:06:44] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20180503-21:06:44] [DEBUG] xrdp_wm_log_msg: sending login info to session manager, please wait...
[20180503-21:06:44] [DEBUG] return value from xrdp_mm_connect ...
edit retag flag offensive close merge delete


Bump to home page

hsljo gravatar imagehsljo ( 2018-05-04 19:57:59 -0500 )edit

Bump to the home page

hsljo gravatar imagehsljo ( 2018-05-06 10:18:17 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2018-05-08 14:56:38 -0500

proski gravatar image

updated 2018-05-18 00:12:14 -0500

The most common cause is the session script exiting. Look inside /etc/xrdp/sesman.ini, section Globals. You'll see - that's run by default when a session starts (Fedora installs that script in /usr/libexec/xrdp). means that if there is a file called in your home directory, it should be run instead of the default script.

You can create ~/ shat would run /usr/libexec/xrdp/ and log its output. Its common that some initialization files for bash or the shell of your choice are not compatible with the assumptions made in (e.g. they assume interactive use).

edit flag offensive delete link more


Created ~/ with one line /usr/libexec/xrdp/ >> ~/xrdp.log, ran it and it opened what looked like undecorated XOrg terminal withdow. help in that window printed that it was GNU bash. Nothing was logged in the file though. What's the next step? Why did this work in F19 but not in F26 OOB?

hsljo gravatar imagehsljo ( 2018-05-09 18:58:29 -0500 )edit

@proski What is the next step then? Thanks!

hsljo gravatar imagehsljo ( 2018-05-12 07:31:41 -0500 )edit

If the behavior has changed, it means the script is running differently. Perhaps some login scripts like .bashrc are not running in that case. Try instrumenting those scripts and removing Also, you need to capture stderr, errors would normally go there. Once you get the undecorated window, you can start the session using e.g. gnome-session or mate-session. You can add that command to

proski gravatar imageproski ( 2018-05-18 00:36:52 -0500 )edit

Nothing in stdout and stderr from ~/ My .bashrc only calls the one in /etc. mate-session from the undecorated bash window starts another X session. Does that take me any closer to remoting into this box via Xrdp?

hsljo gravatar imagehsljo ( 2018-05-18 18:44:41 -0500 )edit

Just an update: this is not working in F28 as well, both with Mate and KDE. You can follow the linked bug report for updates. So far it sounds like this is going nowhere.

hsljo gravatar imagehsljo ( 2018-05-19 12:50:40 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-05-03 20:22:44 -0500

Seen: 95 times

Last updated: May 19