Bug 1129319

Summary: Remmina can't connect to Server2016 RDP - used to work 1-2 weeks ago
Product: [openSUSE] openSUSE Distribution Reporter: robert spitzenpfeil <rs.opensuse>
Component: X11 ApplicationsAssignee: Felix Zhang <fezhang>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None CC: 4Z1kk0, d_werner, fezhang, jfjuneau, jweberhofer, maint-coord, qa-bugs, rs.opensuse, simon.herrmann, t.rother
Version: Leap 15.0   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
See Also: https://bugzilla.opensuse.org/show_bug.cgi?id=1124908
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description robert spitzenpfeil 2019-03-14 22:23:05 UTC
User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36
Build Identifier: 

Today I've noticed I can't connect to any of our Server2016 machines using Remmina anymore.

I've tried Leap 15.1 beta - it works!
I've installed the 15.1 rpms (+libssh4) on 15.0 and it works as well.

I think there might have been an update from MS that broke RDP again.

Remmina / Freerdp2 on Ubuntu 18.10 works as well



---- error log ---

[23:22:09:302] [12175:12181] [INFO][com.freerdp.channels.drdynvc.client] - Loading Dynamic Virtual Channel rdpgfx
[23:22:09:303] [12175:12181] [INFO][com.freerdp.channels.drdynvc.client] - Loading Dynamic Virtual Channel disp
[23:22:09:428] [12175:12224] [ERROR][com.freerdp.channels.rdpgfx.client] - context->EndFrame failed with error 1359
[23:22:09:428] [12175:12224] [ERROR][com.freerdp.channels.rdpgfx.client] - rdpgfx_recv_end_frame_pdu failed with error 1359!
[23:22:09:428] [12175:12224] [ERROR][com.freerdp.channels.rdpgfx.client] - Error while parsing GFX cmdId: RDPGFX_CMDID_ENDFRAME (0x000C)
[23:22:09:428] [12175:12224] [ERROR][com.freerdp.channels.rdpgfx.client] - rdpgfx_recv_pdu failed with error 1359!
[23:22:09:428] [12175:12224] [ERROR][com.freerdp.channels.drdynvc.client] - drdynvc_order_recv failed with error 1359!
[23:22:09:431] [12175:12181] [ERROR][com.freerdp.core] - drdynvc_virtual_channel_client_thread reported an error. Error was 1359
[23:22:09:431] [12175:12181] [ERROR][com.freerdp.core] - checkChannelErrorEvent() failed - 0


Reproducible: Always
Comment 1 robert spitzenpfeil 2019-03-14 22:24:51 UTC
I've reinstalled the 15.0 packages of Remmina / freerdp ... to no avail.

Tomorrow I'll test with a 15.0 VM in my office.
Comment 2 robert spitzenpfeil 2019-03-14 22:27:11 UTC
With "auto-reconnect" active, Remmina shows 

"Reconnection in progress. Attempt 0 of 20"
"Reconnection in progress. Attempt 1 of 20"

repeated indefinitely.
Comment 3 robert spitzenpfeil 2019-03-15 07:13:48 UTC
Just checked with a 15.0 VM, same issue.
Comment 4 robert spitzenpfeil 2019-03-15 07:29:13 UTC
I can still initiate a connection with xfreerdp at the office. I haven't tried it at home with VPN yet.
Comment 5 Johannes Weberhofer 2019-03-15 08:34:41 UTC
Hi Robert, which versions of remmna and freerdp are you using on the machine that doesn't work? Please show me the results when you invoke the following command:

rpm -qa | grep -E 'remmina|freerdp' | sort
Comment 6 robert spitzenpfeil 2019-03-15 09:07:32 UTC
libfreerdp2-2.0.0~rc4-lp150.2.3.1.x86_64                                                                                             
remmina-1.2.0~rcgit.27-lp150.1.5.x86_64                                                                                              
remmina-lang-1.2.0~rcgit.27-lp150.1.5.noarch                                                                                         
remmina-plugin-rdp-1.2.0~rcgit.27-lp150.1.5.x86_64                                                                                   
remmina-plugin-secret-1.2.0~rcgit.27-lp150.1.5.x86_64                                                                                
remmina-plugin-vnc-1.2.0~rcgit.27-lp150.1.5.x86_64

It's from the standard 15.0 repos.
Comment 7 Johannes Weberhofer 2019-03-15 09:32:03 UTC
You have already installed tonight's freerdp updates, that's great. Unfortunately Leap's Remmina version is still very old.
For now I only can recommend to switch to our development repo at https://download.opensuse.org/repositories/X11:/RemoteDesktop/openSUSE_Leap_15.0/

@fezhang: Is there a remmina updated planned for openSUSE 15.0?
Comment 8 Felix Zhang 2019-03-15 10:20:02 UTC
(In reply to Johannes Weberhofer from comment #7)
> @fezhang: Is there a remmina updated planned for openSUSE 15.0?

Yes, I have pushed remmina 1.3.4 to SLE 15.0, please stay tuned before it's released and synced to Leap.
Comment 9 Johannes Weberhofer 2019-03-15 12:07:13 UTC
That's good to hear, Felix.
Robert, please let me know if we can close the ticket.
Comment 10 Jean-Fran├žois Juneau 2019-03-15 13:02:37 UTC
(In reply to Felix Zhang from comment #8)
> (In reply to Johannes Weberhofer from comment #7)
> > @fezhang: Is there a remmina updated planned for openSUSE 15.0?
> 
> Yes, I have pushed remmina 1.3.4 to SLE 15.0, please stay tuned before it's
> released and synced to Leap.

Glad to hear that a fix for Remmina is coming. I had the bad surprise this morning too, I could not connect to any RDP server with Remmina on Leap 15. For now I downgraded freerdp and libfreerdp2 to version 2.0.0~rc2 and it works.
Comment 11 Bruno Friedmann 2019-03-18 06:09:11 UTC
*** Bug 1129388 has been marked as a duplicate of this bug. ***
Comment 12 Johannes Weberhofer 2019-03-18 10:54:26 UTC
For the records: There is an upstream ticket related to this issue: https://gitlab.com/Remmina/Remmina/issues/1699
Comment 13 Johannes Weberhofer 2019-03-18 10:57:34 UTC
This issue is closely related to #1124908
Comment 14 Dirk Weber 2019-03-18 16:08:15 UTC
I am not sure this is the correct place as this is about freerdp and krdc and not remmina, but maybe it is helpful.

Leap 15.0 with the packages which were updated 
from the Leap 15.0 update repo on March 13:
libwinpr2|2.0.0~rc4-lp150.2.3.1
libfreerdp2|2.0.0~rc4-lp150.2.3.1
freerdp|2.0.0~rc4-lp150.2.3.1
it is not possible for me to connect to a Win10 machine.

Error message:
[12:24:25:732] [27042:27043] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 11: Resource temporarily unavailable
[12:24:25:732] [27042:27043] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure
[12:24:25:732] [27042:27043] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C]
[12:24:25:732] [27042:27043] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure

After downgrade to the previous packages 
libwinpr2|2.0.0~rc2-lp150.1.1
libfreerdp2|2.0.0~rc2-lp150.1.1
freerdp|2.0.0~rc2-lp150.1.1
the connection is working again, also with krdc.

In Tumbleweed snapshot 20190314  with
freerdp and friends 2.0.0~rc4-4.1.x86_64 
the connection with xfreerdp is working, but krdc can not connect.

As the previous packages in Leap 15.0 are still working for me I can exclude that the problem was introduced by some change or upgrade on the Win10 side.

I also tried the " +glyph-cache" option and many others, but nothing helped, only the fall back to the previous packages.
Comment 15 Johannes Weberhofer 2019-03-18 16:33:21 UTC
Did you also try "relax order checks"? I hope, the updates for Remmina will appear soon!
Comment 16 Dirk Weber 2019-03-18 16:54:59 UTC
(In reply to Johannes Weberhofer from comment #15)
> Did you also try "relax order checks"? I hope, the updates for Remmina will
> appear soon!

Yes, I found in the rpm changelog "/relax-order-checks *and* +glyph-cache are required", so I tried them. But it did not make a difference.


BTW: in Tumbleweed the connection can be established without special options, just  /u: /v:
Comment 18 Thomas Rother 2019-03-27 13:40:27 UTC
Same problem with "reconnection in progress" here with the old reminna 1.2 packages for leap, while the 1.3.4 packages from https://download.opensuse.org/repositories/X11:/RemoteDesktop/openSUSE_Leap_15.0/x86_64/ are fine ;-). Please publish an upgrade to 1.3.4 for current leap 15.0
Comment 19 Jean-Fran├žois Juneau 2019-03-27 15:26:29 UTC
You should probably put a higher priority on this bug, accessing remote desktops and terminal servers is quite critical on any enterprise desktop. It should have been fixed way sooner. Is it only openSUSE Leap 15 that is affected or SUSE Linux Enterprise Desktop 15 users are also waiting for the update?
Comment 20 Johannes Weberhofer 2019-03-27 17:10:29 UTC
The update comes from the SLES project, I don't have any influence...
Comment 21 Thomas Rother 2019-03-27 21:13:05 UTC
I raised severity of this bug to "major" as the functionality of the current package is generally broken. Sorry if I violated any policy here ...
Comment 25 Dirk Weber 2019-04-02 15:16:19 UTC
I made an observation. Originally I thought that after the update to 
libwinpr2|2.0.0~rc4-lp150.2.3.1
libfreerdp2|2.0.0~rc4-lp150.2.3.1
freerdp|2.0.0~rc4-lp150.2.3.1
RDP connections are just not working anymore.

Then I found bug 1130896 which indicates it should still work and I tested a little bit more.

I found out that with this update xfreerdp honors an http proxy and can not connect if the proxy does not support RDP connections. http proxy settings are quite common in corporate environments. Therefore I think this change should be emphasized.

After unsetting the http_proxy and https_proxy variables in a terminal and starting xfreerdp or krdc from this terminal connection works:

$ xfreerdp -sec-nla /cert-ignore  /kbd:0x00000407 /u:DOMAIN\\user /v:1.2.3.4 /clipboard
Invalid MIT-MAGIC-COOKIE-1 key[08:03:25:653] [25568:25569] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
Invalid MIT-MAGIC-COOKIE-1 key[08:03:25:655] [25568:25569] [INFO][com.freerdp.core.proxy] - Parsed proxy configuration: http://127.0.0.1:3128
[08:03:25:747] [25568:25569] [INFO][com.freerdp.core.proxy] - HTTP Proxy: HTTP/1.1 200 Connection established
^C (after ~1 minute of trying)
$ unset http_proxy
xfreerdp -sec-nla /cert-ignore  /kbd:0x00000407 /u:DOMAIN\\user /v:1.2.3.4 /clipboard
Invalid MIT-MAGIC-COOKIE-1 key[08:04:40:159] [25587:25588] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
Invalid MIT-MAGIC-COOKIE-1 key[08:04:40:160] [25587:25588] [INFO][com.freerdp.core.proxy] - Parsed proxy configuration: http://127.0.0.1:3128
[08:04:40:225] [25587:25588] [INFO][com.freerdp.core.proxy] - HTTP Proxy: HTTP/1.1 200 Connection established
^C (after ~1 minute of trying)
$ unset https_proxy
xfreerdp -sec-nla /cert-ignore  /kbd:0x00000407 /u:DOMAIN\\user /v:1.2.3.4 /clipboard
Invalid MIT-MAGIC-COOKIE-1 key[08:04:51:646] [25596:25597] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
Invalid MIT-MAGIC-COOKIE-1 key[08:04:51:857] [25596:25597] [INFO][com.freerdp.gdi] - Local framebuffer format  PIXEL_FORMAT_BGRX32
[08:04:51:857] [25596:25597] [INFO][com.freerdp.gdi] - Remote framebuffer format PIXEL_FORMAT_RGB16
[08:04:51:862] [25596:25597] [INFO][com.winpr.clipboard] - initialized POSIX local file subsystem
[08:05:06:243] [25596:25597] [INFO][com.freerdp.client.x11] - Closed from X11
connected without problem.


My workaround: make a wrapper script which unsets the http_proxy and https_proxy variables and starts the krdc from there.
Comment 26 Swamp Workflow Management 2019-04-02 16:12:29 UTC
SUSE-RU-2019:0843-1: An update that has 5 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1103557,1117402,1123452,1125549,1129319
CVE References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    remmina-1.3.4-3.7.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 27 Thomas Rother 2019-04-03 04:52:29 UTC
Question to SUSE Staff: After the message from swamp@suse.de in  https://bugzilla.suse.com/show_bug.cgi?id=1129319#c26, will there be a build for OpenSUSE too? Up to now, I see no new packages on the standard repos for Leap 15 ...
Comment 28 Marcus Meissner 2019-04-03 05:34:37 UTC
yes, it is now auto imported to Leap 15 and will be released there in some days
Comment 29 Swamp Workflow Management 2019-04-10 16:11:04 UTC
openSUSE-RU-2019:1182-1: An update that has 5 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1103557,1117402,1123452,1125549,1129319
CVE References: 
Sources used:
openSUSE Leap 15.0 (src):    remmina-1.3.4-lp150.2.3.1

*** NOTE: This information is not intended to be used for external
    communication, because this may only be a partial fix.
    If you have questions please reach out to maintenance coordination.
Comment 30 Felix Zhang 2019-04-12 06:29:25 UTC
Update released for Leap. Closing as FIXED. Thanks Marcus for the help.
Comment 31 Johannes Weberhofer 2019-04-15 09:36:39 UTC
*** Bug 1112186 has been marked as a duplicate of this bug. ***