Bugzilla – Bug 1222139
krdc connection issues after xrdp server is renamed
Last modified: 2024-03-29 19:13:28 UTC
I have been using xrdp for YEARS and it has worked pretty much flawlessly. Recently I renamed the server which xrdp is running on. After the server rename it was rebooted and DNS and the routers were all updated to reflect the new name. Remote machines can ping and ssh the new name, it is not a dns issue because everything resolves to the new name and nothing has any connectivity issues except for when I connect to the xrdp server using the new name. I have rebooted all machines involved as well as the routers. When I connect using krdc using the NEW name it just displays a blue screen and never displays the desktop but sometimes I hear it play the login sound. If I try to use the OLD name with krdc then I get server not found. Originally I thought this was a xrdp issue BUT I just found that if I use xfreerdp to connect to the NEW server name then it works perfectly. On Windows machines if you attempt to connect using the NEW name then you get a certificate warning ( because the name changed ) and then after accepting it works fine. I believe that xfreerdp works because it may have been built to default to an option to ignore certificate issues. I have removed and reinstalled xrdp on the server in question and the problem persists. I have also recreated the exact same issue if I have xrdp running in a VM and then I change the vm's host name ( and reboot and update DNS to reflect the new name ). I believe that the issue is caused by a cached certificate on the clients that has the OLD hostname but I have not been able to find out how to delete it. This reminds of of similar issue that occurs with ssh and known_hosts which occurs when a rename like this occurs. Changing the xrdp server name back to the OLD hostname, rebooting and updating DNS/routers etc and then rdp works again. Because that works and because everything else works when you rename except for krdc leads me to believe that some cached certificate is the cause but it doesn't prompt like Windows does to allow me to accept the new certificate. How to I update and/or remove the cached certificate which is being used by krdc? NOTE: I am using TW 20240319 with KDE Plasma 6 but I can recreate this same situation with xrdp running on a TW machine running 20240223 with KDE Plasma 5 so I do not believe it is a plasma 6 issue.
Quick Summary of the problem: When a server running XRDP is renamed from OLD-NAME to NEW-NAME and rebooted, krdc can NOT connect using the NEW-NAME. Everything else in the network ( ssh / ping ) work with the NEW-NAME. It is confirmed to be a krdc problem because BOTH xfreerdp and remmina RDP clients can connect using NEW-NAME. I have traced the problem to the generated /etc/xrdp/rsakeys.ini which is created and run during install/update which generates the keys used but obviously krdc is where the issue is with the keys since xfreerdp and remmina work with the NEW-NAME. I also tried generating my own key/cert using the command in /etc/xrdp/xrdp.ini and then modified the certificate= and key= lines to point to those generated files and then restarted the server. When using my own generated key/cert then krdc will prompt with an unknown certificate message when using NEW-NAME but after clicking Continue it still just displays the blue screen and no desktop. reminna will prompt for the new certificate and then you can login and desktop is displayed. xfreerdp does not seem to care about the certificate change and will let you login and the desktop is displayed. If you need any other details please let me know.
Also forgot to say that a Windows client using RDP that tries to connect to NEW-NAME gets the certificate change both when the server is renamed and then it has no issues connecting and displaying the desktop.