Windows 10 client presents certificate, then fails to connect

[StrykeSlammerII]

I'm using xrdp as a server on a Archlinux box, and was able to connect successfully from my Win10 machine until April 1 (strangely enough).
As far as I'm aware, nothing changed on either machine at the time; I have since updated the server box and rebooted both machines. The issue has persisted.

The Win10 "Remote Desktop Connection" client shows a name mismatch on the security certificate, as usual--I'm connecting by ip address, and it says the name on the certificate is www.xrdp.org --but when I hit 'Yes' to complete the connection, I get an error "This computer can't connect to the remote computer. Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator." When I hit 'OK' there, I'm back to the initial RDC screen.

systemctl status xrdp-sesman

● xrdp-sesman.service - xrdp session manager
     Loaded: loaded (/usr/lib/systemd/system/xrdp-sesman.service; enabled; vendor preset: disabled)
     Active: active (running) since Sat 2021-04-10 15:42:04 EDT; 2min 43s ago
       Docs: man:xrdp-sesman(8)
             man:sesman.ini(5)
    Process: 569 ExecStart=/usr/bin/xrdp-sesman (code=exited, status=0/SUCCESS)
   Main PID: 580 (xrdp-sesman)
      Tasks: 1 (limit: 19132)
     Memory: 1.9M
        CPU: 7ms
     CGroup: /system.slice/xrdp-sesman.service
             └─580 /usr/bin/xrdp-sesman

Apr 10 15:42:04 kotomi systemd[1]: Starting xrdp session manager...
Apr 10 15:42:04 kotomi xrdp-sesman[580]: [INFO ] starting xrdp-sesman with pid 580
Apr 10 15:42:04 kotomi systemd[1]: Started xrdp session manager.
Apr 10 15:42:04 kotomi xrdp-sesman[580]: [INFO ] listening to port 3350 on 127.0.0.1

that looks like sesman never sees a connection...

systemctl status xrdp

● xrdp.service - xrdp daemon
     Loaded: loaded (/usr/lib/systemd/system/xrdp.service; enabled; vendor preset: disabled)
     Active: active (running) since Sat 2021-04-10 15:42:05 EDT; 9min ago
       Docs: man:xrdp(8)
             man:xrdp.ini(5)
    Process: 581 ExecStart=/usr/bin/xrdp (code=exited, status=0/SUCCESS)
   Main PID: 597 (xrdp)
      Tasks: 1 (limit: 19132)
     Memory: 3.7M
        CPU: 20ms
     CGroup: /system.slice/xrdp.service
             └─597 /usr/bin/xrdp

Apr 10 15:44:33 kotomi xrdp[1630]: [INFO ] adding channel item name cliprdr chan_id 1006 flags 0xc0a00000
Apr 10 15:44:33 kotomi xrdp[1630]: [INFO ] adding channel item name drdynvc chan_id 1007 flags 0xc0800000
Apr 10 15:44:33 kotomi xrdp[1630]: [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc006 size 8
Apr 10 15:44:33 kotomi xrdp[1630]: [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc00a size 8
Apr 10 15:44:33 kotomi xrdp[1630]: [INFO ] xrdp_load_keyboard_layout: keyboard_type [4] keyboard_subtype [0]
Apr 10 15:44:33 kotomi xrdp[1630]: [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
Apr 10 15:44:33 kotomi xrdp[1630]: [INFO ] TLS connection established from 192.168.0.100 port 65082: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
Apr 10 15:44:33 kotomi xrdp[1630]: [WARN ] libxrdp_force_read: header read error
Apr 10 15:44:33 kotomi xrdp[1630]: [ERROR] libxrdp_process_data: libxrdp_force_read failed
Apr 10 15:44:34 kotomi xrdp[1630]: [ERROR]   out xrdp_mcs_disconnect error - 2

I'm assuming the last errors here are relevant, but google hasn't been of much help finding any similar issues.
(The first two "unknown tag" errors also showed up when everything was working, so I'm assuming they're not related.)

Here's the full xrdp.log from the related time period:

[20210410-15:44:32] [INFO ] Socket 12: AF_INET connection received from 192.168.0.100 port 65080
[20210410-15:44:32] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20210410-15:44:32] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20210410-15:44:32] [WARN ] libxrdp_force_read: header read error
[20210410-15:44:32] [ERROR]   out xrdp_mcs_disconnect error - 2
[20210410-15:44:33] [INFO ] Socket 12: AF_INET connection received from 192.168.0.100 port 65082
[20210410-15:44:33] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20210410-15:44:33] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20210410-15:44:33] [INFO ] connected client computer name: RYOKO
[20210410-15:44:33] [INFO ]   client supports 40 bit encryption
[20210410-15:44:33] [INFO ]   client supports 128 bit encryption
[20210410-15:44:33] [INFO ]   client supports 56 bit encryption
[20210410-15:44:33] [INFO ]   client supports fips encryption
[20210410-15:44:33] [INFO ] adding channel item name rdpdr chan_id 1004 flags 0x80800000
[20210410-15:44:33] [INFO ] adding channel item name rdpsnd chan_id 1005 flags 0xc0000000
[20210410-15:44:33] [INFO ] adding channel item name cliprdr chan_id 1006 flags 0xc0a00000
[20210410-15:44:33] [INFO ] adding channel item name drdynvc chan_id 1007 flags 0xc0800000
[20210410-15:44:33] [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc006 size 8
[20210410-15:44:33] [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc00a size 8
[20210410-15:44:33] [INFO ] xrdp_load_keyboard_layout: keyboard_type [4] keyboard_subtype [0]
[20210410-15:44:33] [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
[20210410-15:44:33] [INFO ] TLS connection established from 192.168.0.100 port 65082: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
[20210410-15:44:33] [WARN ] libxrdp_force_read: header read error
[20210410-15:44:33] [ERROR] libxrdp_process_data: libxrdp_force_read failed
[20210410-15:44:34] [ERROR]   out xrdp_mcs_disconnect error - 2

I've tried with UFW enabled and disabled, no difference. Since the above log says the TLS connection was made, I'm assuming it's not a network issue.

xrdp.ini

[Globals]
; xrdp.ini file version number
ini_version=1

; fork a new process for each incoming connection
fork=true

; ports to listen on, number alone means listen on all interfaces
; 0.0.0.0 or :: if ipv6 is configured
; space between multiple occurrences
; ALL specified interfaces must be UP when xrdp starts, otherwise xrdp will fail to start
;
; Examples:
;   port=3389
;   port=unix://./tmp/xrdp.socket
;   port=tcp://.:3389                           127.0.0.1:3389
;   port=tcp://:3389                            *:3389
;   port=tcp://<any ipv4 format addr>:3389      192.168.1.1:3389
;   port=tcp6://.:3389                          ::1:3389
;   port=tcp6://:3389                           *:3389
;   port=tcp6://{<any ipv6 format addr>}:3389   {FC00:0:0:0:0:0:0:1}:3389
;   port=vsock://<cid>:<port>
port=3389

; 'port' above should be connected to with vsock instead of tcp
; use this only with number alone in port above
; prefer use vsock://<cid>:<port> above
use_vsock=false

; regulate if the listening socket use socket option tcp_nodelay
; no buffering will be performed in the TCP stack
tcp_nodelay=true

; regulate if the listening socket use socket option keepalive
; if the network connection disappear without close messages the connection will be closed
tcp_keepalive=true

; set tcp send/recv buffer (for experts)
#tcp_send_buffer_bytes=32768
#tcp_recv_buffer_bytes=32768

; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate

; minimum security level allowed for client for classic RDP encryption
; use tls_ciphers to configure TLS encryption
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high

; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
certificate=
key_file=

; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
ssl_protocols=TLSv1.2, TLSv1.3
; set TLS cipher suites
#tls_ciphers=HIGH

; concats the domain name to the user if set for authentication with the separator
; for example when the server is multi homed with SSSd
#domain_user_separator=@

; Section name to use for automatic login if the client sends username
; and password. If empty, the domain name sent by the client is used.
; If empty and no domain name is given, the first suitable section in
; this file will be used.
autorun=

allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
#hidelogwindow=true
max_bpp=32
new_cursors=true
; fastpath - can be 'input', 'output', 'both', 'none'
use_fastpath=both
; when true, userid/password *must* be passed on cmd line
#require_credentials=true
; when true, the userid will be used to try to authenticate
#enable_token_login=true
; You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url

;
; colors used by windows in RGB format
;
blue=009cb5
grey=dedede
#black=000000
#dark_grey=808080
#blue=08246b
#dark_blue=08246b
#white=ffffff
#red=ff0000
#green=00ff00
#background=626c72

address=0.0.0.0

;
; configure login screen
;

; Login Screen Window Title
#ls_title=My Login Title

; top level window background color in RGB format
ls_top_window_bg_color=009cb5

; width and height of login screen
ls_width=350
ls_height=430

; login screen background color in RGB format
ls_bg_color=dedede

; optional background image filename (bmp format).
#ls_background_image=

; logo
; full path to bmp-file or file in shared folder
ls_logo_filename=
ls_logo_x_pos=55
ls_logo_y_pos=50

; for positioning labels such as username, password etc
ls_label_x_pos=30
ls_label_width=65

; for positioning text and combo boxes next to above labels
ls_input_x_pos=110
ls_input_width=210

; y pos for first label and combo box
ls_input_y_pos=220

; OK button
ls_btn_ok_x_pos=142
ls_btn_ok_y_pos=370
ls_btn_ok_width=85
ls_btn_ok_height=30

; Cancel button
ls_btn_cancel_x_pos=237
ls_btn_cancel_y_pos=370
ls_btn_cancel_width=85
ls_btn_cancel_height=30

[Logging]
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
LogFile=xrdp.log
LogLevel=INFO
EnableSyslog=true
#SyslogLevel=INFO
#EnableConsole=false
#ConsoleLevel=INFO
#EnableProcessId=false

[LoggingPerLogger]
; Note: per logger configuration is only used in XRDP_DEBUG builds of XRDP.
#xrdp.c=INFO
#main()=INFO

[Channels]
; Channel names not listed here will be blocked by XRDP.
; You can block any channel by setting its value to false.
; IMPORTANT! All channels are not supported in all use
; cases even if you set all values to true.
; You can override these settings on each session type
; These settings are only used if allow_channels=true
rdpdr=true
rdpsnd=true
drdynvc=true
cliprdr=true
rail=true
xrdpvr=true
tcutils=true

; for debugging xrdp, in section xrdp1, change port=-1 to this:
#port=/tmp/.xrdp/xrdp_display_10

; for debugging xrdp, add following line to section xrdp1
#chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210


;
; Session types
;

; Some session types such as Xorg, X11rdp and Xvnc start a display server.
; Startup command-line parameters for the display server are configured
; in sesman.ini. See and configure also sesman.ini.
[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
ip=127.0.0.1
port=-1
code=20

[Xvnc]
name=Xvnc
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1
#xserverbpp=24
#delay_ms=2000
; Disable requested encodings to support buggy VNC servers
; (1 = ExtendedDesktopSize)
#disabled_encodings_mask=0


[vnc-any]
name=vnc-any
lib=libvnc.so
ip=ask
port=ask5900
username=na
password=ask
#pamusername=asksame
#pampassword=asksame
#pamsessionmng=127.0.0.1
#delay_ms=2000

[neutrinordp-any]
name=neutrinordp-any
lib=libxrdpneutrinordp.so
ip=ask
port=ask
username=ask
password=ask

; You can override the common channel settings for each session type
#channel.rdpdr=true
#channel.rdpsnd=true
#channel.drdynvc=true
#channel.cliprdr=true
#channel.rail=true
#channel.xrdpvr=true

I'm not sure where to go from here. Is it possibly an encryption failure somehow?
I'll be happy to post additional settings or logs if they would be useful.

[matt335672]

You can remove TLS from the connection by setting security_layer=rdp in xrdp.ini. That's a good place to start.

With that said, tt very much looks like a network issue to me in that the connection looks like it's being interrupted by something. Are server and client on the same subnet?

[StrykeSlammerII]

• It's a home setup; there is a single router between both machines, which should be acting as a basic DHCP server. It has static internal IP addresses for each, but I don't believe I did anything with subnets.

• I backed the security setting down to rdp, and now I get the login screen... but the Xorg option gives "some error" and Xvnc gives a black screen with a popup "Unable to contact settings server. Could not connect: Connection refused." (Previously I had been using Xvnc as Xorg had a similar "some error", so I'm not super concerned about fixing the Xorg side.)
  When I click "close" on that popup, the whole window closes and I'm back at the Windows client's initial screen. So there's still something going on.
  Logs seem to only show that I logged in and then closed the session, with no clue about the new error message, but I haven't had a chance to dig through other logs or do much other t/s tonight. I'll get back to this when I get a chance, but it might be a few days.
  Edit: I did try logging in through the client while logged out of the server; same error. So it shouldn't be refusing me for already being in a session.

It looks like my initial issue is related to TLS; hopefully this will help if someone else has this problem in the future. Any pointers on how to troubleshoot that? Or is "use RDP instead" a common workaround?
I'm still a bit miffed that something broke and I can't tell whether it was on the client or server 😛

xrdp.log

[20210412-21:06:46] [INFO ] Socket 12: AF_INET connection received from 192.168.0.100 port 60177
[20210412-21:06:46] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20210412-21:06:46] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20210412-21:06:46] [WARN ] libxrdp_force_read: header read error
[20210412-21:06:46] [ERROR]   out xrdp_mcs_disconnect error - 2
[20210412-21:06:51] [INFO ] Socket 12: AF_INET connection received from 192.168.0.100 port 60180
[20210412-21:06:51] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20210412-21:06:51] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20210412-21:06:51] [INFO ] connected client computer name: RYOKO
[20210412-21:06:51] [INFO ]   client supports 40 bit encryption
[20210412-21:06:51] [INFO ]   client supports 128 bit encryption
[20210412-21:06:51] [INFO ]   client supports 56 bit encryption
[20210412-21:06:51] [INFO ]   client supports fips encryption
[20210412-21:06:51] [INFO ]   client and server support high crypt, using high crypt
[20210412-21:06:51] [INFO ] adding channel item name rdpdr chan_id 1004 flags 0x80800000
[20210412-21:06:51] [INFO ] adding channel item name rdpsnd chan_id 1005 flags 0xc0000000
[20210412-21:06:51] [INFO ] adding channel item name cliprdr chan_id 1006 flags 0xc0a00000
[20210412-21:06:51] [INFO ] adding channel item name drdynvc chan_id 1007 flags 0xc0800000
[20210412-21:06:51] [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc006 size 8
[20210412-21:06:51] [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc00a size 8
[20210412-21:06:51] [INFO ] xrdp_load_keyboard_layout: keyboard_type [4] keyboard_subtype [0]
[20210412-21:06:51] [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
[20210412-21:06:51] [INFO ] Non-TLS connection established from 192.168.0.100 port 60180: encrypted with standard RDP security
[20210412-21:06:51] [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
[20210412-21:06:51] [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 10485760 MB cache entries 100
[20210412-21:06:51] [INFO ] xrdp_caps_process_codecs: nscodec, codec id 1, properties len 3
[20210412-21:06:51] [WARN ] xrdp_caps_process_codecs: unknown codec id 5
[20210412-21:06:51] [INFO ] xrdp_caps_process_codecs: RemoteFX, codec id 3, properties len 49
[20210412-21:06:51] [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
[20210412-21:06:51] [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
[20210412-21:06:51] [ERROR] libxrdp_query_channel - Channel 0 name rdpdr
[20210412-21:06:51] [ERROR] libxrdp_query_channel - Channel 1 name rdpsnd
[20210412-21:06:51] [ERROR] libxrdp_query_channel - Channel 2 name cliprdr
[20210412-21:06:51] [ERROR] libxrdp_query_channel - Channel 3 name drdynvc
[20210412-21:06:51] [ERROR] libxrdp_query_channel - Channel out of range 4
[20210412-21:06:52] [INFO ] drdynvc_process_capability_response: DVC version 3 selected
[20210412-21:07:03] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20210412-21:07:03] [INFO ] xrdp_wm_log_msg: login successful for display 10
[20210412-21:07:04] [ERROR] libxrdp_query_channel - Channel 0 name rdpdr
[20210412-21:07:04] [ERROR] libxrdp_query_channel - Channel 1 name rdpsnd
[20210412-21:07:04] [ERROR] libxrdp_query_channel - Channel 2 name cliprdr
[20210412-21:07:04] [ERROR] libxrdp_query_channel - Channel 3 name drdynvc
[20210412-21:07:04] [ERROR] libxrdp_query_channel - Channel out of range 4
[20210412-21:07:04] [INFO ] Layout from OldLayout (geom=1920x1080 #screens=1) : 1804289383:(1920x1080+0+0)

xrdp-sesman.log

[20210412-21:07:03] [INFO ] ++ created session (access granted): username strike, ip 192.168.0.100:60180 - socket: 12
[20210412-21:07:03] [INFO ] starting Xvnc session...
[20210412-21:07:03] [INFO ] calling auth_start_session from pid 29386
[20210412-21:07:03] [INFO ] Xvnc :10 -auth .Xauthority -geometry 1920x1080 -depth 32 -rfbauth /home/strike/.vnc/sesman_passwd-strike@kotomi:10 -bs -nolisten tcp -localhost -dpi 96  
[20210412-21:07:04] [INFO ] waiting for window manager (pid 29387) to exit
[20210412-21:07:34] [INFO ] window manager (pid 29387) was running for approximately 30 seconds.
[20210412-21:07:34] [INFO ] Cleaning up session. Calling auth_stop_session and auth_end from pid 29386
[20210412-21:07:34] [INFO ] ++ terminated session:  username strike, display :10.0, session_pid 29386, ip 192.168.0.100:60180 - socket: 12

[matt335672]

Thanks for the additional info.

There seem to be two issues here - TLS and Xvnc. As a bonus we could look at the Xorg later.

The TLS issue log suggests the client is closing the connection after the server thinks the connection has been established. That's really unusual. Looking at the TLS protocol, the very last step is the server sending a MAC of all the messages it's sent. If the signature on the MAC is incorrect, the client will close the connection.

In other words, there may be a mismatch between your TLS certificate and your private key on the server side. I'm not aware of any logs we could look at on the client side to confirm this however, and the server should really be checking this so it's only a hunch.

What are the outputs of these two commands?

sudo openssl x509 -noout -modulus -in /etc/xrdp/cert.pem | openssl md5
sudo openssl rsa -noout -modulus -in /etc/xrdp/key.pem | openssl md5

They should be the same. If not we can regenerate files as appropriate.

As far as the Xvnc issue goes, your log above is useful. It suggests the desktop isn't starting properly. Can you try the following to get a fuller log of system activity?

1. Make a note of the system time
2. Try to log in using Xvnc.
3. Post the output of sudo journalctl -S HH:MM:SS where HH:MM:SS is the time you noted in step 1.

Additionally there may be information in ~/.xsession-errors. I don't know Arch well enough to know if that file exists or not, however.

[StrykeSlammerII]

> sudo openssl x509 -noout -modulus -in /etc/xrdp/cert.pem | openssl md5
(stdin)= 87bae25c51cbfeed87d58c8d51084391
> sudo openssl rsa -noout -modulus -in /etc/xrdp/key.pem | openssl md5
(stdin)= 87bae25c51cbfeed87d58c8d51084391

Looks the same to me.
I was wondering if something had happened to my keys, so thanks for showing me how to verify them. At least we're on the same page 😁

I do have a ~/.xsession-errors file, but it's empty (0 bytes) and the timestamp is from the 12th, so it may be from logging into the server directly.

I deleted the file and tried rdp->Xvnc, the file did not regenerate. I tried rdp->Xorg and let that time out, the file did not regen.
In a bit I will log out of the server, try both rdp methods again, then log back into the server and check timestamps.

I also checked /var/log/Xorg.0.log and /var/log/lxdm.log, but those had nothing relevant. Everything else in /var/log is old.

journalctl shows that xfce is flat-out crashing, which is a little odd as I can login directly just fine. I'm actually posting this from the server 🤨 I guess that's another reason to retry rdp before logging back into the server.

(Everything before this snip matches the previous xrdp.log; if more is useful I can attach the entire thing.)

Apr 15 19:16:30 kotomi audit[54050]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=18 pid=54050 comm="xfce4-session" exe="/usr/bin/xfce4-session" sig=11 res=1
Apr 15 19:16:30 kotomi kernel: xfce4-session[54050]: segfault at 2c ip 0000562c3264b2b0 sp 00007ffce2273e98 error 4 in xfce4-session[562c32638000+1a000]
Apr 15 19:16:30 kotomi kernel: Code: ff 25 d4 82 01 00 0f 1f 40 00 4c 89 e7 e8 08 ee ff ff 85 c0 75 b6 48 83 c4 08 4c 89 e7 5d 41 5c e9 25 f3 ff ff 0f 1f 44 00 00 <8b> 47 2c c3 66 66 2e 0f 1f 84 00 00 00 00 00 90 8b 47 28 c3 66 66
Apr 15 19:16:30 kotomi kernel: audit: type=1701 audit(1618528590.396:461): auid=1000 uid=1000 gid=1000 ses=18 pid=54050 comm="xfce4-session" exe="/usr/bin/xfce4-session" sig=11 res=1
Apr 15 19:16:30 kotomi audit: BPF prog-id=60 op=LOAD
Apr 15 19:16:30 kotomi audit: BPF prog-id=61 op=LOAD
Apr 15 19:16:30 kotomi audit: BPF prog-id=62 op=LOAD
Apr 15 19:16:30 kotomi kernel: audit: type=1334 audit(1618528590.406:462): prog-id=60 op=LOAD
Apr 15 19:16:30 kotomi systemd[1]: Started Process Core Dump (PID 54112/UID 0).
Apr 15 19:16:30 kotomi audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@9-54112-0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Apr 15 19:16:31 kotomi systemd-coredump[54113]: Process 54050 (xfce4-session) of user 1000 dumped core.
                                                
                                                Stack trace of thread 54050:
                                                #0  0x0000562c3264b2b0 xfsm_manager_get_shutdown_type (xfce4-session + 0x252b0)

Since I said I was going to log out anyway, I'm going to update the server and reboot it as well. I'll add another comment once I have those results.

[StrykeSlammerII]

~/.xsession-errors doesn't appear to have been created till I logged in directly, and it is again empty.
No other apparent changes, but I do have some cleaner journalctl logs now.

I did a quick google search for "xfce4-session segfault" and got a couple interesting hits, but nothing immediately useful. I'm also running out of troubleshooting spoons for tonight. Most likely I will pick this up again over the weekend :)

[StrykeSlammerII]

Another short note--the xfce4-session crash doesn't happen till after I close the "Unable to contact settings server" error. So I'm going to focus back on that error message instead of the segfault.

[StrykeSlammerII]

I noticed some errors from PAM that may or may not be related to my actual issue. Journalctl error xrdp-sesman[21343]: pam_systemd(xrdp-sesman:session): Failed to create session: No child processes looks like #1677, which pointed towards a PAM config issue in Arch.

I tried the fix referenced there (comment out "-account [success=1 default=ignore] pam_systemd_home.so" in /etc/pam.d/system-auth) and now I don't get the 'Unable to contact settings server' popup error window... but xfce4-session still crashes. So, I'm back to checking on the crash after all (?)

Journalctl before futzing with PAM:

Apr 15 20:36:22 kotomi xrdp-sesman[588]: [INFO ] A connection received from 127.0.0.1 port 53772
Apr 15 20:36:22 kotomi xrdp[672]: [INFO ] xrdp_wm_log_msg: sesman connect ok
Apr 15 20:36:22 kotomi audit[588]: USER_AUTH pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_shells,pam_faillock,pam_permit,pam_faillock acct="strike" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=xrdp-sesman res=success'
Apr 15 20:36:22 kotomi kernel: audit: type=1100 audit(1618533382.492:70): pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_shells,pam_faillock,pam_permit,pam_faillock acct="strike" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=xrdp-sesman res=success'
Apr 15 20:36:22 kotomi dbus-daemon[540]: [system] Activating via systemd: service name='org.freedesktop.home1' unit='dbus-org.freedesktop.home1.service' requested by ':1.5' (uid=0 pid=588 comm="/usr/bin/xrdp-sesman ")
Apr 15 20:36:22 kotomi dbus-daemon[540]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.home1.service': Unit dbus-org.freedesktop.home1.service not found.
Apr 15 20:36:22 kotomi xrdp-sesman[588]: pam_systemd_home(xrdp-sesman:account): systemd-homed is not available: Unit dbus-org.freedesktop.home1.service not found.
Apr 15 20:36:22 kotomi audit[588]: USER_ACCT pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_permit,pam_time acct="strike" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=xrdp-sesman res=success'
Apr 15 20:36:22 kotomi xrdp-sesman[588]: [INFO ] Terminal Server Users group is disabled, allowing authentication
Apr 15 20:36:22 kotomi kernel: audit: type=1101 audit(1618533382.493:71): pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_permit,pam_time acct="strike" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=xrdp-sesman res=success'
Apr 15 20:36:22 kotomi xrdp-sesman[588]: [INFO ] ++ created session (access granted): username strike, ip 192.168.0.100:57592 - socket: 12
Apr 15 20:36:22 kotomi xrdp-sesman[588]: [INFO ] starting Xvnc session...
Apr 15 20:36:22 kotomi xrdp[672]: [INFO ] xrdp_wm_log_msg: login successful for display 10
Apr 15 20:36:22 kotomi xrdp-sesman[686]: [INFO ] calling auth_start_session from pid 686
Apr 15 20:36:22 kotomi audit[686]: CRED_ACQ pid=686 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_shells,pam_faillock,pam_permit,pam_faillock acct="strike" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=:10 res=success'
Apr 15 20:36:22 kotomi audit[686]: SYSCALL arch=c000003e syscall=1 success=yes exit=4 a0=b a1=7ffd9223e940 a2=4 a3=3e8 items=0 ppid=588 pid=686 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="xrdp-sesman" exe="/usr/bin/xrdp-sesman" key=(null)
Apr 15 20:36:22 kotomi kernel: audit: type=1103 audit(1618533382.604:72): pid=686 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_shells,pam_faillock,pam_permit,pam_faillock acct="strike" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=:10 res=success'
Apr 15 20:36:22 kotomi kernel: audit: type=1006 audit(1618533382.604:73): pid=686 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=2 res=1
Apr 15 20:36:22 kotomi kernel: audit: type=1300 audit(1618533382.604:73): arch=c000003e syscall=1 success=yes exit=4 a0=b a1=7ffd9223e940 a2=4 a3=3e8 items=0 ppid=588 pid=686 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="xrdp-sesman" exe="/usr/bin/xrdp-sesman" key=(null)
Apr 15 20:36:22 kotomi kernel: audit: type=1327 audit(1618533382.604:73): proctitle="/usr/bin/xrdp-sesman"
Apr 15 20:36:22 kotomi audit: PROCTITLE proctitle="/usr/bin/xrdp-sesman"
Apr 15 20:36:22 kotomi xrdp-sesman[686]: pam_unix(xrdp-sesman:session): session opened for user strike(uid=1000) by (uid=0)
Apr 15 20:36:22 kotomi xrdp-sesman[686]: pam_systemd(xrdp-sesman:session): Failed to create session: No child processes
Apr 15 20:36:22 kotomi xrdp-sesman[686]: pam_env(xrdp-sesman:session): deprecated reading of user environment enabled
Apr 15 20:36:22 kotomi audit[686]: USER_START pid=686 uid=0 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_env acct="strike" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=:10 res=success'
Apr 15 20:36:22 kotomi kernel: audit: type=1105 audit(1618533382.604:74): pid=686 uid=0 auid=1000 ses=2 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_unix,pam_permit,pam_mail,pam_env acct="strike" exe="/usr/bin/xrdp-sesman" hostname=? addr=? terminal=:10 res=success'
Apr 15 20:36:22 kotomi xrdp-sesman[688]: [INFO ] Xvnc :10 -auth .Xauthority -geometry 1920x1080 -depth 32 -rfbauth /home/strike/.vnc/sesman_passwd-strike@kotomi:10 -bs -nolisten tcp -localhost -dpi 96
Apr 15 20:36:23 kotomi xrdp-sesman[686]: [INFO ] waiting for window manager (pid 687) to exit
Apr 15 20:36:24 kotomi xrdp[672]: [ERROR] libxrdp_query_channel - Channel 0 name rdpdr
Apr 15 20:36:24 kotomi xrdp-chansrv[690]: [INFO ] Socket 12: AF_UNIX connection received
Apr 15 20:36:24 kotomi xrdp[672]: [ERROR] libxrdp_query_channel - Channel 1 name rdpsnd
Apr 15 20:36:24 kotomi xrdp[672]: [ERROR] libxrdp_query_channel - Channel 2 name cliprdr
Apr 15 20:36:24 kotomi xrdp[672]: [ERROR] libxrdp_query_channel - Channel 3 name drdynvc
Apr 15 20:36:24 kotomi xrdp[672]: [ERROR] libxrdp_query_channel - Channel out of range 4
Apr 15 20:36:24 kotomi xrdp[672]: [INFO ] Layout from OldLayout (geom=1920x1080 #screens=1) : 1804289383:(1920x1080+0+0)

[ and then I got the above popup error, and xfce4-session crashed once that was closed ]

after the PAM edit:

Apr 18 04:23:22 kotomi xrdp-sesman[588]: [INFO ] A connection received from 127.0.0.1 port 34022
Apr 18 04:23:22 kotomi xrdp[26235]: [INFO ] xrdp_wm_log_msg: sesman connect ok
Apr 18 04:23:22 kotomi audit[588]: USER_AUTH pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_shells,pam_failloc>
Apr 18 04:23:22 kotomi kernel: audit: type=1100 audit(1618734202.678:465): pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication g>
Apr 18 04:23:22 kotomi audit[588]: USER_ACCT pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_pe>
Apr 18 04:23:22 kotomi xrdp-sesman[588]: [INFO ] Terminal Server Users group is disabled, allowing authentication
Apr 18 04:23:22 kotomi kernel: audit: type=1101 audit(1618734202.680:466): pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grant>
Apr 18 04:23:22 kotomi xrdp-sesman[588]: [INFO ] ++ created session (access granted): username strike, ip 192.168.0.100:53790 - socket: 12
Apr 18 04:23:22 kotomi xrdp-sesman[588]: [INFO ] starting Xvnc session...
Apr 18 04:23:22 kotomi xrdp[26235]: [INFO ] xrdp_wm_log_msg: login successful for display 10
Apr 18 04:23:22 kotomi xrdp-sesman[26515]: [INFO ] calling auth_start_session from pid 26515
Apr 18 04:23:22 kotomi audit[26515]: CRED_ACQ pid=26515 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_shells,pam_faillock,pa>
Apr 18 04:23:22 kotomi audit[26515]: SYSCALL arch=c000003e syscall=1 success=yes exit=4 a0=10 a1=7ffd9223e940 a2=4 a3=3e8 items=0 ppid=588 pid=26515>
Apr 18 04:23:22 kotomi audit: PROCTITLE proctitle="/usr/bin/xrdp-sesman"
Apr 18 04:23:22 kotomi xrdp-sesman[26515]: pam_unix(xrdp-sesman:session): session opened for user strike(uid=1000) by (uid=0)
Apr 18 04:23:22 kotomi kernel: audit: type=1103 audit(1618734202.799:467): pid=26515 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred granto>
Apr 18 04:23:22 kotomi kernel: audit: type=1006 audit(1618734202.799:468): pid=26515 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=42949672>
Apr 18 04:23:22 kotomi kernel: audit: type=1300 audit(1618734202.799:468): arch=c000003e syscall=1 success=yes exit=4 a0=10 a1=7ffd9223e940 a2=4 a3=>
Apr 18 04:23:22 kotomi kernel: audit: type=1327 audit(1618734202.799:468): proctitle="/usr/bin/xrdp-sesman"
Apr 18 04:23:22 kotomi systemd-logind[542]: New session 12 of user strike.
Apr 18 04:23:22 kotomi systemd[1]: Started Session 12 of user strike.
Apr 18 04:23:22 kotomi xrdp-sesman[26515]: pam_env(xrdp-sesman:session): deprecated reading of user environment enabled
Apr 18 04:23:22 kotomi audit[26515]: USER_START pid=26515 uid=0 auid=1000 ses=12 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limi>
Apr 18 04:23:22 kotomi kernel: audit: type=1105 audit(1618734202.806:469): pid=26515 uid=0 auid=1000 ses=12 msg='op=PAM:session_open grantors=pam_lo>
Apr 18 04:23:22 kotomi xrdp-sesman[26517]: [INFO ] Xvnc :10 -auth .Xauthority -geometry 1920x1080 -depth 32 -rfbauth /home/strike/.vnc/sesman_passwd>
Apr 18 04:23:23 kotomi xrdp-sesman[26515]: [INFO ] waiting for window manager (pid 26516) to exit
Apr 18 04:23:23 kotomi xrdp[26235]: [ERROR] libxrdp_query_channel - Channel 0 name rdpdr
Apr 18 04:23:23 kotomi xrdp-chansrv[26540]: [INFO ] Socket 12: AF_UNIX connection received
Apr 18 04:23:23 kotomi xrdp[26235]: [ERROR] libxrdp_query_channel - Channel 1 name rdpsnd
Apr 18 04:23:23 kotomi xrdp[26235]: [ERROR] libxrdp_query_channel - Channel 2 name cliprdr
Apr 18 04:23:23 kotomi xrdp[26235]: [ERROR] libxrdp_query_channel - Channel 3 name drdynvc
Apr 18 04:23:23 kotomi systemd[767]: gpg-agent.service: Deactivated successfully.
Apr 18 04:23:23 kotomi systemd[767]: Started GnuPG cryptographic agent and passphrase cache.
Apr 18 04:23:23 kotomi gpg-agent[26583]: gpg-agent (GnuPG) 2.2.27 starting in supervised mode.
Apr 18 04:23:23 kotomi gpg-agent[26583]: using fd 3 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser)
Apr 18 04:23:23 kotomi gpg-agent[26583]: using fd 4 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra)
Apr 18 04:23:23 kotomi gpg-agent[26583]: using fd 5 for std socket (/run/user/1000/gnupg/S.gpg-agent)
Apr 18 04:23:23 kotomi gpg-agent[26583]: using fd 6 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Apr 18 04:23:23 kotomi gpg-agent[26583]: listening on: std=5 extra=4 browser=3 ssh=6
Apr 18 04:23:23 kotomi audit[26516]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=12 pid=26516 comm="xfce4-session" exe="/usr/bin/xfce4-session" sig=1>
Apr 18 04:23:23 kotomi kernel: xfce4-session[26516]: segfault at 2c ip 000055acf551b2b0 sp 00007ffdad317c88 error 4 in xfce4-session[55acf5508000+1a>
Apr 18 04:23:23 kotomi kernel: Code: ff 25 d4 82 01 00 0f 1f 40 00 4c 89 e7 e8 08 ee ff ff 85 c0 75 b6 48 83 c4 08 4c 89 e7 5d 41 5c e9 25 f3 ff ff >
Apr 18 04:23:23 kotomi kernel: audit: type=1701 audit(1618734203.295:470): auid=1000 uid=1000 gid=1000 ses=12 pid=26516 comm="xfce4-session" exe="/u>
Apr 18 04:23:23 kotomi xrdp[26235]: [ERROR] libxrdp_query_channel - Channel out of range 4
Apr 18 04:23:23 kotomi audit: BPF prog-id=53 op=LOAD
Apr 18 04:23:23 kotomi audit: BPF prog-id=54 op=LOAD
Apr 18 04:23:23 kotomi audit: BPF prog-id=55 op=LOAD
Apr 18 04:23:23 kotomi kernel: audit: type=1334 audit(1618734203.305:471): prog-id=53 op=LOAD
Apr 18 04:23:23 kotomi systemd[1]: Started Process Core Dump (PID 26586/UID 0).
Apr 18 04:23:23 kotomi audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@6-26586-0 comm="systemd" exe="/>
Apr 18 04:23:23 kotomi xrdp[26235]: [INFO ] Layout from OldLayout (geom=1920x1080 #screens=1) : 1804289383:(1920x1080+0+0)
Apr 18 04:23:24 kotomi systemd-coredump[26587]: Process 26516 (xfce4-session) of user 1000 dumped core.
                                                
                                                Stack trace of thread 26516:
                                                #0  0x000055acf551b2b0 xfsm_manager_get_shutdown_type (xfce4-session + 0x252b0)

[ long crash dump continues, lmk if it would be helpful to include ]

the gpg-agent stuff is new, I just don't know whether or not this is a step forward.

stopping systemd-homed doesn't seem to change anything after commenting it out of system-auth but I got some initial connection xrdp things on this log:

Apr 18 04:27:22 kotomi xrdp[607]: [INFO ] Socket 12: AF_INET connection received from 192.168.0.100 port 54612
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] connected client computer name: RYOKO
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ]   client supports 40 bit encryption
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ]   client supports 128 bit encryption
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ]   client supports 56 bit encryption
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ]   client supports fips encryption
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ]   client and server support high crypt, using high crypt
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] adding channel item name rdpdr chan_id 1004 flags 0x80800000
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] adding channel item name rdpsnd chan_id 1005 flags 0xc0000000
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] adding channel item name cliprdr chan_id 1006 flags 0xc0a00000
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] adding channel item name drdynvc chan_id 1007 flags 0xc0800000
Apr 18 04:27:22 kotomi xrdp[26660]: [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc006 size 8
Apr 18 04:27:22 kotomi xrdp[26660]: [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc00a size 8
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] xrdp_load_keyboard_layout: keyboard_type [4] keyboard_subtype [0]
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] Non-TLS connection established from 192.168.0.100 port 54612: encrypted with standard RDP security
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] xrdp_process_offscreen_bmpcache: support level 1 cache size 10485760 MB cache entries 100
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] xrdp_caps_process_codecs: nscodec, codec id 1, properties len 3
Apr 18 04:27:22 kotomi xrdp[26660]: [WARN ] xrdp_caps_process_codecs: unknown codec id 5
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] xrdp_caps_process_codecs: RemoteFX, codec id 3, properties len 49
Apr 18 04:27:22 kotomi xrdp[26660]: [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
Apr 18 04:27:22 kotomi xrdp[26660]: [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
Apr 18 04:27:22 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel 0 name rdpdr
Apr 18 04:27:22 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel 1 name rdpsnd
Apr 18 04:27:23 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel 2 name cliprdr
Apr 18 04:27:23 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel 3 name drdynvc
Apr 18 04:27:23 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel out of range 4
Apr 18 04:27:23 kotomi xrdp[26660]: [INFO ] drdynvc_process_capability_response: DVC version 3 selected
Apr 18 04:27:27 kotomi xrdp-sesman[588]: [INFO ] A connection received from 127.0.0.1 port 34042
Apr 18 04:27:27 kotomi xrdp[26660]: [INFO ] xrdp_wm_log_msg: sesman connect ok
Apr 18 04:27:27 kotomi audit[588]: USER_AUTH pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=pam_shells,pam_failloc>
Apr 18 04:27:27 kotomi audit[588]: USER_ACCT pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_pe>
Apr 18 04:27:27 kotomi kernel: audit: type=1100 audit(1618734447.987:487): pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication g>
Apr 18 04:27:27 kotomi kernel: audit: type=1101 audit(1618734447.987:488): pid=588 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting grant>
Apr 18 04:27:27 kotomi xrdp-sesman[588]: [INFO ] Terminal Server Users group is disabled, allowing authentication
Apr 18 04:27:28 kotomi xrdp-sesman[588]: [INFO ] ++ created session (access granted): username strike, ip 192.168.0.100:54612 - socket: 12
Apr 18 04:27:28 kotomi xrdp-sesman[588]: [INFO ] starting Xvnc session...
Apr 18 04:27:28 kotomi xrdp[26660]: [INFO ] xrdp_wm_log_msg: login successful for display 10
Apr 18 04:27:28 kotomi xrdp-sesman[26664]: [INFO ] calling auth_start_session from pid 26664
Apr 18 04:27:28 kotomi audit[26664]: CRED_ACQ pid=26664 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_shells,pam_faillock,pa>
Apr 18 04:27:28 kotomi audit[26664]: SYSCALL arch=c000003e syscall=1 success=yes exit=4 a0=10 a1=7ffd9223e940 a2=4 a3=3e8 items=0 ppid=588 pid=26664>
Apr 18 04:27:28 kotomi audit: PROCTITLE proctitle="/usr/bin/xrdp-sesman"
Apr 18 04:27:28 kotomi xrdp-sesman[26664]: pam_unix(xrdp-sesman:session): session opened for user strike(uid=1000) by (uid=0)
Apr 18 04:27:28 kotomi kernel: audit: type=1103 audit(1618734448.091:489): pid=26664 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred granto>
Apr 18 04:27:28 kotomi kernel: audit: type=1006 audit(1618734448.091:490): pid=26664 uid=0 old-auid=4294967295 auid=1000 tty=(none) old-ses=42949672>
Apr 18 04:27:28 kotomi kernel: audit: type=1300 audit(1618734448.091:490): arch=c000003e syscall=1 success=yes exit=4 a0=10 a1=7ffd9223e940 a2=4 a3=>
Apr 18 04:27:28 kotomi kernel: audit: type=1327 audit(1618734448.091:490): proctitle="/usr/bin/xrdp-sesman"
Apr 18 04:27:28 kotomi systemd-logind[542]: New session 13 of user strike.
Apr 18 04:27:28 kotomi systemd[1]: Started Session 13 of user strike.
Apr 18 04:27:28 kotomi xrdp-sesman[26664]: pam_env(xrdp-sesman:session): deprecated reading of user environment enabled
Apr 18 04:27:28 kotomi audit[26664]: USER_START pid=26664 uid=0 auid=1000 ses=13 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limi>
Apr 18 04:27:28 kotomi kernel: audit: type=1105 audit(1618734448.097:491): pid=26664 uid=0 auid=1000 ses=13 msg='op=PAM:session_open grantors=pam_lo>
Apr 18 04:27:28 kotomi xrdp-sesman[26666]: [INFO ] Xvnc :10 -auth .Xauthority -geometry 1920x1080 -depth 32 -rfbauth /home/strike/.vnc/sesman_passwd>
Apr 18 04:27:28 kotomi xrdp-sesman[26664]: [INFO ] waiting for window manager (pid 26665) to exit
Apr 18 04:27:28 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel 0 name rdpdr
Apr 18 04:27:28 kotomi xrdp-chansrv[26689]: [INFO ] Socket 12: AF_UNIX connection received
Apr 18 04:27:28 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel 1 name rdpsnd
Apr 18 04:27:28 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel 2 name cliprdr
Apr 18 04:27:28 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel 3 name drdynvc
Apr 18 04:27:28 kotomi systemd[767]: gpg-agent.service: Deactivated successfully.
Apr 18 04:27:28 kotomi systemd[767]: Started GnuPG cryptographic agent and passphrase cache.
Apr 18 04:27:28 kotomi gpg-agent[26732]: gpg-agent (GnuPG) 2.2.27 starting in supervised mode.
Apr 18 04:27:28 kotomi gpg-agent[26732]: using fd 3 for browser socket (/run/user/1000/gnupg/S.gpg-agent.browser)
Apr 18 04:27:28 kotomi gpg-agent[26732]: using fd 4 for extra socket (/run/user/1000/gnupg/S.gpg-agent.extra)
Apr 18 04:27:28 kotomi gpg-agent[26732]: using fd 5 for std socket (/run/user/1000/gnupg/S.gpg-agent)
Apr 18 04:27:28 kotomi gpg-agent[26732]: using fd 6 for ssh socket (/run/user/1000/gnupg/S.gpg-agent.ssh)
Apr 18 04:27:28 kotomi gpg-agent[26732]: listening on: std=5 extra=4 browser=3 ssh=6
Apr 18 04:27:28 kotomi audit[26665]: ANOM_ABEND auid=1000 uid=1000 gid=1000 ses=13 pid=26665 comm="xfce4-session" exe="/usr/bin/xfce4-session" sig=1>
Apr 18 04:27:28 kotomi kernel: xfce4-session[26665]: segfault at 2c ip 000055cae75222b0 sp 00007fff5c195a18 error 4 in xfce4-session[55cae750f000+1a>
Apr 18 04:27:28 kotomi kernel: Code: ff 25 d4 82 01 00 0f 1f 40 00 4c 89 e7 e8 08 ee ff ff 85 c0 75 b6 48 83 c4 08 4c 89 e7 5d 41 5c e9 25 f3 ff ff >
Apr 18 04:27:28 kotomi kernel: audit: type=1701 audit(1618734448.577:492): auid=1000 uid=1000 gid=1000 ses=13 pid=26665 comm="xfce4-session" exe="/u>
Apr 18 04:27:28 kotomi audit: BPF prog-id=56 op=LOAD
Apr 18 04:27:28 kotomi audit: BPF prog-id=57 op=LOAD
Apr 18 04:27:28 kotomi audit: BPF prog-id=58 op=LOAD
Apr 18 04:27:28 kotomi kernel: audit: type=1334 audit(1618734448.587:493): prog-id=56 op=LOAD
Apr 18 04:27:28 kotomi systemd[1]: Started Process Core Dump (PID 26734/UID 0).
Apr 18 04:27:28 kotomi audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-coredump@7-26734-0 comm="systemd" exe="/>
Apr 18 04:27:28 kotomi xrdp[26660]: [ERROR] libxrdp_query_channel - Channel out of range 4
Apr 18 04:27:28 kotomi xrdp[26660]: [INFO ] Layout from OldLayout (geom=1920x1080 #screens=1) : 1804289383:(1920x1080+0+0)
Apr 18 04:27:29 kotomi systemd-coredump[26735]: Process 26665 (xfce4-session) of user 1000 dumped core.
                                                
                                                Stack trace of thread 26665:
                                                #0  0x000055cae75222b0 xfsm_manager_get_shutdown_type (xfce4-session + 0x252b0)

I will reboot the server and try again Just In Case, but I don't expect that to change anything new.

(edits for clarity and typos, because it's late)

[StrykeSlammerII]

Well!
Rebooting with the PAM edit got vnc working again!
(Xorg still times out.)

Next step is trying to turn TLS back on--but I need some sleep first 😁

[StrykeSlammerII]

• TLS is still showing the initial issue.
• In rdp mode, now I can only have one login session (either locally OR vnc, not both). This is new to me, but has been reported elsewhere so I will ignore it here. I only mention it to explain why rebooting after the last step got things to work again :)

[matt335672]

Thanks for the updates.

The systemd thing, including workarounds, is better documented in #1684. In a nutshell, the systemd PAM module expects the same PID to authenticate and start the session. We don't do this, and I'm not aware of anything in the PAM docs which says that it's necessary. I'd like to move us over to doing things the way systemd is assuming, but it requires some rather massive changes which aren't going to happen quickly.

The TLS issue is odd. It's not been reported before, and it looks to me from the errors you've got that it's the client closing the connection after it's been established. I can't think of any reason why this should be happening. Debugging this might require other software. You might get something useful out of using remmina/freerdp to connect from another Linux machine. Alternatively, running wireshark on the connection will show the TLS handshake (even though it doesn't occur at the start of the connection) and make it clear which end closes the connection.

The one login session is, I'm afraid, now standard if you're using systemd --user where any single user is only allowed one display session at a time. That again isn't anything we have any control over. It's possible to work around it by choosing a desktop which isn't dependent on systemd --user and futzing with the setting of DBUS_SESSION_BUS_ADDRESS, but it's a bit of hassle.

When your Xorg is timing out, do you get anything in ~/.xorgxrdp.$DISPLAY.log? That will give us some clues I expect.

[StrykeSlammerII]

• Thanks for the other PAM/systemd pointers. I've also made another user as a partial workaround.

• ~/.xorgxrdp.10.log was exactly the hint I needed for Xorg: Somehow I had downloaded xorgxrdp package but not fully installed it. Now that's working as expected, and I think everything is settled except the TLS stuff.

• Wireshark confirmed that the client is initiating the drop [first FIN packet].

• I don't have much in the way of extra machines, but I was able to login via remmina from the server itself, as well as with freerdp from the Windows machine. Both complained that the x.509 "certificate could not be verified", as expected, but went ahead and gave me the login screen which Windows RDC is (still) not giving me. I was able to login as expected on both users.

As it seems to be a Windows client issue (and I can use freeRDP as a workaround), I'll accept if you think I should close this out and ask Microsoft about their client. If you still have any troubleshooting/debugging suggestions, I'm all ears 😸

[matt335672]

Thanks for the update.

If you run freerdp from the command line, do you get any useful console output?

Also, have you been experimenting with NLA settings on the Windows side? We don't yet support NLA, but a pre-requisite for using it is that TLS security is enabled.

I'm unable to reproduce your issue by using an IP address here. On way forward might be for you to regenerate your cert using a different private key. If the new one works, that's great - problem solved. If it doesn't you can post the new private key and cert here in PEM format and we can try to reproduce the problem.

[StrykeSlammerII]

A quick run of freerdp doesn't give anything that looks useful to me:

[13:24:31:793] [14680:00003fe8] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr
[13:24:31:793] [14680:00003fe8] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd
[13:24:31:793] [14680:00003fe8] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[13:24:31:929] [14680:00003fe8] [INFO][com.freerdp.client.windows] - Certificate details:
[13:24:31:929] [14680:00003fe8] [INFO][com.freerdp.client.windows] - 	CommonName: www.xrdp.org
[13:24:31:929] [14680:00003fe8] [INFO][com.freerdp.client.windows] - 	Subject: C = US, ST = CA, L = Sunnyvale, O = xrdp, CN = www.xrdp.org
[13:24:31:929] [14680:00003fe8] [INFO][com.freerdp.client.windows] - 	Issuer: C = US, ST = CA, L = Sunnyvale, O = xrdp, CN = www.xrdp.org
[13:24:31:929] [14680:00003fe8] [INFO][com.freerdp.client.windows] - 	Thumbprint: d7:bd:84:64:97:09:5c:63:d8:a8:df:3e:f3:54:45:7c:3c:56:6c:c5
[13:24:31:929] [14680:00003fe8] [INFO][com.freerdp.client.windows] - 	HostMismatch: Yes
[13:24:31:929] [14680:00003fe8] [INFO][com.freerdp.client.windows] - The above X.509 certificate could not be verified, possibly because you do not have the CA certificate in your certificate store, or the certificate has expired. Please look at the OpenSSL documentation on how to add a private CA to the store.

[13:24:32:233] [14680:00003fe8] [INFO][com.freerdp.gdi] - Local framebuffer format  PIXEL_FORMAT_BGRX32
[13:24:32:233] [14680:00003fe8] [INFO][com.freerdp.gdi] - Remote framebuffer format PIXEL_FORMAT_BGRA32
[13:24:32:252] [14680:000013b8] [INFO][com.freerdp.channels.rdpsnd.client] - Loaded fake backend for rdpsnd
[13:25:06:385] [14680:00003fe8] [INFO][com.freerdp.core] - ERRINFO_LOGOFF_BY_USER (0x0000000C):The disconnection was initiated by the user logging off their session on the server.

I haven't intentionally done anything with NLA, and I don't see the option in the Windows client. (I'm using Windows 10 Home, so it has the RDP client but won't run an RDP server.) If there's anywhere else I should doublecheck, please point me to it.

I was finally able to make a new cert & private key without typos, and the results are the same: I can login via wfreerdp but Windows RDC shows me the (new) certificate then dies when I hit "yes" to continue. Just in case, I've also run window's SFC and DISM self-scan tools and they didn't seem to find any issues. (I didn't check the logs from those tools carefully, though)

wfreerdp's output looks the same as above, but with a different certificate details to confirm it's seeing the new certificate.

including back-to-back journalctl logs showing both clients, RDC first.
I note that RDC offers a variety of encryption methods, while freerdp says client and server support none crypt, using none crypt. I was unable to quickly find any freerdp command-line toggles to add encryption methods. I tried disabling NLA and forcing TLS, but saw no change in effect nor in the logs.
The Windows client also has an extra channel and one extra "error unknown xrdp_sec_process_mcs_data tag 0xc00a size 8".

Apr 22 21:00:05 kotomi xrdp[1981]: [INFO ] Socket 12: AF_INET connection received from 192.168.0.100 port 58650
Apr 22 21:00:05 kotomi xrdp[1983]: [INFO ] connected client computer name: RYOKO
Apr 22 21:00:05 kotomi xrdp[1983]: [INFO ]   client supports 40 bit encryption
Apr 22 21:00:05 kotomi xrdp[1983]: [INFO ]   client supports 128 bit encryption
Apr 22 21:00:06 kotomi xrdp[1983]: [INFO ]   client supports 56 bit encryption
Apr 22 21:00:06 kotomi xrdp[1983]: [INFO ]   client supports fips encryption
Apr 22 21:00:06 kotomi xrdp[1983]: [INFO ] adding channel item name rdpdr chan_id 1004 flags 0x80800000
Apr 22 21:00:06 kotomi xrdp[1983]: [INFO ] adding channel item name rdpsnd chan_id 1005 flags 0xc0000000
Apr 22 21:00:06 kotomi xrdp[1983]: [INFO ] adding channel item name cliprdr chan_id 1006 flags 0xc0a00000
Apr 22 21:00:06 kotomi xrdp[1983]: [INFO ] adding channel item name drdynvc chan_id 1007 flags 0xc0800000
Apr 22 21:00:06 kotomi xrdp[1983]: [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc006 size 8
Apr 22 21:00:06 kotomi xrdp[1983]: [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc00a size 8
Apr 22 21:00:06 kotomi xrdp[1983]: [INFO ] xrdp_load_keyboard_layout: keyboard_type [4] keyboard_subtype [0]
Apr 22 21:00:06 kotomi xrdp[1983]: [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
Apr 22 21:00:06 kotomi xrdp[1983]: [INFO ] TLS connection established from 192.168.0.100 port 58650: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
Apr 22 21:00:06 kotomi xrdp[1983]: [WARN ] libxrdp_force_read: header read error
Apr 22 21:00:06 kotomi xrdp[1983]: [ERROR] libxrdp_process_data: libxrdp_force_read failed
Apr 22 21:00:06 kotomi xrdp[1983]: [ERROR]   out xrdp_mcs_disconnect error - 2

Apr 22 21:00:21 kotomi xrdp[1981]: [INFO ] Socket 12: AF_INET connection received from 192.168.0.100 port 58657
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ] connected client computer name: Ryoko
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ]   client and server support none crypt, using none crypt
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ] adding channel item name rdpdr chan_id 1004 flags 0xc0800000
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ] adding channel item name rdpsnd chan_id 1005 flags 0xc0000000
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ] adding channel item name cliprdr chan_id 1006 flags 0xc0a00000
Apr 22 21:00:21 kotomi xrdp[1986]: [ERROR] error unknown xrdp_sec_process_mcs_data tag 0xc006 size 8
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ] xrdp_load_keyboard_layout: keyboard_type [4] keyboard_subtype [0]
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ] xrdp_load_keyboard_layout: model [] variant [] layout [us] options []
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ] TLS connection established from 192.168.0.100 port 58657: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ] xrdp_caps_process_pointer: client supports new(color) cursor
Apr 22 21:00:21 kotomi xrdp[1986]: [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
Apr 22 21:00:21 kotomi xrdp[1986]: [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
Apr 22 21:00:21 kotomi xrdp[1986]: [ERROR] libxrdp_query_channel - Channel 0 name rdpdr
Apr 22 21:00:21 kotomi xrdp[1986]: [ERROR] libxrdp_query_channel - Channel 1 name rdpsnd
Apr 22 21:00:22 kotomi xrdp[1986]: [ERROR] libxrdp_query_channel - Channel 2 name cliprdr
Apr 22 21:00:22 kotomi xrdp[1986]: [ERROR] libxrdp_query_channel - Channel out of range 3
Apr 22 21:00:30 kotomi xrdp-sesman[1978]: [INFO ] A connection received from 127.0.0.1 port 56982
Apr 22 21:00:30 kotomi xrdp[1986]: [INFO ] xrdp_wm_log_msg: sesman connect ok

/etc/xrdp/phase2_cert.pem

-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIUJlsF5JWBuQmk+0/Wfj6cor23WKwwDQYJKoZIhvcNAQEL
BQAwVjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGa290b21pMB4XDTIx
MDQyMTAxMTg0OFoXDTMxMDQxOTAxMTg0OFowVjELMAkGA1UEBhMCVVMxEzARBgNV
BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
ZDEPMA0GA1UEAwwGa290b21pMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqfbWlJSWLIhxFPK5SA6o4YL4ZFwy7TZw6aJhoNlfjyQhj0CH7uCoS2sQNf4O
XeXJewc6q/9YJJT1L038LRK/BbgBfgGpYGykXs0Qrpl4YjOsW0Ry2mGzyc3Dzvwf
oVbaa12tIO52xZkDWpYuwaICpQbVQVm2eC+Asqh7wrTK2KhFbVWtgdjMrtYETM89
wCCreEeNdositoVD0eXLPYOgnQNg0mhX8SCOT9ITRcSdm4IEm5h9kCzzWulH6IE1
MLNu48Vbp87ZRNI+fDnaIlbYZwq2wmfuXvpr/AHZRBDlieeaxOcaVi4EOAhLjZdi
L5jWzkpnOikfrN0xYyFz8OeE5wIDAQABo1MwUTAdBgNVHQ4EFgQUS4oriPdKvtTy
J4vF/8oWVjo6ChcwHwYDVR0jBBgwFoAUS4oriPdKvtTyJ4vF/8oWVjo6ChcwDwYD
VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAKHrFg985djABepiiAzq2
2ZU2lAnAIQNrebdV2+pxUm10JvDMSZe8da6jcvZVsbt2blqp5LtIMOXXlsPnursi
yBw1a1Q+POF06McJUOeFJTEMw/1pJ4owB5H/AGWxkgZddNTuHQTYmKVQ6SMnfp7z
Wxx714BkeUojUtyFkP8nivg4pnPv5HvVRLw8kfOnXNn8mojfmQPn3b9cIxUhRbmH
lWPN0ptroP8Iz+bGibcmMrrC308VUKLyZE8KtR+759siz4vRcalJ9EKDbwdFxKlv
YcVswzCvi5iYP09cuow7gKqtohpWKvXj5xGF8uzQ9RQW1dFH9tRis8QMp7i85xay
Pg==
-----END CERTIFICATE-----

/etc/xrdp/phase2_key.pem

-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCp9taUlJYsiHEU
8rlIDqjhgvhkXDLtNnDpomGg2V+PJCGPQIfu4KhLaxA1/g5d5cl7Bzqr/1gklPUv
TfwtEr8FuAF+AalgbKRezRCumXhiM6xbRHLaYbPJzcPO/B+hVtprXa0g7nbFmQNa
li7BogKlBtVBWbZ4L4CyqHvCtMrYqEVtVa2B2Myu1gRMzz3AIKt4R412iyK2hUPR
5cs9g6CdA2DSaFfxII5P0hNFxJ2bggSbmH2QLPNa6UfogTUws27jxVunztlE0j58
OdoiVthnCrbCZ+5e+mv8AdlEEOWJ55rE5xpWLgQ4CEuNl2IvmNbOSmc6KR+s3TFj
IXPw54TnAgMBAAECggEBAJEtKW6yWG/jf4vgJAj7lJ9Dir3Wzx01sk6uB+wnoGsY
9p1xBmsxdC8vXSJxRn5H58hxjVka+4QLxD5Kw4sQhx/wYz3pV27ofaIIUSaCKoTf
FGrE1cHZUIOggY+MZcwe7uRkmJwXdFYl8+pte7SjmNSzOHbglW6lTK3OIiBW4ykZ
dZM+9G3K/sN0Plq7CiDslMQ927Sa9FfQE7+qIgohNBoxUaXvzz8BZibdyWtSyp2K
Toc1H84zPe8KHIQkYgwz8SXkA+IjOALm3cKzE6/FvUET5FjCSqfAEcpYEy5kMvzF
ACu6hgn80uIhMosnoO8woqQ0cfXF0vfHPTzLG/dJPeECgYEA2+27z4jEBLQ3Yd0p
KX8HmXYbexD/DyZGfXZt7GobgRM8ljZljyTiZ7c2dN6ozS4MUMHp/3LT6p8ZxSDI
uJWYleIU3OWhmzEdJOXlSHeoFkbHRHdJCm/3QMYyya+JVAEJTPeiTLEPwaF40Oyr
zRDGWW5mKj87bAT2XSLPSvfECnECgYEAxdc4VSLzcL6E9jYvdikvsMZuKcW/1w6o
oHclPC0abv6nrlr5XztzFGFM8hc+B9yYvwisGKPBv9T1Rfl3v5q1AboEtL+S+wQP
BfFnvhBBOhETTGgTLA1K3AdliH3yFZybKnY5liEXmP5Jw1ABv4TS1owKUD3EGLSz
cfg8ynVOwNcCgYBmwthEimT8xbAy/AGlsAM/A16nzDNBQuMg8FtAYfvj/bcLgPNH
RTa8u3CofvlklaWPfmv1vhOixyBlaYIgLVYUgoS5ClrOhs5VVU4i5DYX4o5tQUdR
pytiirlkX67NH4bW/cZKC1mPYgFvrYZA1Ru44cq+5ri/KjprHj65ireBIQKBgQDC
GCvEGs4Kxl9bzj0yB6YqIALkKIXVTyRQiZOWPgm4601G2SneLEzyqaL7v6GzxNB2
WuO8KKxkr2ESjXTWHcmHMCB905U3fvveMMA+z2OuvCHazCBDD6dpxjfueOGQIlx4
hBRrHXwxNQjY/R057+2JX0qe/nnsYxvJrGi3l+7zcQKBgQC9vFuDAFwy1qaVaSQX
xz4WUdozau55WWNHWx7qyWGLyj/2VyaPrkmJVzdXej8LI/Y1nFO3MQI3EQ/Y3FoA
YAzESwMUcrHcKmxIWj1LtjMcAbZV0vlxLrS3TC1bFtNeFo8D9Bkdm0U+GXmJJz/2
sFTQ8qfLvIt6+Fy/z+72xJyZ9w==
-----END PRIVATE KEY-----

I don't see how to get a version # for RDC/mstsc, but my version of Windows is now 20H2 (OS build 19042.928), if that means anything. I did have a Windows Cumulative Update in the past week, so the problem may be present in a (slightly) older build as well.

[matt335672]

I've just loaded your cert and key above, with the following settings in xrdp.ini on Ubuntu 20.04 running an xrdp 0.9.15 build. They look much the same as yours except the tls_ciphers is uncommented in mine.

; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate

; minimum security level allowed for client for classic RDP encryption
; use tls_ciphers to configure TLS encryption
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high

; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
certificate=/etc/xrdp/cert_1857.pem
key_file=/etc/xrdp/key_1857.pem
#certificate=
#key_file=

; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
ssl_protocols=TLSv1.2, TLSv1.3
; set TLS cipher suites
# (Normally commented out)
tls_ciphers=HIGH

Connecting with IP address works as expected, so there's nothing wrong with your cert.

Winver reports what you've got above. If I right-click on c:\windows\system32\mstsc.exe and look at the details tab, I've got a version of 10.0.19041.746.

I don't have an Arch VM to hand, but I've just updated a Manjaro one, and that supports connecting via IP with no problems.

There's one weird thing in your freerdp log which I don't understand:-

[13:25:06:385] [14680:00003fe8] [INFO][com.freerdp.core] - ERRINFO_LOGOFF_BY_USER (0x0000000C):The disconnection was initiated by the user logging off their session on the server.

This can be sent from the server to the client when the user logs off. However, we don't actually support this message in xrdp - the code to send this PDU is commented out at the moment. So I don't understand where this can have come from.

In brief, I'm out of ideas at the moment as I seem unable to reproduce this.

[StrykeSlammerII]

I tried with tls_ciphers uncommented, no change. I also confirmed I have the same version of mstsc.exe. Ah well.

Thanks for going through all this with me. As everything seems to match and you are unable to duplicate, my next step is to check the MS self-diag logs. Then I will take this to them and see if they have any suggestions why the TLS connection would die.

If I get really bored, I may check whether the Arch AUR repo has that error message un-commented out somehow 😁 It claims to be xrdp version 0.9.15, but maybe it's on the wrong branch or had some tweaks afterwards, or something?

I will close this for now, until/unless I am able to locate the cause in this repo.