With ssh-only access, how do you configure headless gnome-remote-desktop?

NullVoxPopuli · November 11, 2024, 1:05am

oh interesting, how do you now which is active? or are they both always active? oh it is as simple as using or not using --system!

What I want in the system variant because I want to start a session, and then have it remain active when I disconnect (and then resume when I reconnect)

Current status, which I think is what I want:

# user mode (not what I want, and correctly disabled)
❯ sudo grdctl  status
[20:09:30:740] [38020:00009484] [ERROR][com.freerdp.crypto] - [x509_utils_from_pem]: BIO_new failed for certificate
RDP server certificate is invalid.
Failed to lookup legacy VNC password schema: Cannot autolaunch D-Bus without X11 $DISPLAY
RDP:
	Status: disabled
	Port: 3389
	TLS certificate: 
	TLS fingerprint: (null)
	TLS key: 
	View-only: yes
	Negotiate port: yes
Failed to read credentials: Cannot autolaunch D-Bus without X11 $DISPLAY.

and then system, which is enabled, has the cert, etc.

❯ sudo grdctl --system  status
Init TPM credentials failed because No TPM device found, using GKeyFile as fallback.
Overall:
	Unit status: active
RDP:
	Status: enabled
	Port: 3389
	TLS certificate: /var/lib/gnome-remote-desktop/rdp-tls.crt
	TLS fingerprint: f1:db:60:79:75:40:97:84:63:ef:5f:bc:43:6b:b9:5d:81:f8:df:bc:24:d6:e9:92:6c:b1:8d:1b:25:91:fa:b4
	TLS key: /var/lib/gnome-remote-desktop/rdp-tls.key
	Username: (hidden)
	Password: (hidden)

(however, I still cannot connect from an rdp client)

❯ systemctl --system status gnome-remote-desktop.service
Warning: The unit file, source configuration file or drop-ins of gnome-remote-desktop.service ch>
● gnome-remote-desktop.service - GNOME Remote Desktop
     Loaded: loaded (/usr/lib/systemd/system/gnome-remote-desktop.service; enabled; preset: enab>
     Active: active (running) since Sun 2024-11-10 20:08:15 EST; 4min 24s ago
 Invocation: 267ea8b02fba430f8eece4b1275b1b84
   Main PID: 37393 (gnome-remote-de)
      Tasks: 4 (limit: 8634)
     Memory: 3.1M (peak: 4M)
        CPU: 29ms
     CGroup: /system.slice/gnome-remote-desktop.service
             └─37393 /usr/libexec/gnome-remote-desktop-daemon --system

Nov 10 20:08:15 Calypso systemd[1]: Starting gnome-remote-desktop.service - GNOME Remote Desktop>
Nov 10 20:08:15 Calypso gnome-remote-de[37393]: Init TPM credentials failed because No TPM devic>
Nov 10 20:08:15 Calypso systemd[1]: Started gnome-remote-desktop.service - GNOME Remote Desktop.
Nov 10 20:08:15 Calypso gnome-remote-de[37393]: RDP server started

vgaetera · November 11, 2024, 1:52am

Verify the following using the diagnostic commands given above:

ss and systemctl status should return the same PID.
grdctl and the client app should show the same fingerprint.

Also check the credentials like this:

sudo -u gnome-remote-desktop cat \
~gnome-remote-desktop/.local/share/\
gnome-remote-desktop/credentials.ini

If everything is correct, but the problem persists:

Start monitoring the server side log and try connecting the client:

journalctl -f -u gnome-remote-desktop.service

Capture the relevant traffic on the server:

sudo tcpdump -nni any tcp port 3389

Try using a different client app.

NullVoxPopuli · November 11, 2024, 2:09am

Also check the credentials like this:

Looks good.

Start monitoring the server side log and try connecting the client:

Ah, these logs are good stuff.

They reveal that I do have a problem:

Nov 10 21:07:21 Calypso gnome-remote-desktop-daemon[37393]: [21:07:21:767] [37393:0000fdd5] [ERROR][com.winpr.sspi.NTLM] - [ntlm_read_AuthenticateMessage]: Message Integrity Check (MIC) verification failed!
Nov 10 21:07:21 Calypso gnome-remote-desktop-daemon[37393]: [21:07:21:767] [37393:0000fdd5] [WARN][com.winpr.sspi] - [winpr_AcceptSecurityContext]: AcceptSecurityContext status SEC_E_MESSAGE_ALTERED [0x8009030F]
Nov 10 21:07:21 Calypso gnome-remote-desktop-daemon[37393]: [21:07:21:767] [37393:0000fdd5] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: AcceptSecurityContext failed with SEC_E_MESSAGE_ALTERED [0x8009030F]
Nov 10 21:07:21 Calypso gnome-remote-desktop-daemon[37393]: [21:07:21:767] [37393:0000fdd5] [ERROR][com.freerdp.core.transport] - [transport_accept_nla]: client authentication failure
Nov 10 21:07:21 Calypso gnome-remote-desktop-daemon[37393]: [21:07:21:767] [37393:0000fdd5] [ERROR][com.freerdp.core.peer] - [peer_recv_callback_internal]: CONNECTION_STATE_NEGO - rdp_server_accept_nego() fail
Nov 10 21:07:21 Calypso gnome-remote-desktop-daemon[37393]: [21:07:21:767] [37393:0000fdd5] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1]
Nov 10 21:07:21 Calypso gnome-remote-de[37393]: [RDP] Network or intentional disconnect, stopping session

So, Message Integrity Check verification failed. That’s the first thing.

vgaetera · November 11, 2024, 2:24am

This looks like a similar issue:

NullVoxPopuli · November 11, 2024, 2:50am

maybe. they’re pointing at a client issue…which I’d hope Remina and Gnome Connections wouldn’t have such an issue

Sid · November 11, 2024, 6:23am

You can try with Gnome Connections and see how it goes.

NullVoxPopuli · November 11, 2024, 5:25pm

omg it worked. thank you!!

I thought I’d already tried Gnome Connenctions…

OK, so my troubleshooting at the top / OP is a little over the place – but I hope this through serves as an aggregate of stuff to look at for future headless RDP folks <3

prahal · November 22, 2024, 6:02am

I am able to use remmina, but I had an issue likely with openssl3 upgrade losing legacy ciphers #1079091 - gnome-remote-desktop: I cannot login to grd 46.4-1 RDP share desktop - Debian Bug report logs
It would be interesting to know if these legacy ciphers are only required when using remmina and no Gnome Connexion

Could be another issue alos because I don’t szee this initial line in your logs when connecting with remmina
août 20 03:46:59 hermes gnome-remote-desktop-daemon[483181]: [03:46:59:209] [483181:00075f6d] [ERROR][com.winpr.crypto.hash] - [winpr_Digest_Init_Internal]: Failed to initialize digest md4

josewdf · December 19, 2024, 1:24pm

I do not know if this could help you guys. I came to this post because i had “the same issue as you do”. I have found my answer to this problem.

I have your version of software:
When i have tried to setup this i was confused and i have enabled and configured the Desktop sharing option

image635×720 81.7 KB

josewdf · December 19, 2024, 1:24pm

After a few days without answer about how to make the problem work i have disabled the Desktop sharing because it was a loop of troubles (the same you have here)
My answer was enable the Remote Login option instead, i have configured a username and password and it works like a charm now.

image635×720 81.7 KB
Now my grdctl status shows the service as disabled:

image1389×304 12.7 KB

josewdf · December 19, 2024, 1:25pm

But there is a different RDP service runnnig:

image1275×50 4.14 KB

Conclusion:
For those like me that were trying to use “Desktop Sharing” … STOP, just use “Remote Login” and it will be fine.

system · February 2, 2025, 1:26pm

This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.