FS#62897 - [freerdp] 2.0.0_rc4-5 problem with multiple connection

Attached to Project: Community Packages
Opened by Nyirő Viktor (shyciii) - Friday, 14 June 2019, 13:52 GMT
Last edited by David Runge (dvzrv) - Wednesday, 31 July 2019, 20:15 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Sergej Pupykin (sergej)
David Runge (dvzrv)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 18
Private No

Details

Description:

Remmina uses freerdp to multiple connect server with remote desktop connection. Only 1st connection is successful, then the second one get error message Unable to connect.
The problem is the freerdp 2.0.0_rc4-5. When downgrade freerdp 2.0.0_rc4-4, make multiple connection works flawlessly.
Alternative solution: In remmina, doesnt use auth method Negotiate (only RDP, TLS). Negotiate doesnt work with freerdp 2.0.0_rc4-5.
I send this problem to the Remmina bug tracker, and get this link. This show problem with compiled with "-DWITH_GSSAPI=ON" switch.
https://github.com/FreeRDP/FreeRDP/issues/4348

Additional info:
* package version(s):
Wrong: freerdp 2.0.0_rc4-5
Good: freerdp 2.0.0_rc4-4

* config and/or log files etc.
Remmina log: attached debug.log

* link to upstream bug report, if any

Steps to reproduce:
1. Open Remmina
2. Connect first server (RDP)
3. Connect another server (RDP)
4. Get error message
This task depends upon

Closed by  David Runge (dvzrv)
Wednesday, 31 July 2019, 20:15 GMT
Reason for closing:  Fixed
Additional comments about closing:  GSSAPI removed in freerdp 2.0.0_rc4-7
Comment by Nyirő Viktor (shyciii) - Friday, 14 June 2019, 14:17 GMT
Remmina log:

(org.remmina.Remmina:3319): Gtk-WARNING **: 12:09:57.856: gtk_menu_attach_to_widget(): menu already attached to GtkMenuItem
[12:10:01:204] [3319:3324] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[12:10:01:204] [3319:3324] [INFO][com.freerdp.client.common.cmdline] - loading channelEx drdynvc
[12:10:01:506] [3319:3324] [ERROR][com.winpr.sspi.Kerberos] - error while getting credentials
[12:10:01:506] [3319:3324] [ERROR][com.winpr.sspi.Kerberos] - Kerberos credentials not found and could not be acquired
[12:10:01:506] [3319:3324] [WARN][com.winpr.negotiate] - No Kerberos credentials. Retry with NTLM
[12:10:01:506] [3319:3324] [WARN][com.winpr.sspi] - InitializeSecurityContextA status SEC_E_NO_CREDENTIALS [0x8009030E]
[12:10:01:600] [3319:3324] [INFO][com.freerdp.gdi] - Local framebuffer format PIXEL_FORMAT_BGRA32
[12:10:01:600] [3319:3324] [INFO][com.freerdp.gdi] - Remote framebuffer format PIXEL_FORMAT_BGRA32
[12:10:01:600] [3319:3324] [INFO][com.freerdp.channels.drdynvc.client] - Loading Dynamic Virtual Channel rdpgfx
[12:10:01:600] [3319:3324] [INFO][com.freerdp.channels.drdynvc.client] - Loading Dynamic Virtual Channel disp
[12:11:15:080] [3319:3340] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[12:11:15:080] [3319:3340] [INFO][com.freerdp.client.common.cmdline] - loading channelEx drdynvc
[12:11:15:220] [3319:3340] [ERROR][com.winpr.sspi] - EncryptMessage status SEC_E_INVALID_TOKEN [0x80090308]
[12:11:15:220] [3319:3340] [ERROR][com.freerdp.core.nla] - EncryptMessage status SEC_E_INVALID_TOKEN [0x80090308]
[12:11:15:220] [3319:3340] [ERROR][com.freerdp.core.rdp] - rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail
[12:11:15:220] [3319:3340] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
[12:11:15:220] [3319:3340] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[12:11:15:283] [3319:3340] [ERROR][com.winpr.sspi] - EncryptMessage status SEC_E_INVALID_TOKEN [0x80090308]
[12:11:15:283] [3319:3340] [ERROR][com.freerdp.core.nla] - EncryptMessage status SEC_E_INVALID_TOKEN [0x80090308]
[12:11:15:283] [3319:3340] [ERROR][com.freerdp.core.rdp] - rdp_recv_callback: CONNECTION_STATE_NLA - nla_recv_pdu() fail
[12:11:15:283] [3319:3340] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
[12:11:15:283] [3319:3340] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[12:11:15:283] [3319:3340] [ERROR][com.freerdp.core] - freerdp_post_connect failed
libfreerdp returned code is 0002000D
Comment by Nyirő Viktor (shyciii) - Monday, 17 June 2019, 12:32 GMT
I installed fresh freerdp 2.0.0_rc4-6, but the problem persists.
Comment by YangHan (exiahan) - Friday, 21 June 2019, 16:06 GMT
Hi there I also have this problems.
And I also report it to remmina, then I got response from the developer of remmina that maybe the freerdp should be built with option -DWITH_GSSAPI=OFF

Here is my issue url on remmina repo:
https://gitlab.com/Remmina/Remmina/issues/1922
Comment by Cédric Schieli (sdrik) - Sunday, 23 June 2019, 15:53 GMT
I can confirm that rebuilding freerdp with -DWITH_GSSAPI=OFF fixes the issue for me. It also fixes the trashing of my kerberos credential cache after each successful connection.
Comment by Hubbe (Hubbe) - Wednesday, 26 June 2019, 08:57 GMT
Can further confirm, building with -DWITH_GSSAPI=OFF rather than -DWITH_GSSAPI=ON fixes the issue.
Comment by Max Schambach (luis_schmui) - Monday, 01 July 2019, 13:53 GMT
Heaving the same issue. I can also confirm that building with -DWITH_GSSAPI=OFF fixes the issue.
Comment by Michael Shihjay Chen (shihjay2) - Tuesday, 02 July 2019, 15:37 GMT
Also confirming that building with -DWITH_GSSAPI=OFF fixes the issue.
Comment by Semyon (PocketSam) - Wednesday, 03 July 2019, 13:56 GMT
Installing AUR freerdp-git solves the problem.
Also you'll need to remove ~/.config/freerdp/licenses folder contents.
I've also removed known_hosts2 file in ~/.config/freerdp/, not sure if it's required.
Comment by Nyirő Viktor (shyciii) - Tuesday, 09 July 2019, 14:25 GMT
And how do I building with -DWITH_GSSAPI=OFF switch? Because I see it will never fix this problem.
Comment by Michael Shihjay Chen (shihjay2) - Tuesday, 09 July 2019, 19:49 GMT
Follow instructions: https://wiki.archlinux.org/index.php/Arch_Build_System and in the PKGBUILD file, change the switch before running makepkg --install
Comment by Antenore Gatta (tmow) - Sunday, 28 July 2019, 15:46 GMT
Upstream here. Please switch off that flag, few users in the whole universe need that flag, it gives more troubles than solving issues.
No other distributions switch on the kerberos support, that is off by default.
Comment by David Runge (dvzrv) - Wednesday, 31 July 2019, 20:14 GMT
@tmow: Thanks for the heads up. It's probably worth mentioning the instability of the feature in documentation.

Loading...