Bug#1040395: gnome-remote-desktop: Built-in RDP server fails incoming connections with "...(MIC) verification failed!"

Nathaniel Roach nroach44 at nroach44.id.au
Wed Jul 5 12:12:17 BST 2023 

Package: gnome-remote-desktop
Version: 43.3-1
Severity: important

Dear Maintainer,

g-r-d's built in RDP server does not work. I have simply just enabled it in gnome-settings,
and then attempted to connect. Connecting from either Remmina or Windows 10's MSTSC.exe fails.

The following messages are seen in the logs when launching freshly installed remmina and
attemping connection to "localhost". The errors are the same from a different machine,
this method was chosen to condense the logs.

Jul 05 19:01:22 hostname systemd[1506]: Started app-gnome-org.remmina.Remmina-3920.scope - Application launched by gnome-shell.
Jul 05 19:01:22 hostname remmina[3925]: Remmina does not log all output statements. Turn on more verbose output by using "G_MESSAGES_DEBUG=all" as an environment variable.
                                                More info available on the Remmina wiki at:
                                                https://gitlab.com/Remmina/Remmina/-/wikis/Usage/Remmina-debugging
Jul 05 19:01:22 hostname org.remmina.Remmina.desktop[3925]: Load modules from /usr/lib/x86_64-linux-gnu/remmina/plugins
Jul 05 19:01:22 hostname org.remmina.Remmina.desktop[3925]: Remmina plugin glibsecret (type=Secret) has been registered, but is not yet initialized/activated. The initialization order is 2000.
Jul 05 19:01:22 hostname org.remmina.Remmina.desktop[3925]: The glibsecret secret plugin has been initialized and it will be your default secret plugin
Jul 05 19:01:22 hostname remmina[3575]: gtk_menu_attach_to_widget(): menu already attached to GtkMenuItem
Jul 05 19:01:28 hostname org.gnome.Software.desktop[3575]: [19:01:28:082] [3575:3929] [WARN][com.freerdp.crypto] - Certificate verification failure 'self-signed certificate (18)' at stack position 0
Jul 05 19:01:28 hostname org.gnome.Software.desktop[3575]: [19:01:28:082] [3575:3929] [WARN][com.freerdp.crypto] - CN = GNOME, C = US
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:469] [1708:3943] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] [1708:3943] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_COMPLETE_NEEDED [0x00090313]
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] [1708:3943] [ERROR][com.winpr.sspi.NTLM] - Message Integrity Check (MIC) verification failed!
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] [1708:3943] [WARN][com.winpr.sspi] - CompleteAuthToken status SEC_E_MESSAGE_ALTERED [0x8009030F]
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] [1708:3943] [WARN][com.freerdp.core.nla] - CompleteAuthToken status SEC_E_MESSAGE_ALTERED [0x8009030F]
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] [1708:3943] [ERROR][com.freerdp.core.transport] - client authentication failure
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] [1708:3943] [ERROR][com.freerdp.core.peer] - peer_recv_callback: CONNECTION_STATE_INITIAL - rdp_server_accept_nego() fail
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] [1708:3943] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
Jul 05 19:01:33 hostname gnome-remote-de[1708]: Unable to check file descriptor, closing connection
Jul 05 19:01:42 hostname org.gnome.Software.desktop[3575]: [19:01:42:481] [3575:3929] [ERROR][com.freerdp.core.connection] - Timeout waiting for activation

This appears to be the same issue as https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/86
however those changes do appear to have made it into debian's libfreerdp-server.

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.8-nr44-x13al-r1686793823 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-remote-desktop depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  fuse3                                        3.14.0-4
ii  init-system-helpers                          1.65.2
ii  libc6                                        2.36-9
ii  libcairo2                                    1.16.0-7
ii  libepoxy0                                    1.5.10-1
ii  libfreerdp-server2-2                         2.10.0+dfsg1-1
ii  libfreerdp2-2                                2.10.0+dfsg1-1
ii  libfuse3-3                                   3.14.0-4
ii  libglib2.0-0                                 2.74.6-2
ii  libmutter-11-0                               43.4-2
ii  libnotify4                                   0.8.1-1
ii  libpipewire-0.3-0                            0.3.65-3
ii  libsecret-1-0                                0.20.5-3
ii  libtss2-esys-3.0.2-0                         3.2.1-3
ii  libtss2-mu0                                  3.2.1-3
ii  libtss2-rc0                                  3.2.1-3
ii  libtss2-tctildr0                             3.2.1-3
ii  libwinpr2-2                                  2.10.0+dfsg1-1
ii  libxkbcommon0                                1.5.0-1
ii  pipewire                                     0.3.65-3
ii  wireplumber                                  0.4.13-1

gnome-remote-desktop recommends no packages.

gnome-remote-desktop suggests no packages.

-- no debconf information

More information about the pkg-gnome-maintainers mailing list