I got provisioned a new Windows 11 laptop from my new workplace. I'm trying to use the built-in "Remote Desktop Connection" software to connect to KRDP on my KDE Neon Desktop Using latest release KRDP v6.3.3 on Up-to-date KDE-Neon, and windows laptop with latest Windows 11 updates. After entering the IP address and username into the connection window, plasma xdg-desktop-portal-kde asks me to share my screen. I click "OK". Then I am asked to enter the password. I enter the correct password, windows shows an authentication error. Here is the output from krdpserver cli: ---- org.kde.krdp: Initializing Freedesktop Portal Session org.kde.krdp: Session setup completed, start processing... [16:08:59:857] [296889:302985] [INFO][com.freerdp.core.connection] - Client Security: NLA:0 TLS:0 RDP:1 [16:08:59:857] [296889:302985] [INFO][com.freerdp.core.connection] - Server Security: NLA:1 TLS:0 RDP:0 [16:08:59:857] [296889:302985] [WARN][com.freerdp.core.connection] - server supports only NLA Security [16:08:59:857] [296889:302985] [ERROR][com.freerdp.core.connection] - Protocol security negotiation failure [16:08:59:860] [296889:302985] [ERROR][com.freerdp.core.peer] - peer_recv_callback: CONNECTION_STATE_INITIAL - rdp_server_accept_nego() fail [16:08:59:860] [296889:302985] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1 org.kde.krdp: Unable to check file descriptor org.kde.krdp: Closing session org.kde.krdp: Closing Freedesktop Portal Session org.kde.krdp: Initializing Freedesktop Portal Session org.kde.krdp: Session setup completed, start processing... [16:10:38:453] [296889:304164] [INFO][com.freerdp.core.connection] - Client Security: NLA:1 TLS:1 RDP:0 [16:10:38:453] [296889:304164] [INFO][com.freerdp.core.connection] - Server Security: NLA:1 TLS:0 RDP:0 [16:10:38:453] [296889:304164] [INFO][com.freerdp.core.connection] - Negotiated Security: NLA:1 TLS:0 RDP:0 org.kde.krdp: Started Freedesktop Portal session libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 kpipewire_vaapi_logging: VAAPI: entrypoint 6 of profile 14 is not supported by the device "/dev/dri/renderD128" kpipewire_vaapi_logging: VAAPI: entrypoint 8 of profile 14 is not supported by the device "/dev/dri/renderD128" libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 kpipewire_vaapi_logging: VAAPI: entrypoint 6 of profile 14 is not supported by the device "/dev/dri/renderD128" kpipewire_vaapi_logging: VAAPI: entrypoint 8 of profile 14 is not supported by the device "/dev/dri/renderD128" libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 [16:10:56:380] [296889:304164] [ERROR][com.winpr.sspi.NTLM] - NTLM_MESSAGE_HEADER Invalid signature, got `z+, expected NTLMSSP [16:10:56:380] [296889:304164] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308] [16:10:56:380] [296889:304164] [WARN][com.winpr.sspi] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308] [16:10:56:380] [296889:304164] [ERROR][com.freerdp.core.nla] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308] [16:10:56:380] [296889:304164] [ERROR][com.freerdp.core.transport] - client authentication failure [16:10:56:380] [296889:304164] [ERROR][com.freerdp.core.peer] - peer_recv_callback: CONNECTION_STATE_INITIAL - rdp_server_accept_nego() fail [16:10:56:380] [296889:304164] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1 org.kde.krdp: Unable to check file descriptor org.kde.krdp: Closing session org.kde.krdp: Closing Freedesktop Portal Session --- I believe the key issue is this line: "NTLM_MESSAGE_HEADER Invalid signature, got `z+, expected NTLMSSP" Whatever kind of NTLM the Windows client is using seems to be not compatible with KRDP.
Sorry, can't edit my post. I just realized the first 11 lines are from testing a different client (that does not support NLA). Disregard the first 11 lines of the log output, the report should start from line 12, (at [16:10:38]) where the windows client connects.
I'm confident this would be solved by moving to libfreerdp-server3.
KRDP master was already ported to FreeRDP3, so in that case this should resolve itself once that's released with Plasma 6.4.
Today I upgraded to the KRdp build from Neon-unstable, that is built against FreeRDP3. I'm getting a different error, but it is still not working. --- org.kde.krdp: Listening for connections on QHostAddress(QHostAddress::Any) 3389 org.kde.krdp: Initializing Freedesktop Portal Session org.kde.krdp: Session setup completed, start processing... org.kde.krdp: Started Freedesktop Portal session libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 kpipewire_vaapi_logging: VAAPI: Intel iHD driver for Intel(R) Gen Graphics - 24.1.0 () in use for device "/dev/dri/renderD128" libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 kpipewire_vaapi_logging: VAAPI: entrypoint 6 of profile 14 is not supported by the device "/dev/dri/renderD128" kpipewire_vaapi_logging: VAAPI: entrypoint 8 of profile 14 is not supported by the device "/dev/dri/renderD128" libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 kpipewire_vaapi_logging: VAAPI: entrypoint 6 of profile 14 is not supported by the device "/dev/dri/renderD128" kpipewire_vaapi_logging: VAAPI: entrypoint 8 of profile 14 is not supported by the device "/dev/dri/renderD128" libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 libva info: VA-API version 1.20.0 libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so libva info: Found init function __vaDriverInit_1_20 libva info: va_openDriver() returns 0 [20:13:19:022] [1685676:0019b8ce] [WARN][com.winpr.sspi] - [winpr_AcceptSecurityContext]: AcceptSecurityContext status SEC_E_INVALID_HANDLE [0x80090301] [20:13:19:022] [1685676:0019b8ce] [ERROR][com.freerdp.core.auth] - [credssp_auth_authenticate]: AcceptSecurityContext failed with SEC_E_INVALID_HANDLE [0x80090301] [20:13:19:022] [1685676:0019b8ce] [ERROR][com.freerdp.core.transport] - [transport_accept_nla]: client authentication failure [20:13:19:023] [1685676:0019b8ce] [ERROR][com.freerdp.core.peer] - [peer_recv_callback_internal]: CONNECTION_STATE_NEGO - rdp_server_accept_nego() fail [20:13:19:023] [1685676:0019b8ce] [ERROR][com.freerdp.core.transport] - [transport_check_fds]: transport_check_fds: transport->ReceiveCallback() - STATE_RUN_FAILED [-1] org.kde.krdp: Unable to check file descriptor org.kde.krdp: Closing session org.kde.krdp: Closing Freedesktop Portal Session --- I believe the relevant error is "AcceptSecurityContext status SEC_E_INVALID_HANDLE [0x80090301]" There is a new error displayed on the Windows side too, the message says "The token supplied to the function is invalid", which after a quick search usually indicates a password error. I don't know if this is a KRDP issue or a FreeRDP3 issue or a Windows 11 issue at this point.
Okay, this is not a bug in KRDP. I tried the latest version of gnome-remote-desktop (that is built against the same version of FreeRDP3) and it gives exactly the same error. I think I'm seeing a version of this: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/162 I don't have permission on the Windows laptop to check the configured group policies, but there must be a setting that is preventing a connection to a non-whitelisted RDP endpoint. Weirdly, it seems like Windows implements this by still sending the connection, but without any security context attached, so FreeRDP errors at this line: https://github.com/FreeRDP/FreeRDP/blob/acf830946cb8358f03ac9bdaad61da4397fb58fc/winpr/libwinpr/sspi/NTLM/ntlm.c#L495 The next thing I can try is to borrow a different (non-organisation) Windows laptop from a friend and see if that can connect to KRDP.