Bug#1040395: gnome-remote-desktop: Built-in RDP server fails incoming connections with "...(MIC) verification failed!"

[Timo Lindfors]

Hi,


g-r-d's built in RDP server does not work


I got the same error message when I used the wrong password by accident. 
When I started using the correct password I was able to use RDP again. 
This is with vanilla Debian 12 and gnome.


I would try with an alphanumeric password and verify that it matches the 
output of


secret-tool lookup xdg:schema org.gnome.RemoteDesktop.RdpCredentials


-Timo

Bug#1040395: gnome-remote-desktop: Built-in RDP server fails incoming connections with "...(MIC) verification failed!"

[Nathaniel Roach]

Package: gnome-remote-desktop
Version: 43.3-1
Severity: important

Dear Maintainer,

g-r-d's built in RDP server does not work. I have simply just enabled it in 
gnome-settings,
and then attempted to connect. Connecting from either Remmina or Windows 10's 
MSTSC.exe fails.

The following messages are seen in the logs when launching freshly installed 
remmina and
attemping connection to "localhost". The errors are the same from a different 
machine,
this method was chosen to condense the logs.

Jul 05 19:01:22 hostname systemd[1506]: Started 
app-gnome-org.remmina.Remmina-3920.scope - Application launched by gnome-shell.
Jul 05 19:01:22 hostname remmina[3925]: Remmina does not log all output 
statements. Turn on more verbose output by using "G_MESSAGES_DEBUG=all" as an 
environment variable.
More info available on the 
Remmina wiki at:

https://gitlab.com/Remmina/Remmina/-/wikis/Usage/Remmina-debugging
Jul 05 19:01:22 hostname org.remmina.Remmina.desktop[3925]: Load modules from 
/usr/lib/x86_64-linux-gnu/remmina/plugins
Jul 05 19:01:22 hostname org.remmina.Remmina.desktop[3925]: Remmina plugin 
glibsecret (type=Secret) has been registered, but is not yet 
initialized/activated. The initialization order is 2000.
Jul 05 19:01:22 hostname org.remmina.Remmina.desktop[3925]: The glibsecret 
secret plugin has been initialized and it will be your default secret plugin
Jul 05 19:01:22 hostname remmina[3575]: gtk_menu_attach_to_widget(): menu 
already attached to GtkMenuItem
Jul 05 19:01:28 hostname org.gnome.Software.desktop[3575]: [19:01:28:082] 
[3575:3929] [WARN][com.freerdp.crypto] - Certificate verification failure 
'self-signed certificate (18)' at stack position 0
Jul 05 19:01:28 hostname org.gnome.Software.desktop[3575]: [19:01:28:082] 
[3575:3929] [WARN][com.freerdp.crypto] - CN = GNOME, C = US
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:469] 
[1708:3943] [WARN][com.winpr.negotiate] - AcceptSecurityContext status 
SEC_I_CONTINUE_NEEDED [0x00090312]
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] 
[1708:3943] [WARN][com.winpr.negotiate] - AcceptSecurityContext status 
SEC_I_COMPLETE_NEEDED [0x00090313]
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] 
[1708:3943] [ERROR][com.winpr.sspi.NTLM] - Message Integrity Check (MIC) 
verification failed!
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] 
[1708:3943] [WARN][com.winpr.sspi] - CompleteAuthToken status 
SEC_E_MESSAGE_ALTERED [0x8009030F]
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] 
[1708:3943] [WARN][com.freerdp.core.nla] - CompleteAuthToken status 
SEC_E_MESSAGE_ALTERED [0x8009030F]
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] 
[1708:3943] [ERROR][com.freerdp.core.transport] - client authentication failure
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] 
[1708:3943] [ERROR][com.freerdp.core.peer] - peer_recv_callback: 
CONNECTION_STATE_INITIAL - rdp_server_accept_nego() fail
Jul 05 19:01:33 hostname gnome-remote-desktop-daemon[1708]: [19:01:33:570] 
[1708:3943] [ERROR][com.freerdp.core.transport] - transport_check_fds: 
transport->ReceiveCallback() - -1
Jul 05 19:01:33 hostname gnome-remote-de[1708]: Unable to check file 
descriptor, closing connection
Jul 05 19:01:42 hostname org.gnome.Software.desktop[3575]: [19:01:42:481] 
[3575:3929] [ERROR][com.freerdp.core.connection] - Timeout waiting for 
activation

This appears to be the same issue as 
https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/86
however those changes do appear to have made it into debian's libfreerdp-server.

-- System Information:
Debian Release: 12.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.3.8-nr44-x13al-r1686793823 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-remote-desktop depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.40.0-4
ii  fuse33.14.0-4
ii  init-system-helpers  1.65.2
ii  libc62.36-9
ii  libcairo21.16.0-7
ii  libepoxy01.5.10-1
ii  libfreerdp-server2-2 2.10.0+dfsg1-1
ii  libfreerdp2-22.10.0+dfsg1-1
ii  libfuse3-3   3.14.0-4
ii  libglib2.0-0 2.74.6-2
ii  libmutter-11-0   43.4-2
ii