gnome-remote-desktop: Couldn't retrieve RDP username: Credentials not set - AND MORE

Question

After installing a fresh copy of Ubuntu 22.04 I attempted to enable Remote Desktop:

I then went to another workstation (tried both Windows and macOS with the Microsoft RDC and with Jump Desktop) and tried to connect. When it failed without any significant details I jumped into /var/log/syslog on Ubuntu and found the following:

Jul 21 02:04:16 HOSTNAME gnome-remote-de[3006]: Couldn't retrieve RDP username: Credentials not set
Jul 21 02:04:55 HOSTNAME gnome-remote-de[3006]: message repeated 6 times: [ Couldn't retrieve RDP username: Credentials not set]

I then opened the system Settings → Sharing → Remote Desktop and was confronted with they keychain login prompt. After authenticating I attempted to again connect via RDP with the previous RDCs.

As I watched syslog, I observed the following results: Jump Desktop:

gnome-remote-desktop-daemon[3006]: [02:28:37:827] [3006:4409] [ERROR][com.winpr.sspi.NTLM] - NTLM_NEGOTIATE_MESSAGE::NegotiateFlags invalid flags 0x08e0080231, 0x00000205 required
gnome-remote-desktop-daemon[3006]: [02:28:37:827] [3006:4409] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308]
gnome-remote-desktop-daemon[3006]: [02:28:37:827] [3006:4409] [WARN][com.winpr.sspi] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308]
gnome-remote-desktop-daemon[3006]: [02:28:37:827] [3006:4409] [ERROR][com.freerdp.core.nla] - AcceptSecurityContext status SEC_E_INVALID_TOKEN [0x80090308]
gnome-remote-desktop-daemon[3006]: [02:28:37:827] [3006:4409] [ERROR][com.freerdp.core.transport] - client authentication failure
gnome-remote-desktop-daemon[3006]: [02:28:37:827] [3006:4409] [ERROR][com.freerdp.core.peer] - peer_recv_callback: CONNECTION_STATE_INITIAL - rdp_server_accept_nego() fail
gnome-remote-desktop-daemon[3006]: [02:28:37:827] [3006:4409] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
gnome-remote-de[3006]: Unable to check file descriptor, closing connection

Microsoft Remote Desktop:

gnome-remote-desktop-daemon[3006]: [02:29:09:352] [3006:4421] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 0: Success
gnome-remote-desktop-daemon[3006]: [02:29:09:352] [3006:4421] [ERROR][com.freerdp.core] - transport_read_layer:freerdp_set_last_error_ex ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
gnome-remote-de[3006]: Unable to check file descriptor, closing connection
gnome-remote-desktop-daemon[3006]: [02:29:20:233] [3006:4415] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_CONTINUE_NEEDED [0x00090312]
gnome-remote-desktop-daemon[3006]: [02:29:20:234] [3006:4415] [WARN][com.winpr.negotiate] - AcceptSecurityContext status SEC_I_COMPLETE_NEEDED [0x00090313]
gnome-remote-desktop-daemon[3006]: [02:29:20:234] [3006:4415] [ERROR][com.winpr.sspi.NTLM] - Message Integrity Check (MIC) verification failed!
gnome-remote-desktop-daemon[3006]: [02:29:20:234] [3006:4415] [WARN][com.winpr.sspi] - CompleteAuthToken status SEC_E_MESSAGE_ALTERED [0x8009030F]
gnome-remote-desktop-daemon[3006]: [02:29:20:234] [3006:4415] [WARN][com.freerdp.core.nla] - CompleteAuthToken status SEC_E_MESSAGE_ALTERED [0x8009030F]
gnome-remote-desktop-daemon[3006]: [02:29:20:234] [3006:4415] [ERROR][com.freerdp.core.transport] - client authentication failure
gnome-remote-desktop-daemon[3006]: [02:29:20:234] [3006:4415] [ERROR][com.freerdp.core.peer] - peer_recv_callback: CONNECTION_STATE_INITIAL - rdp_server_accept_nego() fail
gnome-remote-desktop-daemon[3006]: [02:29:20:234] [3006:4415] [ERROR][com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -1
gnome-remote-de[3006]: Unable to check file descriptor, closing connection
gnome-remote-desktop-daemon[3006]: [02:29:25:263] [3006:4433] [ERROR][com.freerdp.core.transport] - BIO_read returned a system error 0: Success

This is using the "User Name" and "Password" generated in the above screenshot.

Aside from what seems to be an obvious bug in the beginning wherein it's necessary to authenticate before FreeRDP even tries to connect, clearly there are other issues at play beyond that.

Anyone aware of what may be going on and failing here?

Answer 1

The authentication handling for g-r-d happens in FreeRDP, as the NLA handling is implemented there.
NLA has two possible providers NTLM and Kerberos. Only the former one is implemented in FreeRDP 2.x.

NTLM uses NTLM hashes under the hood and in FreeRDP 2.x there was an error during the creation of the hash, that a wrong hash was calculated, when the password contained non-ASCII characters.
This was fixed in https://github.com/FreeRDP/FreeRDP/commit/a23a24fe068c37d20c254fe393d4fe5d4c6ab31d (it's actually hard to find those errors upstream, when reporters don't provide reproduction steps, so that issue was discovered by coincidence (see https://github.com/FreeRDP/FreeRDP/issues/8599 for more details)).
That commit is part of the FreeRDP 2.10.0 release.

Could you try building FreeRDP from the upstream stable-2.0 branch or alternatively against the 2.10.0 tag and then try connecting again?

The FreeRDP 2.10.0 update won't be included in Ubuntu 22.04, as the Ubuntu SRU team refuses to include FreeRDP stable updates (this was the Ubuntu Desktop Team asked multiple times also on older updates such as the 2.7.0 and the 2.8.0 update).

Answer 2

Not sure if your problem is related to mine: my Remmina client (on Ubuntu 22.04) would crash immediately upon connecting to "Screen Sharing" (on Ubuntu 22.04), where RDP is now the default screen sharing protocol.

This happened only after a valid password was provided.

My fix: change both client and screen-share host's "display server" from Wayland to Xorg... see this:

How to switch from the Wayland display server to Xorg X11 on Ubuntu 22.04

Bonus: this also fixed my broken drag-and-drop problems which I experienced when trying to drag a file out of a zip file with the Archive Manager.