xrdp fails out of nowhere.

[deWasbeer]

Hello everyone,

Something really weird happened. Yesterday morning i could easily connect to my sever over RDP. However when I tried yesturday night i got an permission denied error. The only difference between yesturday mornig and evening was that i turned off the server for two hours and rearranged my serverrack, so some disconenction of the cables and reconnecting them. Also, two weeks ago i did a complete refresh of my ssh keys, and also have a dedicated ssh key for my rdp access.

I've traced the error to the following:

apr 06 01:48:34 warp xrdp[118012]: [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
apr 06 01:48:44 warp xrdp[129157]: [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
apr 06 01:57:35 warp xrdp[129157]: [ERROR] xrdp_iso_send: trans_write_copy_s failed

I've found the following solution from [URL="https://c-nergy.be/blog/?p=13708"]here[/URL].

sudo adduser xrdp ssl-cert

It however does not work. Still the same error, even after rebooting and restarting systemctl xrdp.

I of course now as a moron can change permissions but I'm afraid that could cause security issues.

The permissions and group are root, which should be normal.

/etc/xrdp$ ls -l
total 348
lrwxrwxrwx 1 root root    36 dec 22  2020 cert.pem -> /etc/ssl/certs/ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root    38 dec 22  2020 key.pem -> /etc/ssl/private/ssl-cert-snakeoil.key

and

/etc/ssl/private# ls -l
total 4
-rw-r----- 1 root ssl-cert 1704 dec 22  2020 ssl-cert-snakeoil.key

also i beleive xrdp runs under my username and since i can do sudo commands my username should also be part of the sudo. i also never made any changes here anyway.

ps -ef | grep Xvnc
USERNAME    432174  424158  0 15:54 pts/0    00:00:00 grep --color=auto Xvnc

groups USERNAME
USERNAME : USERNAME adm disk cdrom sudo dip video plugdev input kvm lpadmin lxd sambashare media docker nordvpn microk8s mircok8s libvirt libvirt-qemu

and finally my xrdp.ini file:

sudo cat /etc/xrdp/xrdp.ini

[Globals]
; xrdp.ini file version number
ini_version=1

; fork a new process for each incoming connection
fork=true

; ports to listen on, number alone means listen on all interfaces
; 0.0.0.0 or :: if ipv6 is configured
; space between multiple occurrences
; ALL specified interfaces must be UP when xrdp starts, otherwise xrdp will fail to start
;
; Examples:
;   port=3389
;   port=unix://./tmp/xrdp.socket
;   port=tcp://.:3389                           127.0.0.1:3389
;   port=tcp://:3389                            *:3389
;   port=tcp://<any ipv4 format addr>:3389      192.168.1.1:3389
;   port=tcp6://.:3389                          ::1:3389
;   port=tcp6://:3389                           *:3389
;   port=tcp6://{<any ipv6 format addr>}:3389   {FC00:0:0:0:0:0:0:1}:3389
;   port=vsock://<cid>:<port>
port=3389

; 'port' above should be connected to with vsock instead of tcp
; use this only with number alone in port above
; prefer use vsock://<cid>:<port> above
use_vsock=false

; regulate if the listening socket use socket option tcp_nodelay
; no buffering will be performed in the TCP stack
tcp_nodelay=true

; regulate if the listening socket use socket option keepalive
; if the network connection disappear without close messages the connection will be closed
tcp_keepalive=true

; set tcp send/recv buffer (for experts)
#tcp_send_buffer_bytes=32768
#tcp_recv_buffer_bytes=32768

; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate

; minimum security level allowed for client for classic RDP encryption
; use tls_ciphers to configure TLS encryption
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high

; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
; note this needs the user xrdp to be a member of the ssl-cert group, do with e.g.
;$ sudo adduser xrdp ssl-cert
certificate=
key_file=

; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
ssl_protocols=TLSv1.2, TLSv1.3
; set TLS cipher suites
#tls_ciphers=HIGH

; concats the domain name to the user if set for authentication with the separator
; for example when the server is multi homed with SSSd
#domain_user_separator=@

; The following options will override the keyboard layout settings.
; These options are for DEBUG and are not recommended for regular use.
#xrdp.override_keyboard_type=0x04
#xrdp.override_keyboard_subtype=0x01
#xrdp.override_keylayout=0x00000409

; Section name to use for automatic login if the client sends username
; and password. If empty, the domain name sent by the client is used.
; If empty and no domain name is given, the first suitable section in
; this file will be used.
autorun=

allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
#hidelogwindow=true
max_bpp=32
new_cursors=true
; fastpath - can be 'input', 'output', 'both', 'none'
use_fastpath=both
; when true, userid/password *must* be passed on cmd line
#require_credentials=true
; when true, the userid will be used to try to authenticate
#enable_token_login=true
; You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url

;
; colors used by windows in RGB format
;
blue=009cb5
grey=dedede
#black=000000
#dark_grey=808080
#blue=08246b
#dark_blue=08246b
#white=ffffff
#red=ff0000
#green=00ff00
#background=626c72

;
; configure login screen
;

; Login Screen Window Title
#ls_title=My Login Title

; top level window background color in RGB format
ls_top_window_bg_color=009cb5

; width and height of login screen
;
; The default height allows for about 5 fields to be comfortably displayed
; above the buttons at the bottom. To display more fields, make <ls_height>
; larger, and also increase <ls_btn_ok_y_pos> and <ls_btn_cancel_y_pos>
; below
;
ls_width=350
ls_height=430

; login screen background color in RGB format
ls_bg_color=dedede

; optional background image filename (bmp format).
#ls_background_image=

; logo
; full path to bmp-file or file in shared folder
ls_logo_filename=
ls_logo_x_pos=55
ls_logo_y_pos=50

; for positioning labels such as username, password etc
ls_label_x_pos=30
ls_label_width=65

; for positioning text and combo boxes next to above labels
ls_input_x_pos=110
ls_input_width=210

; y pos for first label and combo box
ls_input_y_pos=220

; OK button
ls_btn_ok_x_pos=142
ls_btn_ok_y_pos=370
ls_btn_ok_width=85
ls_btn_ok_height=30

; Cancel button
ls_btn_cancel_x_pos=237
ls_btn_cancel_y_pos=370
ls_btn_cancel_width=85
ls_btn_cancel_height=30

[Logging]
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
LogFile=xrdp.log
LogLevel=INFO
EnableSyslog=true
#SyslogLevel=INFO
#EnableConsole=false
#ConsoleLevel=INFO
#EnableProcessId=false

[LoggingPerLogger]
; Note: per logger configuration is only used if xrdp is built with
; --enable-devel-logging
#xrdp.c=INFO
#main()=INFO

[Channels]
; Channel names not listed here will be blocked by XRDP.
; You can block any channel by setting its value to false.
; IMPORTANT! All channels are not supported in all use
; cases even if you set all values to true.
; You can override these settings on each session type
; These settings are only used if allow_channels=true
rdpdr=true
rdpsnd=true
drdynvc=true
cliprdr=true
rail=true
xrdpvr=true
tcutils=true

; for debugging xrdp, in section xrdp1, change port=-1 to this:
#port=/tmp/.xrdp/xrdp_display_10

;
; Session types
;

; Some session types such as Xorg, X11rdp and Xvnc start a display server.
; Startup command-line parameters for the display server are configured
; in sesman.ini. See and configure also sesman.ini.
[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
ip=127.0.0.1
port=-1
code=20

[Xvnc]
name=Xvnc
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1
#xserverbpp=24
#delay_ms=2000
; Disable requested encodings to support buggy VNC servers
; (1 = ExtendedDesktopSize)
#disabled_encodings_mask=0
; Use this to connect to a chansrv instance created outside of sesman
; (e.g. as part of an x11vnc console session). Replace '0' with the
; display number of the session
#chansrvport=DISPLAY(0)

; Generic VNC Proxy
; Tailor this to specific hosts and VNC instances by specifying an ip
; and port and setting a suitable name.
[vnc-any]
name=vnc-any
lib=libvnc.so
ip=ask
port=ask5900
username=na
password=ask
#pamusername=asksame
#pampassword=asksame
#pamsessionmng=127.0.0.1
#delay_ms=2000

; Generic RDP proxy using NeutrinoRDP
; Tailor this to specific hosts by specifying an ip and port and setting
; a suitable name.
[neutrinordp-any]
name=neutrinordp-any
; To use this section, you should build xrdp with configure option
; --enable-neutrinordp.
lib=libxrdpneutrinordp.so
ip=ask
port=ask3389
username=ask
password=ask
; Uncomment the following lines to enable PAM authentication for proxy
; connections.
#pamusername=ask
#pampassword=ask
#pamsessionmng=127.0.0.1
; Currently NeutrinoRDP doesn't support dynamic resizing. Uncomment
; this line if you're using a client which does.
#enable_dynamic_resizing=false
; By default, performance settings requested by the RDP client are ignored
; and chosen by NeutrinoRDP. Uncomment this line to allow the user to
; select performance settings in the RDP client.
#perf.allow_client_experiencesettings=true
; Override any experience setting by uncommenting one or more of the
; following lines.
#perf.wallpaper=false
#perf.font_smoothing=false
#perf.desktop_composition=false
#perf.full_window_drag=false
#perf.menu_anims=false
#perf.themes=false
#perf.cursor_blink=false
; By default NeutrinoRDP supports cursor shadows. If this is giving
; you problems (e.g. cursor is a black rectangle) try disabling cursor
; shadows by uncommenting the following line.
#perf.cursor_shadow=false
; By default, NeutrinoRDP uses the keyboard layout of the remote RDP Server.
; If you want to tell the remote the keyboard layout of the RDP Client,
; by uncommenting the following line.
#neutrinordp.allow_client_keyboardLayout=true
; The following options will override the remote keyboard layout settings.
; These options are for DEBUG and are not recommended for regular use.
#neutrinordp.override_keyboardLayout_mask=0x0000FFFF
#neutrinordp.override_kbd_type=0x04
#neutrinordp.override_kbd_subtype=0x01
#neutrinordp.override_kbd_fn_keys=12
#neutrinordp.override_kbd_layout=0x00000409

; You can override the common channel settings for each session type
#channel.rdpdr=true
#channel.rdpsnd=true
#channel.drdynvc=true
#channel.cliprdr=true
#channel.rail=true
#channel.xrdpvr=true

I have tried to delete /etc/xrdp and purge the xrdp install and then adding the snakeoil certificates again. Still the same problem.

Can anyone help me with this problem ?

I've attached my error logs below the post.

Thank you in advance.

Johan

[matt335672]

Dag Johan,

I'll explain the error first, and then ask for more information.

xrdp has two ways to secure communications between the client and the server:-

1. 'classic' RDP encryption
2. Using HTTPS/TLS, in a similar way to a web server.

Method 2 is far more secure, but to use it, xrdp needs access to an X509 certificate, and also the private key that goes with the certificate.

However, if xrdp is unable to read the private key for the certificate, it should fall back to the less secure 'classic RDP' encryption. This may or may not be happening, but it's not obvious from the data above.

I'm missing a lot of information to triage your problem effectively:-

1. Operating system and version.
2. xrdp version from (xrdp -v)?
3. Which client you are using?
4. What exactly is happening on the client? Are you getting a login box or not?
5. Much more context from xrdp.log related to the session being started.

Can you please supply the above? Fell free to add it to this discussion, and then we'll turn it into an issue.

Thanks.

[deWasbeer]

Hi there!

Sorry for the late reply!

System info:

Distributor ID:	Ubuntu
Description:	Ubuntu 22.04.5 LTS
Release:	22.04
Codename:	jammy

version:

xrdp -v
xrdp 0.9.17
  A Remote Desktop Protocol Server.
  Copyright (C) 2004-2020 Jay Sorg, Neutrino Labs, and all contributors.
  See https://github.com/neutrinolabs/xrdp for more information.

  Configure options:
      --enable-ipv6
      --enable-jpeg
      --enable-fuse
      --enable-rfxcodec
      --enable-opus
      --enable-painter
      --enable-vsock
      --build=x86_64-linux-gnu
      --prefix=/usr
      --includedir=${prefix}/include
      --mandir=${prefix}/share/man
      --infodir=${prefix}/share/info
      --sysconfdir=/etc
      --localstatedir=/var
      --disable-silent-rules
      --libdir=${prefix}/lib/x86_64-linux-gnu
      --libexecdir=${prefix}/lib/x86_64-linux-gnu
      --disable-maintainer-mode
      --disable-dependency-tracking
      --with-socketdir=/run/xrdp/sockdir
      build_alias=x86_64-linux-gnu
      CFLAGS=-g -O2 -ffile-prefix-map=/build/xrdp-asBei3/xrdp-0.9.17=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security 
      LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
      CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -Wno-error=deprecated-declarations
      PKG_CONFIG_PATH=/build/xrdp-asBei3/xrdp-0.9.17/pkgconfig

  Compiled with OpenSSL 3.0.2 15 Mar 2022

My client is remmina 1.4.40 in flatpack on fedora.

I'm logging in over RDP using ssh tunnel with tunnel via loopback address and custom address: PUBLICIP:3389 using pubkey authentication and ssh private key file. the port 3389 for my public ip is forwarded to my server at 192.168.2.250:22 in my router.

When i log im getting 'cannot connect to the "127.0.0.1" RDP server..

This is my error log:

[20250410-20:59:47] [INFO ] address [0.0.0.0] port [3389] mode 1
[20250410-20:59:47] [INFO ] listening to port 3389 on 0.0.0.0
[20250410-20:59:47] [INFO ] xrdp_listen_pp done
[20250410-20:59:49] [INFO ] starting xrdp with pid 932228
[20250410-20:59:49] [INFO ] address [0.0.0.0] port [3389] mode 1
[20250410-20:59:49] [INFO ] listening to port 3389 on 0.0.0.0
[20250410-20:59:49] [INFO ] xrdp_listen_pp done
[20250410-21:00:21] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:127.0.0.1 port 48682
[20250410-21:00:21] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20250410-21:00:21] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20250410-21:00:21] [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
[20250410-21:00:21] [INFO ] Connected client computer name: fedora
[20250410-21:00:21] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20250410-21:00:21] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20250410-21:00:21] [ERROR] libxrdp_force_read: header read error
[20250410-21:00:21] [ERROR] Processing [ITU-T T.125] ErectDomainRequest failed
[20250410-21:00:21] [ERROR] [MCS Connection Sequence] receive erect domain request failed
[20250410-21:00:21] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20250410-21:00:21] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20250410-21:00:21] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20250410-21:00:21] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20250410-21:00:21] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20250410-21:03:24] [INFO ] Received termination signal, stopping the server accept new connections thread
[20250410-21:03:24] [INFO ] address [0.0.0.0] port [3389] mode 1
[20250410-21:03:24] [INFO ] listening to port 3389 on 0.0.0.0
[20250410-21:03:24] [INFO ] xrdp_listen_pp done
[20250410-21:03:26] [INFO ] starting xrdp with pid 938928
[20250410-21:03:26] [INFO ] address [0.0.0.0] port [3389] mode 1
[20250410-21:03:26] [INFO ] listening to port 3389 on 0.0.0.0
[20250410-21:03:26] [INFO ] xrdp_listen_pp done
[20250410-21:03:31] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:127.0.0.1 port 32776
[20250410-21:03:31] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20250410-21:03:31] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20250410-21:03:31] [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
[20250410-21:03:32] [INFO ] Connected client computer name: fedora
[20250410-21:03:32] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20250410-21:03:32] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20250410-21:03:32] [ERROR] libxrdp_force_read: header read error
[20250410-21:03:32] [ERROR] Processing [ITU-T T.125] ErectDomainRequest failed
[20250410-21:03:32] [ERROR] [MCS Connection Sequence] receive erect domain request failed
[20250410-21:03:32] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20250410-21:03:32] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20250410-21:03:32] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20250410-21:03:32] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20250410-21:03:32] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20250410-21:07:20] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:127.0.0.1 port 47008
[20250410-21:07:20] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20250410-21:07:20] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20250410-21:07:20] [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
[20250410-21:07:20] [INFO ] Connected client computer name: fedora
[20250410-21:07:20] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20250410-21:07:20] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20250410-21:07:20] [ERROR] libxrdp_force_read: header read error
[20250410-21:07:20] [ERROR] Processing [ITU-T T.125] ErectDomainRequest failed
[20250410-21:07:20] [ERROR] [MCS Connection Sequence] receive erect domain request failed
[20250410-21:07:20] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20250410-21:07:20] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20250410-21:07:20] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20250410-21:07:20] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20250410-21:07:20] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20250410-21:09:43] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:127.0.0.1 port 39694
[20250410-21:09:43] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20250410-21:09:43] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20250410-21:09:43] [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
[20250410-21:09:43] [INFO ] Connected client computer name: fedora
[20250410-21:09:43] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20250410-21:09:43] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20250410-21:09:43] [ERROR] libxrdp_force_read: header read error
[20250410-21:09:43] [ERROR] Processing [ITU-T T.125] ErectDomainRequest failed
[20250410-21:09:43] [ERROR] [MCS Connection Sequence] receive erect domain request failed
[20250410-21:09:43] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20250410-21:09:43] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20250410-21:09:43] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20250410-21:09:43] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20250410-21:09:43] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20250412-22:49:48] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:127.0.0.1 port 56826
[20250412-22:49:48] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20250412-22:49:48] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20250412-22:49:48] [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
[20250412-22:49:48] [INFO ] Connected client computer name: fedora
[20250412-22:49:48] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20250412-22:49:48] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20250412-22:49:48] [ERROR] libxrdp_force_read: header read error
[20250412-22:49:48] [ERROR] Processing [ITU-T T.125] ErectDomainRequest failed
[20250412-22:49:48] [ERROR] [MCS Connection Sequence] receive erect domain request failed
[20250412-22:49:48] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20250412-22:49:48] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20250412-22:49:48] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20250412-22:49:48] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20250412-22:49:48] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed
[20250412-22:51:54] [INFO ] Socket 12: AF_INET6 connection received from ::ffff:127.0.0.1 port 38008
[20250412-22:51:54] [INFO ] Using default X.509 certificate: /etc/xrdp/cert.pem
[20250412-22:51:54] [INFO ] Using default X.509 key file: /etc/xrdp/key.pem
[20250412-22:51:54] [ERROR] Cannot read private key file /etc/xrdp/key.pem: Permission denied
[20250412-22:51:54] [INFO ] Connected client computer name: fedora
[20250412-22:51:54] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc006 is unknown (ignored)
[20250412-22:51:54] [WARN ] Received [MS-RDPBCGR] TS_UD_HEADER type 0xc00a is unknown (ignored)
[20250412-22:51:54] [ERROR] libxrdp_force_read: header read error
[20250412-22:51:54] [ERROR] Processing [ITU-T T.125] ErectDomainRequest failed
[20250412-22:51:54] [ERROR] [MCS Connection Sequence] receive erect domain request failed
[20250412-22:51:54] [ERROR] xrdp_sec_incoming: xrdp_mcs_incoming failed
[20250412-22:51:54] [ERROR] xrdp_rdp_incoming: xrdp_sec_incoming failed
[20250412-22:51:54] [ERROR] xrdp_process_main_loop: libxrdp_process_incoming failed
[20250412-22:51:54] [ERROR] xrdp_iso_send: trans_write_copy_s failed
[20250412-22:51:54] [ERROR] Sending [ITU T.125] DisconnectProviderUltimatum failed

Thank you for trying to help me! This is really appreciated!

[matt335672]

I'm going to close this discussion, as I've moved it to issue #3499