Comment 1 Henrik Andersson 2013-02-08 09:25:02 CET

rdesktop does support reconnection using the "cookie", however its only used
for reconnection when windows resize should be performed. A connection error
does not trig this reconnection using the "cookie".

The approach should probably be X number of connection retries with Y seconds sleep between each retry. X*Y seconds should not be larger the the "cookie" lifetime and Y should probably be smaller then 10 seconds.

Comment 2 Henrik Andersson 2013-02-08 14:45:25 CET

The cookie lifetime  = session lifetime stated by following information in the  RDPBCGR specifications:

"The auto-reconnect cookie associated with a given session is flushed and regenerated whenever a client connects to the session or the session is reset. This ensures that if a different client connects to the session, then any previous clients which were connected can no longer use the auto-reconnect mechanism to connect. Furthermore, the server invalidates and updates the cookie at hourly intervals, sending the new cookie to the client in the Save Session Info PDU."

Comment 3 Henrik Andersson 2013-04-04 15:38:25 CEST

To get around the problem with TCP timeout we need to find a way to simulate a ping over the rdp connection to detect timeouts within sane timerange.

Comment 4 Henrik Andersson 2013-04-12 08:49:14 CEST

Upstream commit 1707 adds reconnect upon network failure.

I have tested this against 2008 R2 server, both seamless and with a standard desktop using SSL. I also tested to reconnect to a standard desktop of 2003 server using plain RDP.

Comment 6 Pierre Ossman 2013-06-19 11:07:52 CEST

First attempt, using SSL and doing -j REJECT:

Autoselected keyboard map en-gb
warning: unable to open /etc/gssapi_mech.conf: errno 2 (No such file or directory)
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using SSL.
WARNING: Remote desktop does not support colour depth 24; falling back to 16
ERROR: SSL_write: 5 (Connection reset by peer)
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry:s3_pkt.c:866:
Disconnected due to network error, retrying to reconnect for 70 minutes.
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using plain RDP.
ERROR: recv: Connection reset by peer
ERROR: send: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using plain RDP.
ERROR: recv: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using plain RDP.
ERROR: recv: Connection reset by peer
ERROR: send: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using plain RDP.
ERROR: Connection closed
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using plain RDP.
ERROR: recv: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using SSL.


Two issues here:

1. A whole bunch of extra write errors from SSL (can we silence these though?)

2. 5 bad reconnects with RDP encryption before it properly connected with TLS.

Comment 7 Pierre Ossman 2013-06-19 11:10:01 CEST

Somewhat saner behaviour with --reject-with tcp-reset:

ERROR: SSL_read: 5 (Connection reset by peer)
Disconnected due to network error, retrying to reconnect for 70 minutes.
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using plain RDP.
ERROR: send: Connection reset by peer
ERROR: Connection closed
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using SSL.

Still one spurious connection here as well.

Comment 8 Pierre Ossman 2013-06-19 12:24:06 CEST

Third test case was doing a timeout (by disabling the network for the server in vmware). In this case it had 33 failed attempts (with RDP encryption) before it succeeded (with TLS). Each attempt was also a couple of seconds long, so it took quite some time before it reconnected properly.

Comment 9 Pierre Ossman 2013-06-19 16:01:42 CEST

Tried forcing it to SSL in the WTS configuration, and did the timeout test again:

Disconnected due to network error, retrying to reconnect for 70 minutes.
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Failed to connect, SSL required by server.
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Failed to connect, SSL required by server.
...
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Failed to connect, SSL required by server.
ERROR: send: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using SSL.
WARNING: CredSSP: System doesn't have support for desired authentication mechanism.
Connection established using SSL.

Comment 10 Henrik Andersson 2013-06-20 06:03:33 CEST

(In reply to comment #8)
> Third test case was doing a timeout (by disabling the network for the server in
> vmware). In this case it had 33 failed attempts (with RDP encryption) before it
> succeeded (with TLS). Each attempt was also a couple of seconds long, so it
> took quite some time before it reconnected properly.

This is fixed upstream in commit 1715, RDP connection will not fail is server accepts it. However there is an unknown reason why the server announces he only accepts RDP connectionsfor X times and then announce SSL.

Comment 11 Henrik Andersson 2013-06-20 06:06:42 CEST

(In reply to comment #6)
> 1. A whole bunch of extra write errors from SSL (can we silence these though?)
> 
These errors are not printed from rdesktop as i could find.

Comment 12 Henrik Andersson 2013-06-20 15:00:31 CEST

Commit r27548 brings fixes for reported issues.

Comment 13 Henrik Andersson 2013-06-27 11:04:31 CEST

Pending resize does not work as expected, reconnect does fail and its probably related to this bug.

Comment 14 Henrik Andersson 2013-06-27 11:20:35 CEST

(In reply to comment #13)
> Pending resize does not work as expected, reconnect does fail and its probably
> related to this bug.

A bug has been created for this issue, #4729

Comment 15 Henrik Andersson 2013-06-27 14:02:14 CEST

(In reply to comment #14)
> (In reply to comment #13)
> > Pending resize does not work as expected, reconnect does fail and its probably
> > related to this bug.
> 
> A bug has been created for this issue, #4729

Closing this bug now, the new bug handles the issue with reconnects using SSL, reconnect without SSL works ok, verified against demosystem.