Unable to connect through RDP: Connection reset by peer

[lasersPew]

Operating system

Fedora Linux 40 (Workstation Edition)

Description

When connecting to docker container (through localhost:3389, localhost:8006) with RDP protocol using Remmina, Gnome Connections, and freerdp, it says [12:11:26:983] [6325:000018ba] [ERROR][com.freerdp.core.transport] - [transport_read_layer]: BIO_read returned a system error 104: Connection reset by peer

Docker compose

# For documentation, FAQ, additional configuration options and technical help, visit: https://github.com/dockur/windows

name: "winapps" # Docker Compose Project Name.
volumes:
  # Create Volume 'data'.
  # Located @ '/var/lib/docker/volumes/winapps_data/_data' (Docker).
  # Located @ '/var/lib/containers/storage/volumes/winapps_data/_data' or '~/.local/share/containers/storage/volumes/winapps_data/_data' (Podman).
  data:
services:
  windows:
    image: dockurr/windows # https://hub.docker.com/r/dockurr/windows
    container_name: WinApps # Created Docker VM Name.
    environment:
      # Version of Windows to configure. For valid options, visit:
      # https://github.com/dockur/windows?tab=readme-ov-file#how-do-i-select-the-windows-version
      # https://github.com/dockur/windows?tab=readme-ov-file#how-do-i-install-a-custom-image
      BOOT_MODE: "windows_plain"
      VERSION: "tiny11"
      RAM_SIZE: "4G" # RAM allocated to the Windows VM.
      CPU_CORES: "4" # CPU cores allocated to the Windows VM.
      DISK_SIZE: "40" # Size of the primary hard disk.
      DISK_FMT: "qcow2"
      #DISK2_SIZE: "32G" # Uncomment to add an additional hard disk to the Windows VM. Ensure it is mounted as a volume below.
      #USERNAME: "Docker" # Uncomment to set a custom Windows username. The default is 'Docker'.
      #PASSWORD: "" # Uncomment to set a password for the Windows user. There is no default password.
      HOME: "${HOME}" # Set path to Linux user home folder.
    privileged: true # Grant the Windows VM extended privileges.
    ports:
      - 8006:8006 # Map '8006' on Linux host to '8006' on Windows VM --> For VNC Web Interface @ http://127.0.0.1:8006.
      - 3389:3389/tcp # Map '3389' on Linux host to '3389' on Windows VM --> For Remote Desktop Protocol (RDP).
      - 3389:3389/udp # Map '3389' on Linux host to '3389' on Windows VM --> For Remote Desktop Protocol (RDP).
    stop_grace_period: 120s # Wait 120 seconds before sending SIGTERM when attempting to shut down the Windows VM.
    restart: on-failure # Restart the Windows VM if the exit code indicates an error.
    volumes:
      - data:/storage # Mount volume 'data' to use as Windows 'C:' drive.
      - ${HOME}:/shared # Mount Linux user home directory @ '\\host.lan\Data'.
    devices:
      - /dev/kvm # Enable KVM.

Docker log

❯ Starting Windows for Docker v3.12... ❯ For support visit https://github.com/dockur/windows ❯ CPU: 11th Gen Intel Core TM i5 1135G7 | RAM: 13/16 GB | DISK: 74 GB (btrfs) | HOST: 6.9.11-200.fc40.x86_64...

❯ Detected that the version was changed, but ignoring this because Windows is already installed. ❯ Please start with an empty /storage folder, if you want to install a different version of Windows. ❯ Booting Windows using QEMU v8.2.4... 3h3h3hBdsDxe: loading Boot0004 "Windows Boot Manager" from HD(1,GPT,96D84048-43BD-4EDA-9D81-08A156209F4C,0x800,0x40000)/\EFI\Microsoft\Boot\bootmgfw.efi BdsDxe: starting Boot0004 "Windows Boot Manager" from HD(1,GPT,96D84048-43BD-4EDA-9D81-08A156209F4C,0x800,0x40000)/\EFI\Microsoft\Boot\bootmgfw.efi ❯ Windows started succesfully, visit http://localhost:8006/ to view the screen...

Screenshots (optional)

No response

[Nitrousoxide]

I get a (likely) similar issue when I try to connect via rdp to a podman created instance.

I'm on Bazzite (Fedora Silverblue).

https://github.com/dockur/windows/issues/616#issuecomment-2258929693

[MMaaxx3253]

Try a different RDP client Like Remmina (install with sudo apt install remmina)

[lasersPew]

Try a different RDP client Like Remmina (install with sudo apt install remmina)

That in fact, did not help.

https://github.com/user-attachments/assets/0d3df9ab-0f96-4cee-9011-949e89918cf8

[Nitrousoxide]

Try a different RDP client Like Remmina (install with sudo apt install remmina)

I'm on a silverblue based system (bazzite) so I don't have apt. But I did the ostree method for overlaying remmina and tried that as well as the flatpak of remmina, neither method worked on linux, though my Macbook and Android phone can connect to the windows container via rdp.

[AkechiShiro]

Ran into this issue as well using podman, will see if docker does not have this issue, I've tried Remmina, xfreerdp (version 2 and 3), and also tried to run netexec rdp.

I saw this :

RDP         127.0.0.1       3389   127.0.0.1        [*] Probably old, doesn't not support HYBRID or HYBRID_EX ({nla})

[!NOTE] Seems that Docker and RDP does work, something with podman network setup might be at the heart of this issue.

RDP         127.0.0.1       3389   WIN-RANDOMHOSTNAME  [*] Windows 10 or Windows Server 2016 Build 22621 (name:REDACTED) (domain:REDACTED) (nla:True)

EDIT: I could only find that inside the code of the tool, something about self.nla is not properly set, hence why the failure : https://github.com/Pennyw0rth/NetExec/blob/e927f33f2b37fa626a0439886c1de3d6eaf6cdb7/nxc/protocols/rdp.py#L112

Docker does pass into the else statement instead.

But I'm not sure if that's related to the root cause of the failure, the domain is apparently missing, but I don't think that would hinder an RDP connection.

[spolack]

I'm also affected by this. Fedora 41 (podman version 5.2.2)

[GlitchApotamus]

Try connecting to the vnc or rdp from a different machine on your meteor by using the machine ip an the router

[Moon1moon]

some clue to run freerdp with podman

https://universal-blue.discourse.group/t/podman-and-freerdp-problem/2000/2

[AkechiShiro]

That seems to work @Moon1moon but only in the shell spawned from

podman unshare --rootless-netns

Then inside that shell, you can connect using xfreerdp and it does work with podman.

I had to specify (under NixOS with a shell managed by Home-Manager, else it was failing to enter the new shell)

SHELL=/bin/sh podman unshare --rootless-netns

with the following error :

Error: fork/exec /run/current-system/sw/bin/zsh: no such file or directory

[atrauzzi]

Am able to connect, but only with Thincast, from the podman unshare --rootless-netns shell.

[snotrauk]

The issue appears to be related to /dev/tun. using a podman run command without passing in the /dev/tun device or using --privileged causes the container to fall back to user mode networking, you will get the following error:

❯ Warning: falling back to usermode networking! Performance will be bad and port mapping will not work.

if you get this error you can now connect via RDP.

if you use --privileged and the /dev/tun device is used then you wont get this error and RDP will not work (connection refused). noVNC on port 8006 still works though.

[Nitrousoxide]

has anyone posted this issue upstream to podman? I'm not sure how best to describe this to them, but it seems like a podman issue rather than something specific with dockur. Getting a proper fix in place from the podman maintainers would be ideal.

[JumpWill]

is there is a solution ? i can not use rdp on ubuntu docker either

[kroese]

So the workaround is to set:

environment:
  NETWORK: "user"

so that the container uses user-mode networking instead of tuntap.

Ofcourse this is not ideal, but the only other option is that Podman fixes the tuntap networking.