VINISHVV
commented
2 years ago Duplicate #3938
Closed energywave closed 10 months ago
VINISHVV
commented
2 years ago Duplicate #3938
LPJon
commented
2 years ago Please check the console in the web browser you are using for Web-RDP and post a screenshot of it if anything is in red or error. I believe this could be related to websocket secure connection issues and/or meshcentral wan/lan hybrid mode. You get there by right clicking then going to inspect element. Then click on the console tab in the mini window that pops up.
energywave
commented
2 years ago Please check the console in the web browser you are using for Web-RDP and post a screenshot of it if anything is in red or error.
Here is the console (the warning appears when I open meshcentral, well before I try to connect to my server):
While in network tab there is some evidence of what's happening:
No reply from websocket.
These two Windows 2012 servers are local on my same LAN. But other servers (2019) and clients (Win10) on the same LAN are working flawlessy.
LPJon
commented
2 years ago It most likely has to do with the RDP requirements. Does it support NLA and if so is NLA enabled on those servers. If not then enable it and try again. (NLA = Network Level Authentication)
energywave
commented
2 years ago It most likely has to do with the RDP requirements. Does it support NLA and if so is NLA enabled on those servers. If not then enable it and try again. (NLA = Network Level Authentication)
Thank you for the hint but... no, that wasn't the problem. I created a group policy to force enable NLA on all domain computers (I believe it was already active) but I can confirm that it's impossible to get a login screen by using Microsoft RDP client now, so I can confirm NLA is enabled. WEB-RDP in meshcentral continue to have the same symptoms, however :(
LPJon
commented
2 years ago You said these are all on a local network, is there any firewalls or packet inspection going on? Are they on the same local network segments? Im really interested in helping figure this out because i have 4 Windows Server 2012 R2 vm's that dont have this issue and i keep seeing issues with Server 2012 show up here for MeshCentral.
si458
commented
2 years ago out of curiosity, can you go into the desktop tab and connect via the rdp-connect button?
can you also update to the latest 1.0.41 and try again?
energywave
commented
2 years ago You said these are all on a local network, is there any firewalls or packet inspection going on? Are they on the same local network segments? Im really interested in helping figure this out because i have 4 Windows Server 2012 R2 vm's that dont have this issue and i keep seeing issues with Server 2012 show up here for MeshCentral.
Thank you for wanting to help, really appreciate! My network isn't the issue. I have 2 Windows 2012 server VM and a Windows server 2019 VM on the same physical server. The two 2012 server do the same, don't works with connection. The 2019 is working flawlessy. In the local network there is nothing between the client (my pc) and the server, they're on the same subnet, without any firewall or packet inspection in between. I even have another Windows 2012 server on another LAN segment, behind a firewall, and that server is doing the same as the local ones. No problem with the normal desktop, web-rdp is waiting until timeout. So there must me something on the Windows 2012 server about the protocol, I would say. I'll try a Wireshark capture to see if I can understand some point to help you understand.
energywave
commented
2 years ago out of curiosity, can you go into the desktop tab and connect via the rdp-connect button?
We are talking about that... I cannot do it with Windows Server 2012. It remains in "setting..." (don't know the exact string, I see it translated in Italian language) until the timeout occurs. All other servers and client I'm connecting to have no problems and web-rdp is absolutely great!!!
can you also update to the latest 1.0.41 and try again?
I'll do a try. Even if I'm worried that I'll fall in the node-windows module not found again... https://github.com/Ylianst/MeshCentral/issues/4133#issuecomment-1161596120
EDIT: ok, I've updated to 1.0.41 and the node-windows issue isn't arising anymore. But the Windows Server 2012 problem remain the same.
si458
commented
2 years ago But the Windows Server 2012 problem remain the same.
Just another clarification, are you running server 2012 or server 2012 r2? Microsoft always suggest using r2 and never the old v1 in a sense!? We run a few 'server 2012r2' in domain and workgroup setups and they connect no problem?
energywave
commented
2 years ago Just another clarification, are you running server 2012 or server 2012 r2? Microsoft always suggest using r2 and never the old v1 in a sense!? We run a few 'server 2012r2' in domain and workgroup setups and they connect no problem?
Windows Server 2012 (NOT R2). Yes I know, both 2012 and 2012 R2 are outdated and should be updated. But we don't have time right now. However, you can also decide to not support Windows Server 2012 and this will resolve the issue. But that would be a pity as some customers still have it here and there and it would be great to handle it correctly.
si458
commented
2 years ago Just another clarification, are you running server 2012 or server 2012 r2? Microsoft always suggest using r2 and never the old v1 in a sense!? We run a few 'server 2012r2' in domain and workgroup setups and they connect no problem?
Windows Server 2012 (NOT R2). Yes I know, both 2012 and 2012 R2 are outdated and should be updated. But we don't have time right now. However, you can also decide to not support Windows Server 2012 and this will resolve the issue. But that would be a pity as some customers still have it here and there and it would be great to handle it correctly.
Can you Try updating to server 2012 r2?
I'll try server 2012 myself too in the meantime but now, time to play find the iso and key 😅
energywave
commented
2 years ago Can you Try updating to server 2012 r2?
Sorry, I really cannot now. I have a ton of work to do and those two servers are the domain controller and the backup controller of our domain. With a ton of software and configuration that many things rely on. I cannot update them "to make a try". I'll do that by installing a new Windows Server 2022 to replace them but that will be a long term operation...
EDIT: I've searched and found a source where you can download it to install in a VM: https://isoriver.com/windows-server-2012/ I think you can use the evaluation without having a key for some months.
si458
commented
2 years ago @energywave ok i downloaded iso, setup a vm, set it up WITHOUT ANY UPDATES, installed agent, connected no problem, tried RDP connect and i get the exact same thing! it just shows 'SETUP...' in the bar and nothing happens, ill do some digging for you, its going to be an incompatibility, so best thing for moment is to use the normal connect (NOT RDP) OR upgrade to Server 2012 R2
EDIT: even fully disabled the firewall and still no connection, so defo an issue somewhere
energywave
commented
2 years ago ill do some digging for you
You're very kind and I appreciate your work in meshcentral so much. But hey, don't lose time just for me. It's not a big issue for me, I can use Microsoft RDP while local and normal desktop connection when remote to these servers until I'll upgrade them (that will happen probably at the beginning of 2023). I just wanted to contribute to help you track down this issue to bust it, thinking it was of your interest as I also seen many 2012 issues signaled. So if you do it for the benefit of meshcentral I can try to help you, if you do it just to help me don't loose your time. Thank you so much again!
LPJon
commented
2 years ago Yeah that is definitely a bug but it is most likely in the WebRDP application and probably has to do with features that were dropped in the R2 version of server 2012 and up for security improvements. There were quite a few changes between those two OS's.
danielouton
commented
1 year ago Same issue here
si458
commented
10 months ago is this issue still happening? can i close if its fixed?
energywave
commented
10 months ago I've just tested the issue and it's still present, I'm sorry. I cannot use WEB-RDP to connect to Windows Server 2012 (not r2, as you correctly changed the title).
si458
commented
10 months ago are you using the server core or server with gui?
energywave
commented
10 months ago I'm using server with gui. Did not test on core. But hey, I'm not in need of this functionality, that was only to improve Meshcentral :)
si458
commented
10 months ago so after checking this out, it appears the is backend JS handling the RDP, connects to Server 2012 BUT Server 2012 rejects the connection because it DOESNT SUPPORT the cipher thats that the JS RDP offers, and the is NO WAY of enabling the cipher in the server itself because its hardcoded in each OS
so the only fix is to upgrade to R2 or a newer OS to get RDP to work,
you can use this url/instructions to check what cipher is being used with successful rdp connections on your server https://cyberark.my.site.com/s/article/How-to-check-which-Cipher-is-used-during-RDP-over-SSL-connection
my server 2019 was showing 0xC030 which when googled revealed this https://ciphersuite.info/cs/TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384/
url to software to check the machines ciphers it supports itself - https://www.nartac.com/Products/IISCrypto
ciphers built into server 2012 - https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-8
energywave
commented
10 months ago Thank you for having researched on this matter. Again, it's not a problem for me, I just wanted to signal a problem in a meshcentral functionality with a specific OS, to improve it for the future, just that. Windows Server 2012 is not anymore supported by Microsoft and should be updated but for certain tasks where they're not exposed on internet it's possibile to find them even today, that's why I opened the issue. However good to know that. It can maybe be more elegant to show a specific message when trying to connect via RDP from web (both of kinds...) or disable the button and the link, maybe. What do you think about?
si458
commented
10 months ago No worries ill closed the issue if you no longer have this issue but I think about putting in the message just to say 'you run an unsupported os so the rdp might not work as expected'
Describe the bug I have two local Windows 2012 64bit servers that i cannot reach using WEB-RDP session. It remains in "setting..." (don't know if it's the correct writing, I see in italian "Impostare...") and nothing happens until timeout. If I press disconnect and try again same thing. User data are not preserver even if I check the checkbox (I believe because the connection is failing). User/password/domain are correct, no doubt about them. If I connect with Microsoft RDP client no problems. If I connect to the console session with Hyper-V (it's a virtual server) no problems. All other devices I have on meshcentral seems to work. Could it be because Windows Server 2012 has a slightly different variant of RDP protocol?
To Reproduce Steps to reproduce the behavior:
Expected behavior Connection, like on all other devices
Screenshots Irrelevant.
Server Software (please complete the following information):
Remote Device (please complete the following information):
Additional context No other data. If useful I can capture the session using Wireshark.