Black Screen after using bin/winapps check on Fedora 40

[b1rkenwald]

FYI: I had to use a normal win11 img because the tiny11 download kept failing.

My compose.yaml looked like this:

name: "winapps"

volumes:
  data:

services:
  windows:
    image: dockurr/windows
    container_name: windows
    environment:
      VERSION: "win11"
      RAM_SIZE: "4G"
      CPU_CORES: "4"
    privileged: true
    ports:
      - 8006:8006
      - 3389:3389/tcp
      - 3389:3389/udp
    stop_grace_period: 2m
    restart: on-failure
    volumes:
      - data:/storage
      - ./oem:/oem

The docker vm is fully operational. My winapps.conf is this:

RDP_USER="Docker"
RDP_PASS="password"
#RDP_DOMAIN="MYDOMAIN"
RDP_IP="127.0.0.1"
#RDP_SCALE=100
#RDP_FLAGS=""
#MULTIMON="true"
#DEBUG="true"
#FREERDP_COMMAND="xfreerdp"

I'm using the "freerdp-3.5.1-1.fc40.x86_64.rpm" package from the Fedora repo.

Whenever I use bin/winapps check, it opens a black screen on both monitors. After this, the terminal has to be force-closed in order to restore functionality. This is the bin/winapps check ouput:

[23:14:01:21] [17204:00004335] [INFO][com.freerdp.client.x11] - [xf_setup_x11]: Enabling X11 debug mode.
[23:14:01:446] [17204:00004335] [WARN][com.freerdp.crypto] - [verify_cb]: Certificate verification failure 'self-signed certificate (18)' at stack position 0
[23:14:01:446] [17204:00004335] [WARN][com.freerdp.crypto] - [verify_cb]: CN = RDPWindows
[23:14:01:447] [17204:00004335] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_AcquireCredentialsHandleA]: krb5_parse_name (Konfigurationsdatei gibt keinen Standard-Realm an [-1765328160])
[23:14:01:447] [17204:00004335] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_AcquireCredentialsHandleA]: krb5_parse_name (Konfigurationsdatei gibt keinen Standard-Realm an [-1765328160])
[23:14:01:466] [17204:00004335] [INFO][com.winpr.timezone] - [winpr_detect_windows_time_zone]: tzid: Europe/Berlin
[23:14:01:471] [17204:00004335] [WARN][com.freerdp.core.license] - [license_read_binary_blob_data]: license binary blob::type BB_ERROR_BLOB, length=0, skipping.
[23:14:02:572] [17204:00004335] [INFO][com.freerdp.gdi] - [gdi_init_ex]: Local framebuffer format  PIXEL_FORMAT_BGRA32
[23:14:02:572] [17204:00004335] [INFO][com.freerdp.gdi] - [gdi_init_ex]: Remote framebuffer format PIXEL_FORMAT_BGRA32
[23:14:02:578] [17204:0000435a] [INFO][com.freerdp.channels.rdpdr.client] - [devman_load_device_service]: Loading device service drive [home] (static)
[23:14:02:578] [17204:00004335] [INFO][com.freerdp.channels.rdpsnd.client] - [rdpsnd_load_device_plugin]: [static] Loaded fake backend for rdpsnd
[23:14:02:578] [17204:00004335] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel ainput
[23:14:02:578] [17204:00004335] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel rdpgfx
[23:14:02:578] [17204:00004335] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel disp
[23:14:02:578] [17204:00004335] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel rdpsnd
[23:14:02:751] [17204:0000435f] [INFO][com.freerdp.channels.rdpsnd.client] - [rdpsnd_load_device_plugin]: [dynamic] Loaded fake backend for rdpsnd
[23:14:02:838] [17204:00004335] [WARN][com.freerdp.client.x11] - [xf_Pointer_get_window]: xf_Pointer: Invalid appWindow
[23:14:02:839] [17204:00004335] [WARN][com.freerdp.client.x11] - [xf_Pointer_get_window]: xf_Pointer: Invalid appWindow
[23:14:02:839] [17204:00004335] [WARN][com.freerdp.client.x11] - [xf_Pointer_Set]: handle=0
[23:14:02:897] [17204:00004335] [WARN][com.freerdp.client.x11] - [xf_Pointer_get_window]: xf_Pointer: Invalid appWindow
[23:14:02:897] [17204:00004335] [WARN][com.freerdp.client.x11] - [xf_Pointer_Set]: handle=0
[23:14:02:900] [17204:00004335] [WARN][com.freerdp.client.x11] - [xf_Pointer_get_window]: xf_Pointer: Invalid appWindow
[23:14:02:900] [17204:00004335] [WARN][com.freerdp.client.x11] - [xf_Pointer_Set]: handle=0
[23:14:02:376] [17204:00004335] [INFO][com.freerdp.client.x11] - [xf_logon_error_info]: Logon Error Info LOGON_FAILED_OTHER [LOGON_MSG_BUMP_OPTIONS]

Edit: I already tried deleting the certificate and creating it again. Output is the following:

[23:18:21:438] [17704:00004529] [INFO][com.freerdp.client.x11] - [xf_setup_x11]: Enabling X11 debug mode.
[23:18:22:821] [17704:00004529] [WARN][com.freerdp.crypto] - [verify_cb]: Certificate verification failure 'self-signed certificate (18)' at stack position 0
[23:18:22:821] [17704:00004529] [WARN][com.freerdp.crypto] - [verify_cb]: CN = RDPWindows
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [x509_utils_from_pem]: BIO_new failed for certificate
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_certificate_name_mismatch_error]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_certificate_name_mismatch_error]: @           WARNING: CERTIFICATE NAME MISMATCH!           @
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_certificate_name_mismatch_error]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_certificate_name_mismatch_error]: The hostname used for this connection (127.0.0.1:3389) 
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_certificate_name_mismatch_error]: does not match the name given in the certificate:
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_certificate_name_mismatch_error]: Common Name (CN):
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_certificate_name_mismatch_error]:  RDPWindows
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_certificate_name_mismatch_error]: A valid certificate for the wrong name should NOT be trusted!
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: The host key for 127.0.0.1:3389 has changed
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: It is also possible that a host key has just been changed.
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: The fingerprint for the host key sent by the remote host is 7f:5f:16:4b:fb:a2:ab:7b:53:e0:0f:a0:b9:4b:43:72:f4:fb:da:02:b1:a8:55:0f:55:f8:19:05:dc:87:f1:9f
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: Please contact your system administrator.
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: Add correct host key in /home/username/.config/freerdp/server/127.0.0.1_3389.pem to get rid of this message.
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: Host key for 127.0.0.1 has changed and you have requested strict checking.
[23:18:22:822] [17704:00004529] [ERROR][com.freerdp.crypto] - [tls_print_new_certificate_warn]: Host key verification failed.
Certificate details for 127.0.0.1:3389 (RDP-Server):
    Common Name: RDPWindows
    Subject:     CN = RDPWindows
    Issuer:      CN = RDPWindows
    Thumbprint:  7f:5f:16:4b:fb:a2:ab:7b:53:e0:0f:a0:b9:4b:43:72:f4:fb:da:02:b1:a8:55:0f:55:f8:19:05:dc:87:f1:9f
The above X.509 certificate could not be verified, possibly because you do not have
the CA certificate in your certificate store, or the certificate has expired.
Please look at the OpenSSL documentation on how to add a private CA to the store.
Do you trust the above certificate? (Y/T/N) y
[23:18:25:988] [17704:00004529] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_AcquireCredentialsHandleA]: krb5_parse_name (Konfigurationsdatei gibt keinen Standard-Realm an [-1765328160])
[23:18:25:988] [17704:00004529] [ERROR][com.winpr.sspi.Kerberos] - [kerberos_AcquireCredentialsHandleA]: krb5_parse_name (Konfigurationsdatei gibt keinen Standard-Realm an [-1765328160])
[23:18:25:992] [17704:00004529] [INFO][com.winpr.timezone] - [winpr_detect_windows_time_zone]: tzid: Europe/Berlin
[23:18:25:995] [17704:00004529] [WARN][com.freerdp.core.license] - [license_read_binary_blob_data]: license binary blob::type BB_ERROR_BLOB, length=0, skipping.
[23:18:25:34] [17704:00004529] [INFO][com.freerdp.gdi] - [gdi_init_ex]: Local framebuffer format  PIXEL_FORMAT_BGRA32
[23:18:25:34] [17704:00004529] [INFO][com.freerdp.gdi] - [gdi_init_ex]: Remote framebuffer format PIXEL_FORMAT_BGRA32
[23:18:25:40] [17704:0000454f] [INFO][com.freerdp.channels.rdpdr.client] - [devman_load_device_service]: Loading device service drive [home] (static)
[23:18:25:40] [17704:00004529] [INFO][com.freerdp.channels.rdpsnd.client] - [rdpsnd_load_device_plugin]: [static] Loaded fake backend for rdpsnd
[23:18:25:40] [17704:00004529] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel ainput
[23:18:25:40] [17704:00004529] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel rdpgfx
[23:18:25:40] [17704:00004529] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel disp
[23:18:25:40] [17704:00004529] [INFO][com.freerdp.channels.drdynvc.client] - [dvcman_load_addin]: Loading Dynamic Virtual Channel rdpsnd
[23:18:25:206] [17704:00004554] [INFO][com.freerdp.channels.rdpsnd.client] - [rdpsnd_load_device_plugin]: [dynamic] Loaded fake backend for rdpsnd
[23:18:25:253] [17704:00004529] [WARN][com.freerdp.client.x11] - [xf_Pointer_get_window]: xf_Pointer: Invalid appWindow
[23:18:25:259] [17704:00004529] [WARN][com.freerdp.client.x11] - [xf_Pointer_get_window]: xf_Pointer: Invalid appWindow
[23:18:25:259] [17704:00004529] [WARN][com.freerdp.client.x11] - [xf_Pointer_Set]: handle=0
[23:18:25:260] [17704:00004529] [WARN][com.freerdp.client.x11] - [xf_Pointer_get_window]: xf_Pointer: Invalid appWindow
[23:18:25:260] [17704:00004529] [WARN][com.freerdp.client.x11] - [xf_Pointer_Set]: handle=0
[23:18:25:289] [17704:00004529] [WARN][com.freerdp.client.x11] - [xf_Pointer_get_window]: xf_Pointer: Invalid appWindow
[23:18:25:289] [17704:00004529] [WARN][com.freerdp.client.x11] - [xf_Pointer_Set]: handle=0
[23:18:25:369] [17704:00004529] [WARN][com.freerdp.client.x11] - [xf_Pointer_get_window]: xf_Pointer: Invalid appWindow
[23:18:25:369] [17704:00004529] [WARN][com.freerdp.client.x11] - [xf_Pointer_Set]: handle=0
[23:18:26:896] [17704:00004529] [INFO][com.freerdp.client.x11] - [xf_logon_error_info]: Logon Error Info LOGON_FAILED_OTHER [LOGON_MSG_BUMP_OPTIONS]
[23:18:26:931] [17704:00004529] [INFO][com.freerdp.client.x11] - [xf_logon_error_info]: Logon Error Info LOGON_FAILED_OTHER [UNKNOWN]

[LDprg]

@b1rkenwald are you using wayland? Wayland isn't compatible with winapps (will change in future).

[b1rkenwald]

The issue persists on x11/x-org. It might be an issue with Fedora, since both of my devices run on F40.

[LDprg]

@b1rkenwald Is the error log with x11 the same? Because the log you posted is about the window creation failure (which would be a typical wayland problem).

Can you also post a neofetch of you system for basic info.

Also try connecting to the vm by using the freerdp command directly.

[MrTumnis]

I use Fedora 40 and have run into the same issue. I noticed that the black screen happens when logged into the VM. I had to make sure I was not signed in from using a rdesktop or even xfreerdp in the command line.

[b1rkenwald]

The error log was the same, however, I have now got it to work using Wayland! Fedora users (especially those using Wayland) have to make sure to install the freerdp version that I mentioned above and change the winapps.conf. This version automatically uses xfreerdp instead of the normal freerdp. I also had to remove any trace of the normal freerdp. I can elaborate, if needed. I could also sum it into a guide, if you'd like. But now, everything works as it should!

Is there any way to enable copying from the clipboard between host and guest? Installing the virtio-guest-tools bricked the whole installation.

[MrTumnis]

Are you using workstation or atomic? I am curious what you mean by "remove all traces of freerdp." Also, I looked at their script and the clipboard setting is already integrated. I have not had issue using the clipboard myself.

[SmileYik]

The black full window appears to be generated because the login user specified by winapps has already logged in to the session through other means (such as virt-manager, other rdp clients), causing Windows to ask the user to choose whether to continue logging in to Windows with the current user after the user logs in normally.

I am using xfreerdp3 command, and when I encounter a black window, I will change command to wlfreerdp3, and run bin/winapps check to click the yes button to ensure i can login Windows. then change command back to xfreerdp3, and all things as normal. (by the way, when i using wlfreerdp3 command, it will freeze my computer, and i need to login other tty to killall wlfreerdp3 process)

I don't know the details but this way seems work for me.

[KernelGhost]

I use Fedora 40 (XFCE) with the X11 window system and have experienced this issue before. To resolve it, I had to run kill -9 $(pgrep xfreerdp). This problem reliably occurs when trying to use WinApps while the Windows user is logged in, and it can be avoided by ensuring the Windows user is not logged in during usage.