xrdp sessions fail with Quest/OneIdentity Safeguard for Privileged Sessions #3498
Description
xrdp version
0.10.2
Detailed xrdp version, build options
xrdp 0.10.2
A Remote Desktop Protocol Server.
Copyright (C) 2004-2024 Jay Sorg, Neutrino Labs, and all contributors.
See https://github.com/neutrinolabs/xrdp for more information.
Configure options:
--build=x86_64-redhat-linux-gnu
--host=x86_64-redhat-linux-gnu
--program-prefix=
--disable-dependency-tracking
--prefix=/usr
--exec-prefix=/usr
--bindir=/usr/bin
--sbindir=/usr/sbin
--sysconfdir=/etc
--datadir=/usr/share
--includedir=/usr/include
--libdir=/usr/lib64
--libexecdir=/usr/libexec
--localstatedir=/var
--sharedstatedir=/var/lib
--mandir=/usr/share/man
--infodir=/usr/share/info
--enable-fuse
--enable-pixman
--enable-painter
--enable-vsock
--enable-ipv6
--enable-utmp
--with-socketdir=/run/xrdp
--with-imlib2
build_alias=x86_64-redhat-linux-gnu
host_alias=x86_64-redhat-linux-gnu
CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
CXXFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig
Compiled with OpenSSL 1.1.1k FIPS 25 Mar 2021
Operating system & version
Oracle Linux 8.9
Installation method
dnf / apt / zypper / pkg / etc
Which backend do you use?
Xvnc (tigervnc-server-minimal-1.13.1-15.el8_10)
What desktop environment do you use?
any
Environment xrdp running on
VM
What's your client?
No response
Area(s) with issue?
Compatiblity aginst clients
Steps to reproduce
A privileged access management (PAM) product "Safeguard for Privileged Sessions" from OneIdentity (brand of Quest) fails to connect to xrdp. A session is opened and immediately closed before any interaction is possible.
OneIdentity/Quest refuses to support xrdp.
Seemingly relevant log entries from the PAM product:
rdp.error(4): (svc/b6mu1FJJRQBizkcnpP1bbz/RDP_Internal:21/rdp): Static virtual channel count mismatch; client_to_server='4', server_to_client='3'
rdp.error(4): (svc/b6mu1FJJRQBizkcnpP1bbz/RDP_Internal:21/rdp): Function failed; function='rdp_mangle_mcs_init_rsp'
rdp.error(4): (svc/b6mu1FJJRQBizkcnpP1bbz/RDP_Internal:21/rdp): Function failed; function='rdp_mangle_pdu_dt'
rdp.error(4): (svc/b6mu1FJJRQBizkcnpP1bbz/RDP_Internal:21/rdp): Function failed; function='rdp_mangle_iso3'
Not sure whether this is some protocol version mismatch, different implementations / implemented protocol features or something else.
Please note that in the issue form "Area(s) with issue?" has a small typo - "aginst".
✔️ Expected Behavior
Session working.
❌ Actual Behavior
Session fails immediately.
Anything else?
No response