Kali linux: I cannot connect from remote system using xrdp and mstsc
7,863
The clue is in xrdp.log
line:
[20160725-14:04:03] [ERROR] Failure to connect to sesman: 127.0.0.1 port: 3350
try starting the service xrdp-sesman using one of the following methods:
$ service xrdp-sesman start
or
$ systemctl start xrdp-sesman
Related videos on Youtube
Author by
minami kotori
Updated on September 18, 2022Comments
-
minami kotori almost 2 years
I have some trouble
I want to connect to kali from remote system that is the Windows7 using xrdp and mstsc.
so I installed xrdp service and run, next I tried to connect from windows, but it didn't work, and had no error messages.
so I checked /var/log/xrdp.log, and got some clues.
It said that:
[20160725-14:03:37] [INFO ] A connection received from: 0.0.0.0 port 9036 [20160725-14:03:37] [INFO ] An established connection closed to endpoint: 0.0.0.0:9036 - socket: 11 [20160725-14:03:37] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 10 [20160725-14:03:37] [CORE ] WARNING: Invalid x.509 certificate path defined, default path will be used: /etc/xrdp/cert.pem [20160725-14:03:37] [WARN ] Invalid X.509 certificate path defined, default path will be used: /etc/xrdp/key.pem [20160725-14:03:37] [DEBUG] xrdp_000014b6_wm_login_mode_event_00000001 [20160725-14:03:37] [WARN ] local keymap file for 0xe0010412 found and doesn't match built in keymap, using local keymap file [20160725-14:03:51] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 16 [20160725-14:03:55] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 16 [20160725-14:03:59] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 16 [20160725-14:04:03] [ERROR] Failure to connect to sesman: 127.0.0.1 port: 3350 [20160725-14:04:03] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 16 [20160725-14:04:03] [DEBUG] return value from xrdp_mm_connect 1 [20160725-14:24:56] [INFO ] An established connection closed to endpoint: 0.0.0.0:9036 - socket: 11 [20160725-14:24:56] [DEBUG] xrdp_mm_module_cleanup [20160725-14:24:56] [ERROR] Listening socket is in wrong state we terminate listener
and I searched with the keywords "Invalid X.509 certificate path defined" and get some solutions.
chcon: can't apply partial context to unlabeled file '/usr/sbin/xrdp'
I tried it, but it also failed:
root@kali:~# chcon -u system_u -r object_r --type=bin_t /usr/sbin/xrdp chcon: can't apply partial context to unlabeled file '/usr/sbin/xrdp'
how can I solve this problem?
added
root@kali:~# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: default Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 30
-
ctrl-alt-delor almost 8 yearsDo you have selinux enabled? (because you use
chcon
) -
minami kotori almost 8 years@richard How can I check that?
-
ctrl-alt-delor almost 8 yearsYou used
chcon
, this indicates that you (or the person advising you) believe that you have security-enhanced-linux (selinux) enabled, or that you are using the wrong tool. (usesestatus
to check) -
minami kotori almost 8 years@richard When I input
sestatus
, the shell returns-su: sestatus: command not found
. Is this the selinux not enabled? -
minami kotori almost 8 years@richard ok,,, I installed selinux package and changed secure context of xrdp, srdp-sesman. but the errors are unchaned and I still can't connect
-
ctrl-alt-delor almost 8 yearsNo you have just added the management package (do NOT enable it). Add the results of
sestatus
to the question. At this stage I can not tell if this problem is related to selinux or not. -
minami kotori almost 8 years@richard OK, I appended
sestatus
result. please check and thanks -
ctrl-alt-delor almost 8 yearsFrom linux.com/answers/what-selinux-and-how-does-it-work — “The permissive option enables the SELinux code, but causes it to operate in a mode where accesses that would be denied by policy are permitted but audited.”. Therefore your problem is not with selinux, and
chcon
will not help you. -
ctrl-alt-delor almost 8 yearsTry connecting to rdp server, from a client on the server (it may give better feedback).
-