www.cendio.com
Bug 4501 - Add support for reconnect on disconnect at network failure.
: Add support for reconnect on disconnect at network failure.
Status: CLOSED FIXED
: ThinLinc
| rdesktop (deprecated)
: 4.0.0
: PC Unknown
: P2 Normal
: 4.1.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2012-12-05 16:16 by
Modified: 2013-06-27 14:02 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2012-12-05 16:16:23

    
------- Comment #1 From cendio 2013-02-08 09:25:02 -------
rdesktop does support reconnection using the "cookie", however its only used
for reconnection when windows resize should be performed. A connection error
does not trig this reconnection using the "cookie".

The approach should probably be X number of connection retries with Y seconds
sleep between each retry. X*Y seconds should not be larger the the "cookie"
lifetime and Y should probably be smaller then 10 seconds.
------- Comment #2 From cendio 2013-02-08 14:45:25 -------
The cookie lifetime  = session lifetime stated by following information in the 
RDPBCGR specifications:

"The auto-reconnect cookie associated with a given session is flushed and
regenerated whenever a client connects to the session or the session is reset.
This ensures that if a different client connects to the session, then any
previous clients which were connected can no longer use the auto-reconnect
mechanism to connect. Furthermore, the server invalidates and updates the
cookie at hourly intervals, sending the new cookie to the client in the Save
Session Info PDU."
------- Comment #3 From cendio 2013-04-04 15:38:25 -------
To get around the problem with TCP timeout we need to find a way to simulate a
ping over the rdp connection to detect timeouts within sane timerange.
------- Comment #4 From cendio 2013-04-12 08:49:14 -------
Upstream commit 1707 adds reconnect upon network failure.

I have tested this against 2008 R2 server, both seamless and with a standard
desktop using SSL. I also tested to reconnect to a standard desktop of 2003
server using plain RDP.
------- Comment #6 From cendio 2013-06-19 11:07:52 -------
First attempt, using SSL and doing -j REJECT:

Autoselected keyboard map en-gb
warning: unable to open /etc/gssapi_mech.conf: errno 2 (No such file or
directory)
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using SSL.
WARNING: Remote desktop does not support colour depth 24; falling back to 16
ERROR: SSL_write: 5 (Connection reset by peer)
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
139735947769536:error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write
retry:s3_pkt.c:866:
Disconnected due to network error, retrying to reconnect for 70 minutes.
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using plain RDP.
ERROR: recv: Connection reset by peer
ERROR: send: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using plain RDP.
ERROR: recv: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using plain RDP.
ERROR: recv: Connection reset by peer
ERROR: send: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using plain RDP.
ERROR: Connection closed
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using plain RDP.
ERROR: recv: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using SSL.


Two issues here:

1. A whole bunch of extra write errors from SSL (can we silence these though?)

2. 5 bad reconnects with RDP encryption before it properly connected with TLS.
------- Comment #7 From cendio 2013-06-19 11:10:01 -------
Somewhat saner behaviour with --reject-with tcp-reset:

ERROR: SSL_read: 5 (Connection reset by peer)
Disconnected due to network error, retrying to reconnect for 70 minutes.
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using plain RDP.
ERROR: send: Connection reset by peer
ERROR: Connection closed
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using SSL.

Still one spurious connection here as well.
------- Comment #8 From cendio 2013-06-19 12:24:06 -------
Third test case was doing a timeout (by disabling the network for the server in
vmware). In this case it had 33 failed attempts (with RDP encryption) before it
succeeded (with TLS). Each attempt was also a couple of seconds long, so it
took quite some time before it reconnected properly.
------- Comment #9 From cendio 2013-06-19 16:01:42 -------
Tried forcing it to SSL in the WTS configuration, and did the timeout test
again:

Disconnected due to network error, retrying to reconnect for 70 minutes.
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Failed to connect, SSL required by server.
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Failed to connect, SSL required by server.
...
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Failed to connect, SSL required by server.
ERROR: send: Connection reset by peer
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using SSL.
WARNING: CredSSP: System doesn't have support for desired authentication
mechanism.
Connection established using SSL.
------- Comment #10 From cendio 2013-06-20 06:03:33 -------
(In reply to comment #8)
> Third test case was doing a timeout (by disabling the network for the server in
> vmware). In this case it had 33 failed attempts (with RDP encryption) before it
> succeeded (with TLS). Each attempt was also a couple of seconds long, so it
> took quite some time before it reconnected properly.

This is fixed upstream in commit 1715, RDP connection will not fail is server
accepts it. However there is an unknown reason why the server announces he only
accepts RDP connectionsfor X times and then announce SSL.
------- Comment #11 From cendio 2013-06-20 06:06:42 -------
(In reply to comment #6)
> 1. A whole bunch of extra write errors from SSL (can we silence these though?)
> 
These errors are not printed from rdesktop as i could find.
------- Comment #12 From cendio 2013-06-20 15:00:31 -------
Commit r27548 brings fixes for reported issues.
------- Comment #13 From cendio 2013-06-27 11:04:31 -------
Pending resize does not work as expected, reconnect does fail and its probably
related to this bug.
------- Comment #14 From cendio 2013-06-27 11:20:35 -------
(In reply to comment #13)
> Pending resize does not work as expected, reconnect does fail and its probably
> related to this bug.

A bug has been created for this issue, #4729
------- Comment #15 From cendio 2013-06-27 14:02:14 -------
(In reply to comment #14)
> (In reply to comment #13)
> > Pending resize does not work as expected, reconnect does fail and its probably
> > related to this bug.
> 
> A bug has been created for this issue, #4729

Closing this bug now, the new bug handles the issue with reconnects using SSL,
reconnect without SSL works ok, verified against demosystem.