Package: xrdp Version: 0.9.9-1 Severity: normal Dear Maintainer,
* What led up to the situation? Buster install from network, xfce as desktop, xrdp and xorgxrdp installed later (full install automated). I have the problem both on physical server and in VM. * What was the outcome of this action? The service doesn't start, so the server doesn't accept connections Something is perhaps wrong with /run and /var/run according to the logs (below). If I restart the service, all is fine, it's perhaps a race condition. Notice that debian ships a prestart script which creates /var/run/xrdp root@phoenix:~# systemctl status xrdp ● xrdp.service - xrdp daemon Loaded: loaded (/lib/systemd/system/xrdp.service; enabled; vendor preset: enabled) Active: failed (Result: timeout) since Tue 2019-09-17 05:04:42 CEST; 1h 51min ago Docs: man:xrdp(8) man:xrdp.ini(5) sept. 17 05:03:11 phoenix systemd[1]: xrdp.service: Can't open PID file /run/xrdp/xrdp.pid (yet?) after start: No such file or directory sept. 17 05:03:12 phoenix systemd[1]: /lib/systemd/system/xrdp.service:8: PIDFile= references path below legacy directory /var/run/, updating /var/run/xrdp/xrdp.pid → /ru sept. 17 05:03:13 phoenix xrdp[1246]: (1246)(140441694279488)[INFO ] starting xrdp with pid 1246 sept. 17 05:03:13 phoenix xrdp[1246]: (1246)(140441694279488)[INFO ] listening to port 3389 on 0.0.0.0 sept. 17 05:04:42 phoenix systemd[1]: xrdp.service: Start operation timed out. Terminating. sept. 17 05:04:42 phoenix systemd[1]: xrdp.service: Failed with result 'timeout'. sept. 17 05:04:42 phoenix systemd[1]: Stopped xrdp daemon. sept. 17 05:33:12 phoenix systemd[1]: /lib/systemd/system/xrdp.service:8: PIDFile= references path below legacy directory /var/run/, updating /var/run/xrdp/xrdp.pid → /ru -- System Information: Debian Release: 10.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-6-amd64 (SMP w/40 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages xrdp depends on: ii adduser 3.118 ii libc6 2.28-10 ii libfuse2 2.9.9-1 ii libjpeg62-turbo 1:1.5.2-2+b1 ii libopus0 1.3-1 ii libpam0g 1.3.1-5 ii libssl1.1 1.1.1c-1 ii libx11-6 2:1.6.7-1 ii libxfixes3 1:5.0.3-1 ii libxrandr2 2:1.5.1-1 ii lsb-base 10.2019051400 ii ssl-cert 1.0.39 Versions of packages xrdp recommends: pn fuse <none> ii xorgxrdp 1:0.2.9-1 Versions of packages xrdp suggests: pn guacamole <none> pn xrdp-pulseaudio-installer <none> Versions of packages xorgxrdp depends on: ii libc6 2.28-10 pn xorg-input-abi-24 <none> ii xserver-xorg-core [xorg-video-abi-24] 2:1.20.4-1 Versions of packages xorgxrdp recommends: ii xorg 1:7.7+19 Versions of packages xrdp is related to: pn vnc-server <none> pn xserver-xorg-legacy <none> -- Configuration Files: /etc/xrdp/sesman.ini changed: ;; See `man 5 sesman.ini` for details [Globals] ListenAddress=127.0.0.1 ListenPort=3350 EnableUserWindowManager=true ; Give in relative path to user's home directory UserWindowManager=startwm.sh ; Give in full path or relative path to /etc/xrdp DefaultWindowManager=startwm.sh ; Give in full path or relative path to /etc/xrdp ReconnectScript=reconnectwm.sh [Security] AllowRootLogin=true MaxLoginRetry=4 TerminalServerUsers=tsusers TerminalServerAdmins=tsadmins ; When AlwaysGroupCheck=false access will be permitted ; if the group TerminalServerUsers is not defined. AlwaysGroupCheck=false [Sessions] ;; X11DisplayOffset - x11 display number offset ; Type: integer ; Default: 10 X11DisplayOffset=50 ;; MaxSessions - maximum number of connections to an xrdp server ; Type: integer ; Default: 0 MaxSessions=50 ;; KillDisconnected - kill disconnected sessions ; Type: boolean ; Default: false ; if 1, true, or yes, kill session after 60 seconds KillDisconnected=true ;; DisconnectedTimeLimit - when to kill idle sessions ; Type: integer ; Default: 0 ; if not zero, the seconds before a disconnected session is killed ; min 60 seconds DisconnectedTimeLimit=300 ;; IdleTimeLimit (specify in second) - wait before disconnect idle sessions ; Type: integer ; Default: 0 ; Set to 0 to disable idle disconnection. IdleTimeLimit=0 ;; Policy - session allocation policy ; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ] ; Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize> ; "UBD" session per <User,BitPerPixel,DisplaySize> ; "UBI" session per <User,BitPerPixel,IPAddr> ; "UBC" session per <User,BitPerPixel,Connection> ; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr> ; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection> Policy=Default [Logging] LogFile=xrdp-sesman.log LogLevel=DEBUG EnableSyslog=1 SyslogLevel=DEBUG ; ; Session definitions - startup command-line parameters for each session type ; [Xorg] ; Specify the path of non-suid Xorg executable. It might differ depending ; on your distribution and version. The typical path is shown as follows: ; ; Fedora 26 or later : param=/usr/libexec/Xorg ; Debian 9 or later : param=/usr/lib/xorg/Xorg ; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg ; Arch Linux : param=/usr/lib/xorg-server/Xorg ; CentOS 7 : param=/usr/bin/Xorg or param=Xorg ; param=/usr/lib/xorg/Xorg ; Leave the rest paramaters as-is unless you understand what will happen. param=-config param=xrdp/xorg.conf param=-noreset param=-nolisten param=tcp param=-logfile param=.xorgxrdp.%s.log [Xvnc] param=Xvnc param=-bs param=-nolisten param=tcp param=-localhost param=-dpi param=96 [Chansrv] ; drive redirection, defaults to xrdp_client if not set FuseMountName=thinclient_drives [SessionVariables] PULSE_SCRIPT=/etc/xrdp/pulse/default.pa /etc/xrdp/xrdp.ini changed: [Globals] ; xrdp.ini file version number ini_version=1 ; fork a new process for each incoming connection fork=true ; tcp port to listen port=3389 ; 'port' above should be connected to with vsock instead of tcp use_vsock=false ; regulate if the listening socket use socket option tcp_nodelay ; no buffering will be performed in the TCP stack tcp_nodelay=true ; regulate if the listening socket use socket option keepalive ; if the network connection disappear without close messages the connection will be closed tcp_keepalive=true ; security layer can be 'tls', 'rdp' or 'negotiate' ; for client compatible layer security_layer=negotiate ; minimum security level allowed for client ; can be 'none', 'low', 'medium', 'high', 'fips' crypt_level=high ; X.509 certificate and private key ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 certificate= key_file= ; set SSL protocols ; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3' ssl_protocols=TLSv1.2, TLSv1.3 ; set TLS cipher suites ; Section name to use for automatic login if the client sends username ; and password. If empty, the domain name sent by the client is used. ; If empty and no domain name is given, the first suitable section in ; this file will be used. autorun=Xorg allow_channels=true allow_multimon=true bitmap_cache=true bitmap_compression=true bulk_compression=true max_bpp=32 new_cursors=true ; fastpath - can be 'input', 'output', 'both', 'none' use_fastpath=both ; when true, userid/password *must* be passed on cmd line ; You can set the PAM error text in a gateway setup (MAX 256 chars) ; ; colors used by windows in RGB format ; blue=009cb5 grey=dedede ; ; configure login screen ; ; Login Screen Window Title ; top level window background color in RGB format ls_top_window_bg_color=009cb5 ; width and height of login screen ls_width=350 ls_height=430 ; login screen background color in RGB format ls_bg_color=dedede ; optional background image filename (bmp format). ; logo ; full path to bmp-file or file in shared folder ls_logo_filename= ls_logo_x_pos=55 ls_logo_y_pos=50 ; for positioning labels such as username, password etc ls_label_x_pos=30 ls_label_width=65 ; for positioning text and combo boxes next to above labels ls_input_x_pos=110 ls_input_width=210 ; y pos for first label and combo box ls_input_y_pos=220 ; OK button ls_btn_ok_x_pos=142 ls_btn_ok_y_pos=370 ls_btn_ok_width=85 ls_btn_ok_height=30 ; Cancel button ls_btn_cancel_x_pos=237 ls_btn_cancel_y_pos=370 ls_btn_cancel_width=85 ls_btn_cancel_height=30 [Logging] LogFile=xrdp.log LogLevel=DEBUG EnableSyslog=true SyslogLevel=DEBUG ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug [Channels] ; Channel names not listed here will be blocked by XRDP. ; You can block any channel by setting its value to false. ; IMPORTANT! All channels are not supported in all use ; cases even if you set all values to true. ; You can override these settings on each session type ; These settings are only used if allow_channels=true rdpdr=true rdpsnd=true drdynvc=true cliprdr=true rail=true xrdpvr=true tcutils=true ; for debugging xrdp, in section xrdp1, change port=-1 to this: ; for debugging xrdp, add following line to section xrdp1 ; ; Session types ; ; Some session types such as Xorg, X11rdp and Xvnc start a display server. ; Startup command-line parameters for the display server are configured ; in sesman.ini. See and configure also sesman.ini. [Xorg] name=Xorg lib=libxup.so username=ask password=ask ip=127.0.0.1 port=-1 code=20 [Xvnc] name=Xvnc lib=libvnc.so username=ask password=ask ip=127.0.0.1 port=-1 [vnc-any] name=vnc-any lib=libvnc.so ip=ask port=ask5900 username=na password=ask [neutrinordp-any] name=neutrinordp-any lib=libxrdpneutrinordp.so ip=ask port=ask3389 username=ask password=ask ; You can override the common channel settings for each session type -- no debconf information