Discussion:
[Freerdp-devel] Hyper-V RDP connection
Alessandro Pilotti
2012-04-29 15:25:17 UTC
Permalink
Hi guys,

I'd like to use FreeRDP to connect to Microsoft Hyper-V hosts for guest management.
I'd be glad to help in developing missing features in case.

From what I collected so far, it's a standard RDP connection on port 2179 instead of 3389 with some additional data that needs to be passed in a Pre-Connection blob in order for the host to know to what guest to connect.

Here's a thread on technet on the subject inclusing some samples related to the RDP ActiveX control as a starting point:
http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/9b208cdb-a8c8-4afc-ba2d-230f63182bb9/



Thanks!

Alessandro Pilotti
Cloudbase Solutions Srl
------------------------------------------------------------
IT Consultant & Technical Speaker

MVP ASP.Net / IIS
Microsoft Certified Professional & Trainer
MCSD, MCAD, MCSE, MCDBA, MCTS, MCT
RHCE - Red Hat Certified Engineer
------------------------------------------------------------
Marc-André Moreau
2012-04-29 20:34:58 UTC
Permalink
Hi Alessandro,

I'm not sure if this is fully documented in the specs, but I think it would
be very helpful if you could take a packet capture with wireshark so we can
have a sample of the connection sequence messages.

I don't think anyone has implemented it, but it does not look that hard to
implement. Your contributions are welcome :)
Post by Alessandro Pilotti
Hi guys,
I'd like to use FreeRDP to connect to Microsoft Hyper-V hosts for guest management.
I'd be glad to help in developing missing features in case.
Alessandro Pilotti
2012-04-30 02:11:30 UTC
Permalink
Hi Marc,

please find attached the Wireshark packet captute export.
Filter: tcp.port == 2179

here's the .Net code that I used to generate it, wrapping mstscax.dll.

Interop assemblies assemblies generated with:
aximp %windir%\system32\mstscax.dll

The server OS is Hyper-V Server 2008 R2 SP1.


AxMsRdpClient7NotSafeForScripting m_RdpClient = new AxMsRdpClient7NotSafeForScripting();
m_RdpClient.Dock = DockStyle.Fill;

this.Controls.Add(m_RdpClient);

m_RdpClient.DesktopWidth = 1024;
m_RdpClient.DesktopHeight = 768;
//m_RdpClient.FullScreen = true;

m_RdpClient.Server = "Server";

m_RdpClient.UserName = "Administrator";
m_RdpClient.AdvancedSettings2.ClearTextPassword = "******";

m_RdpClient.AdvancedSettings2.RDPPort = 2179;
m_RdpClient.AdvancedSettings7.PCB = "7C50BF91-2D18-4683-8737-74774519F3B9";

m_RdpClient.AdvancedSettings7.AuthenticationServiceClass = "Microsoft Virtual Console Service";
m_RdpClient.AdvancedSettings8.EnableCredSspSupport = true;
m_RdpClient.AdvancedSettings8.NegotiateSecurityLayer = false;

m_RdpClient.Connect();


Thanks!

Alessandro
Post by Marc-André Moreau
Hi Alessandro,
I'm not sure if this is fully documented in the specs, but I think it would be very helpful if you could take a packet capture with wireshark so we can have a sample of the connection sequence messages.
I don't think anyone has implemented it, but it does not look that hard to implement. Your contributions are welcome :)
Hi guys,
I'd like to use FreeRDP to connect to Microsoft Hyper-V hosts for guest management.
I'd be glad to help in developing missing features in case.
Post by Alessandro Pilotti
From what I collected so far, it's a standard RDP connection on port 2179 instead of 3389 with some additional data that needs to be passed in a Pre-Connection blob in order for the host to know to what guest to connect.
http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/9b208cdb-a8c8-4afc-ba2d-230f63182bb9/
Thanks!
Alessandro Pilotti
Cloudbase Solutions Srl
------------------------------------------------------------
IT Consultant & Technical Speaker
MVP ASP.Net / IIS
Microsoft Certified Professional & Trainer
MCSD, MCAD, MCSE, MCDBA, MCTS, MCT
RHCE - Red Hat Certified Engineer
------------------------------------------------------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
Alessandro Pilotti
2012-04-30 02:17:11 UTC
Permalink
the attachment in my previous email got removed, here's a link to the Wireshark capture data:

http://dl.dropbox.com/u/9060190/VMRDP_packets.txt.zip

Alessandro
Post by Alessandro Pilotti
Hi Marc,
please find attached the Wireshark packet captute export.
Filter: tcp.port == 2179
here's the .Net code that I used to generate it, wrapping mstscax.dll.
aximp %windir%\system32\mstscax.dll
The server OS is Hyper-V Server 2008 R2 SP1.
AxMsRdpClient7NotSafeForScripting m_RdpClient = new AxMsRdpClient7NotSafeForScripting();
m_RdpClient.Dock = DockStyle.Fill;
this.Controls.Add(m_RdpClient);
m_RdpClient.DesktopWidth = 1024;
m_RdpClient.DesktopHeight = 768;
//m_RdpClient.FullScreen = true;
m_RdpClient.Server = "Server";
m_RdpClient.UserName = "Administrator";
m_RdpClient.AdvancedSettings2.ClearTextPassword = "******";
m_RdpClient.AdvancedSettings2.RDPPort = 2179;
m_RdpClient.AdvancedSettings7.PCB = "7C50BF91-2D18-4683-8737-74774519F3B9";
m_RdpClient.AdvancedSettings7.AuthenticationServiceClass = "Microsoft Virtual Console Service";
m_RdpClient.AdvancedSettings8.EnableCredSspSupport = true;
m_RdpClient.AdvancedSettings8.NegotiateSecurityLayer = false;
m_RdpClient.Connect();
Thanks!
Alessandro
Post by Marc-André Moreau
Hi Alessandro,
I'm not sure if this is fully documented in the specs, but I think it would be very helpful if you could take a packet capture with wireshark so we can have a sample of the connection sequence messages.
I don't think anyone has implemented it, but it does not look that hard to implement. Your contributions are welcome :)
Hi guys,
I'd like to use FreeRDP to connect to Microsoft Hyper-V hosts for guest management.
I'd be glad to help in developing missing features in case.
Post by Alessandro Pilotti
From what I collected so far, it's a standard RDP connection on port 2179 instead of 3389 with some additional data that needs to be passed in a Pre-Connection blob in order for the host to know to what guest to connect.
http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/9b208cdb-a8c8-4afc-ba2d-230f63182bb9/
Thanks!
Alessandro Pilotti
Cloudbase Solutions Srl
------------------------------------------------------------
IT Consultant & Technical Speaker
MVP ASP.Net / IIS
Microsoft Certified Professional & Trainer
MCSD, MCAD, MCSE, MCDBA, MCTS, MCT
RHCE - Red Hat Certified Engineer
------------------------------------------------------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
Marc-André Moreau
2012-04-30 02:19:02 UTC
Permalink
Do you have the pcap file? it's easier to read for me than the text output
Post by Alessandro Pilotti
the attachment in my previous email got removed, here's a link to the
http://dl.dropbox.com/u/9060190/VMRDP_packets.txt.zip
Alessandro
Hi Marc,
please find attached the Wireshark packet captute export.
Filter: tcp.port == 2179
here's the .Net code that I used to generate it, wrapping mstscax.dll.
aximp %windir%\system32\mstscax.dll
The server OS is Hyper-V Server 2008 R2 SP1.
AxMsRdpClient7NotSafeForScripting m_RdpClient = new
AxMsRdpClient7NotSafeForScripting();
m_RdpClient.Dock = DockStyle.Fill;
this.Controls.Add(m_RdpClient);
m_RdpClient.DesktopWidth = 1024;
m_RdpClient.DesktopHeight = 768;
//m_RdpClient.FullScreen = true;
m_RdpClient.Server = "Server";
m_RdpClient.UserName = "Administrator";
m_RdpClient.AdvancedSettings2.ClearTextPassword = "******";
m_RdpClient.AdvancedSettings2.RDPPort = 2179;
m_RdpClient.AdvancedSettings7.PCB =
"7C50BF91-2D18-4683-8737-74774519F3B9";
m_RdpClient.AdvancedSettings7.AuthenticationServiceClass =
"Microsoft Virtual Console Service";
m_RdpClient.AdvancedSettings8.EnableCredSspSupport = true;
m_RdpClient.AdvancedSettings8.NegotiateSecurityLayer = false;
m_RdpClient.Connect();
Thanks!
Alessandro
Hi Alessandro,
I'm not sure if this is fully documented in the specs, but I think it
would be very helpful if you could take a packet capture with wireshark so
we can have a sample of the connection sequence messages.
I don't think anyone has implemented it, but it does not look that hard to
implement. Your contributions are welcome :)
Hi guys,
I'd like to use FreeRDP to connect to Microsoft Hyper-V hosts for guest management.
I'd be glad to help in developing missing features in case.
Alessandro Pilotti
2012-04-30 02:36:16 UTC
Permalink
Here it is: http://dl.dropbox.com/u/9060190/vmrdp.pcap.zip

Generated with: dumpcap -f "tcp port 2179" -w vmrdp.pcap


Thanks,

Alessandro
Post by Marc-André Moreau
Do you have the pcap file? it's easier to read for me than the text output
http://dl.dropbox.com/u/9060190/VMRDP_packets.txt.zip
Alessandro
Post by Alessandro Pilotti
Hi Marc,
please find attached the Wireshark packet captute export.
Filter: tcp.port == 2179
here's the .Net code that I used to generate it, wrapping mstscax.dll.
aximp %windir%\system32\mstscax.dll
The server OS is Hyper-V Server 2008 R2 SP1.
AxMsRdpClient7NotSafeForScripting m_RdpClient = new AxMsRdpClient7NotSafeForScripting();
m_RdpClient.Dock = DockStyle.Fill;
this.Controls.Add(m_RdpClient);
m_RdpClient.DesktopWidth = 1024;
m_RdpClient.DesktopHeight = 768;
//m_RdpClient.FullScreen = true;
m_RdpClient.Server = "Server";
m_RdpClient.UserName = "Administrator";
m_RdpClient.AdvancedSettings2.ClearTextPassword = "******";
m_RdpClient.AdvancedSettings2.RDPPort = 2179;
m_RdpClient.AdvancedSettings7.PCB = "7C50BF91-2D18-4683-8737-74774519F3B9";
m_RdpClient.AdvancedSettings7.AuthenticationServiceClass = "Microsoft Virtual Console Service";
m_RdpClient.AdvancedSettings8.EnableCredSspSupport = true;
m_RdpClient.AdvancedSettings8.NegotiateSecurityLayer = false;
m_RdpClient.Connect();
Thanks!
Alessandro
Post by Marc-André Moreau
Hi Alessandro,
I'm not sure if this is fully documented in the specs, but I think it would be very helpful if you could take a packet capture with wireshark so we can have a sample of the connection sequence messages.
I don't think anyone has implemented it, but it does not look that hard to implement. Your contributions are welcome :)
Hi guys,
I'd like to use FreeRDP to connect to Microsoft Hyper-V hosts for guest management.
I'd be glad to help in developing missing features in case.
Post by Alessandro Pilotti
From what I collected so far, it's a standard RDP connection on port 2179 instead of 3389 with some additional data that needs to be passed in a Pre-Connection blob in order for the host to know to what guest to connect.
http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/9b208cdb-a8c8-4afc-ba2d-230f63182bb9/
Thanks!
Alessandro Pilotti
Cloudbase Solutions Srl
------------------------------------------------------------
IT Consultant & Technical Speaker
MVP ASP.Net / IIS
Microsoft Certified Professional & Trainer
MCSD, MCAD, MCSE, MCDBA, MCTS, MCT
RHCE - Red Hat Certified Engineer
------------------------------------------------------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
Alessandro Pilotti
2012-05-06 17:13:20 UTC
Permalink
Marc,

I discovered that the Microsoft RDP ActiveX requires the attached CredSSP settings in the registry in order to connect to an Hyper-V host on port 2179 for VM console access.

Thanks,

Alessandro


Note: Save the following text in a .reg file in order to import in in the registry.



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials]
"Hyper-V"="Microsoft Virtual Console Service/*"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain]
"Hyper-V"="Microsoft Virtual Console Service/*"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials]
"Hyper-V"="Microsoft Virtual Console Service/*"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain]
"Hyper-V"="Microsoft Virtual Console Service/*"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly]
"Hyper-V"="Microsoft Virtual Console Service/*"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain]
"Hyper-V"="Microsoft Virtual Console Service/*"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentials]
"Hyper-V"="Microsoft Virtual Console Service/*"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain]
"Hyper-V"="Microsoft Virtual Console Service/*"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly]
"Hyper-V"="Microsoft Virtual Console Service/*"
Post by Marc-André Moreau
Hi Alessandro,
I'm not sure if this is fully documented in the specs, but I think it would be very helpful if you could take a packet capture with wireshark so we can have a sample of the connection sequence messages.
I don't think anyone has implemented it, but it does not look that hard to implement. Your contributions are welcome :)
Hi guys,
I'd like to use FreeRDP to connect to Microsoft Hyper-V hosts for guest management.
I'd be glad to help in developing missing features in case.
Post by Alessandro Pilotti
From what I collected so far, it's a standard RDP connection on port 2179 instead of 3389 with some additional data that needs to be passed in a Pre-Connection blob in order for the host to know to what guest to connect.
http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/9b208cdb-a8c8-4afc-ba2d-230f63182bb9/
Thanks!
Alessandro Pilotti
Cloudbase Solutions Srl
------------------------------------------------------------
IT Consultant & Technical Speaker
MVP ASP.Net / IIS
Microsoft Certified Professional & Trainer
MCSD, MCAD, MCSE, MCDBA, MCTS, MCT
RHCE - Red Hat Certified Engineer
------------------------------------------------------------
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
nikhil
2012-07-19 09:19:27 UTC
Permalink
Post by Alessandro Pilotti
Marc,
I discovered that the Microsoft RDP ActiveX requires the attached CredSSP
settings in the registry in
Post by Alessandro Pilotti
order to connect to an Hyper-V host on port 2179 for VM console access.
Thanks,
Alessandro
Note: Save the following text in a .reg file in order to import in in the registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowDefaultCredentials]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowDefaultCredentialsDomain]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowFreshCredentials]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowFreshCredentialsDomain]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowFreshCredentialsWhenNTLMOnly]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowFreshCredentialsWhenNTLMOnlyDomain]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowSavedCredentials]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowSavedCredentialsDomain]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowSavedCredentialsWhenNTLMOnly]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
Post by Marc-André Moreau
Hi Alessandro,
I'm not sure if this is fully documented in the specs, but I think it would
be very helpful if you could take a
Post by Alessandro Pilotti
packet capture with wireshark so we can have a sample of the connection
sequence messages.
Post by Alessandro Pilotti
Post by Marc-André Moreau
I don't think anyone has implemented it, but it does not look that hard to
implement. Your contributions
Post by Alessandro Pilotti
are welcome :)
Post by Marc-André Moreau
On Sun, Apr 29, 2012 at 8:25 AM, Alessandro Pilotti <ap <at> pilotti.it>
Hi guys,
I'd like to use FreeRDP to connect to Microsoft Hyper-V hosts for guest management.
I'd be glad to help in developing missing features in case.
Lysann Kessler
2012-07-19 11:16:01 UTC
Permalink
Hi,

please see my email from June as well:
http://sourceforge.net/mailarchive/forum.php?thread_name=51E23287-9A47-4E91-BE1B-226309A2D48F%40gmail.com&forum_name=freerdp-devel
There I listed the problems that must be tackled in order to get it working.

I also have Wireshark captures incl. SSL certificates for dissection, if you are interested in these…

I copied Omie to this email, because he's also working on the issue.
Omie, do you have any progress or information to share with us? ;)

Regards,
Lysann
Post by Alessandro Pilotti
Post by Alessandro Pilotti
Marc,
I discovered that the Microsoft RDP ActiveX requires the attached CredSSP
settings in the registry in
Post by Alessandro Pilotti
order to connect to an Hyper-V host on port 2179 for VM console access.
Thanks,
Alessandro
Note: Save the following text in a .reg file in order to import in in the
registry.
Post by Alessandro Pilotti
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowDefaultCredentials]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowDefaultCredentialsDomain]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowFreshCredentials]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowFreshCredentialsDomain]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowFreshCredentialsWhenNTLMOnly]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowFreshCredentialsWhenNTLMOnlyDomain]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowSavedCredentials]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowSavedCredentialsDomain]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\
AllowSavedCredentialsWhenNTLMOnly]
Post by Alessandro Pilotti
"Hyper-V"="Microsoft Virtual Console Service/*"
Post by Marc-André Moreau
Hi Alessandro,
I'm not sure if this is fully documented in the specs, but I think it would
be very helpful if you could take a
Post by Alessandro Pilotti
packet capture with wireshark so we can have a sample of the connection
sequence messages.
Post by Alessandro Pilotti
Post by Marc-André Moreau
I don't think anyone has implemented it, but it does not look that hard to
implement. Your contributions
Post by Alessandro Pilotti
are welcome :)
Post by Marc-André Moreau
On Sun, Apr 29, 2012 at 8:25 AM, Alessandro Pilotti <ap <at> pilotti.it>
Hi guys,
I'd like to use FreeRDP to connect to Microsoft Hyper-V hosts for guest
management.
Post by Alessandro Pilotti
Post by Marc-André Moreau
I'd be glad to help in developing missing features in case.
Post by Alessandro Pilotti
From what I collected so far, it's a standard RDP connection on port 2179
instead of 3389 with some
Post by Alessandro Pilotti
additional data that needs to be passed in a Pre-Connection blob in order for
the host to know to what guest
Post by Alessandro Pilotti
to connect.
Post by Marc-André Moreau
Here's a thread on technet on the subject inclusing some samples related to
the RDP ActiveX control as a
Post by Alessandro Pilotti
Post by Marc-André Moreau
http://social.technet.microsoft.com/Forums/en-
US/winserverhyperv/thread/9b208cdb-a8c8-4afc-ba2d-230f63182bb9/
Post by Alessandro Pilotti
Post by Marc-André Moreau
Thanks!
Alessandro Pilotti
Cloudbase Solutions Srl
------------------------------------------------------------
IT Consultant & Technical Speaker
MVP ASP.Net / IIS
Microsoft Certified Professional & Trainer
MCSD, MCAD, MCSE, MCDBA, MCTS, MCT
RHCE - Red Hat Certified Engineer
------------------------------------------------------------
----------------------------------------------------------------------------
--
Post by Alessandro Pilotti
Post by Marc-André Moreau
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
Freerdp-devel <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Hello Alessandro,
Have you guys managed to get it working?
I have also got the same requirement, knowledge of steps you have already taken
would really help. I will take it on from there.
Thanks
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
nikhil
2012-07-23 06:18:18 UTC
Permalink
Yes you are right, graphics is badly distorted.
I captured few packets to look in to them. After 3-way handshaking, the first
packet that is sent from client looks good.
At least it's format is exactly the same as they have pointed out in the open
specification.
But the packet that is sent after this one is different when compared with the
one that is sent from the windows client.

any ideas on this?
Lysann Kessler
2012-07-24 11:53:32 UTC
Permalink
@everybody: Are there any known issues with bitmap decompression, or with bitmap drawing in the X11 client? In this case it's 16bpp, if this makes a difference.

Long version:
To make sure we all talk about the same packages, please see the file attached.
Let me outline the communication sequence (skip to #51 for the short version):

Preconnection information
- packet 1: preconnection blob with VM id

Establish secure connection
- packets 2-5: SSL handshake
- packets 6-10: CredSSP … stuff. Let's just assume it works, because there is a lot of communication afterwards.

Connection initiation, basic settings exchange
- packets 11 & 12: X.224 Connection Request & Confirm
- packets 13 & 14: Connect-Inital PDU with GCC Conference Create Request & Connect-Response

Channel connection
- packet 15: Erect Domain Request
- packets 16 & 17: Attach User Request & Confirm
- packets 18-21: two Join Channel Requests and Confirms

Secure settings exchange, licensing
- packet 22: Client Info PDU
- packet 23: License Error PDU

Capabilities exchange
- packet 24: Demand Active PDU (interesting: the server requests 32 bpp although the client declared it cannot handle 32 bpp)
- packet 25: Confirm Active PDU (interesting: the client honors the 32 bpp request)

Connection finalization
- packets 26-34: server's Synchronize PDU, server's Cooperate Control PDU, client's Synchronize PDU, client's Cooperate Control PDU, client's Request Control PDU, server's Granted Control PDU, client's Persistent Key List PDU, client's Font List PDU, server's Font Map PDU

Deactivation-reactivation sequence
- packet 35: Deactivate All PDU
- packets 36-46: repetition of packets 24-34, except shareId is now 0x000203ea instead of 0x000103ea and preferredBitsPerPixel is now 16 instead 32. So the 32 bpp from packets 24 and 25 do not matter anymore.
- packet 47: Save Session Info (login notification)

RDP payload messages
- packet 48 & 49: Fast-Path Input events (tab key released & sync event)
- packet 50: Fast-Path Update with the cursor image (the cursor is drawn fine btw.)
- packet 51: Fast-Path Update with the first bitmap from the server (it's 16bpp)

If I stop FreeRDP from processing any further fast-path bitmap updates at this point, I end up with a distorted little rectangle in the upper left corner of the screen. So obviously something goes wrong in decoding or drawing the rectangle.
The communication before that point looks ok to me.

So let's have a look at the bitmap decompression and drawing.
Any ideas? Any known issues?
Post by nikhil
Yes you are right, graphics is badly distorted.
I captured few packets to look in to them. After 3-way handshaking, the first
packet that is sent from client looks good.
At least it's format is exactly the same as they have pointed out in the open
specification.
But the packet that is sent after this one is different when compared with the
one that is sent from the windows client.
any ideas on this?
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
Lysann Kessler
2012-07-24 15:34:44 UTC
Permalink
I got it!

It's a bug in the X11 client that occurs if the preferredBitsPerPixel option changes during the deactivation-reactivation sequence.
Upon the first successful connection the server sets preferredBitsPerPixel to 32, and the client saves this value in xf_post_connect (xfi->srcBpp = instance->settings->color_depth).
But during the deactivation-reactivation sequence the server sends preferredBitsPerPixel=16, but the value in xfi is not updated.
Thus, color conversion in xf_Bitmap_New is broken, because srcBpp is assumed to be 32, but it should be 16.

Using this line
data = freerdp_image_convert(bitmap->data, NULL, bitmap->width, bitmap->height, bitmap->bpp, xfi->bpp, xfi->clrconv);
instead of this
data = freerdp_image_convert(bitmap->data, NULL, bitmap->width, bitmap->height, xfi->srcBpp, xfi->bpp, xfi->clrconv);
results in the expected bitmap output.

So the question is: should we fix this by ...
1) using the line above, or
2) updating xfi->srcBpp during reactivation (is it ok to just change it on the fly?), or
3) doing both of the above?

Cheers,
Lysann
Post by nikhil
Yes you are right, graphics is badly distorted.
I captured few packets to look in to them. After 3-way handshaking, the first
packet that is sent from client looks good.
At least it's format is exactly the same as they have pointed out in the open
specification.
But the packet that is sent after this one is different when compared with the
one that is sent from the windows client.
any ideas on this?
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
Christian Nilsson
2012-07-24 19:41:16 UTC
Permalink
Hi,
Changing that line as you propose would make -a 15 not working i believe...
Please see https://github.com/FreeRDP/FreeRDP/pull/614

Regards,
Christian

On Tue, Jul 24, 2012 at 5:34 PM, Lysann Kessler <
Post by Lysann Kessler
I got it!
It's a bug in the X11 client that occurs if the preferredBitsPerPixel
option changes during the deactivation-reactivation sequence.
Upon the first successful connection the server sets preferredBitsPerPixel
to 32, and the client saves this value in xf_post_connect (xfi->srcBpp =
instance->settings->color_depth).
But during the deactivation-reactivation sequence the server sends
preferredBitsPerPixel=16, but the value in xfi is not updated.
Thus, color conversion in xf_Bitmap_New is broken, because srcBpp is
assumed to be 32, but it should be 16.
Using this line
data = freerdp_image_convert(bitmap->data, NULL, bitmap->width,
bitmap->height, bitmap->bpp, xfi->bpp, xfi->clrconv);
instead of this
data = freerdp_image_convert(bitmap->data, NULL, bitmap->width,
bitmap->height, xfi->srcBpp, xfi->bpp, xfi->clrconv);
results in the expected bitmap output.
So the question is: should we fix this by ...
1) using the line above, or
2) updating xfi->srcBpp during reactivation (is it ok to just change it on the fly?), or
3) doing both of the above?
Cheers,
Lysann
Post by nikhil
Yes you are right, graphics is badly distorted.
I captured few packets to look in to them. After 3-way handshaking, the
first
Post by nikhil
packet that is sent from client looks good.
At least it's format is exactly the same as they have pointed out in the
open
Post by nikhil
specification.
But the packet that is sent after this one is different when compared
with the
Post by nikhil
one that is sent from the windows client.
any ideas on this?
------------------------------------------------------------------------------
Post by nikhil
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
Lysann Kessler
2012-07-24 20:19:40 UTC
Permalink
The pull request is just the reverse operation, you are right.

Does this mean that TS_BITMAP_DATA.bitsPerPixel=16 if 15 bits per pixel were selected for the session? oO

Regards,
Lysann
Post by Christian Nilsson
Hi,
Changing that line as you propose would make -a 15 not working i believe...
Please see https://github.com/FreeRDP/FreeRDP/pull/614
Regards,
Christian
I got it!
It's a bug in the X11 client that occurs if the preferredBitsPerPixel option changes during the deactivation-reactivation sequence.
Upon the first successful connection the server sets preferredBitsPerPixel to 32, and the client saves this value in xf_post_connect (xfi->srcBpp = instance->settings->color_depth).
But during the deactivation-reactivation sequence the server sends preferredBitsPerPixel=16, but the value in xfi is not updated.
Thus, color conversion in xf_Bitmap_New is broken, because srcBpp is assumed to be 32, but it should be 16.
Using this line
data = freerdp_image_convert(bitmap->data, NULL, bitmap->width, bitmap->height, bitmap->bpp, xfi->bpp, xfi->clrconv);
instead of this
data = freerdp_image_convert(bitmap->data, NULL, bitmap->width, bitmap->height, xfi->srcBpp, xfi->bpp, xfi->clrconv);
results in the expected bitmap output.
So the question is: should we fix this by ...
1) using the line above, or
2) updating xfi->srcBpp during reactivation (is it ok to just change it on the fly?), or
3) doing both of the above?
Cheers,
Lysann
Post by nikhil
Yes you are right, graphics is badly distorted.
I captured few packets to look in to them. After 3-way handshaking, the first
packet that is sent from client looks good.
At least it's format is exactly the same as they have pointed out in the open
specification.
But the packet that is sent after this one is different when compared with the
one that is sent from the windows client.
any ideas on this?
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
nikhil
2012-07-25 12:21:16 UTC
Permalink
@Lysann Kessler :
thanks man... great job... and thanks for posting it here...
ntdeveloper31
2012-09-20 19:14:36 UTC
Permalink
Post by nikhil
thanks man... great job... and thanks for posting it here...
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Hello,

@all:
It seems connecting to hyper-v host's thr' freerdp has been fixed. I can see
modified code in latest sources. But how do I connect it to hyper-v's hosts?
Are --pcid & --pcb both mandatory? What values should be passes to them?

I tried this:
xfreerdp -u <uname> -p <pass> --pcid 0 --pcb Win7-PC <server:port>

Output:
connected to <server>
Error: Security negotiation or connection failure.
ntdeveloper ntdeveloper
2012-09-21 10:07:02 UTC
Permalink
Hello,
It seems connecting to hyper-v host's thr' freerdp has been fixed. I can see
modified code in latest sources. But how do I connect to hyper-v's hosts?
Are --pcid & --pcb both mandatory? What values should be passes to them?

I tried this:
xfreerdp -u <uname> -p <pass> --pcid 0 --pcb Win7-PC <server:port>

Output:
connected to <server>recv: Connection reset by peer
Error: Security negotiation or connection failure.
Thanks
Remy Grandin
2012-09-26 10:21:18 UTC
Permalink
Hi,

I am also interested in this question. Does anyone known how to do this and if so, can he provide us an example command.

Thanks

-----Message d'origine-----
De : ntdeveloper ntdeveloper [mailto:***@hotmail.com]
Envoyé : vendredi 21 septembre 2012 12:07
À : freerdp-***@lists.sourceforge.net
Objet : [Freerdp-devel] Hyper-V RDP connection


Hello,
It seems connecting to hyper-v host's thr' freerdp has been fixed. I can see modified code in latest sources. But how do I connect to hyper-v's hosts?
Are --pcid & --pcb both mandatory? What values should be passes to them?

I tried this:
xfreerdp -u <uname> -p <pass> --pcid 0 --pcb Win7-PC <server:port>

Output:
connected to <server>recv: Connection reset by peer
Error: Security negotiation or connection failure.
Thanks
Igor Shestakov
2012-09-26 11:51:29 UTC
Permalink
Post by ntdeveloper31
Hello,
It seems connecting to hyper-v host's thr' freerdp has been fixed. I can see
modified code in latest sources. But how do I connect to hyper-v's hosts?
Are --pcid & --pcb both mandatory? What values should be passes to them?
xfreerdp -u <uname> -p <pass> --pcid 0 --pcb Win7-PC <server:port>
connected to <server>recv: Connection reset by peer
Error: Security negotiation or connection failure.
Thanks
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
You can try
xfreerdp -u login --pcb <wmid> -t 2179 --no-nego --ignore-certificate ip_address

But i get error:
Unable to get current timezone rule
ERRINFO_UNKNOWN 0x00000300: Unknown error.
Incorrect RDP header.
Failed to check FreeRDP file descriptor
Alex Bligh
2012-09-26 16:24:46 UTC
Permalink
Post by Igor Shestakov
xfreerdp -u login --pcb <wmid> -t 2179 --no-nego --ignore-certificate ip_address
I'm using:

xfreerdp --ignore-certificate --no-nego -u Administrator --pcb
D01C2557-9601-4127-9493-123412341234 -t 2179 10.40.0.7

You will need a bleeding edge version of xfreerdp.
--
Alex Bligh
Alessandro Pilotti
2012-10-09 00:50:02 UTC
Permalink
Hi guys,

I can connect perfectly to HyperV on Linux with the latest xfreerdp sources, but I get the following error by trying to do the same on Windows with wfreerdp compiled from the latest sources as well:

Debug console created.
connected to 192.168.1.8:2179
SSL_read: Failure in SSL library (protocol error?)
SSL_read: error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error

Error: protocol security negotiation or connection failure

Here's my command line:

wfreerdp --sec tls --ignore-certificate --no-nego -u <user> --pcb <guid> -t 2179 <host>



Thanks!

Alessandro Pilotti
Cloudbase Solutions
Post by Alex Bligh
Post by Igor Shestakov
xfreerdp -u login --pcb <wmid> -t 2179 --no-nego --ignore-certificate ip_address
xfreerdp --ignore-certificate --no-nego -u Administrator --pcb
D01C2557-9601-4127-9493-123412341234 -t 2179 10.40.0.7
You will need a bleeding edge version of xfreerdp.
--
Alex Bligh
------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
Alessandro Pilotti
2012-10-11 14:48:42 UTC
Permalink
Ok, I solved it.

On Windows instead of using "-u" you can just leave the authentication to the OS, using cmdkey if needed.

Here's the working command line:

wfreerdp --ignore-certificate --no-nego --pcb <guid> -t 2179 <host>


I just blogged about how to do it, including some precompiled Windows binaries and a Powershell script to ease up the task of retrieving the VM id:

http://www.cloudbase.it/using-freerdp-to-connect-to-the-hyper-v-console/


The only remaining issue I had so far is that the console doesn't work full screen.


Thanks!

Alessandro
Post by Alessandro Pilotti
Hi guys,
Debug console created.
connected to 192.168.1.8:2179
SSL_read: Failure in SSL library (protocol error?)
SSL_read: error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error
Error: protocol security negotiation or connection failure
wfreerdp --sec tls --ignore-certificate --no-nego -u <user> --pcb <guid> -t 2179 <host>
Thanks!
Alessandro Pilotti
Cloudbase Solutions
Post by Alex Bligh
Post by Igor Shestakov
xfreerdp -u login --pcb <wmid> -t 2179 --no-nego --ignore-certificate ip_address
xfreerdp --ignore-certificate --no-nego -u Administrator --pcb
D01C2557-9601-4127-9493-123412341234 -t 2179 10.40.0.7
You will need a bleeding edge version of xfreerdp.
--
Alex Bligh
------------------------------------------------------------------------------
How fast is your code?
3 out of 4 devs don\\\'t know how their code performs in production.
Find out how slow your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219672;13503038;z?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Freerdp-devel mailing list
https://lists.sourceforge.net/lists/listinfo/freerdp-devel
Loading...