Saturday, May 10. 2014
Updating the old RDP portlet (Part I)
In a very old series of the blog a portlet was developed to manage Remote Desktop Protocol (RDP) applications inside a portal (specifically liferay). The series consisted in two complementary entries, the first one presented the solution using a windows client and the second post used a linux box. The portlet listed some windows applications and, when one of them was clicked, an RDP file was downloaded to be opened by a local RDP program. The windows entry worked perfectly (using the common Remote Desktop Connection or mstsc), but the linux solution was very limited because of the old rdesktop project. At that time it was not very active. Now it seems that it is getting traction again, releasing new versions and acquiring new features more frequently. If you re-check the previous entries some features were important to get a good integration of RDP applications inside a corporate portal.
RemoteApp: feature that displays the windows applications seamlessly inside the local desktop (instead of displaying the whole windows desktop only the selected application window is displayed integrated within the local desktop). This characteristic is basic to not scare the common user.
Gateway: a kind of proxy which wraps the RDP protocol over HTTPS, another basic feature which extends Terminal Services from the intranet to the internet. A necessary feature for avoiding a VPN in the final architecture.
RDP files: The last feature is managing RDP files, any RDP connection can be exported to a text file which can be edited, copied and distributed in an easy way. Indeed the portlet just downloads RDP files in order to be executed by a local application in the user computer.
The rdesktop program supports RemoteApp (but I am not sure if this is supported in a straight way) but it does not manage gateways or RDP files (same situation than in the old linux entry). Nevertheless some weeks ago I realized that there is a new project that deals with RDP: FreeRDP. The project is immature right now but it is improving quickly and, to my surprise, the last version 1.1 (in beta status) gives an initial support to gateway proxies and also understands RDP files. As soon as I notice this I decided to update my old portlet and try to make it work using FreeRDP in linux.
The first step was installing the windows Terminal Services server. I decided to use two 2012R2 servers, one is used as the internal box, session host and broker (win2012int), and the other would have been placed in the DMZ, acting as web access and gateway server (win2012ext). At this point the solution was tested using a windows 7 client from which I accessed the Remote Desktop Web application (another optional element of a TS deployment which exposes some previously configured applications inside an IIS application, it can be said that it is the Microsoft version of my little portlet).
Then the branch 1.1 of the FreeRDP was compiled (debian testing currently provides only version 1.0.2). I followed the instructions of the ifconfig.dk blog.
git clone -b stable-1.1 git://github.com/FreeRDP/FreeRDP.git cd FreeRDP/ cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON \ -DCMAKE_INSTALL_PREFIX=/home/ricky/apps/FreeRDP -DWITH_DEBUG_ALL=false make make install cd /home/ricky/apps/FreeRDP/bin ./xfreerdp /version This is FreeRDP version 1.1.0-beta1 (git 1.1.0-beta+2013071101-127-g01865)
I tested the resulting command and it worked with the gateway but it had a very nasty issue when using the RemoteApp feature. The window (or the pointer) was shifted (the mouse pointer in the windows application was shifted from the real one in the linux X server). I checked that this issue did not happen when using the gateway with the complete desktop and it did happen when using a RemoteApp without the gateway. So it seems that the problem is only related with the remote applications. I even tried with the master branch (1.2.0-beta1 (git 1.1.0-beta+2013071101-1641-g4da5c) version) and the results were mixed. The gateway did not work (it core dumped with a segmentation fault) and the RemoteApp (without the gateway) did not present the nasty shifted issue but it has problems refreshing the window when menus were popped out. Finally I decided to stay in version 1.1 because the gateway was a basic feature in the solution presented in this entry.
The options of the command are quite complicated (and there are some errors when they are combined with an RDP file), for this reason the following examples are listed.
Launching the complete desktop using normal port 3389 for RDP (not using the gateway):
./xfreerdp /d:DEMO /u:ricky /p:xxxxx \ /v:win2012int.demo.test /cert-ignore
Launching the desktop but using the gateway (the same user is used for the gateway http login and the desktop session):
./xfreerdp /d:DEMO /u:ricky /p:xxxxx /v:win2012int.demo.test \ /g:win2012ext.demo.test /cert-ignore
Launching the mspaint application (previously configured in the collection to be a valid remoteapp) without the gateway:
./xfreerdp -d:DEMO /u:ricky /p:xxxxx /app:"||mspaint" \ /v:win2012int.demo.test /cert-ignore
Launching the mspaint application with the gateway:
./xfreerdp -d:DEMO /u:ricky /p:xxxxx /app:"||mspaint" \ /v:win2012int.demo.test /g:win2012ext.demo.test /cert-ignore
Using an RDP file for mspaint (the file was directly downloaded from the RD web access application). The file does not contain any user or password and, I do not know why, the domain, user and password information should be passed twice, for the gateway and the session. It is like, when using a file, the information is not re-used for both. Besides the domain should be passed as the domain itself and as part of the username options (I think there are errors with those options when using an RDP file). All the rest of the information is read from the file (but there are also problems because, for example, clipboard redirection is not activated although the property redirectclipboard is set and FreeRDP supports it with the +clipboard option in the command line).
./xfreerdp /home/ricky/paint.rdp /d:DEMO /u:"DEMO\ricky" \ /gd:DEMO /gu:"DEMO\ricky" /p:xxxxx /gp:xxxxx /cert-ignore
FreeRDP project is definitely an immature software (at least the features I wanted to use, I did not tested typical intranet features like audio, video or device redirection). I was not able to combine the three desired features (remoteapp, gateway and rdp files) in a reasonable way. The version 1.1 (remember it is now in beta status) has a nasty shift issue and, although it supports RDP files, you still need something to request the domain, user and password and some properties are not parsed completely. I am going to present a little video which shows the last command, how the FreeRDP command is used for interpreting a RDP file obtained from the RD Web Access to launch the mspaint application. As you see the cursor position is shifted (even more when the windows is first displayed than when it is placed back to front).
Although the results are not very satisfactory a second part for this series is on the way. The FreeRDP needs some time to handle the three needed features in a proper way (it is mainly done, there are only minor problems although they are very annoying) but I am going to update my old portlet anyway. It will be nice to work again with liferay, cassandra and the portlet faces bridge. Despite all the previous comments it is great to see another project dealing with RDP in linux. FreeRDP is quickly being improved and there are a lot of contributors working on the project, so I hope all this annoying issues will be fixed before version 1.1 was final.
Stay tuned for the next entry!
Comments