VRDE RDP Confusion - host or guest

Discussions related to using VirtualBox on Linux hosts.
SkylarB
Posts: 14
Joined: 14. Sep 2021, 19:23

VRDE RDP Confusion - host or guest

Post by SkylarB »

I am running VirtualBox host on Centos 8, the guest VM is Kali-Linux.
After I start the guest VM and do showvminfo it appears that the VRDE port for RDP is open.

VRDE: enabled (Address 0.0.0.0, Ports 3389, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Ports = "3389"
VRDE property : TCP/Address = <not set>

If i run nmap from a Windows host on the same subnet it does not show port 3389 open.
Discovered open port 22/tcp on 192.168.1.112
Discovered open port 9090/tcp on 192.168.1.112

PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.0 (protocol 2.0)
9090/tcp open ssl/zeus-admin?

The VirtualBox host is on the same subnet as the host running nmap
VirtualBox host: 192.168.1.112/24
nmap host: 192.168.1.113/24

Am I correct the mstsc.exe 192.168.1.112 should connect from the Windows host 192.168.1.113 to the VirtualBox host 192.168.1.112?

if this is incorrect how do I assign a IP address to the guest VM Kali-Linux?

thanks........
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: VRDE RDP Confusion - host or guest

Post by scottgus1 »

A Windows host also uses port 3389 for MS RDP, and that port is closed by default in the Windows firewall.

1. Use a different port number for the VM's Virtualbox RDP than the one the host OS wants to use. Each instance of a service should use a unique port number.

2. Open the Windows host firewall for the port number you chose for the Virtualbox RDP.
SkylarB
Posts: 14
Joined: 14. Sep 2021, 19:23

Re: VRDE RDP Confusion - host or guest

Post by SkylarB »

I am on a private network (i.e. lab).
I have turn off the Windows firewall temporarily to test the connection.
I have modifyvm to allow VRDE on port 5000.

I still cannot get a connection to VirtualBox host.

workstation on the same subnet -- C:\Windows\System32>mstsc /v:192.169.1.112:5000
Error message "Remote access to server is not enable."

VirtualBox host -- showvminfo
$ vboxmanage showvminfo Kali --details | grep TCP/
VRDE property : TCP/Ports = "5000"
VRDE property : TCP/Address = <not set>

nmap from workstation to VirtualBox host
C:\Windows\System32>nmap 192.168.1.112 -p 5000
Starting Nmap 7.70 ( https://nmap.org ) at 2021-09-15 19:08 Central Daylight Time
Nmap scan report for 192.168.1.112
Host is up (0.00s latency).
PORT STATE SERVICE
5000/tcp filtered upnp
Nmap done: 1 IP address (1 host up) scanned in 0.45 seconds

nmap from VirtualBox to workstation
nmap 192.168.1.113 -p 5000
Starting Nmap 7.70 ( https://nmap.org ) at 2021-09-15 19:18 CDT
Nmap scan report for 192.168.1.112
Host is up (0.00015s latency).
PORT STATE SERVICE
5000/tcp open upnp
Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds

Any ideas or feedback on where I should look next?

thanks................
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: VRDE RDP Confusion - host or guest

Post by scottgus1 »

On the VM's host, can you successfully connect using 127.0.0.1:5000?
fth0
Volunteer
Posts: 5661
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VRDE RDP Confusion - host or guest

Post by fth0 »

Please post a (zipped) VBox.log file from a VM run, so that we can verify the installation of the VirtualBox Extension Pack (EP) and the VRDP configuration of the VM.
SkylarB
Posts: 14
Joined: 14. Sep 2021, 19:23

Re: VRDE RDP Confusion - host or guest

Post by SkylarB »

rdesktop test at VirtualBox host

$ rdesktop -a 16 -N 127.0.0.1:5000
Autoselected keyboard map en-us
ERROR: Failed to open display:

rdesktop -a 16 -N 127.0.0.2:5000
Autoselected keyboard map en-us
ERROR: Failed to open display:

Vbox.log uploaded.
Attachments
vbox_log_upload.zip
(18.24 KiB) Downloaded 7 times
fth0
Volunteer
Posts: 5661
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VRDE RDP Confusion - host or guest

Post by fth0 »

The vbox_log_upload.txt file shows that VirtualBox is listening on port 5000, so far so good. It doesn't show any connection attempt, though, but that could be because the VM is still running and the log file wasn't necessarily up-to-date.

On the host, you can probably use netstat -an to verify if the port is really open. Try rdesktop without any optional parameters (e.g. rdesktop 127.0.0.1:5000 or rdesktop 192.168.1.112:5000).
Martin
Volunteer
Posts: 2560
Joined: 30. May 2007, 18:05
Primary OS: Fedora other
VBox Version: PUEL
Guest OSses: XP, Win7, Win10, Linux, OS/2

Re: VRDE RDP Confusion - host or guest

Post by Martin »

"Failed to open display:" is typically an error message, that the application cannot open the the local X11 window.
Is the DISPLAY variable correct in this environment?
SkylarB
Posts: 14
Joined: 14. Sep 2021, 19:23

Re: VRDE RDP Confusion - host or guest

Post by SkylarB »

response to Environment & Netstat

Environment:
$ printenv | grep vmbox
DISPLAY=vmbox:0
HOSTNAME=vmbox.garrison.local

netstat:
$ netstat -an | grep 5000
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN
tcp6 0 0 :::5000 :::* LISTEN
$
$ rdesktop 127.0.0.1:5000
Autoselected keyboard map en-us
ERROR: Failed to open display: vmbox:0

$ rpm -qa |grep xorg-x11*
xorg-x11-apps-7.7-21.el8.x86_64
xorg-x11-fonts-misc-7.5-19.el8.noarch
xorg-x11-drv-libinput-0.29.0-1.el8.x86_64
xorg-x11-server-common-1.20.10-1.el8.x86_64
xorg-x11-xbitmaps-1.1.1-13.el8.noarch
xorg-x11-drv-vesa-2.4.0-3.el8.x86_64
xorg-x11-server-Xorg-1.20.10-1.el8.x86_64
xorg-x11-font-utils-7.5-40.el8.x86_64
xorg-x11-drv-fbdev-0.5.0-2.el8.x86_64
xorg-x11-proto-devel-2020.1-3.el8.noarch
xorg-x11-xkb-utils-7.7-28.el8.x86_64
xorg-x11-xauth-1.0.9-12.el8.x86_64
fth0
Volunteer
Posts: 5661
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VRDE RDP Confusion - host or guest

Post by fth0 »

Ok, the listening socket is there, and $DISPLAY also matches the error message. What happens when you try xeyes -display vmbox:0? If it doesn't work, solve that problem first. ;)

Did you check for errors with dmesg? Does your Linux host OS has additional security software like AppArmor?
SkylarB
Posts: 14
Joined: 14. Sep 2021, 19:23

Re: VRDE RDP Confusion - host or guest

Post by SkylarB »

I can get xeyes to display on the VirtualBox host with the command line on the host --> xeyes -display :1

After exporting the DISPLAY on the client (export DISPLAY=:1)
I can get xeyes to display on the VirtualBox host executing the command line from the client using --> xeyes -display :1

I am not sure what to look for with the 'dmesg' command from the client.
Running dmesg from the client with '| grep VBox' I get:
$ dmesg | grep VBox
[ 51.869842] VBoxNetFlt: Successfully started.
[ 51.871727] VBoxNetAdp: Successfully started.
[ 572.635956] vboxdrv: 0000000000000000 VBoxDDR0.r0
[ 572.744735] vboxdrv: 0000000000000000 VBoxEhciR0.r0
[hbackus@vmbox ~]$
[hbackus@vmbox ~]$ dmesg | grep vbox
[ 51.643350] vboxdrv: loading out-of-tree module taints kernel.
[ 51.643503] vboxdrv: module verification failed: signature and/or required key missing - tainting kernel
[ 51.649054] vboxdrv: Found 8 processor cores
[ 51.665336] vboxdrv: TSC mode is Invariant, tentative frequency 3392142975 Hz
[ 51.665336] vboxdrv: Successfully loaded version 6.1.26 r145957 (interface 0x00300000)
[ 572.482338] vboxdrv: 0000000000000000 VMMR0.r0
[ 572.635956] vboxdrv: 0000000000000000 VBoxDDR0.r0
[ 572.744735] vboxdrv: 0000000000000000 VBoxEhciR0.r0
$

I still am not able to open a RDP session from the client to the VirtualBox host using port 5000
fth0
Volunteer
Posts: 5661
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VRDE RDP Confusion - host or guest

Post by fth0 »

In your previous post, you stated that $DISPLAY was set to vmbox:0, and rdesktop complained that it wasn't able to use that display. Consequently, I asked you to try xeyes with this same $DISPLAY value to see if it fails just like rdesktop. Why did you try xeyes -display :1 now?

Regarding dmesg, the idea was to look for errors corresponding to the rdesktop command, which probably wouldn't contain the string "vbox". You can also use tail -f /var/log/syslog to monitor if the rdesktop command adds any syslog messages.
SkylarB
Posts: 14
Joined: 14. Sep 2021, 19:23

Re: VRDE RDP Confusion - host or guest

Post by SkylarB »

echo $DISPLAY on the VirtualBox host now returns :1.
This happened after I loaded some dependencies.
printenv shows the same as well.
DISPLAY=:1
HOSTNAME=vmbox.garrison.local

Not sure why it changed, but it was the only DISPLAY setting that I could get xeyes to display on both host and guest.

I did not find anything referencing rdesktop in dmesg or the syslog file while executed rdesktop.
I do get this error when I run rdesktop from the client to the host.
$ rdesktop 192.168.1.112:5000
Autoselected keyboard map en-us
Failed to negotiate protocol, retrying with plain RDP.
NOT IMPLEMENTED: PDU 9
ERROR: rdp.c:128: rdp_recv(), unexpected stream overrun0000 03 00 01 41 02 f0 80 68 00 01 03 eb 70 81 32 08 ...A...h....p.2.

I get the same error if I change the to IP to the loopback
$rdesktop 127.0.0.1:5000
Autoselected keyboard map en-us
Failed to negotiate protocol, retrying with plain RDP.
fth0
Volunteer
Posts: 5661
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VRDE RDP Confusion - host or guest

Post by fth0 »

Ok. So you solved your original $DISPLAY related problem somehow, and now you've got a new one. AFAIU, the message regarding plain RDP is expected, it has to do with VirtualBox only using Null authentication, which is the only authentication method known to work.

Perhaps you can describe your current setup in some more details, so that others can develop further ideas what to do. Questions that do arise from my POV: Why is $DISPLAY set to :1 and not :0? Does your CentOS 8 host have a GUI, and it is based on X11 or Wayland?

Other than that, you could try rdesktop with the original arguments again, and also experiment with other arguments.

A new VBox.log file could also show new information.
SkylarB
Posts: 14
Joined: 14. Sep 2021, 19:23

Re: VRDE RDP Confusion - host or guest

Post by SkylarB »

Hardware Setup:
Intel Xeon E3-1240 V3 3.4GHz - 8GB RAM
Software Setup:
CentOS 8.4.2105
VirtualBox-6.1-6.1.26_145957_el8-1.x86_64
Extension Pack 6.1.18-142142

CentOS is a minimum install, dependencies installed as needed.
Packages installed attached.
X11 is installed.

My goals was to keep the OS as clean and minimal as possible with only the packages needed for the VirtualBox loaded.
I can change the display variable to anything I want or speculate that might be correct for what I am trying to achieve, but no luck so far.

I have attached the latest VBox.log as well.
Attachments
Vbox.zip
(52.28 KiB) Downloaded 6 times
Post Reply