12

I recently upgraded my Ubuntu to 18.04, and now my Remmina cannot connect to a windows server we use at work. Now I am getting a popup about certificates. It asks if I want to accept the certificate, I click OK and then get a message saying unable to connect. I am getting this error on the command line:

[14:49:19:412] [7223:7537] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr
[14:49:19:412] [7223:7537] [INFO][com.freerdp.client.common.cmdline] - loading channelEx drdynvc
[14:49:19:909] [7223:7537] [ERROR][com.freerdp.crypto] - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[14:49:19:909] [7223:7537] [ERROR][com.freerdp.crypto] - @           WARNING: CERTIFICATE NAME MISMATCH!           @
[14:49:19:909] [7223:7537] [ERROR][com.freerdp.crypto] - @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
[14:49:19:909] [7223:7537] [ERROR][com.freerdp.crypto] - The hostname used for this connection (xxxxx:3389) 
[14:49:19:909] [7223:7537] [ERROR][com.freerdp.crypto] - does not match the name given in the certificate:
[14:49:19:909] [7223:7537] [ERROR][com.freerdp.crypto] - Common Name (CN):
[14:49:19:909] [7223:7537] [ERROR][com.freerdp.crypto] -    EC2AMAZ-FM25IO2
[14:49:19:909] [7223:7537] [ERROR][com.freerdp.crypto] - A valid certificate for the wrong name should NOT be trusted!
[14:50:38:624] [7223:7537] [ERROR][com.freerdp.crypto] - certificate not trusted, aborting.
[14:50:38:624] [7223:7537] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_CONNECT_CANCELLED [0x0002000B]
[14:50:38:624] [7223:7537] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure
0002000B 00000003

Now this is an internal vpn server so I don't care at all about certificates. Is there a way to add this certificate to a list that it's ok? How do I get around this? And as an aside, this was working before the upgrade just fine. I don't know why it cares now?

mmaceachran
  • 241
  • 1
  • 2
  • 6

4 Answers4

8

I had the same problem on debian sid with latest remmina 1.2.32.1 while connecting to a windows server2008r2 with hardend security settings.

I was able to connect after:

  • updating all freerdp2 libraries (used by remmina) to 2.0.0~git20181120.1 version
  • removing ~/.config/freerdp/known_hosts2 file

The connection security type that worked is "NLA" (negotianion/auto-detection worked too).

Both TLS and RDP didn't work.

Vasily Galkin
  • 231
  • 2
  • 4
7

I've found the solution @Ubuntu forums, that forked for me :)

You have to change the Security to "TLS" in the Advanced tab of your connection, and everything works fine!

Vasily
  • 79
  • 2
4

with RDP connections I get a TLS connection error, you have to look to the correct TLS version:

for me the solution was other way around:

I have to change the Security to "RDP" in the Advanced tab of your connection, and everything works fine! ( I work with debian 10 buster (sid) and remmina 1.2.32) regards, from germany

GerdPeter
  • 41
  • 2
  • After saving it as RDP (or anything else), it always immediately reverts back to Negotiate. Remmina 1.4.1 (git v1.4.1) – rcpa0 Mar 19 '20 at 08:05
0

I've hit the same problem connecting from one of the Ubuntu/Debian family distributive to MS Windows Server 2008 R2.

I managed to solve it this way:

  1. Create new connection with server.name.or.ip:port in Server section (port is optional if u haven't changed it from standard MS RDP 3389 or/and NATed it through a router if u have one)

  2. In the Advanced tab set -"Security protocol negotiation" to "NLA protocol security" -"TLS Security level" to "0 -- Windows 7 compatible"

Then Remmina only asked me once about accepting the certificate and now it works like a charm.

coldfix
  • 1