RDP not working for any client

[SotYPL]

RDP not working for any of the clients with agent installed. Connecting trough MeshAgent works fine. Connecting to RDP from Microsoft RDP client or MobaXterm works fine. Connecting to AMT clients works fine.

Steps to reproduce the behavior:

1. Go to any client with MeshAgent installed and connected.
2. Click on RDP Connect.
3. Provide credentials including domain and click OK.
4. Credentials windows close and nothing happens.

Screenshots
If applicable, add screenshots to help explain your problem.

Server Software (please complete the following information):

• OS: RedHat 8.10
• Virtualization: none
• Network: no reverse proxy, MeshCentral exposed on port 8443 with agents only port 8444, ports allowed on Linux firewall but also disabled firewall completely for testing with no change
• Version: 1.1.38
• Node: 20.16.0

Client Device (please complete the following information):

• Device: multiple tested
• OS: Windows 10 LTSC
• Network: tested on clients in both same and different subnet as MeshCentral server
• Browser: Firefox and Chrome

Remote Device (please complete the following information):

• Device: desktop and virtual
• OS: [e.g. Windows 10 LTSC 2019
• Network: local to MeshCentral
• Current Core Version (if known): Dec 9 2022, 2791408856

Additional context
It seems that MeshCentral is not even trying to connect using RDP. tcpdump run on MeshCentral server shows no traffic between MeshCentral server and device with agent installed after clicking RDP connect. Web-RDP does not work either for any client. Tracing after trying to connect:

11:42:47 AM - RELAY: RDP: Browser websocket closed
11:42:47 AM - RELAY: RDP: Starting RDP client on loopback port 35733
11:42:47 AM - RELAY: RDP: Request for RDP relay (172.22.4.10)
11:42:47 AM - WEBREQUEST: (172.22.4.10) /mstscrelay.ashx/.websocket
11:42:47 AM - HTTPHEADERS: GET, /mstscrelay.ashx/.websocket, {"host":"meshcentral.company.com:8443","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0","accept":"/","accept-language":"en-US,en;q=0.5","accept-encoding":"gzip, deflate, br, zstd","sec-websocket-version":"13","origin":"https://meshcentral.company.com:8443","sec-websocket-extensions":"permessage-deflate","sec-websocket-key":"aDQdwLNNKFN1OCDbi3lDlA==","dnt":"1","sec-gpc":"1","connection":"keep-alive, Upgrade","cookie":"xid=eyJ1c2VyaWQiOiJ1c2VyLy9kYXJlayIsImlwIjoiMTcyLjIyLjQuMTAiLCJ4Ijoia0M4ZDFoWkIiLCJ0IjoyODk4NjgyMn0=; xid.sig=vtC5K_ej-28BxKf-DTj9UdWuQU7IlyJIalOg_vQpeyCho44Gw71qAfSHHHOga9OP","sec-fetch-dest":"empty","sec-fetch-mode":"websocket","sec-fetch-site":"same-origin","pragma":"no-cache","cache-control":"no-cache","upgrade":"websocket"}

Your config.json file

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "settings": {
    "cert": "meshcentral.company.com",
    "_WANonly": true,
    "_LANonly": true,
    "_sessionKey": "MyReallySecretPassword1",
    "port": 8443,
    "AgentPort": 8444,
    "AgentAliasPort": 8444,
    "redirPort": 8080,
    "redirAliasPort": 8081,
    "_MongoDB": "mongodb://127.0.0.1:27017/meshcentral",
    "MariaDB": { "host": "localhost", "user": "meshcentral", "password": "secret" },
    "authlog": "/var/log/meshcentral.log"
  },
  "domains": {
    "": {
      "title": "Company Remote Management",
      "titlePicture": "logo-title.png",
      "loginPicture": "logo-login.png",
      "agentCustomization": {
        "displayName": "Company Remote Management",
        "description": "Company agent for remote monitoring, management and assistance.",
        "companyName": "Company",
        "serviceName": "Company Remote Management Agent",
        "fileName": "CompanyRemoteAgent",
        "image": "logo-agent.png"
        }
    }
  }
}

[si458]

What username format do u use? (Can u provide example)

Is the username and azure username by any chance?

As from my understanding azure accounts can't rdp directly into machines, it needs special settings in rdp which meshcentral currently doesn't support

[SotYPL]

What username format do u use? (Can u provide example)

Is the username and azure username by any chance?

As from my understanding azure accounts can't rdp directly into machines, it needs special settings in rdp which meshcentral currently doesn't support

No azure, local domain only. But to remove domain from the equation I even installed agent on a regular, non-domain joined Windows 10 machine that was placed in the same subnet as MeshCentral server and connecting to it trough RDP didn't work either.

[si458]

Do u have firewall or antivirus software at all?
Have u allowed udp/tcp 3389 through?

Edit. Have u also ticked the use NLA in the rdp settings on the remote machine?

[SotYPL]

Do u have firewall or antivirus software at all? Have u allowed udp/tcp 3389 through?

Edit. Have u also ticked the use NLA in the rdp settings on the remote machine?

Yes I do have both firewall and antivirus but as explained before, connecting trough Microsoft RDP client and MobaXterm works fine so it's not an issue with firewall. I just deployed brand new Windows 11 LTSC VM and installed agent on it without joining domain. Windows firewall was disabled, no antivirus installed and could not connect to it using RDP from MeshCentral either. Connecting using Microsoft RDP client from other server in the same subnet as MeshCentral server worked fine. It has to be something wrong with my MeshCentral instance.

[si458]

Have u checked if the use NLA in the rdp settings on the remote machine is ticked?
I think it has to be ticked

[SotYPL]

Have u checked if the use NLA in the rdp settings on the remote machine is ticked? I think it has to be ticked

Yes it's ticked but also tried with disabled.

[SotYPL]

So I moved my instance to a new Ubuntu 24.04.1 VM, and it's working fine there. So it seems it's not fully compatible with RHEL8. I thought it could be caused by SELinux, but I disabled it temporarily, and it didn't help. Is there any way to enable some debug logging for MeshCentral?

[SotYPL]

OK so I tried with fresh VM on AlmaLinux 9 and RDP doesn't work either. So it has to be some compatibility issue with RHEL systems.

[SotYPL]

I did some further investigation, and I'm still unable to make it work on RHEL 8 or 9 based OS. Ubuntu 24.04 installs Node.js 18.19.1 and 9.2.0 by default. I've tried to match it on AlmaLinux 8 and installed Node.js 18 stream, which gave me Node.js version 18.20.4 and npm version 10.7.0. SELinux and firewall both disabled. RDP still does not work. I'm out of ideas how to troubleshoot it correctly.

[si458]

I'll have a look tomorrow if I get chance as the server OS shouldn't make a difference, only the remote device OS for example rdp server in Linux doesn't work but windows rdp works no problem

Have u tried using the latest LTS version 22 ?

[SotYPL]

I'll have a look tomorrow if I get chance as the server OS shouldn't make a difference, only the remote device OS for example rdp server in Linux doesn't work but windows rdp works no problem

Have u tried using the latest LTS version 22 ?

Yes, I've tried both Node.js 20 and 22 with same results. My existing server is running RHEL 8 and that's where I wanted to have MeshCentral installed, but I've also tried fresh installations of both AlmaLinux 8 and 9. All of them won't allow RDP connect. Everything else is working fine.

[si458]

@SotYPL no worries ill have a play tomorrow!
See if i can replicate the issue
Are u using a local group or a meshagent group?

[SotYPL]

@SotYPL no worries ill have a play tomorrow! See if i can replicate the issue Are u using a local group or a meshagent group?

Both. Neither works on RHEL, and both works on Ubuntu.

[si458]

Could be the openssl version that's installed?
Sounds random

[SotYPL]

Could be the openssl version that's installed? Sounds random

Ubuntu has version 3.0.13. AlmaLinux 8 has old version 1.1.1k but AlmaLinux 9 has even newer version 3.2.2.

[si458]

so ive just tested it here and it works with windows 11 24h2 no problems?
base install RHEL8.10 (iso from rhel website)
installed node 22 via nodejs.org
mkdir meshcentral & cd meshcentral
npm install meshcentral
enabled sudo by adding user to wheel
enabled ports 4434 and 8080 in the firewall-cmd (not using 80+443 shouldnt make difference)
setup windows 11 PRO 24h2 from iso from microsoft
enabled RDP with NLA
set user password
checked i could login using a "Microsoft App" (hate the new name)
then installed meshagent, checked i could use normal remote control
then used RDP connect and worked first, 2nd, third time, even after multiple restarts of meshcentral and windows machine?
sample config below:

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "cert": "mc.10.0.0.104.nip.io",
    "_WANonly": true,
    "_LANonly": true,
    "sessionKey": "MyReallySecretPassword1",
    "port": 4433,
    "_aliasPort": 443,
    "redirPort": 8080,
    "_redirAliasPort": 80
  },
  "domains": {
    "": {
      "_title": "MyServer",
      "_title2": "Servername",
      "_minify": true,
      "_newAccounts": true,
      "_userNameIsEmail": true,
      "agentCustomization": {
        "displayName": "RHEL8 MeshCentral Agent",
        "description": "RHEL8 Mesh Agent background service",
        "companyName": "RHEL8 Mesh Agent Company",
        "serviceName": "RHEL8 Mesh Agent Service",
        "fileName": "RHEL8meshagent"
      }
    }
  },
  "_letsencrypt": {
    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
    "email": "[email protected]",
    "names": "myserver.mydomain.com",
    "skipChallengeVerification": true,
    "production": false
  }
}

[SotYPL]

so ive just tested it here and it works with windows 11 24h2 no problems? base install RHEL8.10 (iso from rhel website) installed node 22 via nodejs.org mkdir meshcentral & cd meshcentral npm install meshcentral enabled sudo by adding user to wheel enabled ports 4434 and 8080 in the firewall-cmd (not using 80+443 shouldnt make difference) setup windows 11 PRO 24h2 from iso from microsoft enabled RDP with NLA set user password checked i could login using a "Microsoft App" (hate the new name) then installed meshagent, checked i could use normal remote control then used RDP connect and worked first, 2nd, third time, even after multiple restarts of meshcentral and windows machine? sample config below:

So the difference is how I got Nodejs installed. I used dnf/yum to install it from the default repo, but I also did it like that on Ubuntu. I will try installing from nodejs.org website. Did you run MeshCentral using sudo? I'm running it using regular user without sudo privileges. And I also use separate port for agents, but I'm not sure if that would make any difference.

[SotYPL]

OK so I did exactly what you did but using AlmaLinux 8. Installed node.js/npm using this script:

curl -o- https://fnm.vercel.app/install | bash
fnm install 22

Then installed MeshCentral using regular user:

mkdir MeshCentral & cd MeshCentral
npm install meshcentral
node ./node_modules/meshcentral --cert meshcentral.company.com

modified config like that:

{
"$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
"settings": {
"cert": "meshcentral.company.com",
"port": 4443,
"redirPort": 8080
},
"domains": {
"": {
"_title": "MyServer",
"_title2": "Servername",
"_minify": true,
"_newAccounts": true,
"_userNameIsEmail": true
}
},
"_letsencrypt": {
"comment": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
"email": "[email protected]",
"names": "myserver.mydomain.com",
"skipChallengeVerification": true,
"production": false
}
}

Launched MeshCentral, created new account, created new group and downloaded agent msi. Installed agent on test Windows 10 machine. Verified, I can connect using regular Connect button. Connecting trough RDP Connect didn't work. At this point, I'm totally lost and out of ideas. Did you update RHEL after you installed it using 8.10 ISO? To update, you have to have valid Red Hat subscription (either paid or developer). If you didn't update, maybe that's the difference. I have my RHEL8, AlmaLinux 8 and 9 fully updated.