Is there a way to connect through remote desktop to a running Windows Server container?
Asked Answered
O

1

29

I want to run an old .NET application in a docker windows server container (https://hub.docker.com/r/microsoft/windowsservercore/).

Everything would be easy if this application didn't require an UI. Its UI does a lot of stuff and this stuff cannot be done through command line or other API.

Basically, the perfect thing would be to reach this running container through RDP.

From my understanding, it is nothing more than a service (TermService) running on a certain TCP port (3389 being the default one).

But it seems that TermService is not running in microsoft/windowsservercore containers.

I found an article showing how to activate it : https://withinrafael.com/2018/03/09/using-remote-desktop-services-in-containers/

Basically, I kept the same Dockerfile, just changing some credentials.

#escape=`
FROM microsoft/windowsservercore:1709_KB4074588
RUN net user /add jerome
RUN net user jerome aDifficultPassword
RUN net localgroup "Remote Desktop Users" jerome /add
RUN net localgroup "Administrators" jerome /add
RUN cmd /k reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v TemporaryALiC /t REG_DWORD /d 1

I launch the container with this command :

docker run -it -p3389:3389 myimage powershell

When I connect to the container and type some powershell commands to list running services, I can see that TermService is well running. This is the command I use to list services.

Get-Service

When I list opened TCP ports, I can see that 3389 is listened. This is the command I use to show opened ports.

netstat -an

When I try to connect to the container through my remote desktop client, things seems OK at start.

  • It asks me for host.
  • Then for a username and password.
  • If I type wrong credentials, it says me "Wrong credentials", so there is well a communication with the server.
  • If I type good credentials, nothing happens. No error message at all, but no display screen too...

I don't really know if logs are generated somewhere or not.

I would be OK if instead of RDS, something like TigerVNC was working. I have never tried this tool before but it seems that it could do the job.

How would you do to control a GUI application running in a windows container?

Offshoot answered 19/1, 2019 at 12:40 Comment(6)
on windowsservercore:latest there isn't even anything listening on port 3389...Nevanevada
Hello @FlorianKoch Were you able to get this working? I am attempting the same on Windows server 2019 Docker container, without any luck.Pennell
@KiranHegde sadly no, it seems this is explicitly made impossible by Microsoft. There are some problems with remote desktop and containers and they don't intend to support this scenario (at least for now)Nevanevada
@FlorianKoch Thanks. Is there a way i could display the GUI of an application installed on the container on my host system? For example, if i have Visual Studio installed on the container, i did like to open that on my host system. From what i know, that's possible for Linux containers using X Server. Do you know of anything similar for Windows containers?Pennell
@KiranHedge I don't think there is somehting like that, at least I wasn't able to find it. For linux systems you open a port to pipe X out of your container, like you do for ssh -X sessions. You'd need a similar WIndows solution.Nevanevada
I mean, you could try to use teamviewer ore something, but I don't know if it supports the automation or if it even runs in a container at all.Nevanevada
P
8

You can find logs for RDP client in event viewer : "Application and Services Logs"\Microsoft\Windows\TerminalServices-ClientActiveXCore. Here's what is says for me :

  1. The client has established a multi-transport connection to the server.
  2. RDPClient_SSL: An error was encountered when transitioning from TsSslStateDisconnected to TsSslStateDisconnected in response to TsSslEventInvalidState (error code 0x8000FFFF).

  3. RDP ClientActiveX has been disconnected (Reason= 2)

reason 2 is session closed by client.

My paranoia tells me that microsoft went back and patched the image to prevent people from using RDP with docker, but who knows, maybe we're just missing something obvious.

Paddlefish answered 14/10, 2019 at 22:44 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.