Is there a way to connect through remote desktop to a running Windows Server container?

docker remote-desktop windows-server rds docker-for-windows
FrelonQuai picture FrelonQuai · Jan 19, 2019 · Viewed 9.1k times · Source

I want to run an old .NET application in a docker windows server container (https://hub.docker.com/r/microsoft/windowsservercore/).

Everything would be easy if this application didn't require an UI. Its UI does a lot of stuff and this stuff cannot be done through command line or other API.

Basically, the perfect thing would be to reach this running container through RDP.

From my understanding, it is nothing more than a service (TermService) running on a certain TCP port (3389 being the default one).

But it seems that TermService is not running in microsoft/windowsservercore containers.

I found an article showing how to activate it : https://withinrafael.com/2018/03/09/using-remote-desktop-services-in-containers/

Basically, I kept the same Dockerfile, just changing some credentials.

#escape=`
FROM microsoft/windowsservercore:1709_KB4074588
RUN net user /add jerome
RUN net user jerome aDifficultPassword
RUN net localgroup "Remote Desktop Users" jerome /add
RUN net localgroup "Administrators" jerome /add
RUN cmd /k reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v TemporaryALiC /t REG_DWORD /d 1

I launch the container with this command :

docker run -it -p3389:3389 myimage powershell

When I connect to the container and type some powershell commands to list running services, I can see that TermService is well running. This is the command I use to list services.

Get-Service

When I list opened TCP ports, I can see that 3389 is listened. This is the command I use to show opened ports.

netstat -an

When I try to connect to the container through my remote desktop client, things seems OK at start.

  • It asks me for host.
  • Then for a username and password.
  • If I type wrong credentials, it says me "Wrong credentials", so there is well a communication with the server.
  • If I type good credentials, nothing happens. No error message at all, but no display screen too...

I don't really know if logs are generated somewhere or not.

I would be OK if instead of RDS, something like TigerVNC was working. I have never tried this tool before but it seems that it could do the job.

How would you do to control a GUI application running in a windows container?

Answer

Vlad picture Vlad · Oct 15, 2019

You can find logs for RDP client in event viewer : "Application and Services Logs"\Microsoft\Windows\TerminalServices-ClientActiveXCore. Here's what is says for me :

  1. The client has established a multi-transport connection to the server.

  2. RDPClient_SSL: An error was encountered when transitioning from TsSslStateDisconnected to TsSslStateDisconnected in response to TsSslEventInvalidState (error code 0x8000FFFF).

  3. RDP ClientActiveX has been disconnected (Reason= 2)

reason 2 is session closed by client.

My paranoia tells me that microsoft went back and patched the image to prevent people from using RDP with docker, but who knows, maybe we're just missing something obvious.

Related questions

How to get a Docker container's IP address from the host

Is there a command I can run to get the container's IP address right from the host after a new container is created? Basically, once Docker creates the container, I want to roll my own code deployment and container configuration …

Read More
How to copy files from host to Docker container?

I am trying to build a backup and restore solution for the Docker containers that we work with. I have Docker base image that I have created, ubuntu:base, and do not want have to rebuild it each time with …

Read More
How do I get into a Docker container's shell?

I'm getting started working with Docker. I'm using the WordPress base image and docker-compose. I'm trying to ssh into one of the containers to inspect the files/directories that were created during the initial build. I tried to run docker-compose …

Read More