Is there a way to connect through remote desktop to a running Windows Server container?

Question

I want to run an old .NET application in a docker windows server container (https://hub.docker.com/r/microsoft/windowsservercore/).

Everything would be easy if this application didn't require an UI. Its UI does a lot of stuff and this stuff cannot be done through command line or other API.

Basically, the perfect thing would be to reach this running container through RDP.

From my understanding, it is nothing more than a service (TermService) running on a certain TCP port (3389 being the default one).

But it seems that TermService is not running in microsoft/windowsservercore containers.

I found an article showing how to activate it : https://withinrafael.com/2018/03/09/using-remote-desktop-services-in-containers/

Basically, I kept the same Dockerfile, just changing some credentials.

#escape=` FROM microsoft/windowsservercore:1709_KB4074588 RUN net user /add jerome RUN net user jerome aDifficultPassword RUN net localgroup "Remote Desktop Users" jerome /add RUN net localgroup "Administrators" jerome /add RUN cmd /k reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v TemporaryALiC /t REG_DWORD /d 1 

I launch the container with this command :

docker run -it -p3389:3389 myimage powershell 

When I connect to the container and type some powershell commands to list running services, I can see that TermService is well running. This is the command I use to list services.

Get-Service 

When I list opened TCP ports, I can see that 3389 is listened. This is the command I use to show opened ports.

netstat -an 

When I try to connect to the container through my remote desktop client, things seems OK at start.

• It asks me for host.
• Then for a username and password.
• If I type wrong credentials, it says me "Wrong credentials", so there is well a communication with the server.
• If I type good credentials, nothing happens. No error message at all, but no display screen too...

I don't really know if logs are generated somewhere or not.

I would be OK if instead of RDS, something like TigerVNC was working. I have never tried this tool before but it seems that it could do the job.

How would you do to control a GUI application running in a windows container?

Answer 1

You can find logs for RDP client in event viewer : "Application and Services Logs"\Microsoft\Windows\TerminalServices-ClientActiveXCore. Here's what is says for me :

1. The client has established a multi-transport connection to the server.

2. RDPClient_SSL: An error was encountered when transitioning from TsSslStateDisconnected to TsSslStateDisconnected in response to TsSslEventInvalidState (error code 0x8000FFFF).

3. RDP ClientActiveX has been disconnected (Reason= 2)

reason 2 is session closed by client.

My paranoia tells me that microsoft went back and patched the image to prevent people from using RDP with docker, but who knows, maybe we're just missing something obvious.