Network Access to Unity Desktop via RDP in Ubuntu 16.04 VM Hosted by Hyper-V

Objective

Warning

Install

XRDP

Audio Support

Drive Redirection

Update

Motivation

^

Objective

Configure a Ubuntu 16.04 Unity Desktop VM that’s hosted by Hyper-V to expose a xrdp session that’s accessible by a workstation using a rdp client when the workstation and Hyper-V host are members of the same LAN. The solution repurposes Azure xrdp enhancements that originally configured xrdp to provide rdp via a Hyper-V socket, to instead offer the xrdp session via an IP port.

Although not tested, this solution should also apply to a physical installation of Ubuntu.

^

Warning

^

Install

XRDP

The bulk of the install instructions appear beneath the “Tutorial” header found on this page provided by Craig Wilhite. These instructions assume you’ve access to Hyper-V, can use its “Connect…” feature to interact with the VM’s Ubuntu Desktop GUI, and its network adapter directly connects to a network addressable from the workstation running a rdp client.

The install relies on two bash scripts: install.sh and config-user.sh. install.sh updates the Ubuntu kernel and adds xrdp support. config-user.sh establishes a secure logon to the linux xrdp session for the user credentials employed to run this script. Craig Wilhite’s install instructions have been copied below for your convenience. Commands below that begin with a $ are issued from a terminal session running within the VM.

$ sudo apt update
$ sudo apt install -y git
$ git clone https://github.com/Microsoft/linux-vm-tools.git ~/linux-vm-tools
$ cd ~/linux-vm-tools/ubuntu/16.04/
$ sudo chmod +x install.sh
$ sudo chmod +x config-user.sh
$ sudo ./install.sh
$ sudo shutdown -r 0
$ cd ~/linux-vm-tools/ubuntu/16.04/
$ sudo ./install.sh
$ sudo ./config-user.sh
$ sudo shutdown -h 0
> Set-VM -VMName <your_vm_name> -EnhancedSessionTransportType HvSocket
Use Hyper-V to “Start” and “Connect…” to the Ubuntu VM.
$ sudo nano /etc/xrdp/xrdp.ini
Use the editor to replace: “use_vsock=true” with “use_vsock=false”.
Save the file to replace its contents
exit nano.
 $ sudo ufw allow 3389
$ sudo shutdown -r 0
Remote Desktop Connection instructions
$ sudo apt autoremove -y
$ rm -fr ~/linux-vm-tools

^

Audio Support

How about forwarding sound via rdp from the Ubuntu VM to the client workstation? Once again the instructions below generously borrow, in this instance, from a how-to provided by neutrionlabs. This how-to explains the tasks needed to extend pulseaudio through the compilation of a custom sink. A sink is a binary module encoded to consume an audio stream then manipulate and direct this stream to a particular output “device”. In this case, the output “device” is the audio channel defined within the rdp protocol.

Note: building the custom sink depends on certain xrdp components installed while executing the above XRDP instructions. Therefore, successfully completing the xrdp install above must occur before performing the instructions below.

$ apt show pulseaudio | grep APT-Sources:
Yields something similar to: “APT-Sources: http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages”.
$ sudo nano /etc/apt/sources.listFind the distribution library entry whose repository URL and component names most closely approximate the ones displayed APT-Sources: above, and begins with “# deb-src”.Remove the comment character and save the file. For example, given the “APT-Sources:” value above, delete the comment character from “# deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates main restricted”.Exit nano.
$ mkdir ~/pulseaudio
$ cd ~/pulseaudio
$ sudo apt update
$ apt source pulseaudio
After the download completes, a directory named /~pulseaudio/pulseaudio-8.0 should exist.
$ sudo apt build-dep -y pulseaudio
$ sudo apt install build-essential dpkg-dev
$ sudo apt install libpulse-dev
$ cd pulseaudio-8.0
$ ./configure
$ cd ..
Should be located in ~/pulseaudio directory.
$ git clone
https://github.com/neutrinolabs/pulseaudio-module-xrdp.git
$ cd pulseaudio-module-xrdp
$ ./bootstrap
$ ./configure PULSE_DIR=~/pulseaudio/pulseaudio-8.0
$ make
$ sudo make install
$ sudo rm $(pkg-config --variable=modlibexecdir libpulse)/module-xrdp*.la
$ ls $(pkg-config --variable=modlibexecdir libpulse) | grep module-xrdp*
The output should report both module-xrdp-sink.so and module-xrdp-source.so, nothing more.
$ sudo cp -a /etc/pulse/default.pa /etc/pulse/default.pa.original
$ sudo su
$ echo '.nofail' >/etc/pulse/default.pa
$ echo '.fail' >>/etc/pulse/default.pa
$ echo 'load-module module-augment-properties' >>/etc/pulse/default.pa
$ echo 'load-module module-xrdp-sink' >>/etc/pulse/default.pa
$ echo 'load-module module-native-protocol-unix' >>/etc/pulse/default.pa
$ usermod -a -G pulse <specify VM username>
$ usermod -a -G pulse-access <specify VM username>
$ usermod -a -G audio
$ shutdown -h 0
$ pactl list sinks
Should return something similar to:
Sink #0
State: IDLE
Name: xrdp-sink
Description: xrdp sink
...
$ rm -rf ~/pulseaudio
$ sudo apt-mark auto $(apt-cache showsrc pulseaudio | grep Build-Depends | perl -p -e 's/(?:[[(].+?[])]|Build-Depends:|,||)//g')
$ sudo apt autoremove -y
$ sudo apt remove -y libpulse-dev
$ sudo apt remove -y git

^

Drive Redirection

Drive redirection works, however, there’s a glitch, documented by github issue #6, that requires disabling the rpd printer sharing option before starting the connection from the client workstation, in order to view the selected drive(s) in the “shared-drives” mount displayed by nautilus.

^

Update

October 1, 2018

Polkit Warnings appearing in September 13, 2018-October 1 document versions have been removed. A similar xrdp solution published by Griffon and explained by this blog post eliminates the issue. A github pull request has been encoded to repair install.sh. Until the update has been applied, the step referencing the original Microsoft version has been altered to refer to a corrected version maintained by my github account.

For those that applied the version of the instructions containing these warnings:

After completing the upgrade, the policy kit framework daemon: polkitd periodically crashes due to a “segmentation fault”. During the initial faults, RAM was fully allocated mainly due to firefox’s consumption and the VM’s 4GB maximum RAM allocation. Increasing RAM statically allocated by Hyper-V from 4GB to 8GB reduces the problem’s frequency but doesn’t eliminate it.A policy kit failure can also cause aptd to fail.

perform the following:

$ pkaction --version
$ sudo su
$ rm /etc/polkit-1/localauthority.d.conf/02-allow-color.d.conf
$ echo '[Allow Colord all Users]' > /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
$ echo 'Identity=unix-user:*' >> /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
$ echo 'Action=org.freedesktop.color-manager.create-device;org.freedesktop.color-manager.create-profile;org.freedesktop.color-manager.delete-device;org.freedesktop.color-manager.delete-profile;org.freedesktop.color-manager.modify-device;org.freedesktop.color-manager.modify-profile' >> /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
$ echo 'ResultAny=no' >> /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
$ echo 'ResultInactive=no' >> /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
$ echo 'ResultActive=yes' >> /etc/polkit-1/localauthority/50-local.d/45-allow-colord.pkla
$ exit
$ sudo nano /etc/polkit-1/localauthority.conf.d/02-allow-colord.confChange the first instance of "org.freedesktop.color-manager.modify-profile" to "org.freedesktop.color-manager.modify-device"Exit nano.

October 19, 2018

Pull request was accepted. Changed git clone:

git clone https://github.com/WhisperingChaos/linux-vm-tools.git ~/linux-vm-tools

to reference Microsoft account:

git clone https://github.com/Microsoft/linux-vm-tools.git ~/linux-vm-tools

^

Motivation

This XRDP solution is more responsive when compared to a VNC one reliant on vino which motivated me to repurpose the solution documented by Craig Wilhite.

As a consultant, I’ve used KVM and Ubuntu’s Desktop to provide no cost development environments isolated and tailored with the tools required to deliver a particular client’s deliverable. Through qemu-img’s ability to derive a new virtual drive from an existing base image, I can quickly deploy a new VM with basic services, including VNC support, in about 15 minutes.

Not too long ago, with the packaging of Hyper-V in Windows 10 and motivated by a spouse whose work required specific Windows based development environments, we invested in a brand new rig, whose performance specs, especially SSD I/O, far exceed the current dedicated KVM platform. After configuring a couple Windows 10 VMs using Hyper-V and experiencing their near native luxuriant performance, I decided to transition a Ubuntu VM, purposed to provide secure web browsing, from the KVM platform to this one managed by Hyper-V.

However, instead of migrating the existing KVM Ubuntu image, the transition involved installing Ubuntu Desktop 16.04 from a live CD and then configuring vino, Ubuntu’s default VNC server which supports its Unity GUI. I can’t offer an informed opinion regarding Desktop GUI’s, as I mostly reside in the command line but since it’s fairly easy to configure vino for LAN access via a VNC client workstation, without having to install other components, I typically tread this path of maximum laziness.

Unfortunately, after installing Ubuntu and successfully configuring vino, remotely connecting to the VM’s desktop over a LAN using RealVNC viewer resulted in sluggish browser page rendering and nearly a two second delay in echoing each typed character to the browser’s address bar. After tuning VNC performance through compressing its stream, changing the desktop background color to solid black, and reducing its color to its minimum level, the annoying cursor lag persisted. This pain point motivated me to reviewed other solutions promoting xrdp but they usually incorporated a desktop windowing manager other than Unity, until I discovered and adapted the collaborative effort by Canonical, Microsoft, and XRDP.org.

What writes code that’s unseen, applies insight remarkably keen, demonstrates computational prowess that’s unsurpassed, conjures algorithms that delight, last?