WebSocket Timeout and IronError with Undefined Details in ironrdp-web When Connecting to RDP Server

[hasanodabasi]

I am encountering an issue with the ironrdp-web module when attempting to establish an RDP connection to a Windows Server 2022 RDP server using the WebAssembly (WASM) client. The connection process consistently fails with a WebSocket timeout after approximately 2 minutes, followed by an IronError with undefined kind and backtrace details.

Steps to Reproduce Setup: Environment: Windows Server 2022 (RDP server at :). Proxy: A Node.js WebSocket-to-TCP proxy (proxy.js) running on ws://:, forwarding to localhost:. Client: ironrdp-web WASM module built with wasm-pack build --target web (using wasm-bindgen v0.2.87). Code: A JavaScript client using SessionBuilder.init() to configure the RDP connection, as shown below: html

Close Application

Run the Test: Start the proxy: node proxy.js (listening on ws://:). Serve the client: http-server -p . Open http://: in a browser (Chrome 135). Observed Behavior The client logs show: text

IronRDP WASM module loaded. SessionBuilder configuration completed: SessionBuilder {__wbg_ptr: 1770504} After approximately 2 minutes, the following errors appear: text

WebSocket connection to 'ws://:/' failed: WebSocket connection error: Event {isTrusted: true, type: 'error', ...} WebSocket connection closed: 1006 Connection error: IronError {__wbg_ptr: 1769688} Error type: undefined Error details: undefined Proxy logs (from a previous run): text

Proxy portunda çalışıyor WebSocket istemcisi bağlandı RDP sunucusuna bağlandı WebSocket’ten veri alındı, boyutu: 97 RDP hatası: Error: read ECONNRESET WebSocket istemcisi ayrıldı qwinsta output: No session is visible, indicating the connection does not reach the authentication stage. Expected Behavior The WebSocket connection should establish successfully, and the RDP session should proceed to authentication, creating a session visible in qwinsta. Analysis The 2-minute delay suggests a timeout in the connect method, likely in the WebSocket state polling loop in session.rs: rust

loop { match ws.state() { websocket::State::Connecting => { trace!("WebSocket is connecting to proxy at {proxy_address}..."); gloo_timers::future::sleep(Duration::from_millis(50)).await; } ... } } The IronError lacks kind and backtrace details, indicating a potential issue with wasm_bindgen bindings for the IronError struct. The ECONNRESET error in the proxy suggests the RDP server (Windows Server 2022) is rejecting the connection, possibly due to: Incorrect credentials (<username>, ). Protocol incompatibility (e.g., RDCleanPath or CredSSP issues). Server configuration (e.g., Network Level Authentication (NLA) or TLS requirements). The WebSocket closure with code 1006 indicates an abnormal disconnection, likely due to the proxy or server not responding as expected. Environment OS: Windows Server 2022 Browser: Chrome 135 IronRDP: Latest commit from the main branch (as of April 2025) wasm-bindgen: 0.2.87 (set in ironrdp-web/Cargo.toml, but cargo tree shows 0.2.100 due to dependency conflicts) wasm-pack: 0.12.1 Node.js: Proxy running with node proxy.js Additional Notes Using SessionBuilder.init() resolved previous null pointer passed to rust errors for string parameters (username, password, etc.). A test function (test_string_binding) added to src/lib.rs confirmed that wasm_bindgen string bindings work correctly outside of SessionBuilder. Dependency conflict with wasm-bindgen v0.2.100 persists, despite setting 0.2.87 in [workspace.dependencies]. Questions for Maintainers Is there a known issue with the connect method in ironrdp-web causing WebSocket timeouts when connecting to Windows Server 2022? Could the IronError binding issue (undefined kind and backtrace) be related to wasm_bindgen configuration or the export! macro in iron_remote_desktop? Are there specific server configurations (e.g., NLA, TLS, CredSSP) required for ironrdp-web to connect to Windows Server 2022? Any recommendations for resolving the wasm-bindgen version conflict (v0.2.100 overriding 0.2.87)? Logs and Files Console Logs: Attached above. Proxy Logs: Attached above (from a previous run). qwinsta Output: No session visible. Cargo.toml (relevant parts): toml

ironrdp-web/Cargo.toml

[dependencies] wasm-bindgen = "0.2.87" ...

IronRDP/Cargo.toml

[workspace.dependencies] wasm-bindgen = "0.2.87" cargo tree (partial): text

├── wasm-bindgen v0.2.100 ├── wasm-bindgen-futures v0.4.50 ... Request Could you please provide guidance on debugging the WebSocket timeout and IronError issues? Specifically, any insights into the connect method’s behavior, IronError binding issues, or server configuration requirements would be greatly appreciated. I can provide additional logs or test specific scenarios if needed.

Thank you for your support!

[CBenoit]

Hello!

It seems you are using a Node.js WebSocket-to-TCP proxy? Unfortunately, you can’t use just any WebSocket-to-TCP proxy.

For the web client to work, we created a small extension called the RDCleanPath. The client is sending a preconnection packet, the RDCleanPath request, that is intercepted and interpreted by the proxy. Using this packet, the proxy performs a TLS connection with the target server and returns a response including the target server TLS certificate, required to perform the authentication in a safe way. At this point the usual RDP protocol stuff start.

You could use the Devolutions Gateway as a RDCleanPath-aware proxy. You can read more here: https://github.com/Devolutions/IronRDP/tree/ff798c91a743b4e7b132462ffc40c6f0a8e56162/web-client/iron-svelte-client#requirements

PS: Please, it would be much easier to read with proper formatting.

[awakecoding]

Hi - as my colleague @CBenoit said, you need the RDCleanPath extension that adapts RDP to WSS for the web, you can't just use a regular WSS to TCP or TLS bridge. Devolutions Gateway implements the RDCleanPath extension here: https://github.com/Devolutions/devolutions-gateway/blob/master/devolutions-gateway/src/rdp_extension.rs