Рубрики
*NIX информация

debian 12 / xrdp / kde / xfce4 / удалённый доступ оп RDP

Зачем? 

xrdp будет работать с xfc4 удаленно
kde будем пользовать локально

Установка пакетов: 

Консольные утилиты:
apt install vim tmux tcpdump curl mc minicom

Ставим пакеты для xrdp:
apt install xrdp xorgxrdp ssl-cert

Установка xfce4:
apt install xfce4 xfce4-goodies xfce4-places-plugin task-xfce-desktop

Установка kde:
apt install kde-full

Решение ошибки при подключении по rdp:
apt install dbus-x11
Решение проблемы зависания консоли:
apt-get remove xscreensaver

Дополнительные программы:
apt install desktop-telegram vscode golang gparted

Настройки:

0. Отключаем постоянные запросы паролей при настройке под учетной записью из группы admin
usermod -aG admin username

0.1 Политики polkit-1 такие полезные 
vim /etc/polkit-1/localauthority/50-local.d/46-all-allow.pkla
-----------------------------------------------------------------------
[Allow ALL from group admin]
Identity=unix-group:admin
Action=*
ResultAny=yes
ResultInactive=yes
ResultActive=yes
-----------------------------------------------------------------------

0.2 или 
!!!  Вместо auth_admin_keep указываем yes
vim /usr/share/polkit-1/actions/org.freedesktop.login1.policy
-------------------------------------------------------------

Reboot the system
Authentication is required for rebooting the system.
                
                        yes
                        yes
                        yes
                
org.freedesktop.login1.set-wall-message

-------------------------------------------------------------

vim /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
--------------------------------------------------------------------- 

   [...]
    
      auth_admin_keep
      yes
      yes
    
--------------------------------------------------------------------- 

P.S Более правильно все таки решить все с помощью pkla


1. Переконфигурируем:
dpkg-reconfigure xserver-xorg-legacy - переключаем разрешение для всех 

2. Редактируем выбор раскладки 
vim /etc/xrdp/xrdp_keyboard.ini
---------------------------
[default_rdp_layouts] # ищем и убеждаемся что файлы существуют
rdp_layout_us=0x00000409 # ищем и убеждаемся что файлы существуют
rdp_layout_ru=0x00000419 # ищем и убеждаемся что файлы существуют
 
 
[layouts_map_ru]
rdp_layout_us=ru,us
rdp_layout_ru=ru,us
 
[rdp_keyboard_ru]
keyboard_type=4
keyboard_type=7
keyboard_subtype=1
; model=pc105 при необходимости
options=grp:alt_shift_toggle
rdp_layouts=default_rdp_layouts
layouts_map=layouts_map_ru

3. Добавить пользователя xrdp в группу ssl-cert 
usermod -aG ssl-cert xrdp
 
4. Выпуск собственного сертификата для XRDP
mkdir /etc/xrdp/certificate/
cd /etc/xrdp/certificate/
openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 3650

4.1 Подключаем сертификаты отредактировав файл
!!! ищем строки  (certificate=) и (key_file=) и правим их
vim /etc/xrdp/xrdp.ini
----------------------
certificate=/etc/xrdp/certificate/cert.pem 
key_file=/etc/xrdp/certificate/key.pem
----------------------
 
4.2 Изменяем права для файла 
chown -R xrdp:xrdp /etc/xrdp/certificate/


5. Запрет авторизации ROOT в XRDP
vim /etc/xrdp/sesman.ini
-------------------------
[Security]
# Авторизация root. true - разрешено false - запрещено
AllowRootLogin=false
-------------------------

6. XRDP черный экран при подключении:

!!! Баг был при использовании использовании ubuntu, debian 10, debian 11
!!! В окружение KDE
!!! Нужно вставить следующие строки в файл /etc/xrdp/startwm.sh
!!! unset DBUS_SESSION_BUS_ADDRESS
!!! unset XDG_RUNTIME_DIR

6.1 vim /etc/xrdp/startwm.sh
------------------------
#!/bin/sh
# xrdp X session start script (c) 2015, 2017 mirabilos
# published under The MirOS Licence

if test -r /etc/profile; then
        . /etc/profile
fi

unset DBUS_SESSION_BUS_ADDRESS
unset XDG_RUNTIME_DIR

if test -r /etc/default/locale; then
        . /etc/default/locale
        test -z "${LANG+x}" || export LANG
        test -z "${LANGUAGE+x}" || export LANGUAGE
        test -z "${LC_ADDRESS+x}" || export LC_ADDRESS
        test -z "${LC_ALL+x}" || export LC_ALL
        test -z "${LC_COLLATE+x}" || export LC_COLLATE
        test -z "${LC_CTYPE+x}" || export LC_CTYPE
        test -z "${LC_IDENTIFICATION+x}" || export LC_IDENTIFICATION
        test -z "${LC_MEASUREMENT+x}" || export LC_MEASUREMENT
        test -z "${LC_MESSAGES+x}" || export LC_MESSAGES
        test -z "${LC_MONETARY+x}" || export LC_MONETARY
        test -z "${LC_NAME+x}" || export LC_NAME
        test -z "${LC_NUMERIC+x}" || export LC_NUMERIC
        test -z "${LC_PAPER+x}" || export LC_PAPER
        test -z "${LC_TELEPHONE+x}" || export LC_TELEPHONE
        test -z "${LC_TIME+x}" || export LC_TIME
        test -z "${LOCPATH+x}" || export LOCPATH
fi

if test -r /etc/profile; then
        . /etc/profile
fi

test -x /etc/X11/Xsession && exec /etc/X11/Xsession
exec /bin/sh /etc/X11/Xsession

------------------------


7. Название подключенной локальной папки в XRDP
!!! для корректной работы нужны пакеты  
!!! apt install gvfs-fuse gvfs-backends libglib2.0-bin
vim /etc/xrdp/sesman.ini
------------------------
FuseMountName=Mount_FOLDER
------------------------


8. Настройка вида окна авторизации XRDP
vim  /etc/xrdp/xrdp.ini
-----------------------
ls_title=YOU SUPER SERVER # заголовок окна сервера
ls_top_window_bg_color=000000  # Цвет фона RGB
ls_logo_filename=/etc/xrdp/logo_xrdp.bmp #Логотип
 
; Session types # После этой строки ищем и убираем лишние сессии, оставляем только [Xorg]
-----------------------


9. Отключение screensaver
Вариант первый, можно просто его удалить
apt-get remove xscreensaver
 
Вариант второй, можно настроить электропитание в настройках экрана



10. После настройки перезапустим xrdp 
service xrdp restart

.xsession

KDE
cat > .xsession << "EOF"
startplasma-x11
EOF

XFCE4
cat > .xsession << "EOF"
startxfce4
EOF

Команда помогающая изменить gui по умолчанию: 

update-alternatives --config x-session-manager

config /etc/xrdp/xrdp.ini

[Globals]
; xrdp.ini file version number
ini_version=1

; fork a new process for each incoming connection
fork=true

; ports to listen on, number alone means listen on all interfaces
; 0.0.0.0 or :: if ipv6 is configured
; space between multiple occurrences
; ALL specified interfaces must be UP when xrdp starts, otherwise xrdp will fail to start
;
; Examples:
;   port=3389
;   port=unix://./tmp/xrdp.socket
;   port=tcp://.:3389                           127.0.0.1:3389
;   port=tcp://:3389                            *:3389
;   port=tcp://:3389      192.168.1.1:3389
;   port=tcp6://.:3389                          ::1:3389
;   port=tcp6://:3389                           *:3389
;   port=tcp6://{}:3389   {FC00:0:0:0:0:0:0:1}:3389
;   port=vsock://:
port=3389

; 'port' above should be connected to with vsock instead of tcp
; use this only with number alone in port above
; prefer use vsock://: above
use_vsock=false

; regulate if the listening socket use socket option tcp_nodelay
; no buffering will be performed in the TCP stack
tcp_nodelay=true

; regulate if the listening socket use socket option keepalive
; if the network connection disappear without close messages the connection will be closed
tcp_keepalive=true

; set tcp send/recv buffer (for experts)
#tcp_send_buffer_bytes=32768
#tcp_recv_buffer_bytes=32768

; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate

; minimum security level allowed for client for classic RDP encryption
; use tls_ciphers to configure TLS encryption
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high

; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
; note this needs the user xrdp to be a member of the ssl-cert group, do with e.g.
;$ sudo adduser xrdp ssl-cert
;certificate=
;key_file=
certificate=/etc/xrdp/certificate/cert.pem 
key_file=/etc/xrdp/certificate/key.pem

; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
ssl_protocols=TLSv1.2, TLSv1.3
; set TLS cipher suites
#tls_ciphers=HIGH

; concats the domain name to the user if set for authentication with the separator
; for example when the server is multi homed with SSSd
#domain_user_separator=@

; The following options will override the keyboard layout settings.
; These options are for DEBUG and are not recommended for regular use.
#xrdp.override_keyboard_type=0x04
#xrdp.override_keyboard_subtype=0x01
#xrdp.override_keylayout=0x00000409

; Section name to use for automatic login if the client sends username
; and password. If empty, the domain name sent by the client is used.
; If empty and no domain name is given, the first suitable section in
; this file will be used.
autorun=

allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
#hidelogwindow=true
max_bpp=32
new_cursors=true
; fastpath - can be 'input', 'output', 'both', 'none'
use_fastpath=both
; when true, userid/password *must* be passed on cmd line
#require_credentials=true
; when true, the userid will be used to try to authenticate
#enable_token_login=true
; You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url

;
; colors used by windows in RGB format
;
blue=009cb5
grey=dedede
#black=000000
#dark_grey=808080
#blue=08246b
#dark_blue=08246b
#white=ffffff
#red=ff0000
#green=00ff00
#background=626c72

;
; configure login screen
;

; Login Screen Window Title
#ls_title=My Login Title

; top level window background color in RGB format
ls_top_window_bg_color=009cb5

; width and height of login screen
;
; The default height allows for about 5 fields to be comfortably displayed
; above the buttons at the bottom. To display more fields, make 
; larger, and also increase  and 
; below
;
ls_width=350
ls_height=430

; login screen background color in RGB format
ls_bg_color=dedede

; optional background image filename. BMP format is always supported,
; but other formats will be supported if xrdp is build with imlib2
; The transform can be one of the following:-
;     none  : No transformation. Image is placed in bottom-right corner
;             of the screen.
;     scale : Image is scaled to the screen size. The image aspect
;             ratio is not preserved.
;     zoom  : Image is scaled to the screen size. The image aspect
;             ratio is preserved by clipping the image.
#ls_background_image=
#ls_background_transform=none

; logo
; full path to file or file in shared folder. BMP format is always supported,
; but other formats will be supported if xrdp is build with imlib2
; For transform values, see 'ls_background_transform'. The logo width and
; logo height are ignored for a transform of 'none'.
ls_logo_filename=
#ls_logo_transform=none
#ls_logo_width=240
#ls_logo_height=140
ls_logo_x_pos=55
ls_logo_y_pos=50

; for positioning labels such as username, password etc
ls_label_x_pos=30
ls_label_width=65

; for positioning text and combo boxes next to above labels
ls_input_x_pos=110
ls_input_width=210

; y pos for first label and combo box
ls_input_y_pos=220

; OK button
ls_btn_ok_x_pos=142
ls_btn_ok_y_pos=370
ls_btn_ok_width=85
ls_btn_ok_height=30

; Cancel button
ls_btn_cancel_x_pos=237
ls_btn_cancel_y_pos=370
ls_btn_cancel_width=85
ls_btn_cancel_height=30

[Logging]
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
LogFile=xrdp.log
LogLevel=INFO
EnableSyslog=true
#SyslogLevel=INFO
#EnableConsole=false
#ConsoleLevel=INFO
#EnableProcessId=false

[LoggingPerLogger]
; Note: per logger configuration is only used if xrdp is built with
; --enable-devel-logging
#xrdp.c=INFO
#main()=INFO

[Channels]
; Channel names not listed here will be blocked by XRDP.
; You can block any channel by setting its value to false.
; IMPORTANT! All channels are not supported in all use
; cases even if you set all values to true.
; You can override these settings on each session type
; These settings are only used if allow_channels=true
rdpdr=true
rdpsnd=true
drdynvc=true
cliprdr=true
rail=true
xrdpvr=true
tcutils=true
driveredir=true

; for debugging xrdp, in section xrdp1, change port=-1 to this:
#port=/tmp/.xrdp/xrdp_display_10


;
; Session types
;

; Some session types such as Xorg, X11rdp and Xvnc start a display server.
; Startup command-line parameters for the display server are configured
; in sesman.ini. See and configure also sesman.ini.
[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
ip=127.0.0.1
port=-1
code=20

;[Xvnc]
;name=Xvnc
;lib=libvnc.so
;username=ask
;password=ask
;ip=127.0.0.1
;port=-1
#xserverbpp=24
#delay_ms=2000
; Disable requested encodings to support buggy VNC servers
; (1 = ExtendedDesktopSize)
#disabled_encodings_mask=0
; Use this to connect to a chansrv instance created outside of sesman
; (e.g. as part of an x11vnc console session). Replace '0' with the
; display number of the session
#chansrvport=DISPLAY(0)

; Generic VNC Proxy
; Tailor this to specific hosts and VNC instances by specifying an ip
; and port and setting a suitable name.
;[vnc-any]
;name=vnc-any
;lib=libvnc.so
;ip=ask
;port=ask5900
;username=na
;password=ask
#pamusername=asksame
#pampassword=asksame
#pamsessionmng=127.0.0.1
#delay_ms=2000

; Generic RDP proxy using NeutrinoRDP
; Tailor this to specific hosts by specifying an ip and port and setting
; a suitable name.
;[neutrinordp-any]
;name=neutrinordp-any
; To use this section, you should build xrdp with configure option
; --enable-neutrinordp.
;lib=libxrdpneutrinordp.so
;ip=ask
;port=ask3389
;username=ask
;password=ask
; Uncomment the following lines to enable PAM authentication for proxy
; connections.
#pamusername=ask
#pampassword=ask
#pamsessionmng=127.0.0.1
; Currently NeutrinoRDP doesn't support dynamic resizing. Uncomment
; this line if you're using a client which does.
#enable_dynamic_resizing=false
; By default, performance settings requested by the RDP client are ignored
; and chosen by NeutrinoRDP. Uncomment this line to allow the user to
; select performance settings in the RDP client.
#perf.allow_client_experiencesettings=true
; Override any experience setting by uncommenting one or more of the
; following lines.
#perf.wallpaper=false
#perf.font_smoothing=false
#perf.desktop_composition=false
#perf.full_window_drag=false
#perf.menu_anims=false
#perf.themes=false
#perf.cursor_blink=false
; By default NeutrinoRDP supports cursor shadows. If this is giving
; you problems (e.g. cursor is a black rectangle) try disabling cursor
; shadows by uncommenting the following line.
#perf.cursor_shadow=false
; By default, NeutrinoRDP uses the keyboard layout of the remote RDP Server.
; If you want to tell the remote the keyboard layout of the RDP Client,
; by uncommenting the following line.
#neutrinordp.allow_client_keyboardLayout=true
; The following options will override the remote keyboard layout settings.
; These options are for DEBUG and are not recommended for regular use.
#neutrinordp.override_keyboardLayout_mask=0x0000FFFF
#neutrinordp.override_kbd_type=0x04
#neutrinordp.override_kbd_subtype=0x01
#neutrinordp.override_kbd_fn_keys=12
#neutrinordp.override_kbd_layout=0x00000409

; You can override the common channel settings for each session type
#channel.rdpdr=true
#channel.rdpsnd=true
#channel.drdynvc=true
#channel.cliprdr=true
#channel.rail=true
#channel.xrdpvr=true

config /etc/xrdp/sesman.ini 

;; See `man 5 sesman.ini` for details

[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=true
; Give in relative path to user's home directory
UserWindowManager=startwm.sh
; Give in full path or relative path to /etc/xrdp
DefaultWindowManager=startwm.sh
; Give in full path or relative path to /etc/xrdp
ReconnectScript=reconnectwm.sh

[Security]
;AllowRootLogin=true
AllowRootLogin=false
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=false
; When RestrictOutboundClipboard=all clipboard from the
; server is not pushed to the client.
; In addition, you can control text/file/image transfer restrictions
; respectively. It also accepts comma separated list such as text,file,image.
; To keep compatibility, some aliases are also available:
;   true: an alias of all
;   false: an alias of none
;   yes: an alias of all
RestrictOutboundClipboard=none
; When RestrictInboundClipboard=all clipboard from the
; client is not pushed to the server.
; In addition, you can control text/file/image transfer restrictions
; respectively. It also accepts comma separated list such as text,file,image.
; To keep compatibility, some aliases are also available:
;   true: an alias of all
;   false: an alias of none
;   yes: an alias of all
RestrictInboundClipboard=none

[Sessions]
;; X11DisplayOffset - x11 display number offset
; Type: integer
; Default: 10
X11DisplayOffset=10

;; MaxSessions - maximum number of connections to an xrdp server
; Type: integer
; Default: 0
MaxSessions=50

;; KillDisconnected - kill disconnected sessions
; Type: boolean
; Default: false
; if 1, true, or yes, every session will be killed within DisconnectedTimeLimit
; seconds after the user disconnects
KillDisconnected=false

;; DisconnectedTimeLimit (seconds) - wait before kill disconnected sessions
; Type: integer
; Default: 0
; if KillDisconnected is set to false, this value is ignored
DisconnectedTimeLimit=0

;; IdleTimeLimit (seconds) - wait before disconnect idle sessions
; Type: integer
; Default: 0
; Set to 0 to disable idle disconnection.
IdleTimeLimit=0

;; Policy - session allocation policy
; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
; "Default" session per 
; "UBD" session per 
; "UBI" session per 
; "UBC" session per 
; "UBDI" session per 
; "UBDC" session per 
Policy=Default

[Logging]
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
LogFile=xrdp-sesman.log
LogLevel=INFO
EnableSyslog=true
#SyslogLevel=INFO
#EnableConsole=false
#ConsoleLevel=INFO
#EnableProcessId=false

[LoggingPerLogger]
; Note: per logger configuration is only used if xrdp is built with
; --enable-devel-logging
#sesman.c=INFO
#main()=INFO

;
; Session definitions - startup command-line parameters for each session type
;

[Xorg]
; Specify the path of non-suid Xorg executable. It might differ depending
; on your distribution and version. Find out the appropriate path for your
; environment. The typical path is known as follows:
;
; Fedora 26 or later    :  param=/usr/libexec/Xorg
; Debian 9 or later     :  param=/usr/lib/xorg/Xorg
; Ubuntu 16.04 or later :  param=/usr/lib/xorg/Xorg
; Arch Linux            :  param=/usr/lib/Xorg
; CentOS 7              :  param=/usr/bin/Xorg or param=Xorg
; CentOS 8              :  param=/usr/libexec/Xorg
; FreeBSD (from 2022Q4) :  param=/usr/local/libexec/Xorg
;
param=/usr/lib/xorg/Xorg
; Leave the rest parameters as-is unless you understand what will happen.
param=-config
param=xrdp/xorg.conf
param=-noreset
param=-nolisten
param=tcp
param=-logfile
param=.xorgxrdp.%s.log

[Xvnc]
param=Xvnc
param=-bs
param=-nolisten
param=tcp
param=-localhost
param=-dpi
param=96

[Chansrv]
; drive redirection
; See sesman.ini(5) for the format of this parameter
;FuseMountName=/run/user/%u/thinclient_drives
;FuseMountName=/media/thinclient_drives/%U/thinclient_drives
FuseMountName=remoute
; this value allows only the user to access their own mapped drives.
; Make this more permissive (e.g. 022) if required.
;FileUmask=077
; Can be used to disable FUSE functionality - see sesman.ini(5)
;EnableFuseMount=false
; Uncomment this line only if you are using GNOME 3 versions 3.29.92
; and up, and you wish to cut-paste files between Nautilus and Windows. Do
; not use this setting for GNOME 4, or other file managers
UseNautilus3FlistFormat=true

[ChansrvLogging]
; Note: one log file is created per display and the LogFile config value
; is ignored. The channel server log file names follow the naming convention:
; xrdp-chansrv.${DISPLAY}.log
;
; Note: Log levels can be any of: core, error, warning, info, debug, or trace
LogLevel=INFO
EnableSyslog=true
#SyslogLevel=INFO
#EnableConsole=false
#ConsoleLevel=INFO
#EnableProcessId=false

[ChansrvLoggingPerLogger]
; Note: per logger configuration is only used if xrdp is built with
; --enable-devel-logging
#chansrv.c=INFO
#main()=INFO

[SessionVariables]
PULSE_SCRIPT=/etc/xrdp/pulse/default.pa

xrdp белый экран raspberry pi

https://bbs.archlinux.org/viewtopic.php?id=277905
https://askubuntu.com/questions/1209300/remote-desktop-on-raspberrypi-not-working
https://raspberrypi.stackexchange.com/questions/133425/connection-problem-giving-up-on-xrdp-with-raspberry-pi-os-11-bullseye
https://github.com/neutrinolabs/xrdp/issues/2053 #Не очевидное решение проблемы белого экрана на raspberry
https://github.com/neutrinolabs/xrdp/wiki/Tips-and-FAQ#why-cant-i-log-the-same-user-on-on-the-graphical-console-and-over-xrdp-at-the-same-time

Вариант 0:
СМОТРИМ ЛОГИ!!!
cat /var/log/xrdp-sesman.log
В каталоге пользователя:
cat .xorgxrdp.*.log
cat .xsession
cat .xsession-errors
Смотрим при подключении:
journalctl -f



Вариант первый:
!!! На малине в принципе все начинает работать сразу из коробки и настройка не требуется.
apt install -y  xrdp 

Вариант второй:
Чтобы решить эту проблему "второй сессии" и разрешить столько сессий, сколько вам нужно, отредактируйте /etc/xrdp/startwm.sh 
и добавьте эти строки перед строками, которые проверяют и запускают Xsession. $HOME/.profile не является частью решения, 
но это то, что должно быть запущено перед началом сессии в любом случае.
unset DBUS_SESSION_BUS_ADDRESS  
unset XDG_RUNTIME_DIR  
. $HOME/.profile

Вариант третий:
Еще в борьбе с белым экраном предлагают удалить пользователя из группы video и render
sudo gpasswd -d  video
sudo gpasswd -d  render

Вариант четвертый:
Eще скрипт установки у людей на raspberry pi
# Install updates
sudo apt update
sudo apt upgrade -y

# Install and configure xRDP
sudo apt install -y xrdp
sudo systemctl enable xrdp
sudo sed -i 's/"DRMDevice" "[[:alnum:]/]+"/"DRMDevice" ""/g' /etc/X11/xrdp/xorg.conf
sudo gpasswd -d $USER video

# Reboot the machine
sudo reboot

Вариант пятый:
P.s. Многие пишут что вообще ничего не трогают и все работает
кто то удаляет из группы video и тоже начинает работать
а самое главное вообще не трогают startwm.sh 

Вариант шестой:
apt-get install xserver-xorg-legacy
vim /etc/X11/Xwrapper.config
----------------------------
allowed_users=anybody
needs_root_rights=yes
----------------------------

Вариант седьмой:
Ошибки dbus
Ставим:
sudo apt install dbus-x11
От пользователя выполняем:
dbus-launch


Вариант восьмой:
https://forums.raspberrypi.com/viewtopic.php?t=387334
Включаем X Activate X11 Server over Wayland on raspi-config utility That's important
Редактируем файл:
Edit /etc/X11/xrdp/xorg.conf
Section "Screen"
Identifier "Screen (xrdpdev)"
Device "Video Card (xrdpdev)"
GPUDevice "Video Card (xrdpdev)" <-- Add this to section...
Monitor "Monitor"