Background
In the past I have written a couple of articles on how to run Windows applications using SeamlessRDP and Sun xVM (Virtualbox) and Linux KVM (Kernel-based Virtual Machine). After reviewing both articles I have decided to write a new article encompassing both hypervisors and correcting some of the mistakes I have found as well improvements made by a couple of guys who have done quite a deal of testing: Thomas Hansson and Peter Clarén.
By the way – There is no reason why this guide should not work on other platforms like FreeBSD (Virtualbox, Qemu), Mac OSX (Virtualbox) or Solaris/OpenSolaris (Virtualbox) as long as the host platform is x86 or x64. The guide is centered around Ubuntu but it should be possible to use it for other Linux distributions without much work.
So, what is the reason for this article?
I run Linux on my primary machine (well, on all my machines really) but there are a few Windows application I need to run – Some run under Wine but does not act like in native Windows, some will not run under Wine. The solution was to run a virtual machine with Windows but I did not like the fact that I had to have a complete Windows desktop.
Enter SeamlessRDP. SeamlessRDP is an “extension” of the RDP protocol (originally developed by Cendio AB for their ThinLinc product).
SeamlessRDP makes it possible to run individual applications rather than a full desktop. In this mode, rdesktop creates a X11 window for each window on the server side. The remote applications can be moved, resized and restacked.
Choosing a hypervisor
I deal a lot with virtualization in job and have come to be a great fan of VMware’s line of products. Naturally I have been running VMware Workstation on my computer for a very long time but for this particular task it did not fit my needs (most noticeably it does not have the option to run “headless”) so I had to start looking at alternatives.
I started using VMware Server which worked great in version 1.x but after upgrading to 2.0 I was put of by the fact that is now uses a horrible memory hog of a web interface (which could be disabled but one is then dependent on Virtual Infrastructure Client which is Windows only).
After ditching VMware I ended up with two (equally great) products:
- Sun xVM Virtualbox
Pros: No problems with kernel modules. Great support for USB devices. RDP based “console”. Great performance using paravirtualized devices. Supports running 64 bit guests on a 32 bit host OS (the host has the be 64 bit of course). Export virtual machines as appliances. Seamless integration of the guests and hosts (using guest additions to provide shared clipboard and dynamic screen resizing)Cons: Not free (there is an open sourced edition which lacks some of the feature described above). - Linux KVM
Pros: Part of the kernel. Lots of features (like live migrations). Powerful. Open source
Cons: Does not support 64 bit guests on 32 bit host OS. Requires Intel VT-x or AMD-V. Though Virtual Machine Manager makes it easier it is not for the average user
Because I use both on a regular basis I will describe how to accomplish the goal using both hypervisors. My guides are based on Ubuntu so you may need to change the commands to match your environment.
Installing and configuring hypervisor
Installing KVM
One important note: KVM requires hardware virtualization support. To check if your computer supports this, run
The output should be at least 1 – If you know your CPU support VT-x or AMD-v but the above command does not show anything make sure virtualization is enabled in the computer’s BIOS.
KVM is in Ubuntu’s package repository, so installing it easy
Install Virtualbox
Virtualbox does not require hardware virtualization support but will benefit from it.
Enable Virtualbox’ package repository
$ wget -q http://download.virtualbox.org/virtualbox/debian/sun_vbox.asc -O- | sudo apt-key add -
and then install Virtualbox:
$ sudo apt-get install virtualbox-3.0 rdesktop
Configuring network on the host
Though both Virtualbox and KVM support simple NAT networking we need to be able to connect to the virtual machine and the virtual machine need to be able to connect to the outside network.
Virtualbox now supports bridging to host interfaces but that is not necessarily what we want since that exposes the virtual machine to the outside network (which can cause problems on networks that only allow one MAC address per switch port).
So, we’ll set up a virtual interface on the host and let the host handle DNS, DHCP and IP forwarding (using dnsmasq and iptables).
First, install the needed software
Ubuntu tries to keep security really tight so be default only root is allowed to access tun/tap devices. To fix this we create a udev rule to allow group access to those devices
$ sudo udevadm control --reload-rules
Next create a interface configuration for a tap interface which will spawn a dedicated instance of dnsmasq when the interface is initialized (with Virtualbox it is also possible to use a bridge interface but since it does not work with KVM I will use tap for both) – Add this to /etc/network/interfaces:
iface tap0 inet static
address 192.168.10.1
netmask 255.255.255.0
up /usr/sbin/dnsmasq --interface=${IFACE} --except-interface=lo,eth0,wlan0,ath0 --bind-interfaces --user=nobody \
--dhcp-range=kvm,192.168.10.150,192.168.10.250,255.255.255.0,192.168.10.255,8h \
--domain=kvm.lan --pid-file=/var/run/${IFACE}_dnsmasq.pid --conf-file
tunctl_user nobody
test if it works
$ ps aux | grep dnsmasq | grep -c kvm
1
You also need to add any users running virtual machines to the group uml-net:
(It will not work until the user logs on after adding her to the group)
In order for the virtual machine to reach the outside network we need to set up IP forwarding; I use Uncomplicated Firewall because it is very simple to use.
- Edit /etc/default/ufw and change DEFAULT_FORWARD_POLICY from DROP to ACCEPT
- Edit /etc/ufw/sysctl.conf and enable the line net/ipv4/ip_forward=1 (remove the # in front of the line)
- Add the following lines to /etc/ufw/before.rules (right after the comments at the top):
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# NAT all traffic coming from 192.168.10.0/24 going through any interface.
-A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT - In the same file (/etc/ufw/before.rules), locate the line -A ufw-before-output -o lo -j ACCEPT and add these lines right after:
-A ufw-before-input -i tap0 -j ACCEPT
-A ufw-before-output -o tap0 -j ACCEPT
Getting things running
Converting an existing VMware virtual machine
Both KVM and Virtualbox support vmdk files so there is no need convert the disk files, just adjust the virtual machine creation to point at the vmdk file instead.
Windows can be quite picky when it comes to hardware so moving a virtual machine to a new hypervisor will most likely result in BSOD. If this happens find a Windows XP install CD, boot from it and repair your Windows XP installation.
Creating a virtual machine
Using KVM
Create the script $HOME/bin/kvm-windows:
HD="-hda $HOME/path/to/Windows.img"
NIC1MAC="00:16:3e:66:42:73"
KVM="kvm"
VNC="-vnc :1"
NET="-net nic,macaddr=$NIC1MAC -net tap,script=no,vlan=0,fd=0"
SOUND="-soundhw es1370"
TIME="-localtime"
MEM="-m 512"
NAME="-name Windows"
CPU="-cpu core2duo"
KB="-k da"
USB=""
OTHERARG="-daemonize"
$KVM $HD $NET $VNC $SOUND $MEM $TIME $NAME $CPU $KB $USB $OTHERARG "$@"
Change HD, NIC1MAC, KB and CPU to match your needs.
Last step is to create a virtual disk:
before booting the virtual machine
and connecting to the “console”
Continue to installing Windows
Using Virtualbox
We will create the virtual machine from the shell – simply because it is easier.
$ VBoxManage createhd --filename "Windows.vdi" --size 10000 --remember
$ VBoxManage modifyvm "Windows" --memory "512MB" --hda "Windows.vdi" --dvd /path/to/WindowsXP.iso --acpi on \
--boot1 dvd --nic1 bridged --bridgeadapter1="tap0" --vrdp on --vrdpport 1337
Boot the virtual machine (this has to be done from the shell to run the “console” as a RDP service):
and then connect to the “console”
Continue to installing Windows
Installing and configuring Windows XP
The installation of Windows XP is no different than any other install so I will not go into that.
KVM: Installing paravirtualized network driver
Download the driver disc, shut down the virtual Windows machine, change the variable NET to read:
and then boot Windows again
when Windows asks for a driver for the new network interface device, point to the CD-ROM.
Virtualbox: Installing guest additions
Shut down the virtual Windows machine, then from the shell run
Boot Windows again
and then connect to the “console”
Inside Windows, open the CD-ROM drive and select VBoxWindowsAdditions.exe and follow the instructions.
Configuring and tuning Terminal Services
Terminal Services is called Remote Access in Windows XP – enable it in Start -> Control Panel -> System -> Remote Access.
One downside is that someone needs to log on before XP punches a hole in the firewall. To circumvent this either manually add an exception for the RDP service or simply turn of the firewall (that’s what I did since the host will be protected by the host’s firewall as well as the NAT feature of VirtualBox).
One of the more annoying limitations in Windows XP is that the color depth by default is limited to 16 bits.
To change this open the Group Policy Editor (Start -> Run -> gpedit.msc) and navigate to Administrative Template -> Windows Components -> Terminal Services and change the limit:
Setting maximum colour depth for Terminal Services
There are a few other parameters one can change, feel free to poke around.
To be able to connect to the Windows machine using RDP you need to set a password for the user you wish connect as.
Assign a static IP to your virtual machine, this will make it easier to create the scripts further down in this article.
Install and configure SeamlessRDP
The main component in this setup is SeamlessRDP which allows one to launch a single application using RDP (remote desktop) and open only the window of that application. The drawback (with Windows XP) is that you are only allowed to open one session which means you can only launch one application at the same time.
Luckily someone grew tired of this and has made a patch to both rdesktop and SeamlessRDP that makes it possible to launch more than one application over the same SeamlessRDP session.
Installing rdesktop from CVS
First make sure that you have all the required packages for building rdesktop
Download rdesktop from CVS
$ cvs -z3 -d:pserver:anonymous@rdesktop.cvs.sourceforge.net:/cvsroot/rdesktop co -P rdesktop
Download the patch to the checked out source
$ wget http://www.fontis.com.au/system/files/rdesktop.patch
Patch the source
Compile the source and install (install it as rdesktop-cvs to not interfere with the Ubuntu package)
$ ./configure
$ make
$ sudo make install
$ sudo mv /usr/local/bin/rdesktop /usr/local/bin/rdesktop-cvs
Installing the Windows component
Download the updated SeamlessRDP program and unpack it to c:\seamlessrdp inside the virtual machine.
Making it all come together
To ease the execution of Windows programs I’ve created a small script called $HOME/bin/winrun:
RDESKTOP="/usr/local/bin/rdesktop-cvs"
SRDP="c:\seamlessrdp\seamlessrdpshell.exe"
SOCKET="$HOME/.rdesktop/socket"
RDESKTOP_ARGS="-k da -u username -p<password -z -x l -M $SOCKET -A"
RHOST="192.168.10.10"
RUNNING=$(pgrep -c -U $USER -x rdesktop-cvs)
if [ -e $SOCKET -a $RUNNING -ge 1 ]
then
$RDESKTOP $RDESKTOP_ARGS -l "$*"
else
$RDESKTOP $RDESKTOP_ARGS -s "$SRDP $*" $RHOST
fi
What this script does it to check for a socket file; if it does not exist rdesktop connects the same way as the standard client. If it does exist rdesktop uses the socket and the existing connection to create another window.
Similarly I have a script to connect to the Windows desktop when I need to do some maintenance
RHOST="192.168.10.10"
VM="Windows"
rdesktop -k da -u <username> -p <password> -g 90% -T $VM -z -x b $RHOST
Sharing data between the host and guest
When running KVM
Remote Desktop resource redirection
This is the easiest way of sharing data but it has some drawbacks.
Enable it by adding this to RDESKTOP_ARGS in winrun:
This will make your entire home directory available to your virtual machine but only when you are connected and not with an assigned drive letter.
RDP resource redirection active
Samba
One could also use a Samba server on the host
By default the section in /etc/samba/smb.conf concerning home directories is commented out
comment = Home Directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
Be sure to reload the Samba service
Then map the home share inside the virtual machine
When running Virtualbox
The same methods can be used as with KVM but it is a lot smarter to use Shared Folders.
Shut down the virtual machine then run (in a shell on the host):
Boot Windows again
and then connect to the “console”
Inside Windows, run the following command to map the shared folder
Tips and tricks
Running Explorer in seamless mode
If you try to run explorer.exe using the winrun method you will get the entire desktop. This is because the first explorer.exe launched will be always be used as the “shell” (or desktop).
To get around this, download Litestep, install it and set it as the shell for Windows. Now you are able to run explorer.exe and only get the file manager window presented in Linux.
Running any Windows program as a service
This might come in handy if you need a particular program running (this could be an VPN client needed to access resources from within Windows). In my example I will use the Aventail Connect Client.
Install and configure the program you wish to run as a service. Make sure it works as expected.
Download svcany.zip and unpack in your virtual machine. This example uses C:\srvany
Create a new service
Open regedit (Start -> Run -> regedit) and nagivate to HKEY_LOCAL_MACHINE -> System -> CurrentControlSet -> Services -> Aventail Connect Client. Add a new key (Edit -> New -> Key) called Parameters and under this new key add a new string called Application with the content “C:\Program Files\Aventail\Connect\as32.exe” (this string has to match your program).
Edit service
That’s it.
Errors (and fixes)
A comment in one of the old articles asked: When I run winrun I get this error:
(C) 2005-2009 Sun Microsystems, Inc.
All rights reserved.
[!] FAILED calling a->virtualBox->OpenRemoteSession(a->session, uuid, sessionType, env, progress.asOutParam()) at line 2731!
[!] Primary RC = NS_ERROR_INVALID_ARG (0×80070057) – Invalid argument value
[!] Full error info present: true , basic error info present: true
[!] Result Code = NS_ERROR_INVALID_ARG (0×80070057) – Invalid argument value
[!] Text = Invalid session type: ‘vrdp’
[!] Component = Machine, Interface: IMachine, {ea6fb7ea-1993-4642-b113-f29eb39e0df0}
[!] Callee = IVirtualBox, {339abca2-f47a-4302-87f5-7bc324e6bbde}
/home/george/bin/winrun: line 22: 4422 Segmentation fault $RDESKTOP $RDESKTOP_ARGS -s “$SRDP $*” $RHOST
That is because you are using the Open Source Editition (OSE) of Virtualbox which does not have a RDP server build in.
[...] This post was mentioned on Twitter by Ollie and I.Saeki. I.Saeki said: Running Windows applications natively and seamlessly on Linux with … http://bit.ly/E3hst [...]
nice article! Only a hickup and some html jungle in the runwin script example.
[...] Running Windows applications natively and seamlessly on Linux with … [...]
Hello from Russia!
Can I quote a post in your blog with the link to you?
Please do.
mvh
Allan
I’ve been trying forever to get this to work. I finally thought this would be it, but unfortunately not. After following the directions exactly, I still get the whole screen in my RDP window when I connect, and any command I sent to seamlessrdp completely ignored.
The guest system is Windows XP Pro SP3, with the Administrator account being the one that logs in. The host system is an AMD64 X2 (MSI MS-1058 Notebook) running Kubuntu 8.04.3 LTS. The version of VBox is 3.0.10r54097 (non OSE).
Do you have any suggestions for either fixing it, or for troubleshooting it to understand why seamlessrdp is not running what it’s told to run? Thank you very much.
This work for me, however there’s one hitch – every second session I open, immediately closes with a segmentation fault. That is to say, if I open a seemless session with “notepad” once it works, close it, and try to open it again, I get a segmentation fault from rdesktop. The third time will again work, and fourth fails – and so on. I’m running kubuntu 9.10 (karmic) amd64 and I’m connecting to a Windows 2003 Server standard. I initially tried this with the seamlessrdp version directly from cendio and the default rdesktop client from the package repository. Then I uninstalled both and replaced them with the versions that are listed in this article (patching and build rdesktop manually and installed the different seamlessrdpshell files). I’m hit with the exact same behavior either way. Any hints would be appreciated.
-Jason
Similar environment (a Windows XP guest in Ubuntu Karmic) and similar effects. The “winrun” script does not work out of the box (it always leads to a long rdesktop usage error message): what does work, somewhat erratically (segmentation faults every two trials but after a successful one I sometimes get *two* seamless notepads on the screen), is entering every instruction in a terminal. Might be just some quote mismatch in the patch, because the output of
ls $HOME/.rdesktop
(when not empty) is “socket=” instead of “socket”.
I’ve used SeamlessRDP quite a bit over the past year or so.
Fred – you mention you get the whole “desktop” instead of a “window”
Couple things to check.
First … you DID put the 3 seamlessrdp files in “c:\seamlessrdp” since the script shown above assumes to find them there.
SRDP=”c:\seamlessrdp\seamlessrdpshell.exe”
in c:\seamlessrdp you need to put the
seamlessrdp.dll
seamlessrdpshell.exe
and vchannel.dll files
If you did that… then another possibility is that the rdesktop command isn’t passing the “-s” option when it kicks off the seamlessrdpshell.exe
In the instructions above for RDESKTOP_ARGS=
As indicated on the Cendio website http://www.cendio.com/seamlessrdp/
normally there would be included a -s option to indicated “seamless” mode
In the above script perhaps that’s what the:
if [ -e $SOCKET -a $RUNNING -ge 1 ]
is supposed to do?? Not a script guru myself.
But if not then the scripts rdesktop command (which doesn’t have the -s):
RDESKTOP_ARGS=”-k da -u username -p<password -z -x l -M $SOCKET -A"
won't initiate seamless mode.
I followed your guide twice, but I am stuck on running winrun:
ERROR: connect: Connection refused
And, if I use
rdesktop-cvs -A -s “c:\seamlessrdp\seamlessrdpshell.exe notepad” localhost:1337
I am getting full screen mode.
Important to point out that there are *2* RDP servers involved here when using VirtualBox. One being VirtualBox itself, in this post, its listening at port 1337. If you connect to this RDP server, you will always get full screen.
The second RDP server is within Windows XP itself – which is why you must be able to connect direct to the IP address of the Windows XP VM. You need to connect to this RDP server if you want to use seamlessrdp.
Hi
please let me first clarify that I am a noob when it comes to ubuntu and linux .. :-( these are my first steps into the world of linux
I have followed the steps mentioned in your blog to the letter i have managed to install the virtualbox server and configure a winxp environment but when I try to compile the redesktop-cvs module I get the following errors any help will be greatly appreciated.
$./bootstrap
./bootstrap: 3: autoreconf: not found
$ ./configure
bash: ./configure: No such file or directory
am I missing a package or something ?? I installed the gcc and easyinstall packages etc. but to no use..
Please help i really do not want to go back to windows because my office (ERP) apps can’t be ported to linux.
PLEASE HELP !!!
Mustafa, you need “autoconf” package installed in order to run autoconf.
sudo apt-get install autoconf
If you are running Ubuntu/Debuan, install the package “autoconf”
I just came across this article and decided to try it, I’m now to the “Getting things running” section and realized that you don’t mention Windows 7 at all in this article (Not to surprising considering the date). So, I was wondering what modifications I need to make to your directions to make this work in Ubuntu 10.04 (x86_x64) with Windows 7.
There are two reasons I wish to use 7:
My copy is supposed to be a Single User (Student) copy and it happens to be my primary Operating System on this computer. I know Microsoft doesn’t usually do anything if you install these to ‘multiple machines’.
1.) Reason one is the legal reason, although I’d technically be installing it twice I’m still only using Win7 on one machine (and only one at a time).
2.) Since Win 7 is my Primary OS it will be much easier to keep my settings in sync if I use Win 7 in my Virtual Machine.
Speaking synchronizing settings: I was curious if I could somehow set this up to a folder and use Symbolic Links to keep certain data synced (that’s what I do with WINE but, Wine doesn’t always support the newest versions like I keep on Windows and is still extremely limited).
Lastly (before I forget): I was wondering if I could somehow use this sort of virtualization setup to work with Compressed NTFS files better (at current Mail and Torrents won’t work compressed).
Gregory:
You can install your copy of Windows on *one* machine, virtual or not. You CANNOT legally use the same copy of Windows on two or more logically-unique machines. The fact that one machine is virtual does not circumvent this restriction. Read the full EULA here:
http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/UseTerms/Default.aspx
As for your “Single User (Student)” copy, because *you* bought the software, *you* are licensing it from Microsoft. I would imagine it follows the same license restrictions as any copy of Windows. (“Single user” actually means “single machine;” any number of people can use it while it’s installed to that machine, even if they have separate user accounts [hence, "install for all users"].)
As to differences, there’s only one that I can see, and it’s negligible since Windows 7 uses RDP 7.0. When you edit group policy (gpedit.msc) to change the max color depth, it’s under “Local Computer Policy > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment > Limit maximum color depth.” By default it’s set to “No,” so you don’t even need to change it.
Thank you for the tutorial. I used the part which deals with setting up Uncomplicated Firewall (ufw) to set up ufw for my bridged Virtualbox.
Now it works fine for me. But there where to spelling mistakes in part 4 of this section, that crashed my system:
You wrote:
> 4. In the same file (/etc/ufw/before.rules), locate the line -A ufw-before-output -o lo -j ACCEPT and add these lines right after:
> -A ufw-before-input -i tap0 -j ACCEPT
> -A ufw-before-output -o tap0 -j ACCEPT
Instead of ufw-before-output -o … it has to be ufw-before-output -i
Strange; my entry was copied from my test machine.