"VNC password failed, VNC error" (w/ AD linked user on SSSD-enabled linux server)?

I have someone trying to connect to a CenOS 7 server via Windows Remote Desktop (based on the instructions here: https://www.itzgeek.com/how-tos/linux/centos-how-tos/install-xrdp-remote-desktop-to-centos-6-rhel-6.html) using SSSD and their AD credentials (if relevant). They are seeing this when attempting to connect:

Note that my own account is able to connect without issue. (Both of our .Xclients are "mate-session" and not totally sure which parts are relevant here, sine the logs have no timestamps).

Checking the /var/log/xrdp.log file, this seems to be the corresponding log info...

[20210316-16:09:37] [DEBUG] xrdp_00005d2a_wm_login_mode_event_00000001
[20210316-16:09:37] [INFO ] Loading keymap file /etc/xrdp/km-00000409.ini
[20210316-16:09:37] [WARN ] local keymap file for 0x00000409 found and doesn't match built in keymap, using local keymap file
[20210316-16:09:37] [DEBUG] xrdp_wm_log_msg: connecting to sesman ip 127.0.0.1 port 3350
[20210316-16:09:38] [INFO ] xrdp_wm_log_msg: sesman connect ok
[20210316-16:09:38] [DEBUG] xrdp_wm_log_msg: sending login info to session manager, please wait...
[20210316-16:09:38] [DEBUG] return value from xrdp_mm_connect 0
[20210316-16:09:38] [INFO ] xrdp_wm_log_msg: login successful for display 10
[20210316-16:09:38] [DEBUG] xrdp_wm_log_msg: VNC started connecting
[20210316-16:09:38] [DEBUG] xrdp_wm_log_msg: VNC connecting to 127.0.0.1 5910
[20210316-16:09:38] [DEBUG] xrdp_wm_log_msg: VNC tcp connected
[20210316-16:09:38] [DEBUG] xrdp_wm_log_msg: VNC security level is 2 (1 = none, 2 = standard)
[20210316-16:09:38] [DEBUG] xrdp_wm_log_msg: VNC password failed
[20210316-16:09:38] [DEBUG] VNC error before sending share flag
[20210316-16:09:38] [DEBUG] VNC error before receiving server init
[20210316-16:09:38] [DEBUG] VNC error before receiving pixel format
[20210316-16:09:38] [DEBUG] VNC error before receiving name length
[20210316-16:09:38] [DEBUG] VNC error before receiving name
[20210316-16:09:38] [DEBUG] xrdp_wm_log_msg: VNC error - problem connecting
[20210316-16:09:38] [DEBUG] Closed socket 19 (AF_INET 127.0.0.1:45586)
[20210316-16:09:38] [DEBUG] xrdp_wm_log_msg: some problem
[20210316-16:09:38] [DEBUG] xrdp_mm_module_cleanup
[20210316-16:09:38] [DEBUG] VNC mod_exit

Their .xsession-errors looks like...

[root@maprsssd home]# cat /home/affecteduser/.xsession-errors 
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
generating cookie with syscall
generating cookie with syscall
generating cookie with syscall
generating cookie with syscall
** Message: 14:02:02.592: couldn't access control socket: /run/user/9010/keyring/control: No such file or directory
SSH_AUTH_SOCK=/run/user/9010/keyring/ssh
SSH_AUTH_SOCK=/run/user/9010/keyring/ssh
SSH_AUTH_SOCK=/run/user/9010/keyring/ssh
/usr/share/system-config-printer/applet.py:44: PyGIWarning: Notify was imported without specifying a version first. Use gi.require_version('Notify', '0.7') before import to ensure that the right version gets loaded.
  from gi.repository import Notify
system-config-printer-applet: failed to start NewPrinterNotification service
system-config-printer-applet: failed to start PrinterDriversInstaller service: org.freedesktop.DBus.Error.AccessDenied: Connection ":1.390" is not allowed to own the service "com.redhat.PrinterDriversInstaller" due to security policies in the configuration file
Initializing caja-image-converter extension
Initializing caja-open-terminal extension
*** ERROR ***
TI:14:02:03 TH:0x2177860    FI:gpm-manager.c    FN:gpm_manager_systemd_inhibit,1784
 - Error in dbus - GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: Permission denied
Traceback:
    mate-power-manager() [0x418b9f]
    mate-power-manager() [0x411220]
    /lib64/libgobject-2.0.so.0(g_type_create_instance+0x1fb) [0x7f300ceeb5cb]
    /lib64/libgobject-2.0.so.0(+0x152dd) [0x7f300cecf2dd]
    /lib64/libgobject-2.0.so.0(g_object_new_with_properties+0x27d) [0x7f300ced0b8d]
    /lib64/libgobject-2.0.so.0(g_object_new+0xc1) [0x7f300ced1571]
    mate-power-manager() [0x411a22]
    mate-power-manager() [0x4080b8]
    /lib64/libc.so.6(__libc_start_main+0xf5) [0x7f300c2db445]
    mate-power-manager() [0x4083db]

(nm-applet:62027): Gdk-CRITICAL **: 14:02:03.554: gdk_window_thaw_toplevel_updates: assertion 'window->update_and_descendants_freeze_count > 0' failed
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
Window manager warning: last_focus_time (244936105) is greater than comparison timestamp (3337021795).  This most likely represents a buggy client sending inaccurate timestamps in messages such as _NET_ACTIVE_WINDOW.  Trying to work around...
Window manager warning: last_user_time (244936105) is greater than comparison timestamp (3337021795).  This most likely represents a buggy client sending inaccurate timestamps in messages such as _NET_ACTIVE_WINDOW.  Trying to work around...
Window manager warning: 0x1000003 (Top Expand) appears to be one of the offending windows with a timestamp of 244936370.  Working around...
Window manager warning: 0x1000024 (Bottom Exp) appears to be one of the offending windows with a timestamp of 244936375.  Working around...
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"TypeError: undefined is not an object (evaluating 'jqXHR.responseText[0]')"
"5: Error occurred while executing method
2: [system] No such file or directory"
"5: Error occurred while executing method
2: [system] No such file or directory"
"5: Error occurred while executing method
2: [system] No such file or directory"
"5: Error occurred while executing method
2: [system] No such file or directory"
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
libGL error: unable to load driver: swrast_dri.so
libGL error: failed to load driver: swrast
No protocol specified
xcb_connection_has_error() returned true
No protocol specified

(caja:62019): MateDesktop-WARNING **: 21:09:29.071: Unable to open display ':10.0' when setting background pixmap


(caja:62019): Gdk-CRITICAL **: 21:09:29.071: IA__gdk_cairo_create: assertion 'GDK_IS_DRAWABLE (drawable)' failed
No protocol specified
Could not parse arguments: Cannot open display: 
abrt-applet: Failed to receive server caps
abrt-applet: Can't open ignored problems '/home/affecteduser/.cache/abrt/ignored_problems' in mode 'r': Permission denied
abrt-applet: Can't show notification: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.freedesktop.Notifications exited with status 1

but I'm not sure what exactly the problem is here.

Note that they recently had their UNIX UID attribute changed in AD, but I can see that change reflected in the server here and I ran chown -R username:usergroup /home/affecteduser on their /home dir (and can navigate this dir when suing into this user from root locally), so IDK what the problem there could be.

Anyone with more experience in this know what could be happening here? Any more useful debugging info that I should add here (and where to get it)?