RDP issues with Guacamole

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

RDP issues with Guacamole

Sri Web
Hello All,

I am running into errors trying to connect using rdp. Verified that the Guacamole m/c can connect through rdp to the other machine.

Running Guacamole 1.2.0 on Debian 10. Verified the freerdp2 is installed. Also soft linked (ln -s) libraries as mentioned in one of the posts. 

Any help would be appreciated.

Here is the log snippet from Guacamole logs:

---------------------------
22:34:02.122 [http-nio-8080-exec-9] INFO  o.a.g.environment.LocalEnvironment [LocalEnvironment.java:124] - GUACAMOLE_HOME is "/etc/guacamole".
22:34:02.131 [http-nio-8080-exec-9] DEBUG o.a.g.net.InetGuacamoleSocket [InetGuacamoleSocket.java:90] - Connecting to guacd at localhost:4822.
22:34:02.210 [http-nio-8080-exec-9] INFO  o.a.g.tunnel.TunnelRequestService [TunnelRequestService.java:217] - User "rdpuser1" connected to connection "DEFAULT".
22:34:17.264 [Thread-22] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint [GuacamoleWebSocketTunnelEndpoint.java:278] - Connection to guacd terminated abnormally: Connection to guacd timed out.
22:34:17.265 [Thread-22] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint [GuacamoleWebSocketTunnelEndpoint.java:279] - Internal error during connection to guacd.
org.apache.guacamole.GuacamoleUpstreamTimeoutException: Connection to guacd timed out.
    at org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:180)
    at org.apache.guacamole.io.ReaderGuacamoleReader.readInstruction(ReaderGuacamoleReader.java:195)
    at org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:81)
    at org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:81)
    at org.apache.guacamole.protocol.FilteredGuacamoleReader.read(FilteredGuacamoleReader.java:64)
    at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:246)
Caused by: java.net.SocketTimeoutException: Read timed out
    at java.base/java.net.SocketInputStream.socketRead0(Native Method)
    at java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115)
    at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168)
    at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
    at java.base/sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
    at java.base/sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
    at java.base/sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
    at java.base/java.io.InputStreamReader.read(InputStreamReader.java:185)
    at org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:169)
    ... 5 common frames omitted
22:34:17.265 [Thread-22] INFO  o.a.g.tunnel.TunnelRequestService [TunnelRequestService.java:283] - User "rdpuser1" disconnected from connection "DEFAULT". Duration: 15055 milliseconds
22:34:17.265 [Thread-22] DEBUG o.a.g.net.InetGuacamoleSocket [InetGuacamoleSocket.java:122] - Closing socket to guacd.
22:34:25.104 [http-nio-8080-exec-6] DEBUG o.a.g.r.auth.AuthenticationService [AuthenticationService.java:330] - Anonymous authentication attempt from 10.0.0.5 failed.
user1@debian:~$
---------------------------  

Thanks,
Srinivas.
Reply | Threaded
Open this post in threaded view
|

Re: RDP issues with Guacamole

mjumper
Administrator
On Mon, Oct 5, 2020, 15:36 Sri Web <[hidden email]> wrote:
Hello All,

I am running into errors trying to connect using rdp. Verified that the Guacamole m/c can connect through rdp to the other machine.

"m/c"?

If you are able to connect to some machines via RDP but not others, that suggests that those other machines are either not accessable to the Guacamole server or are misconfigured.

What are you trying to connect to specifically? What differs between the connections that work vs. the connections that fail?


Running Guacamole 1.2.0 on Debian 10. Verified the freerdp2 is installed. Also soft linked (ln -s) libraries as mentioned in one of the posts. 

What libraries? What post?


Any help would be appreciated.

Here is the log snippet from Guacamole logs:

---------------------------
22:34:02.122 [http-nio-8080-exec-9] INFO  o.a.g.environment.LocalEnvironment [LocalEnvironment.java:124] - GUACAMOLE_HOME is "/etc/guacamole".
...

The above logs are from the web application and will not have any information regarding the RDP connection. The underlying protocol is opaque at this level.

What do you see on the guacd logs?

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: RDP issues with Guacamole

Sri Web
Hi Mike,

Thanks for your response. 

1. Tested that target computer can be connected over rdp from the host running Guacamole. In this case, Debian VB running Guacamole can connect to target macOS machine. Tested using KRC application.

Looks like having trouble connecting to macOS machines. Even my test with vnc connection failed as well. I see that there is a JIRA issue on this ( https://issues.apache.org/jira/browse/GUACAMOLE-1133). Not sure if there is a resolution to this. Good to know a solution to this as well.

My tests to other hosts running debian and ubuntu succeeded.

2. In the post ( https://sourceforge.net/p/guacamole/discussion/1110834/thread/f9cc8d2a/ ), Eddie suggests to link freerdp libraries, which might help.

3. The logs I posted are from guacd logs. I had the guacd logs write to a separate file thru logback.xml configuration. Here is what is on syslog:

------

Oct  5 16:06:37 debian guacd[6856]: Creating new client for protocol "rdp"
Oct  5 16:06:37 debian guacd[6856]: Connection ID is "$b6a11665-3b28-44eb-a84b-929f16366015"
Oct  5 16:06:37 debian guacd[9101]: Security mode: Negotiate (ANY)
Oct  5 16:06:37 debian guacd[9101]: Resize method: none
Oct  5 16:06:37 debian guacd[9101]: User "@15cf3b9e-3b72-4486-b820-33a574acb7f2" joined connection "$b6a11665-3b28-44eb-a84b-929f16366015" (1 users now present)
Oct  5 16:06:37 debian guacd[9101]: Loading keymap "base"
Oct  5 16:06:37 debian guacd[9101]: Loading keymap "en-us-qwerty"
Oct  5 16:07:07 debian guacd[9101]: User is not responding.
Oct  5 16:07:07 debian guacd[9101]: User "@15cf3b9e-3b72-4486-b820-33a574acb7f2" disconnected (0 users remain)
Oct  5 16:07:07 debian guacd[9101]: Last user of connection "$b6a11665-3b28-44eb-a84b-929f16366015" disconnected

------

Thanks for looking at these. Appreciate your response/help.

Srinivas.



On Monday, October 5, 2020, 03:49:32 PM PDT, Mike Jumper <[hidden email]> wrote:


On Mon, Oct 5, 2020, 15:36 Sri Web <[hidden email]> wrote:
Hello All,

I am running into errors trying to connect using rdp. Verified that the Guacamole m/c can connect through rdp to the other machine.

"m/c"?

If you are able to connect to some machines via RDP but not others, that suggests that those other machines are either not accessable to the Guacamole server or are misconfigured.

What are you trying to connect to specifically? What differs between the connections that work vs. the connections that fail?


Running Guacamole 1.2.0 on Debian 10. Verified the freerdp2 is installed. Also soft linked (ln -s) libraries as mentioned in one of the posts. 

What libraries? What post?


Any help would be appreciated.

Here is the log snippet from Guacamole logs:

---------------------------
22:34:02.122 [http-nio-8080-exec-9] INFO  o.a.g.environment.LocalEnvironment [LocalEnvironment.java:124] - GUACAMOLE_HOME is "/etc/guacamole".

...

The above logs are from the web application and will not have any information regarding the RDP connection. The underlying protocol is opaque at this level.

What do you see on the guacd logs?

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: RDP issues with Guacamole

mjumper
Administrator
On Mon, Oct 5, 2020, 16:34 Sri Web <[hidden email]> wrote:
Hi Mike,

Thanks for your response. 

1. Tested that target computer can be connected over rdp from the host running Guacamole. In this case, Debian VB running Guacamole can connect to target macOS machine. Tested using KRC application.

Looks like having trouble connecting to macOS machines. Even my test with vnc connection failed as well. ...

The failing machine is a Mac that is running both a VNC server and an RDP server?


2. In the post ( https://sourceforge.net/p/guacamole/discussion/1110834/thread/f9cc8d2a/ ), Eddie suggests to link freerdp libraries, which might help.

He suggests adding symbolic links to the FreeRDP plugins specifically to resolve an error regarding those plugins not being found, not as a panacea for absolutely anything related to RDP.

3. The logs I posted are from guacd logs. I had the guacd logs write to a separate file thru logback.xml configuration.

No, those were the web application logs (from Tomcat). The logback.xml file configures web application logging only. It is not relevant to guacd, which logs messages through syslog.

Here is what is on syslog:

------

Oct  5 16:06:37 debian guacd[6856]: Creating new client for protocol "rdp"
Oct  5 16:06:37 debian guacd[6856]: Connection ID is "$b6a11665-3b28-44eb-a84b-929f16366015"
Oct  5 16:06:37 debian guacd[9101]: Security mode: Negotiate (ANY)
Oct  5 16:06:37 debian guacd[9101]: Resize method: none
Oct  5 16:06:37 debian guacd[9101]: User "@15cf3b9e-3b72-4486-b820-33a574acb7f2" joined connection "$b6a11665-3b28-44eb-a84b-929f16366015" (1 users now present)
Oct  5 16:06:37 debian guacd[9101]: Loading keymap "base"
Oct  5 16:06:37 debian guacd[9101]: Loading keymap "en-us-qwerty"
Oct  5 16:07:07 debian guacd[9101]: User is not responding.
Oct  5 16:07:07 debian guacd[9101]: User "@15cf3b9e-3b72-4486-b820-33a574acb7f2" disconnected (0 users remain)
Oct  5 16:07:07 debian guacd[9101]: Last user of connection "$b6a11665-3b28-44eb-a84b-929f16366015" disconnected

Are you sure there is an RDP service on the machine in question? Not just VNC?

The above is closer to what I would expect to see if a destination machine were silently ignoring the RDP connection attempt, presumably because no RDP service is running or the firewall is blocking inbound connections.

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: RDP issues with Guacamole

Sri Web
Yes, the failing machine is running rdp and vnc server. By default these are included in mac ( I guess 10.14 and above). And, I verified these by connecting to the mac both thru rdp and vnc using KRC application. Also the ports for these are different, rdp uses 3283 and vnc 5900 by default on Mac. My Guacamole user-mapping.xml has these corresponding ports configured. Since I can connect to the Mac using these ports thru KRC application, firewall is not blocking these connections for Guacamole.

vnc failure has different log in syslog, looks like an issue with security type, is there a way to specify a security type?

------

Oct  5 15:49:12 debian guacd[6856]: Creating new client for protocol "vnc"
Oct  5 15:49:12 debian guacd[6856]: Connection ID is "$9230826d-1d82-4aaf-80ea-ba0f9ae0b2d5"
Oct  5 15:49:12 debian guacd[9036]: Cursor rendering: local
Oct  5 15:49:12 debian guacd[9036]: User "@875f9065-45a0-4f88-920a-986ece6a5e36" joined connection "$9230826d-1d82-4aaf-80ea-ba0f9ae0b2d5" (1 users now present)
Oct  5 15:49:12 debian guacd[9036]: VNC server supports protocol version 3.889 (viewer 3.8)
Oct  5 15:49:12 debian guacd[9036]: We have 4 security types to read
Oct  5 15:49:12 debian guacd[9036]: 0) Received security type 30
Oct  5 15:49:12 debian guacd[9036]: Selecting security type 30 (0/4 in the list)
Oct  5 15:49:12 debian guacd[9036]: 1) Received security type 33
Oct  5 15:49:12 debian guacd[9036]: 2) Received security type 36
Oct  5 15:49:12 debian guacd[9036]: 3) Received security type 35
Oct  5 15:49:12 debian guacd[9036]: Selected Security Scheme 30
Oct  5 15:49:12 debian guacd[9036]: VNC connection failed: Authentication or authorization failure
Oct  5 15:49:12 debian guacd[9036]: Unable to connect to VNC server.
Oct  5 15:49:12 debian guacd[9036]: User "@875f9065-45a0-4f88-920a-986ece6a5e36" disconnected (0 users remain)
Oct  5 15:49:12 debian guacd[9036]: Last user of connection "$9230826d-1d82-4aaf-80ea-ba0f9ae0b2d5" disconnected

------


Thanks,
Srinivas.


On Monday, October 5, 2020, 6:02:58 PM PDT, Mike Jumper <[hidden email]> wrote:


On Mon, Oct 5, 2020, 16:34 Sri Web <[hidden email]> wrote:
Hi Mike,

Thanks for your response. 

1. Tested that target computer can be connected over rdp from the host running Guacamole. In this case, Debian VB running Guacamole can connect to target macOS machine. Tested using KRC application.

Looks like having trouble connecting to macOS machines. Even my test with vnc connection failed as well. ...

The failing machine is a Mac that is running both a VNC server and an RDP server?


2. In the post ( https://sourceforge.net/p/guacamole/discussion/1110834/thread/f9cc8d2a/ ), Eddie suggests to link freerdp libraries, which might help.

He suggests adding symbolic links to the FreeRDP plugins specifically to resolve an error regarding those plugins not being found, not as a panacea for absolutely anything related to RDP.

3. The logs I posted are from guacd logs. I had the guacd logs write to a separate file thru logback.xml configuration.

No, those were the web application logs (from Tomcat). The logback.xml file configures web application logging only. It is not relevant to guacd, which logs messages through syslog.

Here is what is on syslog:

------

Oct  5 16:06:37 debian guacd[6856]: Creating new client for protocol "rdp"
Oct  5 16:06:37 debian guacd[6856]: Connection ID is "$b6a11665-3b28-44eb-a84b-929f16366015"
Oct  5 16:06:37 debian guacd[9101]: Security mode: Negotiate (ANY)
Oct  5 16:06:37 debian guacd[9101]: Resize method: none
Oct  5 16:06:37 debian guacd[9101]: User "@15cf3b9e-3b72-4486-b820-33a574acb7f2" joined connection "$b6a11665-3b28-44eb-a84b-929f16366015" (1 users now present)
Oct  5 16:06:37 debian guacd[9101]: Loading keymap "base"
Oct  5 16:06:37 debian guacd[9101]: Loading keymap "en-us-qwerty"
Oct  5 16:07:07 debian guacd[9101]: User is not responding.
Oct  5 16:07:07 debian guacd[9101]: User "@15cf3b9e-3b72-4486-b820-33a574acb7f2" disconnected (0 users remain)
Oct  5 16:07:07 debian guacd[9101]: Last user of connection "$b6a11665-3b28-44eb-a84b-929f16366015" disconnected

Are you sure there is an RDP service on the machine in question? Not just VNC?

The above is closer to what I would expect to see if a destination machine were silently ignoring the RDP connection attempt, presumably because no RDP service is running or the firewall is blocking inbound connections.

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: RDP issues with Guacamole

lexcorp
@Sri web, I had the same error, check if youre running only one process of
guacd.

# ps aux | grep guacd
root     31913  0.0  0.5 272152 11104 ?        S    20:22   0:00
/usr/local/sbin/guacd -p /var/run/guacd.pid

Also check if you insert data of remote host in correct place.




--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: RDP issues with Guacamole

Sri Web
@lexcorp, thanks for the reply. Yes, checked and only one process of guacd is running. 

Also check if you insert data of remote host in correct place.
what do you mean? Is it config for the remote target host?. The config of remote host is in user-mappings.xml (/etc/gucamole/ folder)

On Wednesday, October 7, 2020, 06:37:27 PM PDT, lexcorp <[hidden email]> wrote:


@Sri web, I had the same error, check if youre running only one process of

guacd.


# ps aux | grep guacd
root    31913  0.0  0.5 272152 11104 ?        S    20:22  0:00
/usr/local/sbin/guacd -p /var/run/guacd.pid

Also check if you insert data of remote host in correct place.




--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]