guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <>
Subject Re: Cannot connect using RDP
Date Wed, 15 Mar 2017 18:56:18 GMT
Recent versions of Windows enable TLS (with a self-signed cert) and NLA by

If you want to be prompted with a traditional Windows login screen, you
will need to disable NLA. With NLA enabled, the username and password must
be provided in the connection parameters. Integrating guac with AD or LDAP
such that the guac username/password is always the same as the Windows
username/password would allow use of parameter tokens for this:

For TLS to work with a self-signed cert, you will need to set the
connection parameter telling Guacamole to ignore the certificate.

- Mike

On Mar 15, 2017 11:51 AM, "adrianz" <> wrote:

> If I enter just the username I get the following errors in guacd:
> guacd[16152]: INFO:     Loading keymap "en-us-qwerty"
> connected to
> creating directory /root/.config/freerdp
> creating directory /root/.config/freerdp/certs
> creating directory /root/.config/freerdp/server
> certificate_store_open: error opening [/root/.config/freerdp/known_hosts]
> for writing
> guacd[16152]: INFO:     Authentication requested but username or password
> not given
> Could not open SAM file!
> Could not open SAM file!
> SSL_read: Failure in SSL library (protocol error?)
> SSL_read: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access
> denied
> credssp_recv() error: -1
> Authentication failure, check credentials.
> If credentials are valid, the NTLMSSP implementation may be to blame.
> Error: protocol security negotiation or connection failure
> --
> View this message in context: http://apache-guacamole-
> using-RDP-tp550p552.html
> Sent from the Apache Guacamole (incubating) - Users mailing list archive
> at

View raw message