guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lance Gropper <Lance.Grop...@encorehollywood.com>
Subject RE: RDP
Date Tue, 30 Apr 2019 19:45:37 GMT
Hello Mike:

Below is TLS followed by NLA (I checked ignore certificate also). There's nothing special
on the server - it's a NUC with Remote access enabled and the guacamole-post user added to
the system and remote users. The guacamole-post user can access the system via windows remote
access from another system.

Apr 30 12:36:48 guacamole-post guacd[5915]: Creating new client for protocol "rdp"
Apr 30 12:36:48 guacamole-post guacd[5915]: Connection ID is "$79f86a81-c4c0-4aa0-984b-728d0bf58420"
Apr 30 12:36:48 guacamole-post guacd[11155]: Security mode: TLS
Apr 30 12:36:48 guacamole-post guacd[11155]: Resize method: none
Apr 30 12:36:48 guacamole-post guacd[11155]: User "@df2c8622-e51b-4d85-a28c-6a826e7f5c88"
joined connection "$79f86a81-c4c0-4aa0-984b-728d0bf58420" (1 users now present)
Apr 30 12:36:48 guacamole-post server: 12:36:48.073 [http-bio-8080-exec-8] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacadmin" connected to connection "3".
Apr 30 12:36:48 guacamole-post guacd[11155]: Loading keymap "base"
Apr 30 12:36:48 guacamole-post guacd[11155]: Loading keymap "en-us-qwerty"
Apr 30 12:36:48 guacamole-post guacd[11155]: Failed to load cliprdr plugin. Clipboard will
not work.
Apr 30 12:36:48 guacamole-post guacd[11155]: Error connecting to RDP server
Apr 30 12:36:48 guacamole-post guacd[11155]: User "@df2c8622-e51b-4d85-a28c-6a826e7f5c88"
disconnected (0 users remain)
Apr 30 12:36:48 guacamole-post guacd[11155]: Last user of connection "$79f86a81-c4c0-4aa0-984b-728d0bf58420"
disconnected
Apr 30 12:36:48 guacamole-post guacd[5915]: Connection "$79f86a81-c4c0-4aa0-984b-728d0bf58420"
removed.
Apr 30 12:36:48 guacamole-post server: 12:36:48.261 [Thread-125] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacadmin" disconnected from connection "3". Duration: 188 milliseconds
Apr 30 12:37:03 guacamole-post server: 12:37:03.234 [http-bio-8080-exec-2] INFO  o.a.g.r.auth.AuthenticationService
- User "guacamole-post" successfully authenticated from 10.17.102.91.
Apr 30 12:37:06 guacamole-post guacd[5915]: Creating new client for protocol "rdp"
Apr 30 12:37:06 guacamole-post guacd[5915]: Connection ID is "$e1407a0c-b7ae-486b-88d7-bc7bc85bbd0d"
Apr 30 12:37:06 guacamole-post guacd[11165]: Security mode: TLS
Apr 30 12:37:06 guacamole-post guacd[11165]: Resize method: none
Apr 30 12:37:06 guacamole-post guacd[11165]: User "@22611a0a-0c8d-4d2b-922e-2a9b73f90fb1"
joined connection "$e1407a0c-b7ae-486b-88d7-bc7bc85bbd0d" (1 users now present)
Apr 30 12:37:06 guacamole-post server: 12:37:06.437 [http-bio-8080-exec-8] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacamole-post" connected to connection "3".
Apr 30 12:37:06 guacamole-post guacd[11165]: Loading keymap "base"
Apr 30 12:37:06 guacamole-post guacd[11165]: Loading keymap "en-us-qwerty"
Apr 30 12:37:06 guacamole-post guacd[11165]: Failed to load cliprdr plugin. Clipboard will
not work.
Apr 30 12:37:06 guacamole-post guacd[11165]: Error connecting to RDP server
Apr 30 12:37:06 guacamole-post guacd[11165]: User "@22611a0a-0c8d-4d2b-922e-2a9b73f90fb1"
disconnected (0 users remain)
Apr 30 12:37:06 guacamole-post guacd[11165]: Last user of connection "$e1407a0c-b7ae-486b-88d7-bc7bc85bbd0d"
disconnected
Apr 30 12:37:06 guacamole-post guacd[5915]: Connection "$e1407a0c-b7ae-486b-88d7-bc7bc85bbd0d"
removed.
Apr 30 12:37:06 guacamole-post server: 12:37:06.709 [Thread-128] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacamole-post" disconnected from connection "3". Duration: 272 milliseconds
Apr 30 12:37:21 guacamole-post guacd[5915]: Creating new client for protocol "rdp"
Apr 30 12:37:21 guacamole-post guacd[5915]: Connection ID is "$cd399427-f0d9-4743-8c09-e72796ca6efb"
Apr 30 12:37:21 guacamole-post guacd[11174]: Security mode: TLS
Apr 30 12:37:21 guacamole-post guacd[11174]: Resize method: none
Apr 30 12:37:21 guacamole-post guacd[11174]: User "@572b0847-91b7-4e6f-99df-513cc0c3c27f"
joined connection "$cd399427-f0d9-4743-8c09-e72796ca6efb" (1 users now present)
Apr 30 12:37:21 guacamole-post server: 12:37:21.855 [http-bio-8080-exec-7] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacamole-post" connected to connection "3".
Apr 30 12:37:21 guacamole-post guacd[11174]: Loading keymap "base"
Apr 30 12:37:21 guacamole-post guacd[11174]: Loading keymap "en-us-qwerty"
Apr 30 12:37:21 guacamole-post guacd[11174]: Failed to load cliprdr plugin. Clipboard will
not work.
Apr 30 12:37:21 guacamole-post guacd[11174]: Error connecting to RDP server
Apr 30 12:37:21 guacamole-post guacd[11174]: User "@572b0847-91b7-4e6f-99df-513cc0c3c27f"
disconnected (0 users remain)
Apr 30 12:37:21 guacamole-post guacd[11174]: Last user of connection "$cd399427-f0d9-4743-8c09-e72796ca6efb"
disconnected
Apr 30 12:37:21 guacamole-post guacd[5915]: Connection "$cd399427-f0d9-4743-8c09-e72796ca6efb"
removed.
Apr 30 12:37:21 guacamole-post server: 12:37:21.920 [Thread-130] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacamole-post" disconnected from connection "3". Duration: 64 milliseconds
Apr 30 12:37:37 guacamole-post server: 12:37:37.013 [http-bio-8080-exec-6] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint
- Creation of WebSocket tunnel to guacd failed: Permission Denied.
Apr 30 12:37:37 guacamole-post server: 12:37:37.054 [http-bio-8080-exec-2] WARN  o.a.g.s.GuacamoleHTTPTunnelServlet
- HTTP tunnel request rejected: Permission Denied.
Apr 30 12:37:37 guacamole-post server: 12:37:37.468 [http-bio-8080-exec-2] INFO  o.a.g.r.auth.AuthenticationService
- User "guacadmin" successfully authenticated from 10.17.102.91.
Apr 30 12:37:48 guacamole-post server: 12:37:48.154 [http-bio-8080-exec-5] INFO  o.a.g.environment.LocalEnvironment
- GUACAMOLE_HOME is "/usr/share/tomcat/.guacamole".
Apr 30 12:38:11 guacamole-post server: 12:38:11.951 [http-bio-8080-exec-2] WARN  o.a.g.r.auth.AuthenticationService
- Authentication attempt from 10.17.102.91 for user "guacamole-post" failed.
Apr 30 12:38:18 guacamole-post server: 12:38:18.782 [http-bio-8080-exec-2] INFO  o.a.g.r.auth.AuthenticationService
- User "guacamole-post" successfully authenticated from 10.17.102.91.
Apr 30 12:38:22 guacamole-post guacd[5915]: Creating new client for protocol "rdp"
Apr 30 12:38:22 guacamole-post guacd[5915]: Connection ID is "$d40abf70-cb0d-4df0-8b86-55315e58fbe4"
Apr 30 12:38:22 guacamole-post guacd[11183]: Security mode: NLA
Apr 30 12:38:22 guacamole-post guacd[11183]: Resize method: none
Apr 30 12:38:22 guacamole-post guacd[11183]: User "@8259998f-561d-4cf4-9cf6-c65bdbd91571"
joined connection "$d40abf70-cb0d-4df0-8b86-55315e58fbe4" (1 users now present)
Apr 30 12:38:22 guacamole-post server: 12:38:22.049 [http-bio-8080-exec-5] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacamole-post" connected to connection "3".
Apr 30 12:38:22 guacamole-post guacd[11183]: Loading keymap "base"
Apr 30 12:38:22 guacamole-post guacd[11183]: Loading keymap "en-us-qwerty"
Apr 30 12:38:22 guacamole-post guacd[11183]: Failed to load cliprdr plugin. Clipboard will
not work.
Apr 30 12:38:22 guacamole-post guacd[11183]: Authentication requested but username or password
not given
Apr 30 12:38:23 guacamole-post guacd[11183]: Error connecting to RDP server
Apr 30 12:38:23 guacamole-post guacd[11183]: User "@8259998f-561d-4cf4-9cf6-c65bdbd91571"
disconnected (0 users remain)
Apr 30 12:38:23 guacamole-post server: 12:38:23.387 [http-bio-8080-exec-5] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacamole-post" disconnected from connection "3". Duration: 1338 milliseconds
Apr 30 12:38:23 guacamole-post guacd[11183]: Last user of connection "$d40abf70-cb0d-4df0-8b86-55315e58fbe4"
disconnected
Apr 30 12:38:23 guacamole-post guacd[5915]: Connection "$d40abf70-cb0d-4df0-8b86-55315e58fbe4"
removed.
Apr 30 12:38:38 guacamole-post guacd[5915]: Creating new client for protocol "rdp"
Apr 30 12:38:38 guacamole-post guacd[5915]: Connection ID is "$cdcc65e5-7710-4b22-99fc-99db980a9d2e"
Apr 30 12:38:38 guacamole-post guacd[11192]: Security mode: NLA
Apr 30 12:38:38 guacamole-post guacd[11192]: Resize method: none
Apr 30 12:38:38 guacamole-post guacd[11192]: User "@32dc0361-e818-42dd-b5cc-4b574ed77b23"
joined connection "$cdcc65e5-7710-4b22-99fc-99db980a9d2e" (1 users now present)
Apr 30 12:38:38 guacamole-post server: 12:38:38.586 [http-bio-8080-exec-8] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacamole-post" connected to connection "3".
Apr 30 12:38:38 guacamole-post guacd[11192]: Loading keymap "base"
Apr 30 12:38:38 guacamole-post guacd[11192]: Loading keymap "en-us-qwerty"
Apr 30 12:38:38 guacamole-post guacd[11192]: Failed to load cliprdr plugin. Clipboard will
not work.
Apr 30 12:38:38 guacamole-post guacd[11192]: Authentication requested but username or password
not given
Apr 30 12:38:39 guacamole-post guacd[11192]: Error connecting to RDP server
Apr 30 12:38:39 guacamole-post guacd[11192]: User "@32dc0361-e818-42dd-b5cc-4b574ed77b23"
disconnected (0 users remain)
Apr 30 12:38:39 guacamole-post server: Exception in thread "Thread-134" java.lang.IllegalStateException:
Message will not be sent because the WebSocket session has been closed
Apr 30 12:38:39 guacamole-post server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:387)
Apr 30 12:38:39 guacamole-post server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:344)
Apr 30 12:38:39 guacamole-post server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:788)
Apr 30 12:38:39 guacamole-post server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:252)
Apr 30 12:38:39 guacamole-post server: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)
Apr 30 12:38:39 guacamole-post server: at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
Apr 30 12:38:39 guacamole-post server: at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:167)
Apr 30 12:38:39 guacamole-post server: 12:38:39.654 [http-bio-8080-exec-8] INFO  o.a.g.tunnel.TunnelRequestService
- User "guacamole-post" disconnected from connection "3". Duration: 1068 milliseconds
Apr 30 12:38:39 guacamole-post guacd[11192]: Last user of connection "$cdcc65e5-7710-4b22-99fc-99db980a9d2e"
disconnected
Apr 30 12:38:39 guacamole-post guacd[5915]: Connection "$cdcc65e5-7710-4b22-99fc-99db980a9d2e"
removed.
Apr 30 12:38:43 guacamole-post systemd: Started Session 5 of user root.
Apr 30 12:38:43 guacamole-post systemd-logind: New session 5 of user root.

Lance

From: Mike Jumper <mjumper@apache.org>
Sent: Tuesday, April 30, 2019 12:19 PM
To: user@guacamole.apache.org
Subject: Re: RDP


[ CAUTION ]

This email originated outside Deluxe.



On Tue, Apr 30, 2019, 11:58 Lance Gropper <Lance.Gropper@encorehollywood.com<mailto:Lance.Gropper@encorehollywood.com>>
wrote:
Hello Mike:
So I created a guacamole user with the same name and password as the RDP login credentials
- it's still not working.

Don't fixate on the Guacamole user - it has no bearing on the RDP login unless ${GUAC_USERNAME}
is in play, which you should avoid for now until you have eliminated the other variables.

Right now the following are the known facts:

* Authentication with the RDP server is failing
* guacd is defaulting to "RDP" auth/encryption for the RDP connection

Possible causes of this:

* The credentials are wrong
* The RDP server is configured to require NLA or perhaps TLS and thus is rejecting the connection
outright.

To address:

* Verify the credentials are correct
* Try selecting NLA or TLS. Check "ignore certificate" as well, as any cert used by the RDP
server is likely self-signed.

Once you have that working, then you can safely move on to more complex configurations like
pass-through of auth.

- Mike




[ CAUTION ]

DO NOT open attachments or click links from unknown senders. Only respond if you can validate
the senders legitimacy.




This e-mail and any attachments are intended only for use by the addressee(s) named herein
and may contain confidential information. If you are not the intended recipient of this e-mail,
you are hereby notified any dissemination, distribution or copying of this email and any attachments
is strictly prohibited. If you receive this email in error, please immediately notify the
sender by return email and permanently delete the original, any copy and any printout thereof.
The integrity and security of e-mail cannot be guaranteed.
Mime
View raw message