[
https://issues.apache.org/jira/browse/GUACAMOLE-365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16130685#comment-16130685
]
Michael Jumper commented on GUACAMOLE-365:
------------------------------------------
{quote}
[~mike.jumper] I am 100% sure. And I don't specify the security parameter, so
it defaults to rdp.
{quote}
No, I mean on your RDP server, not within Guacamole. By default, Windows 2016
requires TLS. If you do not specify the security parameter for Guacamole (and
do not set "ignore-cert" to "true"), the connection will fail because the RDP
server rejects the older encryption method. If the security parameter is set
correctly (such that Guacamole will try TLS), the connection will fail due to
the RDP server's certificate being self-signed.
You had the right idea with "security" set to "any". You just also need to set
"ignore-cert" to "true".
{quote}
Currently we made it work by using a [registry entry
change|http://boreditguy.com/blog/?p=3784].
{quote}
Changing the registry in this way forcibly downgrades the security of the RDP
server. You don't need to do this, and Guacamole does support the level of
encryption required. Rather than downgrading your RDP server's security
settings to match Guacamole's defaults, it would be better to change your
connection parameters to match your new RDP server's defaults.
> Guacamole is not working on Win Server 2016 while working on Win Server 2012
> R2 using the same configuration
> ------------------------------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-365
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-365
> Project: Guacamole
> Issue Type: Bug
> Affects Versions: 0.9.9, 0.9.13-incubating
> Reporter: York Chen
> Priority: Minor
>
> My environments is composed of a Linux box that runs the guac server and the
> guac web client and a windows
> I just use user-mapping to authenticate:
> {code:xml}
> <user-mapping>
> <authorize username="user" password="pw">
> <connection name="Windows Box RDP">
> <protocol>rdp</protocol>
> <param name="hostname">windows_box_ip</param>
> <param name="port">3389</param>
> <param name="username">user</param>
> <param name="password">pw</param>
> <param name="enable-wallpaper">true</param>
> <param name="enable-drive">true</param>
> <param name="drive-path">/opt/guacamole/transfer</param>
> <param name="create-drive-path">true</param>
> </connection>
> <connection name="Linux Box VNC">
> <protocol>vnc</protocol>
> <param name="hostname">linux_box_ip</param>
> <param name="port">5901</param>
> <param name="password">pw</param>
> </connection>
> <connection name="Linux Box SSH">
> <protocol>ssh</protocol>
> <param name="hostname">linux_box_ip</param>
> <param name="port">22</param>
> <param name="username">user</param>
> <param name="password">pw</param>
> </connection>
> </authorize>
> </user-mapping>
> {code}
> Logs:
> Aug 16 21:06:48 env-28348laiouse1 guacd[10264]: Listening on host 127.0.0.1,
> port 4822
> Aug 16 21:09:36 env-28348laiouse1 guacd[10264]: Creating new client for
> protocol "rdp"
> Aug 16 21:09:36 env-28348laiouse1 guacd[10264]: Connection ID is
> "$ca7aa065-7b3c-46db-a831-4f72ca1abf6a"
> Aug 16 21:09:36 env-28348laiouse1 guacd[10443]: No security mode specified.
> Defaulting to RDP.
> Aug 16 21:09:36 env-28348laiouse1 guacd[10443]: Resize method: none
> Aug 16 21:09:36 env-28348laiouse1 guacd[10443]: User
> "@e35f5d20-5fca-4362-b8f3-c5f626b48f6b" joined connection
> "$ca7aa065-7b3c-46db-a831-4f72ca1abf6a" (1 users now present)
> Aug 16 21:09:36 env-28348laiouse1 guacd[10443]: Loading keymap "base"
> Aug 16 21:09:36 env-28348laiouse1 guacd[10443]: Loading keymap "en-us-qwerty"
> Aug 16 21:09:36 env-28348laiouse1 guacd[10443]: Error connecting to RDP server
> Aug 16 21:09:36 env-28348laiouse1 guacd[10443]: User
> "@e35f5d20-5fca-4362-b8f3-c5f626b48f6b" disconnected (0 users remain)
> Aug 16 21:09:36 env-28348laiouse1 guacd[10443]: Last user of connection
> "$ca7aa065-7b3c-46db-a831-4f72ca1abf6a" disconnected
> Aug 16 21:09:36 env-28348laiouse1 guacd[10264]: Connection
> "$ca7aa065-7b3c-46db-a831-4f72ca1abf6a" removed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
