On Wed, Feb 15, 2023 at 3:17 AM Dyck, Martin (BITBW) < martin.d...@bitbw.bwl.de> wrote:
> Hi, > > thank you for providing Apache Guacamole. It is a great tool! > We are using Apache Guacamole for a customer project and everything is > running perfectly, except for one problem where we are stuck. > > We want to establish a RDP session via One Identity Safeguard for > Privileged Sessions (SPS) using Apache Guacamole. The SPS blocks access > until an associate releases the connection. Due to a timeout in Apache > Guacamole, however, the associate only has exactly 10 seconds to release > the connection, otherwise the client receives the error “Verbindung wurde > getrennt” (TEXT_CLIENT_STATUS_DISCONNECTED) and he has to reconnect for an > other try. This is too short, as there is still a text field to be filled > in. > > Is there a possibility to increase this timeout. I found a timer in the > source code (#define GUACD_TIMEOUT 15000), but it is set to 15 seconds, not > 10 seconds. Is there another variable or setting that defaults to this 10 > seconds? > I looked into this at one point when I was investigating the possibility of customizing the connection timeout for various protocols. My recollection for RDP is that, because the connection itself is abstracted away from Guacamole into the FreeRDP library, the timeout has to be configurable in FreeRDP, which means that a parameter needs to be passable from Guacamole to FreeRDP for this, in order to instruct the FreeRDP library how long to wait. At the time that I looked into it there was not such an option available, but it's been a couple of years. Based on the current FreeRDP code, it looks like this may be do-able by setting the FreeRDP_TcpAckTimeout parameter, as is done by the xfreerdp client, here: https://github.com/FreeRDP/FreeRDP/blob/a7dc9eb82cf7f0ef5890e4e16413e12b3ff3468d/client/common/cmdline.c#L3463-L3470 My guess is this would just need to be set by the RDP protocol code in guacd. -NIck >
