> I set TLS and ignore certificate, and it could get in Guacamole settings are ok.
From: Devine, Harry (FAA) [mailto:harry.dev...@faa.gov.INVALID] Sent: 17 February 2022 21:11 To: user@guacamole.apache.org Subject: RE: Issues with RDP connections Same errors (Guac's web page says the connection is currently unreachable). The log shows: Feb 17 16:09:10 armt guacd[4148]: Creating new client for protocol "rdp" Feb 17 16:09:10 armt guacd[4148]: Connection ID is "$61bba758-ee0f-442d-9c99-03bb6204066d" Feb 17 16:09:10 armt guacd[19478]: Security mode: Negotiate (ANY) Feb 17 16:09:10 armt guacd[19478]: Resize method: none Feb 17 16:09:10 armt guacd[19478]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Feb 17 16:09:10 armt server: 16:09:10.650 [http-bio-8080-exec-89] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "2". Feb 17 16:09:10 armt server: 16:09:10.650 [http-bio-8080-exec-89] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Feb 17 16:09:10 armt guacd[19478]: User "@d394b5b0-4e10-47d1-a237-0d3536b5c921" joined connection "$61bba758-ee0f-442d-9c99-03bb6204066d" (1 users now present) Feb 17 16:09:10 armt guacd[19478]: Loading keymap "base" Feb 17 16:09:10 armt guacd[19478]: Loading keymap "en-us-qwerty" Feb 17 16:09:11 armt guacd[19478]: RDP server closed/refused connection: Server refused connection (wrong security type?) Feb 17 16:09:11 armt guacd[19478]: User "@d394b5b0-4e10-47d1-a237-0d3536b5c921" disconnected (0 users remain) Feb 17 16:09:11 armt guacd[19478]: Last user of connection "$61bba758-ee0f-442d-9c99-03bb6204066d" disconnected Feb 17 16:09:11 armt guacd[4148]: Connection "$61bba758-ee0f-442d-9c99-03bb6204066d" removed. Feb 17 16:09:11 armt server: 16:09:11.387 [http-bio-8080-exec-109] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from connection "2". Duration: 15423 milliseconds Feb 17 16:09:11 armt server: 16:09:11.392 [http-bio-8080-exec-109] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Connection to guacd timed out. I created a new connection to another Windows server that's Windows 10, and I set TLS and ignore certificate, and it could get in, so what could be wrong on this Windows server to cause to refuse a connection? Thanks, Harry From: Adrian Owen <adrian.o...@eesm.com<mailto:adrian.o...@eesm.com>> Sent: Thursday, February 17, 2022 4:08 PM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: RE: Issues with RDP connections security any ignore-cert true Adrian From: Devine, Harry (FAA) [mailto:harry.dev...@faa.gov.INVALID] Sent: 17 February 2022 20:45 To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Issues with RDP connections We are trying to get RDP connections to a Windows Server 2012 machine, and every time we try, it fails. The /var/log/messages shows the following: Feb 17 15:40:51 armt guacd[4148]: Creating new client for protocol "rdp" Feb 17 15:40:51 armt guacd[4148]: Connection ID is "$4886636f-dd2a-455d-865a-239b95a0f4ae" Feb 17 15:40:51 armt guacd[17756]: Security mode: TLS Feb 17 15:40:51 armt guacd[17756]: Resize method: none Feb 17 15:40:51 armt guacd[17756]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Feb 17 15:40:51 armt server: 15:40:51.939 [http-bio-8080-exec-87] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "2". Feb 17 15:40:51 armt server: 15:40:51.939 [http-bio-8080-exec-87] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Feb 17 15:40:51 armt guacd[17756]: User "@eca84bdc-710e-43f6-88c0-0451531d9a14" joined connection "$4886636f-dd2a-455d-865a-239b95a0f4ae" (1 users now present) Feb 17 15:40:51 armt guacd[17756]: Loading keymap "base" Feb 17 15:40:51 armt guacd[17756]: Loading keymap "en-us-qwerty" Feb 17 15:40:52 armt guacd[17756]: RDP server closed/refused connection: Security negotiation failed (wrong security type?) Feb 17 15:40:52 armt guacd[17756]: User "@eca84bdc-710e-43f6-88c0-0451531d9a14" disconnected (0 users remain) Feb 17 15:40:52 armt guacd[17756]: Last user of connection "$4886636f-dd2a-455d-865a-239b95a0f4ae" disconnected Feb 17 15:40:52 armt guacd[4148]: Connection "$4886636f-dd2a-455d-865a-239b95a0f4ae" removed. Feb 17 15:41:07 armt server: 15:41:07.343 [http-bio-8080-exec-105] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from connection "2". Duration: 15404 milliseconds Feb 17 15:41:07 armt server: 15:41:07.348 [http-bio-8080-exec-105] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Connection to guacd timed out. We have tried all possible values in the connection's Security Mode, as well has having "Ignore Server Certificate" checked and unchecked, and it simply won't connect. How can we get this working? This is a high-security item for a client of ours and they have to have connectivity to these machines restored asap. Thanks, Harry Harry Devine Secure-OSE System Administrator Red Hat Certified System Administrator (RHCSA) Work: (609) 485-4218 FAA Cell: (609) 612-7274
