I was incorrect -- I *did* have a domain user named "guacadmin". I checked
the windows event logs on the 2012 machine I failed to connect to and saw
error 4825 in the Windows/Security event log, as an Audit Failure message:
"A user was denied the access to Remote Desktop. By default, users are
allowed to connect only if they are members of the Remote Desktop Users
group or Administrators group."
If I delete the user and try to connect again, I get this expected error
from guacd:
"RDP server closed/refused connection: Authentication failure (invalid
credentials?)"
I hear you saying you can connect to the same server presumably with the
same domain and username credentials via another RDP client, but I'd
suggest double-checking that this is indeed the case as well as check your
Windows Event logs to see if anything is logged when the connection from
guacamole fails.
On Fri, Feb 18, 2022 at 11:23 AM Hankins, Jonathan <
jhank...@homewood.k12.al.us> wrote:
> FWIW, I get the same error "RDP server closed/refused connection: Server
> refused connection (wrong security type?)" if I try to connect with a
> username passed through that does not exist on the Windows side.
>
> For reference, in my connection, I have the domain set, the login set to
> "${GUAC_USERNAME}", security mode set to NLA in guac (also required on the
> Windows side). If I login as "guacadmin" to guac and launch that
> connection, it fails with the message you are receiving, as there is no
> "guacadmin" user in my Windows domain.
>
>
>
>
> On Fri, Feb 18, 2022 at 6:47 AM Devine, Harry (FAA)
> <harry.dev...@faa.gov.invalid> wrote:
>
>> It doesn’t look like guacd.conf is being used in our installation. I
>> tried “/etc/init.d/guacd restart –L”, but /var/log/messages doesn’t look
>> any different in what its logging. Where else should I be adding/looking
>> for the debug messages? Perhaps guacamole.properties?
>>
>>
>>
>> Thanks,
>>
>> Harry
>>
>>
>>
>> *From:* Nick Couchman <nick.e.couch...@gmail.com>
>> *Sent:* Thursday, February 17, 2022 9:26 PM
>> *To:* user@guacamole.apache.org
>> *Subject:* Re: Issues with RDP connections
>>
>>
>>
>> On Thu, Feb 17, 2022 at 8:34 PM Devine, Harry (FAA) <
>> harry.dev...@faa.gov.invalid> wrote:
>>
>> On the Windows side or the guacamole side? If the user couldn’t write
>> there, why did the windows 10 rdp work? One of out admins said they can
>> rdp to the windows 2013 server using MobaXterm and they see the TLS is 1.2.
>> Does guacamole expect v2? If so, does the 2012 need to update to TLS2?
>>
>>
>>
>>
>>
>> This would be on the Guacamole side. No, I do not expect that Guacamole
>> would require a TLS version that Windows doesn't support- I use 1.4.0 to
>> connect to Server 2003, 2008/r2, 2012/r2, 2016, and 2019, along with
>> Windows 10.
>>
>>
>>
>> Also, might want to start guacd with debug logging (-L debug on the
>> command line, or log_level = debug in guacd.conf) to see if you get any
>> more useful messages.
>>
>>
>>
>> -Nick
>>
>
>
> --
> Jonathan Hankins
>
> Homewood City Schools
>
> W: 205-877-4548
>
--
Jonathan Hankins
Homewood City Schools
W: 205-877-4548
--
This e-mail is intended only for the recipient and may contain confidential
or proprietary information. If you are not the intended recipient, the
review, distribution, duplication or retention of this message and its
attachments are prohibited. Please notify the sender of this error
immediately by reply e-mail, and permanently delete this message and its
attachments in any form in which they may have been preserved.
