So now we know the server side(guacd) is up and running and actually able to receive connections.
If the client(tomcat/java/guac) can't connect, it could be the source address is wrong(i.e. coming from a different ip than 127.0.0.1), and running foul of some firewall rule or the client side isn't actually opening the connection despite the log saying it is, etc. I know in 1.4.0 the ipv6 network stuff changed, but everything you are doing seems tied to ipv4, unless Java is weird and changing the v4 to a v6 address with a bunch of 0's in front, which might be possible. I'm not a java expert. tcpdump or the other tools should let you know if that's the case though. You need to verify that is happening. tcpdump, strace, or some java debugging magic should help you figure that out. because the possible options for the problem seem to be limited to: * The host OS is being mean and denying the connections for some reason(firewall, configuration, etc) * The client(tomcat) is lying/confused about opening a connection. * The server(guacd) is unable to listen & connect. Since we know the last one is not true anymore, that leaves the other 2 options. I'm still guessing it's the 1st option, since nobody else seems to be having this issue(including me) but who knows. Good luck, -Craig On Mon, Feb 28, 2022 at 10:42 AM Jim Rx <jimr...@mail.com> wrote: > > Craig, > > I verified that guacd is running (systemctl status guacd) and then issued the > command telnet localhost 4822. I successfully connected. > > root@guac:~# telnet localhost 4822 > Trying ::1... > Trying 127.0.0.1... > Connected to localhost. > Escape character is ^]'. > > I pressed enter and the connection was 'closed by foreign host' > > So it appears that 4822 is available on the localhost. > > Thanks, > > Jim > > > Sent: Monday, February 28, 2022 at 12:34 PM > From: "Craig Sawyer" <csaw...@yumaunion.org> > To: user@guacamole.apache.org > Subject: Re: Problems with GuacamoleHTTPTunnelServlet > Could this be a firewall thing? Can you open a TCP connection to > 127.0.0.1:4822? > > You obviously won't do anything useful, since you won't speak the > guacd protocol, but that's not the point. Just make sure you can open > a network connection to guacd. If you can't, then FW or perhaps guacd > isn't really opening the port it says it is, etc. will require some > troubleshooting. > > Hope this helps, > -Craig > > On Mon, Feb 28, 2022 at 8:59 AM Jim Rx <jimr...@mail.com> wrote: > > > > Nick, > > > > Yes, Guac and Tomcat are on the same VM. > > > > As requested: > > > > root@guac:~# ls /etc/guacamole > > extensions guacamole.properties guacamole.war guacd.conf lib > > user-mapping.xml > > root@guac:~# > > root@guac:~# cat /etc/guacamole/guacamole.properties > > # Hostname and Guac Server Port > > guacd-hostname: 127.0.0.1 > > guacd-port: 4822 > > user-mapping: /etc/guacamole/user-mapping.xml > > auth-provider: > > net.sourceforge.guacamole.net.auth.ldap.LDAPAuthenticationProvider > > # MySQL properties > > mysql-hostname: localhost > > mysql-port: 3306 > > mysql-database: guacamole_db > > mysql-username: guacamole_user > > mysql-password: SuperSecret > > mysql-auto-create-accounts: true > > > > # LDAP Properties > > ldap-hostname: 1.2.3.4 > > ldap-port: 389 > > ldap-encryption-method: none > > ldap-user-base-dn: DC=domain,DC=tld > > ldap-username-attribute: samAccountName > > ldap-search-bind-dn: cn=SVC.GUACAMOLE, ou=Service Accounts, > > ou=Administration, dc=domain, dc=tld > > ldap-search-bind-password: SuperSecret > > ldap-user-search-filter: (sAMAccountType=805306368) > > > > root@guac:~# cat /etc/guacamole/guacd.conf > > [server] > > bind_host = 127.0.0.1 > > bind_port = 4822 > > root@guac:~# > > root@guac:~# systemctl status guacd tomcat9 > > ? guacd.service - LSB: Guacamole proxy daemon > > Loaded: loaded (/etc/init.d/guacd; generated) > > Active: active (running) since Mon 2022-02-28 10:52:43 CST; 2min 1s ago > > Docs: man:systemd-sysv-generator(8) > > Process: 806 ExecStart=/etc/init.d/guacd start (code=exited, > > status=0/SUCCESS) > > Tasks: 1 (limit: 4639) > > Memory: 9.9M > > CPU: 22ms > > CGroup: /system.slice/guacd.service > > +-814 /usr/local/sbin/guacd -p /var/run/guacd.pid > > Feb 28 10:52:43 guac systemd[1]: Starting LSB: Guacamole proxy daemon... > > Feb 28 10:52:43 guac guacd[812]: Guacamole proxy daemon (guacd) version > > 1.4.0 started > > Feb 28 10:52:43 guac guacd[806]: Starting guacd: > > Feb 28 10:52:43 guac guacd[812]: guacd[812]: INFO: Guacamole proxy daemon > > (guacd) version 1.4.0 started > > Feb 28 10:52:43 guac guacd[806]: SUCCESS > > Feb 28 10:52:43 guac systemd[1]: Started LSB: Guacamole proxy daemon. > > Feb 28 10:52:43 guac guacd[814]: Listening on host 127.0.0.1, port 4822 > > ? tomcat9.service - Apache Tomcat 9 Web Application Server > > Loaded: loaded (/lib/systemd/system/tomcat9.service; enabled; vendor > > preset: enabled) > > Active: active (running) since Mon 2022-02-28 10:52:43 CST; 2min 1s ago > > Docs: https://tomcat.apache.org/tomcat-9.0-doc/index.html > > Process: 817 ExecStartPre=/usr/libexec/tomcat9/tomcat-update-policy.sh > > (code=exited, status=0/SUCCESS) > > Main PID: 822 (java) > > Tasks: 38 (limit: 4639) > > Memory: 305.0M > > CPU: 16.325s > > CGroup: /system.slice/tomcat9.service > > +-822 /usr/lib/jvm/default-java/bin/java > > -Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties > > -Djava.util.logging.manager=org.apache> > > Feb 28 10:53:04 guac tomcat9[822]: 10:53:04.701 [http-nio-8080-exec-2] INFO > > o.a.d.a.l.e.ExtrasCodecFactoryUtil - > > MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4> > > Feb 28 10:53:04 guac tomcat9[822]: 10:53:04.702 [http-nio-8080-exec-2] INFO > > o.a.d.a.l.e.ExtrasCodecFactoryUtil - > > MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4> > > Feb 28 10:53:04 guac tomcat9[822]: 10:53:04.703 [http-nio-8080-exec-2] INFO > > o.a.d.a.l.e.ExtrasCodecFactoryUtil - > > MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4> > > Feb 28 10:53:04 guac tomcat9[822]: 10:53:04.703 [http-nio-8080-exec-2] INFO > > o.a.d.a.l.e.ExtrasCodecFactoryUtil - > > MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.1> > > Feb 28 10:53:04 guac tomcat9[822]: 10:53:04.704 [http-nio-8080-exec-2] INFO > > o.a.d.a.l.e.ExtrasCodecFactoryUtil - > > MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4> > > Feb 28 10:53:04 guac tomcat9[822]: 10:53:04.705 [http-nio-8080-exec-2] INFO > > o.a.d.a.l.e.ExtrasCodecFactoryUtil - > > MSG_06001_REGISTERED_EXTENDED_OP_FACTORY (1.3.6.1.4> > > Feb 28 10:53:04 guac tomcat9[822]: 10:53:04.705 [http-nio-8080-exec-2] INFO > > o.a.d.a.l.e.ExtrasCodecFactoryUtil - > > MSG_06002_REGISTERED_INTERMEDIATE_FACTORY (1.3.6.1.> > > Feb 28 10:53:04 guac tomcat9[822]: 10:53:04.867 [http-nio-8080-exec-2] INFO > > o.a.g.r.auth.AuthenticationService - User "guacadmin" successfully > > authenticated from 12> > > Feb 28 10:53:12 guac tomcat9[822]: 10:53:12.438 [http-nio-8080-exec-5] WARN > > o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: No such > > tunnel. > > Feb 28 10:53:22 guac tomcat9[822]: 10:53:22.502 [http-nio-8080-exec-1] > > ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: > > Connection to guacd tim> > > root@guac:~# > > > > --------------------------------------------------------------------- To > > unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional > > commands, e-mail: user-h...@guacamole.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > For additional commands, e-mail: user-h...@guacamole.apache.org > > --------------------------------------------------------------------- To > unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional > commands, e-mail: user-h...@guacamole.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
