Hi,
We have used Guacamole in Docker containers since September 2022 and now we noticed that session to xrdp backend gets reset occasionally. I do not have numbers on the frequency of this problem. Where could the problem be? Our setup consist of Nginx reverse proxies, Guacamole and Guacd in Docker containers where we get sessions resets occasionally. The setup: DMZ: Nginx nr 1, proxies over https to Virtualmachine containing: Nginx/Docker reverse proxy tls endpoint Postgresql/Docker Authorization app/Flask running in Docker Guacamole/Docker Guacd/Docker This is run with Docker compose, with a default docker network Guacamole images are version 1.4.0 Guacd connects to other virtual machines on the same physical host over RDP to Xrdp. We have abt 100 defined users, of which only a small fraction are simultaneously active. This setup has worked fine until now when a user told us that his session gets reset/cancelled every now and then. This time the user had started the work in the xrdp session and then put the browser window to side and continued other tasks. After a while the session was reset. We have defined timeouts in the xrdp session and the user is aware of those and can handle it. This session reset seems to be of a sporadic nature. Some findings in logs: The session was reset at abt 8:03 and user logged in again at 8:11 ## docker logs guacamole 06:50:16.354 [http-nio-8080-exec-4] INFO o.a.g.r.auth.AuthenticationService - User "our_user" successfully authenticated from [1.2.3.4, 2.3.4.5, 172.22.0.6]. 08:03:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 0 ms. 08:03:57.528 [http-nio-8080-exec-7] INFO o.a.g.tunnel.TunnelRequestService - User "our_user" disconnected from connection "T123". Duration: 4420601 milliseconds 08:03:57.528 [http-nio-8080-exec-7] DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd. **08:03:57.533 [Thread-17] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Connection to guacd closed.** org.apache.guacamole.GuacamoleConnectionClosedException: Connection to guacd is closed. at org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:183) at org.apache.guacamole.io.ReaderGuacamoleReader.readInstruction(ReaderGuacamoleReader.java:195) at org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:81) at org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:81) at org.apache.guacamole.protocol.FilteredGuacamoleReader.read(FilteredGuacamoleReader.java:64) at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:246) Caused by: java.net.SocketException: Socket closed at java.net.SocketInputStream.read(SocketInputStream.java:204) at java.net.SocketInputStream.read(SocketInputStream.java:141) at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284) at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326) at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178) at java.io.InputStreamReader.read(InputStreamReader.java:184) at org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:169) ... 5 common frames omitted 08:04:10.131 [http-nio-8080-exec-6] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Requested tunnel destination does not exist. 08:04:10.133 [http-nio-8080-exec-6] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel. org.apache.guacamole.GuacamoleResourceNotFoundException: Requested tunnel destination does not exist. at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:212) at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:347) at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113) at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200) at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:136) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:878) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1673) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) 08:04:10.197 [http-nio-8080-exec-9] WARN o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: Requested tunnel destination does not exist. 08:04:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions... 08:04:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 0 ms. 08:05:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions... 08:05:49.734 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 1 ms. 08:06:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions... 08:06:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 0 ms. 08:07:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions... 08:07:49.734 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 1 ms. 08:08:18.567 [http-nio-8080-exec-1] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Requested tunnel destination does not exist. 08:08:18.568 [http-nio-8080-exec-1] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel. org.apache.guacamole.GuacamoleResourceNotFoundException: Requested tunnel destination does not exist. at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:212) at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:347) at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113) at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200) at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:136) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:878) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1673) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) 08:08:19.599 [http-nio-8080-exec-5] WARN o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: Requested tunnel destination does not exist. 08:08:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions... 08:08:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 0 ms. 08:09:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions... 08:09:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 0 ms. 08:10:49.733 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Checking for expired sessions... 08:10:49.734 [pool-1-thread-1] DEBUG o.a.g.rest.auth.HashTokenSessionMap - Session check completed in 1 ms. 08:11:41.112 [http-nio-8080-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection 08:11:41.112 [http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1203416382 from pool. 08:11:41.112 [http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1203416382 ... 08:11:41.114 [http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1203416382 is GOOD! 08:11:41.128 [http-nio-8080-exec-10] INFO o.a.g.r.auth.AuthenticationService - User "our_user" successfully authenticated from [1.2.3.4, 2.3.4.5, 172.22.0.6]. ## docker logs guacd --timestamps --since "2024-01-02T00:00:00" 2>&1 |grep -E "(INFO|ERROR)" 2024-01-03T06:50:16.928694835Z guacd[16881]: INFO: Security mode: TLS 2024-01-03T06:50:16.935715531Z guacd[16881]: INFO: Resize method: none 2024-01-03T06:50:16.936138304Z guacd[16881]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. 2024-01-03T06:50:16.936379135Z guacd[16881]: INFO: User "@60d3cc38-2eed-4d07-8f7c-17f9b0455767" joined connection "$80a30902-eb06-4fef-9982-38671c3e2e0e" (1 users now present) 2024-01-03T06:50:16.941579144Z guacd[16881]: INFO: Loading keymap "base" 2024-01-03T06:50:16.941728354Z guacd[16881]: INFO: Loading keymap "sv-se-qwerty" 2024-01-03T06:50:18.679087788Z guacd[16881]: INFO: Accepted format: 16-bit PCM with 2 channels at 44100 Hz 2024-01-03T06:50:18.679445198Z guacd[16881]: INFO: Accepted format: 16-bit PCM with 2 channels at 22050 Hz 2024-01-03T06:50:18.679766542Z guacd[16881]: INFO: Connected to RDPDR 1.12 as client 0x5d0ecf35 2024-01-03T06:50:18.682254581Z guacd[16881]: INFO: RDPDR user logged on **2024-01-03T08:03:53.155363773Z guacd[16881]: ERROR: User is not responding.** 2024-01-03T08:03:53.155435788Z guacd[16881]: INFO: User "@60d3cc38-2eed-4d07-8f7c-17f9b0455767" disconnected (0 users remain) 2024-01-03T08:03:53.155443944Z guacd[16881]: INFO: Last user of connection "$80a30902-eb06-4fef-9982-38671c3e2e0e" disconnected 2024-01-03T08:03:53.321828599Z guacd[16881]: INFO: Internal RDP client disconnected 2024-01-03T08:03:53.337334146Z guacd[6]: INFO: Connection "$80a30902-eb06-4fef-9982-38671c3e2e0e" removed. 2024-01-03T08:11:41.530516926Z guacd[6]: INFO: Creating new client for protocol "rdp" 2024-01-03T08:11:41.531407046Z guacd[6]: INFO: Connection ID is "$52e3a390-3c4e-4162-bdf1-0e8636344a57" /Perre