You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Vieri <re...@yahoo.com.INVALID> on 2022/10/14 10:47:10 UTC
No readable active connection for tunnel
Hi,
I'm seeing some weird issues that seem to occur only for specific users. For instance, I have 2 users failing from the same client PC, while another can log into and use Guacamole just fine.
The failing users can successfully login, but they do not see the Guacamole web page with all the connections. Instead, they are being "sent"to an RDP connection (even though they are using the root URL and the browser's cache has been deleted).
This is what I see in the log:
[https-openssl-apr-8443-exec-36] DEBUG o.a.g.r.auth.AuthenticationService - Login was successful for user "testuser".
[https-openssl-apr-8443-exec-34] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at 10.5.1.9:4822.
[https-openssl-apr-8443-exec-34] INFO o.a.g.tunnel.TunnelRequestService - User "testuser" connected to connection "Desktop HM1912".
[https-openssl-apr-8443-exec-35] DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: No readable active connection for tunnel.
[https-openssl-apr-8443-exec-32] INFO o.a.g.tunnel.TunnelRequestService - User "testuser" disconnected from connection "Desktop HM1912". Duration: 1022 milliseconds
[https-openssl-apr-8443-exec-32] DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.
What does "Client request rejected: No readable active connection for tunnel." mean?
Users who successfully use Guacamole do not generate this log message. Instead I see this other message:
[https-openssl-apr-8443-exec-32] DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: Not found: "userOK"
which is probably just an artefact. User userOK will then see the Guacamole web page as expected and be able to choose a connection.
The error for "testuser" seems to indicate a connection issue, but as noted before "userOK" successfully logged in from the same exact desktop PC (it's a Windows 10 system, no Windows user session change and same browser).
I don't know if it's related, but my Catalina error log shows message such as:
Exception in thread "Thread-32940" java.lang.IllegalStateException: The WebSocket session [231a] has been closed and no method (apart from close()) may be called on a closed session
They seem to show up when "testuser" tries to connect.
Any ideas?
Using v. 1.4.
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: No readable active connection for tunnel
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Oct 14, 2022 at 6:47 AM Vieri <re...@yahoo.com.invalid> wrote:
>
> Hi,
>
> I'm seeing some weird issues that seem to occur only for specific users. For instance, I have 2 users failing from the same client PC, while another can log into and use Guacamole just fine.
>
2 users failing from the same client PC - the other who can log in, is
that also from the same PC? Or from a different client?
> The failing users can successfully login, but they do not see the Guacamole web page with all the connections. Instead, they are being "sent"to an RDP connection (even though they are using the root URL and the browser's cache has been deleted).
>
This behavior is expected, and happens when users only have a single
connection assigned to them and no administrative privileges - they
are automatically directed to the connection. The solution to this is
to assign them more than one connection - or, better yet, just use it
how it is, since it simplifies the user experience :-).
> This is what I see in the log:
>
> [https-openssl-apr-8443-exec-36] DEBUG o.a.g.r.auth.AuthenticationService - Login was successful for user "testuser".
> [https-openssl-apr-8443-exec-34] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at 10.5.1.9:4822.
> [https-openssl-apr-8443-exec-34] INFO o.a.g.tunnel.TunnelRequestService - User "testuser" connected to connection "Desktop HM1912".
> [https-openssl-apr-8443-exec-35] DEBUG o.a.g.rest.RESTExceptionMapper - Client request rejected: No readable active connection for tunnel.
> [https-openssl-apr-8443-exec-32] INFO o.a.g.tunnel.TunnelRequestService - User "testuser" disconnected from connection "Desktop HM1912". Duration: 1022 milliseconds
> [https-openssl-apr-8443-exec-32] DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.
>
> What does "Client request rejected: No readable active connection for tunnel." mean?
This means that the tunnel created by guacd has shut down for some
reason. You'll need to look at the guacd logs - usually in syslog,
journald, or wherever your system logs go - and see why the connection
is being shut down. The other possible reasons for this generally have
to do with network connectivity issues, either between the browser and
Tomcat server (firewall, anti-malware, etc., interfering with things),
or between Tomcat and guacd, that don't allow the tunnel to be
established correctly. Other than that, it could be that guacd is
ending abruptly (segfault), or Tomcat is running out of resources and
can't keep the tunnel open. One way or the other, looking at log
files, and increasing verbosity of those logs should help track down
the problem.
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org