connection to win rdp (connection drops immidiately)

[Priit Lepist <pl...@aia.tartu.ee>]

Hi!

I've been struggling with the issue for about 6 days for now and still
can't get it to work.
My goal is deploy https website with a single login credentials for users.
After successful login there would be only one connection available- RDP
to our internal W7 or W8 workstation (sry, but it is modified with multi
RDP users login patch). I'm aware that newer RDP prefers credentials
before establishing connection but as with W8 shows login screen it should
be possible. So if the connection is established the workstation asks
*personal login* credentials (like XP did) and serves RDP desktop and
other resources.
Logging into that workstation directly with whatever our local domain user
and Microsoft RDP client works fine so the patch works. I also tried with
guacamole and un-pached W7 workstation.

Now the problem.
I've been trying it with Debian Jessie packages, Centos 7.2 yum packages
and from source compiled versions on Centos. The installation has been OK.
Also tried several versions of guacamole-client (.war file). But when i
try to make connection via Guacamole (currently .war v0.8.3), it drops the
RDP connection
immediately (w7). With W8 it shows the login screen and if the user has
any luck, it successfully loads the profile and shows desktop. After
pressing some key the connection drops but mostly the screen even won't
show up and connection drops before. Trying with XP works flawlessly. So i
thought that the problem must be with auth process. Running guacd -f
output said:

SSL_read: Failure in SSL library (protocol error?)
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
Error: protocol security negotiation or connection failure.

So next thing was to make sure NLA is off on workstations and tried even
modify RDP host security preferences via gpedit. No luck.
Also the user-mapping.xml contained "ignore-cert" and "security=any" (and
other possibilities just in case) parameters. Then some forums hinted that
the xfreerdp needs --sec rdp parameter but i cant find the place to set
it.

If i add SSH connection to user-mapping file it works fine. As i assume
the problem should be between guacd <--> Win7/Win8 and must be rdp
specific.

When W8 session drops, catalina.out says:

Sep 14, 2016 12:26:53 PM
org.glyptodon.guacamole.servlet.GuacamoleHTTPTunnelServlet info
INFO: Connection from 127.0.0.1 succeeded.
Sep 14, 2016 12:28:31 PM
org.glyptodon.guacamole.net.basic.BasicGuacamoleTunnelServlet info
INFO: Successful connection from 127.0.0.1 to "RDP".
Sep 14, 2016 12:28:31 PM
org.glyptodon.guacamole.servlet.GuacamoleHTTPTunnelServlet info
INFO: Connection from 127.0.0.1 succeeded.
Sep 14, 2016 12:28:34 PM
org.glyptodon.guacamole.servlet.GuacamoleHTTPTunnelServlet error
SEVERE: Server error in tunnel

Browser says "Connection closed".

Win7 says the same but if the credentials are removed from user-mapping
file, it says "Error connectiong to RDP server".

But i really have run out of ideas.
Maybe i have to pass some parameters to xfreerdp guacamole uses? How can i
do that? Or maybe someone can tell me exact versions of SW that should
work in these conditions..
I've digged in forums and tried so many combinations of configuration that
i can't even remember everything to mark here up so i'm open to hints and
questions. :)

Many thanks!

-- 
Rgdz
Priit