guacd RDP fails to connect to Windows 10

[Elroy DSilva <el...@gmail.com>]

I'm testing the use of Guacamole for commercial use as part of our software
to enable users to remotely login to private networks from the browser.
I have Guacamole containers running on an AWS EC2 VM. The RDP connection is
made to a localhost port which is forwarded through a reverse tunnel
originating from the private network.
I'm able to connect to Win7/Win10 systems hosted on AWS, but when I try
connecting to the Win10 systems in the corporate network, guacd gives me
the following error:


connected to localhost:5000
creating directory /root/.config/freerdp
creating directory /root/.config/freerdp/certs
creating directory /root/.config/freerdp/server
certificate_store_open: error opening [/root/.config/freerdp/known_hosts]
for writing
unexpected pubKeyAuth buffer size:0
Could not verify public key echo!
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
Error: protocol security negotiation or connection failure
guacd[58]: ERROR:       Error connecting to RDP server


I'm unable to understand what the problem could be. The possible causes
could be that some Windows group policies could be blocking the RDP
connection, but this is just a rough guess. Two months have passed and I
haven't been able to narrow down to which policy could be affecting this.
Could it be RemoteFx (which is enabled) or some policies around that? Could
it be that Win10 has some specialized authentication procedures which are
blocking Guacamole?

The Wireshark packet traces on the destination machine indicate that the
RDP socket connection is closed with disconnection reason code 14. I
couldn't find any interesting information in the Event Viewer logs. Kindly
note that connecting to only these corporate domain network systems does
not work, everything else seems fine.

Could you please provide me some pointers where I should dig more? I would
basically like to understand which settings might be affecting Guacamole's
operating capability so that it is possible for me to address these
problems in a production environment.

Lastly, thanks for creating Guacamole.

Best Regards,
Elroy

Re: guacd RDP fails to connect to Windows 10

[Rafael Ramos <ra...@gmail.com>]

Hello
I had problems with windows 10 too, did the editing of the registry keys
and it worked.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp]
Change “SecurityLayer” value to 1
Verify “UserAuthentication” value is 0


Source:
https://mangolassi.it/topic/17846/make-windows-10-server-2016-rdp-work-with-guacamole

Em qua, 25 de set de 2019 às 02:06, Elroy DSilva <el...@gmail.com>
escreveu:

> I'm testing the use of Guacamole for commercial use as part of our
> software to enable users to remotely login to private networks from the
> browser.
> I have Guacamole containers running on an AWS EC2 VM. The RDP connection
> is made to a localhost port which is forwarded through a reverse tunnel
> originating from the private network.
> I'm able to connect to Win7/Win10 systems hosted on AWS, but when I try
> connecting to the Win10 systems in the corporate network, guacd gives me
> the following error:
>
>
> connected to localhost:5000
> creating directory /root/.config/freerdp
> creating directory /root/.config/freerdp/certs
> creating directory /root/.config/freerdp/server
> certificate_store_open: error opening [/root/.config/freerdp/known_hosts]
> for writing
> unexpected pubKeyAuth buffer size:0
> Could not verify public key echo!
> Authentication failure, check credentials.
> If credentials are valid, the NTLMSSP implementation may be to blame.
> Error: protocol security negotiation or connection failure
> guacd[58]: ERROR:       Error connecting to RDP server
>
>
> I'm unable to understand what the problem could be. The possible causes
> could be that some Windows group policies could be blocking the RDP
> connection, but this is just a rough guess. Two months have passed and I
> haven't been able to narrow down to which policy could be affecting this.
> Could it be RemoteFx (which is enabled) or some policies around that? Could
> it be that Win10 has some specialized authentication procedures which are
> blocking Guacamole?
>
> The Wireshark packet traces on the destination machine indicate that the
> RDP socket connection is closed with disconnection reason code 14. I
> couldn't find any interesting information in the Event Viewer logs. Kindly
> note that connecting to only these corporate domain network systems does
> not work, everything else seems fine.
>
> Could you please provide me some pointers where I should dig more? I would
> basically like to understand which settings might be affecting Guacamole's
> operating capability so that it is possible for me to address these
> problems in a production environment.
>
> Lastly, thanks for creating Guacamole.
>
> Best Regards,
> Elroy
>

Re: guacd RDP fails to connect to Windows 10

[Nick Couchman <vn...@apache.org>]

On Wed, Sep 25, 2019 at 1:06 AM Elroy DSilva <el...@gmail.com> wrote:

> I'm testing the use of Guacamole for commercial use as part of our
> software to enable users to remotely login to private networks from the
> browser.
> I have Guacamole containers running on an AWS EC2 VM. The RDP connection
> is made to a localhost port which is forwarded through a reverse tunnel
> originating from the private network.
> I'm able to connect to Win7/Win10 systems hosted on AWS, but when I try
> connecting to the Win10 systems in the corporate network, guacd gives me
> the following error:
>
>
> connected to localhost:5000
> creating directory /root/.config/freerdp
> creating directory /root/.config/freerdp/certs
> creating directory /root/.config/freerdp/server
> certificate_store_open: error opening [/root/.config/freerdp/known_hosts]
> for writing
> unexpected pubKeyAuth buffer size:0
> Could not verify public key echo!
> Authentication failure, check credentials.
> If credentials are valid, the NTLMSSP implementation may be to blame.
> Error: protocol security negotiation or connection failure
> guacd[58]: ERROR:       Error connecting to RDP server
>
>
The most likely cause is that guacd cannot verify the certificate used by
the RDP server.  You should make sure that your guacd server is set up to
trust the certificate(s) of the RDP server(s), or set the "ignore-cert"
parameter on the RDP connection:

http://guacamole.apache.org/doc/gug/configuring-guacamole.html#rdp

-NIck

>