You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by guacatoine <gu...@placi.de> on 2021/02/25 21:03:38 UTC
RDP: Issue with security-mode nego & NLA
Hello Guac users!
I encounter an issue and here's the symptom: Guacamole connection security
mode negotiation doesn't seem be able to "choose" NLA mode.
Context:
I'm trying to make my Guacamole 1.3 stack connect to a Windows 2016 target,
using RDP.
The remote server is configured to only accept NLA connections.
If my Guacamole connection "Security mode" param is on "Any", the webUI
shows a failure dialog that says:
"[Connection Error] The remote desktop server is currently unreachable. If
the problem persists, please notify your system administrator, or check your
system logs."
If I set this param to "NLA", it works smoothly and I can see the new NLA
RDP dialog that appeared in Guacamole 1.3! (thanks for that, by the way!)
Is this a bug that only affects me?
Thanks,
Antoine
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: RDP: Issue with security-mode nego & NLA
Posted by guacatoine <gu...@placi.de>.
Hi Guacamolers,
Well, then I'm gonna phrase my question differently:
is a Connection **security-mode** = **any** supposed to work with NLA as
well?
Looking forward to an answer! :]
Antoine
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: RDP: Issue with security-mode nego & NLA
Posted by guacatoine <gu...@placi.de>.
Oops, nabble stripped my raw additional debug elements. Here they are:
===============
Debug elements:
With Guacamole (with security-mode = ANY): **KO**
guacd[914075]: Creating new client for protocol "rdp"
guacd[914075]: Connection ID is "$b5fc03e4-69f3-44ec-94c4-21c3b48c9488"
guacd[1471025]: Security mode: Negotiate (ANY)
guacd[1471025]: Resize method: none
guacd[1471025]: User "@e9601e9e-14a4-4d0d-a6f2-caeeae0b0b40" joined
connection "$b5fc03e4-69f3-44ec-94c4-21c3b48c9488" (1 users now present)
guacd[1471025]: Loading keymap "base"
guacd[1471025]: Loading keymap "en-us-qwerty"
tomcat9[910483]: 12:55:56.712 [http-nio-8081-exec-4] DEBUG
o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
guacd[1471025]: RDP server closed/refused connection: Server refused
connection (wrong security type?)
guacd[1471025]: User "@e9601e9e-14a4-4d0d-a6f2-caeeae0b0b40" disconnected
(0 users remain)
guacd[1471025]: Last user of connection
"$b5fc03e4-69f3-44ec-94c4-21c3b48c9488" disconnected
tomcat9[910483]: 12:55:57.155 [http-nio-8081-exec-9] DEBUG
o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.
guacd[914075]: Connection "$b5fc03e4-69f3-44ec-94c4-21c3b48c9488" removed.
With Guacamole (with security-mode = NLA): **OK**
guacd[914075]: Creating new client for protocol "rdp"
guacd[914075]: Connection ID is "$76cdb95c-04fd-4c6c-a342-191c10bdbb18"
guacd[1471241]: Security mode: NLA
guacd[1471241]: Resize method: none
guacd[1471241]: User "@065794a5-0d77-4395-a200-70b41cf8032d" joined
connection "$76cdb95c-04fd-4c6c-a342-191c10bdbb18" (1 users now present)
guacd[1471241]: Loading keymap "base"
guacd[1471241]: Loading keymap "en-us-qwerty"
tomcat9[910483]: 12:56:34.421 [http-nio-8081-exec-8] DEBUG
o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
guacd[1471163]: Client did not terminate in a timely manner. Forcibly
terminating client and any child processes.
guacd[914075]: Connection "$4a4f9fb3-a8cf-4caf-9adc-63ce77fc0f97" removed.
guacd[1471241]: Connected to RDPDR 1.13 as client 0x0003
guacd[1471241]: Connected to RDPDR 1.13 as client 0x0002
guacd[1471241]: RDPDR user logged on
======================================
With xfreerdp, with negociation: **OK**
$ xfreerdp /v:A.B.C.D /u:Administrator /cert:ignore
Password:
[...]
With xfreerdp, with NLA forced: **OK as well**
$ xfreerdp /v:A.B.C.D /u:Administrator /cert:ignore /sec:nla
Password:
[...]
With xfreerdp, with NLA disabled: **KO**, but that's expected, since the
remote host is configured to only allow NLA connections
$ xfreerdp /v:A.B.C.D /u:Administrator /cert:ignore -sec-nla
[19655:19656] [WARN][com.freerdp.core.nego] - Error:
HYBRID_REQUIRED_BY_SERVER
[19655:19656] [INFO][com.freerdp.core] -
freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex resetting error
state
[19655:19656] [INFO][com.freerdp.core] -
freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
[19655:19656] [ERROR][com.freerdp.core.transport] - BIO_read returned a
system error 104: Connection reset by peer
[19655:19656] [ERROR][com.freerdp.core] -
transport_read_layer:freerdp_set_last_error_ex
ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x0002000D]
[19655:19656] [ERROR][com.freerdp.core] - freerdp_post_connect failed
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org