You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by "Nick Couchman (JIRA)" <ji...@apache.org> on 2018/04/20 09:32:00 UTC
[jira] [Commented] (GUACAMOLE-546) When using RDP with NLA and the
remote account password has expired/must be changed, users don't get any
indication
[ https://issues.apache.org/jira/browse/GUACAMOLE-546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16445539#comment-16445539 ]
Nick Couchman commented on GUACAMOLE-546:
-----------------------------------------
{quote}
Please note that NLA is enabled on the remote machine if that affects anything.
{quote}
This almost certainly is what's causing the issue, since NLA bundles the encryption/connection and authentication into a single step. There have always been password change issues with NLA - even the RDP client picture you posted isn't really helpful in actually getting your password change if it has expired. However, it looks like they're actually returning a specific error code that the RDP client makes use of, so we, too, should be able to track down that error code and provide a more descriptive error on the Guacamole side.
> When using RDP with NLA and the remote account password has expired/must be changed, users don't get any indication
> -------------------------------------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-546
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-546
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd
> Affects Versions: 0.9.14
> Reporter: Shaun Tarves
> Priority: Minor
> Attachments: Screen Shot 2018-04-16 at 8.12.47 AM.png
>
>
> When attempting to connect to a remote machine over RDP, if the user's account password has expired or is marked as needing to be changed on next login, guacd encounters a generic failure and we have no way of knowing why login failed.
> When logging into the same machine with the standard Remote Desktop client, you at least get an alert indicating what the problem is (see attached).
> guacd logs don't offer any indication of the problem either. Please note that NLA *is enabled* on the remote machine if that affects anything. I do not know if this same issue exists when NLA is not enabled.
>
> guacd log
> {code:bash}
> Apr 16 08:16:11 rahost guacd[1915]: Creating new client for protocol "rdp"
> Apr 16 08:16:11 rahost guacd[1915]: Connection ID is "$22f1a2fe-629d-4ae5-93a3-66a94fd136db"
> Apr 16 08:16:11 rahost guacd[29684]: Security mode: ANY
> Apr 16 08:16:11 rahost guacd[29684]: Resize method: none
> Apr 16 08:16:11 rahost guacd[29684]: User "@319b7690-3ecf-481a-b581-d9561abaa701" joined connection "$22f1a2fe-629d-4ae5-93a3-
> 66a94fd136db" (1 users now present)
> Apr 16 08:16:11 rahost guacd[29684]: Loading keymap "base"
> Apr 16 08:16:11 rahost guacd[29684]: Loading keymap "en-us-qwerty"
> Apr 16 08:16:12 rahost guacd[29684]: Error connecting to RDP server
> Apr 16 08:16:12 rahost guacd[29684]: User "@319b7690-3ecf-481a-b581-d9561abaa701" disconnected (0 users remain)
> Apr 16 08:16:12 rahost guacd[29684]: Last user of connection "$22f1a2fe-629d-4ae5-93a3-66a94fd136db" disconnected
> Apr 16 08:16:12 rahost guacd[1915]: Connection "$22f1a2fe-629d-4ae5-93a3-66a94fd136db" removed.
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)