You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by kubimike <mo...@kubickidraper.com> on 2020/01/24 16:11:58 UTC
GUACD on Fortigate
Hi, I am trying to use HTML 5 RDP on a Fortigate 100e to a Windows 2008 R2
Farm w/Connection Broker. I am also using the same firewall ahd HTML 5 RDP
setup to a Windows 2016 Farm w/Connection Broker.
If I attempt to connect to the Windows 2008 R2 over and over (approx 9-15
times) it eventually connects oddly enough. Im also getting a time zone
issue which sets the timezone incorrect on the server once I'm in
I do have a ticket open with Fortigate they are checking with the developers
but Im always exploring all avenues when I have issues I need to get solved.
Any tips would be greatly appreciated that I could pass along to Fortinet.
I am getting the following errors :
*Windows 2008 R2 Servers / Fortigate Debug shows:*
2020-01-23 15:12:23 [27259:root:c9]ws_srv_read:991 connection closed
2020-01-23 15:12:23 [27259:root:c9]epollAddPending:528
read : needed: 0 ((nil)) evRead 0x0 ev 0x1 (0)
write: needed: 0 ((nil)) evWrite 0x0 ev 0x1 (0)
2020-01-23 15:12:23 [27259:root:c9]epollFdHandler:643 s: 0x35df2400 event:
0x10
2020-01-23 15:12:23 [27259:root:c9]Destroy sconn 0x35df2400, connSize=2.
(root)
2020-01-23 15:12:23 [27259:root:c9]sslvpn_release_apsession:1606 free app
session, idx[0]
2020-01-23 15:12:23 [27259:root:c9]epollFdHandler,565, Invalid event for
this conn.
2020-01-23 15:12:23 [27259:root:c9]epollFdHandler:643 s: 0x35df2400 event:
0x4
2020-01-23 15:12:23 [27259:root:c9]Destroy sconn 0x35df2400, connSize=2.
(root)
*Windows 2016 Servers / Fortigate Debug shows:*
2020-01-24 08:52:20 [207:root:ef]ws_srv_read:1008 connection closed
2020-01-24 08:52:20 [207:root:ef]epollAddPending:531
read : needed: 0 ((nil)) evRead 0x0 ev 0x1 (0)
write: needed: 0 ((nil)) evWrite 0x0 ev 0x1 (0)
2020-01-24 08:52:20 [207:root:ef]epollFdHandler:646 s: 0x53ae2080 event:
0x10
2020-01-24 08:52:20 [207:root:ef]Destroy sconn 0x53ae2080, connSize=0.
(root)
2020-01-24 08:52:20 [207:root:ef]sslvpn_release_apsession:1628 free app
session, idx[2]
2020-01-24 08:52:20 [207:root:ef]deconstruct_session_id:399 decode session
id ok,
user=[elcotrade@shvdatacenter.at],group=[SDF_VPN_Allowed],authserver=[shvsd.local_both_DCs],portal=[SHV_SDF],host=[213.174.227.113],realm=[],idx=3,auth=16,sid=42ebe899,login=1579851968,access=1579851968,saml_logout_url=no
2020-01-24 08:52:20 [207:root:ef]epollFdHandler,568, Invalid event for this
conn.
2020-01-24 08:52:20 [207:root:ef]epollFdHandler:646 s: 0x53ae2080 event: 0x4
2020-01-24 08:52:20 [207:root:ef]Destroy sconn 0x53ae2080, connSize=0.
(root)
*Timezone Issue on both Windows 2008 R2 & Windows 2016*
2020-01-24 08:52:20 guacd[152]: WARNING: guac_set_timezone: timezone path
not found: No such file or directory
*Other notable errors:*
guacd[12188]: WARNING: Failed to load guacdr plugin. Drive redirection and
printing will not work. Sound MAY not work.
guacd[12188]: WARNING: Failed to load guacsnd alongside guacdr plugin. Sound
will not work. Drive redirection and
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: GUACD on Fortigate
Posted by Vieri <re...@yahoo.com.INVALID>.
On Sunday, January 26, 2020, 10:54:30 AM GMT+1, Nick Couchman <vn...@apache.org> wrote:
>>> ...
>>> 2020-01-24 08:52:20 guacd[152]: WARNING: guac_set_timezone: timezone path
>>> not found: No such file or directory
>>
>> There is no guac_set_timezone() function within Guacamole, nor does the phrase "timezone path" occur within the source. It looks like the vendor in question has
>> made their own changes on top of the upstream source (whichever version that might be) and those changes are not working as they intend. Unfortunately, it's not
>> going to be possible for us to help debug the behavior of the modified source of a third-party vendor:
>>
> Well, that's interesting. Looks like maybe they were fighting the same thing I did when trying to get the RDP timezone to set with the lack of support for doing so in
> the FreeRDP API. Maybe Fortinet needs to check out the latest version of the code.
**Unfortunately**, I have two of those devices, but I do my best to avoid them. I'm forced to use them, but so far I've managed to limit them to bridged firewalling. I haven't used what they call "bookmarks", and I'm surprised (well, not that much) to find out they're based on Guacamole. I've yet to find a copy of the Apache License, though... I haven't really searched for it, but I presume they're required to distribute it.
Anyway, sorry for hijacking this thread without addressing the issue at hand. The only thing I can say is that you can try to migrate just FG's Bookmarks to Guacamole, then add a single HTTP connection within FG's Bookmark which points to an Apache reverse proxy which sends the authentication details to the backend Guacamole web. I haven't tried it, but it might work.
Vieri
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: GUACD on Fortigate
Posted by Nick Couchman <vn...@apache.org>.
>
> ...
>> 2020-01-24 08:52:20 guacd[152]: WARNING: guac_set_timezone:
>> timezone path
>> not found: No such file or directory
>>
>
> There is no guac_set_timezone() function within Guacamole, nor does the
> phrase "timezone path" occur within the source. It looks like the vendor in
> question has made their own changes on top of the upstream source
> (whichever version that might be) and those changes are not working as they
> intend. Unfortunately, it's not going to be possible for us to help debug
> the behavior of the modified source of a third-party vendor:
>
>
Well, that's interesting. Looks like maybe they were fighting the same
thing I did when trying to get the RDP timezone to set with the lack of
support for doing so in the FreeRDP API. Maybe Fortinet needs to check out
the latest version of the code.
:-)
-Nick
Re: GUACD on Fortigate
Posted by Mike Jumper <mj...@apache.org>.
On Fri, Jan 24, 2020 at 8:08 AM kubimike <mo...@kubickidraper.com> wrote:
> Hi, I am trying to use HTML 5 RDP on a Fortigate 100e to a Windows 2008 R2
> Farm w/Connection Broker. I am also using the same firewall ahd HTML 5 RDP
> setup to a Windows 2016 Farm w/Connection Broker.
>
> If I attempt to connect to the Windows 2008 R2 over and over (approx 9-15
> times) it eventually connects oddly enough. Im also getting a time zone
> issue which sets the timezone incorrect on the server once I'm in
> I do have a ticket open with Fortigate they are checking with the
> developers
> but Im always exploring all avenues when I have issues I need to get
> solved.
> Any tips would be greatly appreciated that I could pass along to Fortinet.
>
> I am getting the following errors :
> ...
> 2020-01-24 08:52:20 guacd[152]: WARNING: guac_set_timezone:
> timezone path
> not found: No such file or directory
>
There is no guac_set_timezone() function within Guacamole, nor does the
phrase "timezone path" occur within the source. It looks like the vendor in
question has made their own changes on top of the upstream source
(whichever version that might be) and those changes are not working as they
intend. Unfortunately, it's not going to be possible for us to help debug
the behavior of the modified source of a third-party vendor:
http://guacamole.apache.org/faq/#test-against-latest-version
My recommendation would be to try using the latest upstream release of
Apache Guacamole or to test against the source of our WIP upcoming release.
If you can reproduce things there, then we'll have a starting point. If you
can't, then you will have something specific you can show your vendor or
you can migrate away from said vendor.
- Mike