You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Nicolas CHARREL <ni...@fiducialcloud.fr> on 2019/07/16 15:46:01 UTC
RDP without username and password failed on Win 2016
Hello
I want to allow my user to log on a windows server with their ids. So I have configured the connexion like that :
[https://issues.apache.org/jira/secure/attachment/12974835/12974835_image-2019-07-16-17-04-14-631.png]
[https://issues.apache.org/jira/secure/attachment/12974834/12974834_image-2019-07-16-17-05-15-064.png]
All other fields are empty.
So I expect to open a terminal server connexion and be on the windows logon screen. (I disabled NLA, and checked with mstsc client).
But it seems Guacamole doesn't work. The only way I found to do it work: use a space password ?!
With the same configuration but a space password I reach the server screen !
Logs without password (doesn't work):
root@bastion:~# guacd -L trace -f
guacd[2634]: INFO: Guacamole proxy daemon (guacd) version 1.0.0 started
guacd[2634]: DEBUG: Unable to bind socket to host ::1, port 4822: Address family not supported by protocol
guacd[2634]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822
guacd[2634]: INFO: Listening on host 127.0.0.1, port 4822
guacd[2634]: INFO: Creating new client for protocol "rdp"
guacd[2634]: INFO: Connection ID is "$614a72e9-7d6a-4e61-998d-1c0bcb633e76"
guacd[2634]: INFO: Creating new client for protocol "rdp"
guacd[2634]: INFO: Connection ID is "$2d378536-7a5b-4eb5-998c-5225f80aa02d"
guacd[2638]: WARNING: Guacamole handshake failed: Timed out
guacd[2638]: DEBUG: Error reading "size": Timeout while waiting for data on socket
guacd[2638]: INFO: Last user of connection "$614a72e9-7d6a-4e61-998d-1c0bcb633e76" disconnected
guacd[2638]: DEBUG: Requesting termination of client...
guacd[2638]: DEBUG: Client terminated successfully.
guacd[2634]: INFO: Connection "$614a72e9-7d6a-4e61-998d-1c0bcb633e76" removed.
guacd[2647]: WARNING: Guacamole handshake failed: Timed out
guacd[2647]: DEBUG: Error reading "size": Timeout while waiting for data on socket
guacd[2647]: INFO: Last user of connection "$2d378536-7a5b-4eb5-998c-5225f80aa02d" disconnected
guacd[2647]: DEBUG: Requesting termination of client...
guacd[2647]: DEBUG: Client terminated successfully.
guacd[2634]: INFO: Connection "$2d378536-7a5b-4eb5-998c-5225f80aa02d" removed.
Logs with space password:
guacd[2657]: INFO: Guacamole proxy daemon (guacd) version 1.0.0 started
guacd[2657]: DEBUG: Unable to bind socket to host ::1, port 4822: Address family not supported by protocol
guacd[2657]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822
guacd[2657]: INFO: Listening on host 127.0.0.1, port 4822
guacd[2657]: INFO: Creating new client for protocol "rdp"
guacd[2657]: INFO: Connection ID is "$2b264e1b-c1f5-4832-bbf6-094bd413886c"
guacd[2661]: DEBUG: Parameter "console" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "console-audio" omitted. Using default value of 0.
guacd[2661]: INFO: Security mode: RDP
guacd[2661]: DEBUG: User resolution is 1920x938 at 96 DPI
guacd[2661]: DEBUG: Parameter "dpi" omitted. Using default value of 96.
guacd[2661]: DEBUG: Using resolution of 1920x938 at 96 DPI
guacd[2661]: DEBUG: Parameter "read-only" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "client-name" omitted. Using default value of "Guacamole RDP".
guacd[2661]: DEBUG: Parameter "enable-wallpaper" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "enable-theming" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "enable-font-smoothing" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "enable-full-window-drag" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "enable-desktop-composition" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "enable-menu-animations" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "disable-bitmap-caching" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "disable-offscreen-caching" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "disable-glyph-caching" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "color-depth" omitted. Using default value of 16.
guacd[2661]: DEBUG: Parameter "disable-audio" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "enable-printing" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "printer-name" omitted. Using default value of "Guacamole Printer".
guacd[2661]: DEBUG: Parameter "enable-drive" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "drive-name" omitted. Using default value of "Guacamole Filesystem".
guacd[2661]: DEBUG: Parameter "drive-path" omitted. Using default value of "".
guacd[2661]: DEBUG: Parameter "create-drive-path" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "enable-sftp" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "sftp-hostname" omitted. Using default value of "10.203.46.19".
guacd[2661]: DEBUG: Parameter "sftp-port" omitted. Using default value of "22".
guacd[2661]: DEBUG: Parameter "sftp-username" omitted. Using default value of "".
guacd[2661]: DEBUG: Parameter "sftp-password" omitted. Using default value of "".
guacd[2661]: DEBUG: Parameter "sftp-passphrase" omitted. Using default value of "".
guacd[2661]: DEBUG: Parameter "sftp-root-directory" omitted. Using default value of "/".
guacd[2661]: DEBUG: Parameter "sftp-server-alive-interval" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "recording-name" omitted. Using default value of "recording".
guacd[2661]: DEBUG: Parameter "recording-exclude-output" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "recording-exclude-mouse" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "recording-include-keys" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "create-recording-path" omitted. Using default value of 0.
guacd[2661]: INFO: Resize method: none
guacd[2661]: DEBUG: Parameter "enable-audio-input" omitted. Using default value of 0.
guacd[2661]: DEBUG: Parameter "gateway-port" omitted. Using default value of 443.
guacd[2661]: INFO: User "@1802586c-62ae-46eb-be2c-7be21e35157c" joined connection "$2b264e1b-c1f5-4832-bbf6-094bd413886c" (1 users now present)
guacd[2661]: INFO: Loading keymap "base"
guacd[2661]: INFO: Loading keymap "en-us-qwerty"
LoadLibraryA: /usr/lib/x86_64-linux-gnu/freerdp/guacdr-client.so: cannot open shared object file: No such file or directory
guacd[2661]: WARNING: Failed to load guacdr plugin. Drive redirection and printing will not work. Sound MAY not work.
LoadLibraryA: /usr/lib/x86_64-linux-gnu/freerdp/guacsnd-client.so: cannot open shared object file: No such file or directory
guacd[2661]: WARNING: Failed to load guacsnd alongside guacdr plugin. Sound will not work. Drive redirection and printing MAY not work.
connected to 10.203.46.19:3389
By the way it's working the same on my prod env with guacdr and snd !
Do you have any idea how to resolve that ?
PS you have the jira of this question here : https://issues.apache.org/jira/browse/GUACAMOLE-844
Thank you for your help.
[cid:part1.A5D99575.889B3CB1@fiducial.net]<http://www.fiducialcloud.fr/>
PARIS | LYON | MARSEILLE
[cid:image003.jpg@01D25B80.0C241B00]
Nicolas CHARREL
Ingénieur Sécurité
Direct : +33 4 69 16 38 82
19 Rue Cottin - 69009 LYON
www.fiducialcloud.fr<http://www.fiducialcloud.fr/>
Re: RDP without username and password failed on Win 2016
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Jul 31, 2019 at 11:52 AM Niubbo75 <a....@me.com> wrote:
> vnick wrote
> > - Integrate Guacamole with AD authentication (using LDAP) and use the
> > ${GUAC_USERNAME} and ${GUAC_PASSWORD} tokens within the connection
> > configuration so that username and password are automatically passed
> > through (
> >
> http://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens
> > ).
> >
> > -Nick
>
> Nick, this way sounds so goods for my purpouse, thanks!
> I don't know before now it will be possible to pass that variables! (For
> real, it will be my next question here if you don't write it in your
> reply!)
>
Yep, that section in the manual discusses the various tokens that are
supported, so hopefully this will get you going. Feel free to post back if
you have additional questions.
-Nick
Re: RDP without username and password failed on Win 2016
Posted by Niubbo75 <a....@me.com>.
vnick wrote
> - Integrate Guacamole with AD authentication (using LDAP) and use the
> ${GUAC_USERNAME} and ${GUAC_PASSWORD} tokens within the connection
> configuration so that username and password are automatically passed
> through (
> http://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens
> ).
>
> -Nick
Nick, this way sounds so goods for my purpouse, thanks!
I don't know before now it will be possible to pass that variables! (For
real, it will be my next question here if you don't write it in your reply!)
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: RDP without username and password failed on Win 2016
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Jul 31, 2019 at 4:18 AM Niubbo75 <a....@me.com> wrote:
> Hello all,
> sorry if I jumping in into your question, but I have the same issue.
> If I use mstsc I do not have a full login screen but only the login box of
> the application itself, this both on M$ Windows Server 2016 & 2019 STD.
> IMHO it could be some change on RDP protocol from M$ side. I have also try
> to leave a "blank" password and putting in only username or insert a blank
> space in password field, both without goal.
> I have used to configure RDP connections w/out insert any username &
> password with older version of guacamole (till 0.99 if I remember right)
> and
> they works on Windows Server 2008 R2 (and I'm sure of this) and Windows
> Server 2012 R2 (not really sure of that).
> Today I'll check again with guacamole 1.0.0 and Windows Server 2008 R2 (ATM
> I do not have any iso of 2012 R2 here).
>
>
>
You are most likely running into the same issue with NLA being required on
the servers you are connecting to. Because NLA requires the username and
password at connection time, you will not see the Windows login
screen/prompt, and, with the current Guacamole Client, the connection will
fail. We are actively working on getting connection prompts to work such
that this information can be requested from the user during the connection
process, but that doesn't currently work in 1.0.0, nor will it be present
in 1.1.0. Hopefully in whatever release comes after that.
In the meantime, you have a couple of options:
- Disable the NLA requirement and use either TLS or RDP encryption. This
needs to be changed from within Windows.
- Integrate Guacamole with AD authentication (using LDAP) and use the
${GUAC_USERNAME} and ${GUAC_PASSWORD} tokens within the connection
configuration so that username and password are automatically passed
through (
http://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens
).
-Nick
Re: RDP without username and password failed on Win 2016
Posted by Niubbo75 <a....@me.com>.
Hello all,
sorry if I jumping in into your question, but I have the same issue.
If I use mstsc I do not have a full login screen but only the login box of
the application itself, this both on M$ Windows Server 2016 & 2019 STD.
IMHO it could be some change on RDP protocol from M$ side. I have also try
to leave a "blank" password and putting in only username or insert a blank
space in password field, both without goal.
I have used to configure RDP connections w/out insert any username &
password with older version of guacamole (till 0.99 if I remember right) and
they works on Windows Server 2008 R2 (and I'm sure of this) and Windows
Server 2012 R2 (not really sure of that).
Today I'll check again with guacamole 1.0.0 and Windows Server 2008 R2 (ATM
I do not have any iso of 2012 R2 here).
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: RDP without username and password failed on Win 2016
Posted by Nick Couchman <vn...@apache.org>.
>
> I have this exception :
>
> 17-Jul-2019 10:38:40.875 SEVERE [http-nio-127.0.0.1-8080-exec-11]
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error reading
> request, ignored
>
> java.lang.NullPointerException
>
> at
> org.apache.guacamole.protocol.ConfiguredGuacamoleSocket.<init>(ConfiguredGuacamoleSocket.java:248)
>
> at
> org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.assignGuacamoleTunnel(AbstractGuacamoleTunnelService.java:509)
>
> at
> org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.getGuacamoleTunnel(AbstractGuacamoleTunnelService.java:663)
>
> at
> org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
>
> at
> org.apache.guacamole.auth.jdbc.connection.ConnectionService.connect(ConnectionService.java:515)
>
> at
> org.apache.guacamole.auth.jdbc.connection.ModeledConnection.connect(ModeledConnection.java:263)
>
> at
> org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:219)
>
> at
> org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:393)
>
> at
> org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113)
>
> at
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200)
>
> at
> org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133)
>
> at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:852)
>
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
>
> at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
>
> at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>
> at java.base/java.lang.Thread.run(Thread.java:834)
>
>
>
What version of Guacamole Client are you running, and where did you get
it? Is it the official download from guacamole.apache.org? Or did you
clone/compile it from GitHub? If from GitHub, what version and when did
you clone it? I ask because I cannot find the line referenced above - line
248 of ConfiguredGuacamoleSocket.java does not seem to exist, at least, not
in the 1.0.0 version tag. It's there in the staging/1.1.0 branch, but is a
comment, not an actual line of code, and the same is true in the master
branch. I'm wondering if you're somewhere in between commits along the
way, or managed to grab a version in between commits?
> Note that this will not have any bearing on whether Windows allows the
> connection to succeed, shows a login screen, etc. As noted by the log
> messages, failure to load those plugins will prevent Guacamole from using
> sound and printing. The connection should still otherwise succeed.
>
> Yes, and I did a tcpdump capture when I have my issue there is no
> connection to my RDP server !
>
>
>
Yeah, the exception you're seeing above indicates that it's failing trying
to set up the socket connection to guacd, which is why you're not seeing
the RDP connection go through. If you're compiling guacamole-client from
source you should probably check out a fresh version of the code and start
from a known-good place.
-Nick
RE: RDP without username and password failed on Win 2016
Posted by Nicolas CHARREL <ni...@fiducialcloud.fr>.
Hello Mike and thank you for your help.
De : Mike Jumper <mj...@apache.org>
Envoyé : mardi 16 juillet 2019 20:24
À : user@guacamole.apache.org
Objet : Re: RDP without username and password failed on Win 2016
On Tue, Jul 16, 2019 at 8:46 AM Nicolas CHARREL <ni...@fiducialcloud.fr>> wrote:
Hello
I want to allow my user to log on a windows server with their ids. So I have configured the connexion like that :
[https://issues.apache.org/jira/secure/attachment/12974835/12974835_image-2019-07-16-17-04-14-631.png]
This is unrelated to the issue at hand, but beware that you don't need to set huge values for max number of connections if the intent is to allow any number of connections. The value for allowing any number of connections is "0" and is actually the default. The only case where this isn't the default is on connection groups.
[https://issues.apache.org/jira/secure/attachment/12974834/12974834_image-2019-07-16-17-05-15-064.png]
All other fields are empty.
So I expect to open a terminal server connexion and be on the windows logon screen. (I disabled NLA, and checked with mstsc client).
With the mstsc client, you see a full Windows logon screen? Yes
...
Logs without password (doesn't work):
root@bastion:~# guacd -L trace -f
guacd[2634]: INFO: Guacamole proxy daemon (guacd) version 1.0.0 started
guacd[2634]: DEBUG: Unable to bind socket to host ::1, port 4822: Address family not supported by protocol
guacd[2634]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822
guacd[2634]: INFO: Listening on host 127.0.0.1, port 4822
guacd[2634]: INFO: Creating new client for protocol "rdp"
guacd[2634]: INFO: Connection ID is "$614a72e9-7d6a-4e61-998d-1c0bcb633e76"
guacd[2634]: INFO: Creating new client for protocol "rdp"
guacd[2634]: INFO: Connection ID is "$2d378536-7a5b-4eb5-998c-5225f80aa02d"
guacd[2638]: WARNING: Guacamole handshake failed: Timed out
guacd[2638]: DEBUG: Error reading "size": Timeout while waiting for data on socket
Please also check the Guacamole logs. The messages here indicate a disruption in the flow of data during the handshake, which is abnormal. The guacd side is not getting to the point that it tries to establish an RDP connection, as it's still waiting for data from the webapp. Whatever is causing that behavior, it cannot simply be that the password is blank. Something strange is happening between the webapp and guacd.
I have this exception :
17-Jul-2019 10:38:40.875 SEVERE [http-nio-127.0.0.1-8080-exec-11] org.apache.coyote.AbstractProtocol$ConnectionHandler.process Error reading request, ignored
java.lang.NullPointerException
at org.apache.guacamole.protocol.ConfiguredGuacamoleSocket.<init>(ConfiguredGuacamoleSocket.java:248)
at org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.assignGuacamoleTunnel(AbstractGuacamoleTunnelService.java:509)
at org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.getGuacamoleTunnel(AbstractGuacamoleTunnelService.java:663)
at org.mybatis.guice.transactional.TransactionalMethodInterceptor.invoke(TransactionalMethodInterceptor.java:96)
at org.apache.guacamole.auth.jdbc.connection.ConnectionService.connect(ConnectionService.java:515)
at org.apache.guacamole.auth.jdbc.connection.ModeledConnection.connect(ModeledConnection.java:263)
at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:219)
at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:393)
at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113)
at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200)
at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:852)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Logs with space password:
...
LoadLibraryA: /usr/lib/x86_64-linux-gnu/freerdp/guacdr-client.so: cannot open shared object file: No such file or directory
guacd[2661]: WARNING: Failed to load guacdr plugin. Drive redirection and printing will not work. Sound MAY not work.
LoadLibraryA: /usr/lib/x86_64-linux-gnu/freerdp/guacsnd-client.so: cannot open shared object file: No such file or directory
guacd[2661]: WARNING: Failed to load guacsnd alongside guacdr plugin. Sound will not work. Drive redirection and printing MAY not work.
connected to 10.203.46.19:3389<http://10.203.46.19:3389>
By the way it's working the same on my prod env with guacdr and snd !
Do you have any idea how to resolve that ?
You should look to install things the same way on both environments. It is fairly common that the location that FreeRDP searches for plugins is different from the location that they end up being installed by the guacamole-server source build (normally /usr/local/lib/freerdp/). You will need to create symbolic links to bring them into the location that your FreeRDP uses (/usr/lib/x86_64-linux-gnu/freerdp/). If you are seeing this in one of your environments but not the other, you presumably did this in the environment that works and not in the environment that doesn't.
è Yes that the case, I will fix that.
Note that this will not have any bearing on whether Windows allows the connection to succeed, shows a login screen, etc. As noted by the log messages, failure to load those plugins will prevent Guacamole from using sound and printing. The connection should still otherwise succeed.
Yes, and I did a tcpdump capture when I have my issue there is no connection to my RDP server !
- Mike
Re: RDP without username and password failed on Win 2016
Posted by Mike Jumper <mj...@apache.org>.
On Tue, Jul 16, 2019 at 8:46 AM Nicolas CHARREL <
nicolas.charrel@fiducialcloud.fr> wrote:
> Hello
>
> I want to allow my user to log on a windows server with their ids. So I
> have configured the connexion like that :
>
> [image:
> https://issues.apache.org/jira/secure/attachment/12974835/12974835_image-2019-07-16-17-04-14-631.png]
>
This is unrelated to the issue at hand, but beware that you don't need to
set huge values for max number of connections if the intent is to allow any
number of connections. The value for allowing any number of connections is
"0" and is actually the default. The only case where this isn't the default
is on connection groups.
>
> [image:
> https://issues.apache.org/jira/secure/attachment/12974834/12974834_image-2019-07-16-17-05-15-064.png]
>
> All other fields are empty.
>
> So I expect to open a terminal server connexion and be on the windows
> logon screen. (I disabled NLA, and checked with mstsc client).
>
With the mstsc client, you see a full Windows logon screen?
...
>
> Logs without password (doesn't work):
>
> root@bastion:~# guacd -L trace -f
>
> guacd[2634]: INFO: Guacamole proxy daemon (guacd) version 1.0.0 started
>
> guacd[2634]: DEBUG: Unable to bind socket to host ::1, port 4822: Address
> family not supported by protocol
>
> guacd[2634]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822
>
> guacd[2634]: INFO: Listening on host 127.0.0.1, port 4822
>
> guacd[2634]: INFO: Creating new client for protocol "rdp"
>
> guacd[2634]: INFO: Connection ID is
> "$614a72e9-7d6a-4e61-998d-1c0bcb633e76"
>
> guacd[2634]: INFO: Creating new client for protocol "rdp"
>
> guacd[2634]: INFO: Connection ID is
> "$2d378536-7a5b-4eb5-998c-5225f80aa02d"
>
> guacd[2638]: WARNING: Guacamole handshake failed: Timed out
>
> guacd[2638]: DEBUG: Error reading "size": Timeout while waiting for data
> on socket
>
Please also check the Guacamole logs. The messages here indicate a
disruption in the flow of data during the handshake, which is abnormal. The
guacd side is not getting to the point that it tries to establish an RDP
connection, as it's still waiting for data from the webapp. Whatever is
causing that behavior, it cannot simply be that the password is blank.
Something strange is happening between the webapp and guacd.
Logs with space password:
>
> ...
>
> LoadLibraryA: /usr/lib/x86_64-linux-gnu/freerdp/guacdr-client.so: cannot
> open shared object file: No such file or directory
>
> guacd[2661]: WARNING: Failed to load guacdr plugin. Drive redirection and
> printing will not work. Sound MAY not work.
>
> LoadLibraryA: /usr/lib/x86_64-linux-gnu/freerdp/guacsnd-client.so: cannot
> open shared object file: No such file or directory
>
> guacd[2661]: WARNING: Failed to load guacsnd alongside guacdr plugin.
> Sound will not work. Drive redirection and printing MAY not work.
>
> connected to 10.203.46.19:3389
>
> By the way it's working the same on my prod env with guacdr and snd !
>
> Do you have any idea how to resolve that ?
>
You should look to install things the same way on both environments. It is
fairly common that the location that FreeRDP searches for plugins is
different from the location that they end up being installed by the
guacamole-server source build (normally /usr/local/lib/freerdp/). You will
need to create symbolic links to bring them into the location that your
FreeRDP uses (/usr/lib/x86_64-linux-gnu/freerdp/). If you are seeing this
in one of your environments but not the other, you presumably did this in
the environment that works and not in the environment that doesn't.
Note that this will not have any bearing on whether Windows allows the
connection to succeed, shows a login screen, etc. As noted by the log
messages, failure to load those plugins will prevent Guacamole from using
sound and printing. The connection should still otherwise succeed.
- Mike