RE: Dynamic VNC connections

[ha...@faa.gov]

I tried that, and its not working.  Let me describe how I have things set up, and hopefully its just something that I overlooked.


1)      I made a new group called VNC.  Its type is “Balancing”, and I set the max # of connections to 10 and the max per user to 2.  I did not check “Enable Session Affinity”.

2)      Under that group, I made 2 VNC connections.  They both have the same IP address, but the first connection has port 5901 and second has port 5902.

3)      I assign the VNC group to a user and have them try it.

When the user clicks on VNC in their available connections list, they get an error stating that there was an internal Guacamole error.  /var/log/messages shows the following:

ERROR: o.a.g.s.GuacamoleHTTPTunnelServlet: HTTP tunnel request failed: Non-numeric character in element length

So, where do we go from here?

Thanks,
Harry


From: Nick Couchman [mailto:vnick@apache.org]
Sent: Wednesday, January 31, 2018 2:37 PM
To: user@guacamole.apache.org
Subject: Re: Dynamic VNC connections

On Wed, Jan 31, 2018 at 2:33 PM, <ha...@faa.gov>> wrote:
Is it possible to have 1 VNC connection that is configured in such a way that when user A logs he, they connection to the first port, then when user B logs into the same connection, they connect to the next available port?  Our users have a server that is running VNC on quite a few ports, and we don’t want to have to have a separate connection to each one.  Plus, with separate connections, the users connecting would have no way of knowing what is open and what is in use.  At least, no way we can see at the moment.


I can think of two ways you can accomplish this:
- Exclusively in Guacamole, you could use a Connection Group, of the Load Balancing Type, and create separate connections under that group.  You can then expose only the Connection Group to the end users, so that they have a single place to click, but each connect under it can have a different port number.  If you do this you can set the max number of connections and max connections per user to 1 for each of the connections, which should prevent Guacamole from handing the same underlying connection to more than one user.
- If you don't want to go that route, you could use something like haproxy to create a load balancer in front of the back-end servers, such that every connection from Guacamole goes to haproxy, and then haproxy takes care of balancing it to the back-end server/port combos.  Like the Guacamole route, you'd want to configure each of the haproxy back-ends such that it only allows a single connection to it.  I've done similar to Windows 7 Enterprise and RDP.

-Nick

RE: Dynamic VNC connections

[ha...@faa.gov]

I think that was it.  I had the IP and port under Network on the first connection, and had the IP and port under GUACD on the other. Looks OK when I just corrected it and re-tested.

Thanks,
Harry

From: Nick Couchman [mailto:vnick@apache.org]
Sent: Thursday, February 01, 2018 11:36 AM
To: user@guacamole.apache.org
Subject: Re: Dynamic VNC connections


On Thu, Feb 1, 2018 at 11:05 <ha...@faa.gov>> wrote:
I tried that, and its not working.  Let me describe how I have things set up, and hopefully its just something that I overlooked.


1)      I made a new group called VNC.  Its type is “Balancing”, and I set the max # of connections to 10 and the max per user to 2.  I did not check “Enable Session Affinity”.

2)      Under that group, I made 2 VNC connections.  They both have the same IP address, but the first connection has port 5901 and second has port 5902.

3)      I assign the VNC group to a user and have them try it.

When the user clicks on VNC in their available connections list, they get an error stating that there was an internal Guacamole error.  /var/log/messages shows the following:

ERROR: o.a.g.s.GuacamoleHTTPTunnelServlet: HTTP tunnel request failed: Non-numeric character in element length

I know it's simple and may sound silly, but can you double-check that when you put the VNC server and port number into the connections that you put it in the VNC connection properties and *not* in the box for the Guacamole server and port number?  There's been some discussion that the location of the Guacamole server/port configuration boxes are placed in a slightly-unfortunate place where people often enter the target server information in the wrong place.

-Nick

Re: Dynamic VNC connections

[Nick Couchman <vn...@apache.org>]

On Thu, Feb 1, 2018 at 11:05 <ha...@faa.gov> wrote:

> I tried that, and its not working.  Let me describe how I have things set
> up, and hopefully its just something that I overlooked.
>
>
>
> 1)      I made a new group called VNC.  Its type is “Balancing”, and I
> set the max # of connections to 10 and the max per user to 2.  I did not
> check “Enable Session Affinity”.
>
> 2)      Under that group, I made 2 VNC connections.  They both have the
> same IP address, but the first connection has port 5901 and second has port
> 5902.
>
> 3)      I assign the VNC group to a user and have them try it.
>
>
>
> When the user clicks on VNC in their available connections list, they get
> an error stating that there was an internal Guacamole error.
> /var/log/messages shows the following:
>
>
>
> ERROR: o.a.g.s.GuacamoleHTTPTunnelServlet: HTTP tunnel request failed:
> Non-numeric character in element length
>
>
I know it's simple and may sound silly, but can you double-check that when
you put the VNC server and port number into the connections that you put it
in the VNC connection properties and *not* in the box for the Guacamole
server and port number?  There's been some discussion that the location of
the Guacamole server/port configuration boxes are placed in a
slightly-unfortunate place where people often enter the target server
information in the wrong place.

-Nick

>