You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by chomik MChamster <tu...@gmail.com> on 2022/03/03 23:22:51 UTC
Re: GUAC_ID is required
Apologies for late response but due to other projects taking priority I had
little time to troubleshoot this further.
Here is a high level overview of my setup
ubuntu 20.04 box running guacamole v1.4, mysql, nginx proxy for ssl and
using saml authentication. There is also an Azure App proxy for access from
outside. I know how this is going to sound but I deployed all three
instances using the same steps. 2 are working fine and 1 is having issues.
The troublesome instance is working fine without SAML using mysql
authentication and by working fine I mean I can rdp or ssh into other
servers with it.
Once I turn on saml I can still authenticate and login into the Guacamole
but I cannot rdp nor ssh into any of the servers. Not sure if I've chosen
the correct snippet to include but here is the error that I am not seeing
on the other two instances:
From /var/log/syslog:
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.120
[http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.ConnectionMapper.select - ==>
Parameters: 2(String), 2(String), 2(String)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.123
[http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.ConnectionMapper.select - <==
Total: 1
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.123
[http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.ConnectionMapper.select - <==
Total: 0
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
[http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.ConnectionMapper.select - <==
Total: 0
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
[http-nio-8080-exec-3] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting
autocommit to true on JDBC Connection
[com.mysql.cj.jdbc.ConnectionImpl@60edc299]
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
[http-nio-8080-exec-3] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC
Connection [com.mysql.cj.jdbc.ConnectionImpl@60edc299]
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
[http-nio-8080-exec-3] DEBUG o.a.i.d.pooled.PooledDataSource - Testing
connection 1626194585 ...
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
[http-nio-8080-exec-3] DEBUG o.a.i.d.pooled.PooledDataSource - Connection
1626194585 is GOOD!
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
[http-nio-8080-exec-3] DEBUG o.a.i.d.pooled.PooledDataSource - Returned
connection 1626194585 to pool.
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.719
[http-nio-8080-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint -
Creation of WebSocket tunnel to guacd failed: Parameter "GUAC_ID" is
required.
Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.719
[http-nio-8080-exec-2] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint -
Error connecting WebSocket tunnel.
Mar 3 23:01:02 guacamole02 tomcat9[16530]:
org.apache.guacamole.GuacamoleClientException: Parameter "GUAC_ID" is
required.
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.guacamole.tunnel.TunnelRequest.getRequiredParameter(TunnelRequest.java:144)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.guacamole.tunnel.TunnelRequest.getIdentifier(TunnelRequest.java:247)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:335)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:917)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
java.base/java.lang.Thread.run(Thread.java:829)
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.725
[http-nio-8080-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor -
[Intercepted method: public java.util.Set<java.lang.String>
org.apache.guacamole.auth.jdbc.base.EntityService.retrieveEffectiveGroups(org.apache.guacamole.auth.jdbc.base.ModeledPermissions<?
extends
org.apache.guacamole.auth.jdbc.base.EntityModel>,java.util.Collection<java.lang.String>)]
- SqlSession not set for thread: 28, creating a new one
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.726
[http-nio-8080-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC
Connection
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.726
[http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out
connection 2111520074 from pool.
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.726
[http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing
connection 2111520074 ...
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.727
[http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection
2111520074 is GOOD!
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.727
[http-nio-8080-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting
autocommit to false on JDBC Connection
[com.mysql.cj.jdbc.ConnectionImpl@7ddb3d4a]
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.728
[http-nio-8080-exec-10] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment -
Database recognized as MySQL 8.0.28.
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.728
[http-nio-8080-exec-10] DEBUG o.a.g.a.j.b.E.selectEffectiveGroupIdentifiers
- ==> Preparing: WITH RECURSIVE related_entity(entity_id) AS ( SELECT
guacamole_user_group.entity_id FROM guacamole_user_group JOIN
guacamole_user_group_member ON guacamole_user_group.user_group_id =
guacamole_user_group_member.user_group_id WHERE
guacamole_user_group_member.member_entity_id = ? AND
guacamole_user_group.disabled = false UNION SELECT
guacamole_user_group.entity_id FROM related_entity JOIN
guacamole_user_group_member ON related_entity.entity_id =
guacamole_user_group_member.member_entity_id JOIN guacamole_user_group ON
guacamole_user_group.user_group_id =
guacamole_user_group_member.user_group_id WHERE
guacamole_user_group.disabled = false ) SELECT name FROM related_entity
JOIN guacamole_entity ON related_entity.entity_id =
guacamole_entity.entity_id WHERE guacamole_entity.type = 'USER_GROUP';
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.729
[http-nio-8080-exec-10] DEBUG o.a.g.a.j.b.E.selectEffectiveGroupIdentifiers
- ==> Parameters: 8(Integer)
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.730
[http-nio-8080-exec-10] DEBUG o.a.g.a.j.b.E.selectEffectiveGroupIdentifiers
- <== Total: 0
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.730
[http-nio-8080-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor -
[Intercepted method: public java.util.Set<java.lang.String>
org.apache.guacamole.auth.jdbc.base.EntityService.retrieveEffectiveGroups(org.apache.guacamole.auth.jdbc.base.ModeledPermissions<?
extends
org.apache.guacamole.auth.jdbc.base.EntityModel>,java.util.Collection<java.lang.String>)]
- SqlSession of thread: 28 committing
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.731
[http-nio-8080-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor -
[Intercepted method: public java.util.Set<java.lang.String>
org.apache.guacamole.auth.jdbc.base.EntityService.retrieveEffectiveGroups(org.apache.guacamole.auth.jdbc.base.ModeledPermissions<?
extends
org.apache.guacamole.auth.jdbc.base.EntityModel>,java.util.Collection<java.lang.String>)]
- SqlSession of thread: 28 terminated its life-cycle, closing it
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.731
[http-nio-8080-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting
autocommit to true on JDBC Connection
[com.mysql.cj.jdbc.ConnectionImpl@7ddb3d4a]
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.731
[http-nio-8080-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC
Connection [com.mysql.cj.jdbc.ConnectionImpl@7ddb3d4a]
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.732
[http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing
connection 2111520074 ...
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.732
[http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection
2111520074 is GOOD!
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.732
[http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned
connection 2111520074 to pool.
Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.733
[http-nio-8080-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor -
[Intercepted method: public java.util.Set<java.lang.String>
org.apache.guacamole.auth.jdbc.base.EntityService.retrieveEffectiveGroups(org.apache.guacamole.auth.jdbc.base.ModeledPermissions<?
extends
org.apache.guacamole.auth.jdbc.base.EntityModel>,java.util.Collection<java.lang.String>)]
- SqlSession not set for thread: 28, creating a new one
The browser just hangs there with "Connected to Guacamole. Waiting for
response..." text and from time to time I can see the yellow square in the
bottom right corner saying connection to the guacamole server is unstable.
Each Guacamole server is using different Azure proxy and URLs in the config
of each respective one point to the correct server(s). Here is the example
of my guacamole.properties on each server:
guacd-hostname: localhost
guacd-port: 4822
user-mapping: /etc/guacamole/user-mapping.xml
auth-provider:
net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
extension-priority: saml
# MySQL properties
mysql-hostname: localhost
mysql-port: edited out
mysql-database: edited out
mysql-username: edited out
mysql-password: edited out
mysql-auto-create-accounts: true
mysql-server-timezone: Etc/UTC
saml-idp-metadata-url: edited out
saml-idp-url: edited out
saml-entity-id: https://server.example.com/ - edited out but has this
structure
saml-callback-url: https://server.example.com/ - edited out but has this
structure
saml-strict: false
saml-debug: true
saml-group-attribute: Roles
What is really annoying is that I deployed the first server, configured it
and it's working just fine. Then I repeated the same steps and deployed the
second server and this was also fine. The third server (now deployed for
the twentieth time) isn't cooperating.
I am lost as to what could be the problem.
Any thoughts are much appreciated.
Thanks
On Wed, 9 Feb 2022 at 17:03, Mike Jumper <mj...@apache.org> wrote:
> On Wed, Feb 9, 2022 at 8:12 AM chomik MChamster <tu...@gmail.com>
> wrote:
>
>> Hi Experts,
>>
>> I have three instances of guacamole, deployed using the steps from the
>> official guacamole manual with mysql and saml authentication.
>> From one of those instances I am getting the "GUAC_ID is required" error:
>>
>> tomcat9[505209]: 15:53:04.502 [http-nio-8080-exec-3] DEBUG
>> o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket
>> tunnel.
>> tomcat9[505209]: org.apache.guacamole.GuacamoleClientException: Parameter
>> "GUAC_ID" is required.
>>
>> I did read through this thread -
>> https://www.mail-archive.com/user@guacamole.apache.org/msg07521.html but
>> I'm not a developer, nor am I building a custom app or anything like that
>> (as far as I can tell). The strangest thing to me is that I deployed all
>> three instances following the same process. I have checked the
>> guacamole.properties as well as SAML authentication settings on Azure side
>> but am unable to find the apparent issue.
>> Wondering if you could point me to what could be the reason for this
>> error and/or maybe help me understand where is this GUAC_ID taken or
>> generated from.
>>
>
> That parameter, as well as several others, dictate the details of the
> request to connect. They are always automatically submitted by the web
> application.
>
> Are your three instances behind a balancer? Any chance they may be
> different versions, and requests from one are being misrouted by the
> balancer to another?
>
> Are you sure that this error is coming from legitimate connection
> attempts, and not bogus WebSocket connection attempts from someone probing
> your server?
>
> - Mike
>
>
Re: GUAC_ID is required
Posted by chomik MChamster <tu...@gmail.com>.
Howdy,
Just to let you know I was able to narrow down the problem - there is
something in the Azure app proxy connector group setting which was causing
my issue. Once I switched to using the connector group which the other two
instances were set to the problem disappeared. Still not a clue what the
exact problem is there, but that's beyond my pay grade and to be looked at
by someone who actually knows Azure and what to do.
Just thought I share this to avoid you guys wasting more time.
Great app, great support. Thanks again and keep up the good work!
T
On Thu, 3 Mar 2022 at 23:22, chomik MChamster <tu...@gmail.com>
wrote:
> Apologies for late response but due to other projects taking priority I
> had little time to troubleshoot this further.
> Here is a high level overview of my setup
>
> ubuntu 20.04 box running guacamole v1.4, mysql, nginx proxy for ssl and
> using saml authentication. There is also an Azure App proxy for access from
> outside. I know how this is going to sound but I deployed all three
> instances using the same steps. 2 are working fine and 1 is having issues.
> The troublesome instance is working fine without SAML using mysql
> authentication and by working fine I mean I can rdp or ssh into other
> servers with it.
> Once I turn on saml I can still authenticate and login into the Guacamole
> but I cannot rdp nor ssh into any of the servers. Not sure if I've chosen
> the correct snippet to include but here is the error that I am not seeing
> on the other two instances:
> From /var/log/syslog:
>
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.120
> [http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.ConnectionMapper.select - ==>
> Parameters: 2(String), 2(String), 2(String)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.123
> [http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.ConnectionMapper.select - <==
> Total: 1
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.123
> [http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.ConnectionMapper.select - <==
> Total: 0
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
> [http-nio-8080-exec-3] DEBUG o.a.g.a.j.c.ConnectionMapper.select - <==
> Total: 0
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
> [http-nio-8080-exec-3] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting
> autocommit to true on JDBC Connection
> [com.mysql.cj.jdbc.ConnectionImpl@60edc299]
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
> [http-nio-8080-exec-3] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC
> Connection [com.mysql.cj.jdbc.ConnectionImpl@60edc299]
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
> [http-nio-8080-exec-3] DEBUG o.a.i.d.pooled.PooledDataSource - Testing
> connection 1626194585 ...
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
> [http-nio-8080-exec-3] DEBUG o.a.i.d.pooled.PooledDataSource - Connection
> 1626194585 is GOOD!
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.124
> [http-nio-8080-exec-3] DEBUG o.a.i.d.pooled.PooledDataSource - Returned
> connection 1626194585 to pool.
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.719
> [http-nio-8080-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint -
> Creation of WebSocket tunnel to guacd failed: Parameter "GUAC_ID" is
> required.
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: 23:01:02.719
> [http-nio-8080-exec-2] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint -
> Error connecting WebSocket tunnel.
> Mar 3 23:01:02 guacamole02 tomcat9[16530]:
> org.apache.guacamole.GuacamoleClientException: Parameter "GUAC_ID" is
> required.
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.guacamole.tunnel.TunnelRequest.getRequiredParameter(TunnelRequest.java:144)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.guacamole.tunnel.TunnelRequest.getIdentifier(TunnelRequest.java:247)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:335)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:200)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:133)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:917)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> Mar 3 23:01:02 guacamole02 tomcat9[16530]: #011at
> java.base/java.lang.Thread.run(Thread.java:829)
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.725
> [http-nio-8080-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor -
> [Intercepted method: public java.util.Set<java.lang.String>
> org.apache.guacamole.auth.jdbc.base.EntityService.retrieveEffectiveGroups(org.apache.guacamole.auth.jdbc.base.ModeledPermissions<?
> extends
> org.apache.guacamole.auth.jdbc.base.EntityModel>,java.util.Collection<java.lang.String>)]
> - SqlSession not set for thread: 28, creating a new one
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.726
> [http-nio-8080-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC
> Connection
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.726
> [http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out
> connection 2111520074 from pool.
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.726
> [http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing
> connection 2111520074 ...
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.727
> [http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection
> 2111520074 is GOOD!
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.727
> [http-nio-8080-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting
> autocommit to false on JDBC Connection
> [com.mysql.cj.jdbc.ConnectionImpl@7ddb3d4a]
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.728
> [http-nio-8080-exec-10] DEBUG o.a.g.a.mysql.conf.MySQLEnvironment -
> Database recognized as MySQL 8.0.28.
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.728
> [http-nio-8080-exec-10] DEBUG o.a.g.a.j.b.E.selectEffectiveGroupIdentifiers
> - ==> Preparing: WITH RECURSIVE related_entity(entity_id) AS ( SELECT
> guacamole_user_group.entity_id FROM guacamole_user_group JOIN
> guacamole_user_group_member ON guacamole_user_group.user_group_id =
> guacamole_user_group_member.user_group_id WHERE
> guacamole_user_group_member.member_entity_id = ? AND
> guacamole_user_group.disabled = false UNION SELECT
> guacamole_user_group.entity_id FROM related_entity JOIN
> guacamole_user_group_member ON related_entity.entity_id =
> guacamole_user_group_member.member_entity_id JOIN guacamole_user_group ON
> guacamole_user_group.user_group_id =
> guacamole_user_group_member.user_group_id WHERE
> guacamole_user_group.disabled = false ) SELECT name FROM related_entity
> JOIN guacamole_entity ON related_entity.entity_id =
> guacamole_entity.entity_id WHERE guacamole_entity.type = 'USER_GROUP';
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.729
> [http-nio-8080-exec-10] DEBUG o.a.g.a.j.b.E.selectEffectiveGroupIdentifiers
> - ==> Parameters: 8(Integer)
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.730
> [http-nio-8080-exec-10] DEBUG o.a.g.a.j.b.E.selectEffectiveGroupIdentifiers
> - <== Total: 0
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.730
> [http-nio-8080-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor -
> [Intercepted method: public java.util.Set<java.lang.String>
> org.apache.guacamole.auth.jdbc.base.EntityService.retrieveEffectiveGroups(org.apache.guacamole.auth.jdbc.base.ModeledPermissions<?
> extends
> org.apache.guacamole.auth.jdbc.base.EntityModel>,java.util.Collection<java.lang.String>)]
> - SqlSession of thread: 28 committing
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.731
> [http-nio-8080-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor -
> [Intercepted method: public java.util.Set<java.lang.String>
> org.apache.guacamole.auth.jdbc.base.EntityService.retrieveEffectiveGroups(org.apache.guacamole.auth.jdbc.base.ModeledPermissions<?
> extends
> org.apache.guacamole.auth.jdbc.base.EntityModel>,java.util.Collection<java.lang.String>)]
> - SqlSession of thread: 28 terminated its life-cycle, closing it
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.731
> [http-nio-8080-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting
> autocommit to true on JDBC Connection
> [com.mysql.cj.jdbc.ConnectionImpl@7ddb3d4a]
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.731
> [http-nio-8080-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC
> Connection [com.mysql.cj.jdbc.ConnectionImpl@7ddb3d4a]
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.732
> [http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing
> connection 2111520074 ...
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.732
> [http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection
> 2111520074 is GOOD!
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.732
> [http-nio-8080-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned
> connection 2111520074 to pool.
> Mar 3 23:01:03 guacamole02 tomcat9[16530]: 23:01:03.733
> [http-nio-8080-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor -
> [Intercepted method: public java.util.Set<java.lang.String>
> org.apache.guacamole.auth.jdbc.base.EntityService.retrieveEffectiveGroups(org.apache.guacamole.auth.jdbc.base.ModeledPermissions<?
> extends
> org.apache.guacamole.auth.jdbc.base.EntityModel>,java.util.Collection<java.lang.String>)]
> - SqlSession not set for thread: 28, creating a new one
>
>
> The browser just hangs there with "Connected to Guacamole. Waiting for
> response..." text and from time to time I can see the yellow square in the
> bottom right corner saying connection to the guacamole server is unstable.
>
> Each Guacamole server is using different Azure proxy and URLs in the
> config of each respective one point to the correct server(s). Here is the
> example of my guacamole.properties on each server:
>
> guacd-hostname: localhost
> guacd-port: 4822
> user-mapping: /etc/guacamole/user-mapping.xml
> auth-provider:
> net.sourceforge.guacamole.net.basic.BasicFileAuthenticationProvider
> extension-priority: saml
>
> # MySQL properties
> mysql-hostname: localhost
> mysql-port: edited out
> mysql-database: edited out
> mysql-username: edited out
> mysql-password: edited out
> mysql-auto-create-accounts: true
> mysql-server-timezone: Etc/UTC
>
> saml-idp-metadata-url: edited out
> saml-idp-url: edited out
> saml-entity-id: https://server.example.com/ - edited out but has this
> structure
> saml-callback-url: https://server.example.com/ - edited out but has this
> structure
> saml-strict: false
> saml-debug: true
> saml-group-attribute: Roles
>
> What is really annoying is that I deployed the first server, configured it
> and it's working just fine. Then I repeated the same steps and deployed the
> second server and this was also fine. The third server (now deployed for
> the twentieth time) isn't cooperating.
> I am lost as to what could be the problem.
>
> Any thoughts are much appreciated.
>
> Thanks
>
> On Wed, 9 Feb 2022 at 17:03, Mike Jumper <mj...@apache.org> wrote:
>
>> On Wed, Feb 9, 2022 at 8:12 AM chomik MChamster <tu...@gmail.com>
>> wrote:
>>
>>> Hi Experts,
>>>
>>> I have three instances of guacamole, deployed using the steps from the
>>> official guacamole manual with mysql and saml authentication.
>>> From one of those instances I am getting the "GUAC_ID is required" error:
>>>
>>> tomcat9[505209]: 15:53:04.502 [http-nio-8080-exec-3] DEBUG
>>> o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket
>>> tunnel.
>>> tomcat9[505209]: org.apache.guacamole.GuacamoleClientException:
>>> Parameter "GUAC_ID" is required.
>>>
>>> I did read through this thread -
>>> https://www.mail-archive.com/user@guacamole.apache.org/msg07521.html
>>> but I'm not a developer, nor am I building a custom app or anything like
>>> that (as far as I can tell). The strangest thing to me is that I deployed
>>> all three instances following the same process. I have checked the
>>> guacamole.properties as well as SAML authentication settings on Azure side
>>> but am unable to find the apparent issue.
>>> Wondering if you could point me to what could be the reason for this
>>> error and/or maybe help me understand where is this GUAC_ID taken or
>>> generated from.
>>>
>>
>> That parameter, as well as several others, dictate the details of the
>> request to connect. They are always automatically submitted by the web
>> application.
>>
>> Are your three instances behind a balancer? Any chance they may be
>> different versions, and requests from one are being misrouted by the
>> balancer to another?
>>
>> Are you sure that this error is coming from legitimate connection
>> attempts, and not bogus WebSocket connection attempts from someone probing
>> your server?
>>
>> - Mike
>>
>>