Users authenticating but unable to login to RDP Server

[Erik Berndt <er...@superiorpaving.net.INVALID>]

Hello,

We are suddenly faced with users who are able to authenticate against the
Guacamole server, but the connecting isn't being passed through to the
Windows RDP server.

Relevant lines from catalina.out show

10:18:13.490 [http-nio-8080-exec-3] INFO
 o.a.g.r.auth.AuthenticationService - User "[redacted] successfully
authenticated from [redacted, redacted, 0:0:0:0:0:0:0:1].

After authentication, they receive a connection error message stating that
the connecting has been closed because the server is taking too long to
respond...

The user have no issue logging into the Windows RDP server natively and
there are no firewall rules in place that would prevent this (that I'm
aware of).

We're using v1.00. Does anyone have any guesses as to what could could be
causing this?

Thanks!

Erik Berndt

-- 


This
 e-mail and any files transmitted with it are confidential and are 

intended solely for the use of the individual or entity to whom they are
 
addressed.  If you are not the intended recipient or the person 

responsible for delivering the e-mail to the intended recipient, be 

advised that you have received this e-mail in error and that any use, 

dissemination, forwarding, printing or copying of this e-mail is 
strictly 
prohibited.  If you have received this e-mail in error, please 
immediately 
notify Superior Paving Corp. by telephone at (703) 
631-0004.  You will be 
reimbursed for reasonable costs incurred in 
notifying us.

Re: Users authenticating but unable to login to RDP Server

[Erik Berndt <er...@superiorpaving.net.INVALID>]

> Any network changes, security software, firewalls - anything like that
between the browsers and the Guacamole Client (Tomcat) server, or between
Tomcat and guacd?

No, both are running on the same server, so as far as I can tell
connectivity isn't an issue. The behavior occurs across different browsers
(Edge, Chrome, Firefox) and systems running AV or not.

Erik Berndt / Systems Administrator

On Fri, Aug 21, 2020 at 8:06 AM Nick Couchman <vn...@apache.org> wrote:

> On Mon, Aug 17, 2020 at 11:45 AM Erik Berndt
> <er...@superiorpaving.net.invalid> wrote:
>
>> It's Ubuntu 16.04. This is the output of journalctl -u guacd.service -f
>>
>> Aug 17 08:22:38 www.superiorpaving.net guacd[15410]: All supported
>> devices sent.
>> Aug 17 08:22:38 www.superiorpaving.net guacd[15410]: Device 0 (Guacamole
>> Printer) connected successfully
>> Aug 17 08:22:38 www.superiorpaving.net guacd[15410]: Device 1 (Guacamole
>> Filesystem) connected successfully
>> Aug 17 08:26:33 www.superiorpaving.net guacd[15410]: User is not
>> responding.
>>
>
> This seems to be the issue, here, though it's not really clear why this is
> happening.  Not sure if it's a communication issue between the Tomcat
> process and guacd, or between the browsers and Tomcat, but something is
> causing guacd to give up because it isn't receiving any updates from the
> client.
>
> Any network changes, security software, firewalls - anything like that
> between the browsers and the Guacamole Client (Tomcat) server, or between
> Tomcat and guacd?
>
> -Nick
>

-- 


This
 e-mail and any files transmitted with it are confidential and are 

intended solely for the use of the individual or entity to whom they are
 
addressed.  If you are not the intended recipient or the person 

responsible for delivering the e-mail to the intended recipient, be 

advised that you have received this e-mail in error and that any use, 

dissemination, forwarding, printing or copying of this e-mail is 
strictly 
prohibited.  If you have received this e-mail in error, please 
immediately 
notify Superior Paving Corp. by telephone at (703) 
631-0004.  You will be 
reimbursed for reasonable costs incurred in 
notifying us.

Re: Users authenticating but unable to login to RDP Server

[Nick Couchman <vn...@apache.org>]

On Mon, Aug 17, 2020 at 11:45 AM Erik Berndt
<er...@superiorpaving.net.invalid> wrote:

> It's Ubuntu 16.04. This is the output of journalctl -u guacd.service -f
>
> Aug 17 08:22:38 www.superiorpaving.net guacd[15410]: All supported
> devices sent.
> Aug 17 08:22:38 www.superiorpaving.net guacd[15410]: Device 0 (Guacamole
> Printer) connected successfully
> Aug 17 08:22:38 www.superiorpaving.net guacd[15410]: Device 1 (Guacamole
> Filesystem) connected successfully
> Aug 17 08:26:33 www.superiorpaving.net guacd[15410]: User is not
> responding.
>

This seems to be the issue, here, though it's not really clear why this is
happening.  Not sure if it's a communication issue between the Tomcat
process and guacd, or between the browsers and Tomcat, but something is
causing guacd to give up because it isn't receiving any updates from the
client.

Any network changes, security software, firewalls - anything like that
between the browsers and the Guacamole Client (Tomcat) server, or between
Tomcat and guacd?

-Nick

Re: Users authenticating but unable to login to RDP Server

[Erik Berndt <er...@superiorpaving.net.INVALID>]

It's Ubuntu 16.04. This is the output of journalctl -u guacd.service -f

Aug 17 08:22:38 www.superiorpaving.net guacd[15410]: All supported devices
sent.
Aug 17 08:22:38 www.superiorpaving.net guacd[15410]: Device 0 (Guacamole
Printer) connected successfully
Aug 17 08:22:38 www.superiorpaving.net guacd[15410]: Device 1 (Guacamole
Filesystem) connected successfully
Aug 17 08:26:33 www.superiorpaving.net guacd[15410]: User is not responding.
Aug 17 08:26:33 www.superiorpaving.net guacd[15410]: User
"@762ba9a6-9e8e-492f-94e8-d1fcf35a3978" disconnected (0 users remain)
Aug 17 08:26:33 www.superiorpaving.net guacd[15410]: Last user of
connection "$c84cc536-2af8-4859-be05-3d3fed46baaf" disconnected
Aug 17 08:26:33 www.superiorpaving.net guacd[15410]: Unloading device 0
(Guacamole Printer)
Aug 17 08:26:33 www.superiorpaving.net guacd[15410]: Unloading device 1
(Guacamole Filesystem)
Aug 17 08:26:33 www.superiorpaving.net guacd[15410]: Internal RDP client
disconnected
Aug 17 08:26:33 www.superiorpaving.net guacd[15382]: Connection
"$c84cc536-2af8-4859-be05-3d3fed46baaf" removed.


Erik Berndt / Systems Administrator
5551 Wellington Rd, Gainesville, VA 20155
703.631.0004 x520 (Phone) / 703.257.1725 (Fax)
https://www.superiorpaving.net

Need to open an IT support ticket?
http://FixIT.superiorpaving.net/portal or FixIT@superiorpaving.net


On Mon, Aug 17, 2020 at 11:21 AM Nick Couchman <vn...@apache.org> wrote:

> On Mon, Aug 17, 2020 at 8:31 AM Erik Berndt-2
> <er...@superiorpaving.net.invalid> wrote:
>
>> Ghost_Knight wrote
>>
>>
>> guacd is running, but I don't see any output related to guacd under
>> syslog.
>> Is there somewhere else I could look?
>>
>>
> It really depends on your Linux distribution and how you have it
> installed.  The most common configurations are /var/log/messages and
> "journalctl".  However, if you're running in Docker, you'll need to get the
> container logs, which should contain the output.
>
> -Nick
>

-- 


This
 e-mail and any files transmitted with it are confidential and are 

intended solely for the use of the individual or entity to whom they are
 
addressed.  If you are not the intended recipient or the person 

responsible for delivering the e-mail to the intended recipient, be 

advised that you have received this e-mail in error and that any use, 

dissemination, forwarding, printing or copying of this e-mail is 
strictly 
prohibited.  If you have received this e-mail in error, please 
immediately 
notify Superior Paving Corp. by telephone at (703) 
631-0004.  You will be 
reimbursed for reasonable costs incurred in 
notifying us.

Re: Users authenticating but unable to login to RDP Server

[Nick Couchman <vn...@apache.org>]

On Mon, Aug 17, 2020 at 8:31 AM Erik Berndt-2
<er...@superiorpaving.net.invalid> wrote:

> Ghost_Knight wrote
>
>
> guacd is running, but I don't see any output related to guacd under syslog.
> Is there somewhere else I could look?
>
>
It really depends on your Linux distribution and how you have it
installed.  The most common configurations are /var/log/messages and
"journalctl".  However, if you're running in Docker, you'll need to get the
container logs, which should contain the output.

-Nick

Re: Users authenticating but unable to login to RDP Server

[Erik Berndt-2 <er...@superiorpaving.net.INVALID>]

Ghost_Knight wrote
> In addition to Nick’s comment, what parameters are set for the RDP
> connection in the Web UI?  Mainly looking at the username/password fields.
> 
> The RDP connection is using NLA with ${GUAC_USERNAME} and ${GUAC_PASSWORD}
> for the username/password fields. There is no change here and this was
> working previously. I did notice that the unsuccessful connections are
> logged under the admin console as successful (albeit for 0:00 seconds :)
> 
> On Sun, Aug 16, 2020 at 7:57 PM Nick Couchman <

> vnick@

> > wrote:
> 
>> On Fri, Aug 14, 2020 at 10:25 AM Erik Berndt
>> <

> erikberndt@.net

> > wrote:
>>
>>> Hello,
>>>
>>> We are suddenly faced with users who are able to authenticate against
>>> the
>>> Guacamole server, but the connecting isn't being passed through to the
>>> Windows RDP server.
>>>
>>> Relevant lines from catalina.out show
>>>
>>> 10:18:13.490 [http-nio-8080-exec-3] INFO
>>>  o.a.g.r.auth.AuthenticationService - User "[redacted] successfully
>>> authenticated from [redacted, redacted, 0:0:0:0:0:0:0:1].
>>>
>>> After authentication, they receive a connection error message stating
>>> that the connecting has been closed because the server is taking too
>>> long
>>> to respond...
>>>
>>> The user have no issue logging into the Windows RDP server natively and
>>> there are no firewall rules in place that would prevent this (that I'm
>>> aware of).
>>>
>>> We're using v1.00. Does anyone have any guesses as to what could could
>>> be
>>> causing this?
>>>
>>>
>> I'd say the first thing to check is to make sure guacd is actually
>> running.  If users can log in to the Web interface, then Tomcat is
>> running,
>> but guacd might be stopped/dead and that could cause the issue you're
>> seeing.
>>
>> Beyond that, look at the log output of guacd (generally logged to syslog)
>> and see what errors are showing up there.
>>
>> -Nick
>>
>>
>>


vnick wrote
> On Fri, Aug 14, 2020 at 10:25 AM Erik Berndt
> <

> erikberndt@.net

> > wrote:
> 
>> Hello,
>>
>> We are suddenly faced with users who are able to authenticate against the
>> Guacamole server, but the connecting isn't being passed through to the
>> Windows RDP server.
>>
>> Relevant lines from catalina.out show
>>
>> 10:18:13.490 [http-nio-8080-exec-3] INFO
>>  o.a.g.r.auth.AuthenticationService - User "[redacted] successfully
>> authenticated from [redacted, redacted, 0:0:0:0:0:0:0:1].
>>
>> After authentication, they receive a connection error message stating
>> that
>> the connecting has been closed because the server is taking too long to
>> respond...
>>
>> The user have no issue logging into the Windows RDP server natively and
>> there are no firewall rules in place that would prevent this (that I'm
>> aware of).
>>
>> We're using v1.00. Does anyone have any guesses as to what could could be
>> causing this?
>>
>>
> I'd say the first thing to check is to make sure guacd is actually
> running.  If users can log in to the Web interface, then Tomcat is
> running,
> but guacd might be stopped/dead and that could cause the issue you're
> seeing.
> 
> Beyond that, look at the log output of guacd (generally logged to syslog)
> and see what errors are showing up there.
> 
> -Nick

guacd is running, but I don't see any output related to guacd under syslog.
Is there somewhere else I could look?



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Users authenticating but unable to login to RDP Server

[Tim Worcester <ti...@gmail.com>]

In addition to Nick’s comment, what parameters are set for the RDP
connection in the Web UI?  Mainly looking at the username/password fields.

On Sun, Aug 16, 2020 at 7:57 PM Nick Couchman <vn...@apache.org> wrote:

> On Fri, Aug 14, 2020 at 10:25 AM Erik Berndt
> <er...@superiorpaving.net.invalid> wrote:
>
>> Hello,
>>
>> We are suddenly faced with users who are able to authenticate against the
>> Guacamole server, but the connecting isn't being passed through to the
>> Windows RDP server.
>>
>> Relevant lines from catalina.out show
>>
>> 10:18:13.490 [http-nio-8080-exec-3] INFO
>>  o.a.g.r.auth.AuthenticationService - User "[redacted] successfully
>> authenticated from [redacted, redacted, 0:0:0:0:0:0:0:1].
>>
>> After authentication, they receive a connection error message stating
>> that the connecting has been closed because the server is taking too long
>> to respond...
>>
>> The user have no issue logging into the Windows RDP server natively and
>> there are no firewall rules in place that would prevent this (that I'm
>> aware of).
>>
>> We're using v1.00. Does anyone have any guesses as to what could could be
>> causing this?
>>
>>
> I'd say the first thing to check is to make sure guacd is actually
> running.  If users can log in to the Web interface, then Tomcat is running,
> but guacd might be stopped/dead and that could cause the issue you're
> seeing.
>
> Beyond that, look at the log output of guacd (generally logged to syslog)
> and see what errors are showing up there.
>
> -Nick
>
>
>

Re: Users authenticating but unable to login to RDP Server

[Nick Couchman <vn...@apache.org>]

On Fri, Aug 14, 2020 at 10:25 AM Erik Berndt
<er...@superiorpaving.net.invalid> wrote:

> Hello,
>
> We are suddenly faced with users who are able to authenticate against the
> Guacamole server, but the connecting isn't being passed through to the
> Windows RDP server.
>
> Relevant lines from catalina.out show
>
> 10:18:13.490 [http-nio-8080-exec-3] INFO
>  o.a.g.r.auth.AuthenticationService - User "[redacted] successfully
> authenticated from [redacted, redacted, 0:0:0:0:0:0:0:1].
>
> After authentication, they receive a connection error message stating that
> the connecting has been closed because the server is taking too long to
> respond...
>
> The user have no issue logging into the Windows RDP server natively and
> there are no firewall rules in place that would prevent this (that I'm
> aware of).
>
> We're using v1.00. Does anyone have any guesses as to what could could be
> causing this?
>
>
I'd say the first thing to check is to make sure guacd is actually
running.  If users can log in to the Web interface, then Tomcat is running,
but guacd might be stopped/dead and that could cause the issue you're
seeing.

Beyond that, look at the log output of guacd (generally logged to syslog)
and see what errors are showing up there.

-Nick