[Support] jasonbean - Apache Guacamole

Taddeusz

By Taddeusz
in Docker Containers

Taddeusz
Message added by Taddeusz,

Before upgrading to 1.5.0 you need to have first upgraded to 1.4.0-3 of the container. I discovered that prior to 1.4.0-3 it was not shutting down MariaDB correctly and causing the database to be left in a dirty state.

 

If after upgrading to 1.5.0 you discover that MariaDB is stopping and the log mentions something about needing to open the database in an older version of MariaDB you should downgrade specifically to 1.4.0-3, start the container and make sure it's running correctly. Then you may upgrade to 1.5.0.

Recommended Posts

  • Replies 1.1k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Taddeusz
Taddeusz

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, SSH, and Telnet. This docker primarily has a MariaDB (MySQL) database built-in for authentication

Taddeusz
Taddeusz

I just wanted to post an update about my progress with 1.5.5. It was a busy weekend but I did get a chance to work on it. I ran into an issue that I'm trying to figure out but I think I'll be able to

Taddeusz
Taddeusz

We're getting closer to Guacamole 1.5.0. They've released RC1.

Posted Images

Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
3 hours ago, Urbanpixels said:

Existing connections which worked before the upgrade do not work now. 

 

Creating a new connection also does not work via VNC. Both are connecting to TightVNC server with no username only password. 

 

I can only get to the VM's now with RDP which works fine. VNC does not.


What OS’s are these connections to?

Link to comment
FabienN Noob

FabienN

Posted
Posted (edited)
3 hours ago, Urbanpixels said:

Existing connections which worked before the upgrade do not work now. 

 

Creating a new connection also does not work via VNC. Both are connecting to TightVNC server with no username only password. 

 

I can only get to the VM's now with RDP which works fine. VNC does not.

Same here, can't use tightvnc. RDP works fine :/

 

Without password it works, but with password it fail... 

 

Edit : for Taddeusz => Windows 10 & 11 connections

Edited by FabienN
Link to comment
Kamvas Noob

Kamvas

Posted
Posted (edited)
3 hours ago, Urbanpixels said:

Existing connections which worked before the upgrade do not work now. 

 

Creating a new connection also does not work via VNC. Both are connecting to TightVNC server with no username only password. 

 

I can only get to the VM's now with RDP which works fine. VNC does not.

I have the same issue after a docker update i could no longer connect to my vnc servers and i have tried everything, even new container with fresh install.

Before the update i was able to connect to my local network and remote VNC servers.

also, i confirm that with RDP i can connect without a problem

 

46 minutes ago, Taddeusz said:


What OS’s are these connections to?

i have installed vnc to windows 7, windows 10 & windows 11 machines and i could not establish any connection at all via VNC after the update 22/03/2023 (or 21/03/2023).

i have the same errors as mentioned in previous post 

guacd[171]: ERROR:      Unable to connect to VNC server.
guacd[171]: INFO:       User "@c" disconnected (0 users remain)
guacd[171]: INFO:       Last user of connection "$d" disconnected
guacd[24]: INFO:        Connection "$d" removed.

 

I have noticed (if this can help you narrow down the problem) that on my saved connections i have the password saved, so i tried to remove the saved password and see what will happen.

well it did ask me to enter the password but after the password i get disconected and got the above error in the log.

 

 

Edited by Kamvas
Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted

@Urbanpixels @FabienN @Kamvas I installed TightVNC server on my Windows 11 VM. I was able to connect to it through the Real VNC Viewer just fine so I know it was working. I started the VNC server with no password required. In Guacamole if I created the connection with NO port specified (blank port input box) it will not connect. It doesn't seem to assume port 5900 if no port is specified. If I specify port 5900 in the connection settings it successfully connects. I also did this test on 1.4.0 but have the same problem. If I don't specify a port it won't connect.

 

I'm not sure if this was able to reproduce your problem. I think the only thing I can say is to make sure both the IP and port are specified in the connection settings. I've been able to connect to any VNC server if I specify the port.

Link to comment
Urbanpixels Noob

Urbanpixels

Posted
Posted (edited)

I have the port specified in the connection (Windows 11 machines)

 

With no password set it works. 

 

With Password set, it does not. Ideally could this be fixed? i don't want a VNC connection running without a password. 

is it related to tightVNC not needing a username? just a password?

Edited by Urbanpixels
Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
45 minutes ago, Urbanpixels said:

I have the port specified in the connection (Windows 11 machines)

 

With no password set it works. 

 

With Password set, it does not. Ideally could this be fixed? i don't want a VNC connection running without a password. 

is it related to tightVNC not needing a username? just a password?

Looks like it's going to be fixed in 1.5.1. In their JIRA it's reported in GUACAMOLE-1741. It appears it's an incompatibility with the OpenSSL library so I hope the fix won't affect SSH.

  • Like 1
Link to comment
3dee Rookie

3dee

Posted
Posted

Hello guys,

 

I'm using Apache Guacamole successfully since a while now, but since 23th of May (not sure when the container updated), it cannot connect to my Windows 7 VM anymore.

  

guacd[24]: INFO:        Creating new client for protocol "rdp"
guacd[24]: INFO:        Connection ID is "$712d0578-a044-42d6-b9e9-27278c7b63e4"
guacd[322]: INFO:       Security mode: NLA
guacd[322]: INFO:       Resize method: display-update
guacd[322]: INFO:       No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
guacd[322]: INFO:       User "@dad3c51a-e6a3-420a-8964-6a883292e52b" joined connection "$712d0578-a044-42d6-b9e9-27278c7b63e4" (1 users now present)
guacd[322]: INFO:       Loading keymap "base"
guacd[322]: INFO:       Loading keymap "de-de-qwertz"
guacd[322]: INFO:       RDP server closed/refused connection: SSL/TLS connection failed (untrusted/self-signed certificate?)
guacd[322]: INFO:       User "@dad3c51a-e6a3-420a-8964-6a883292e52b" disconnected (0 users remain)
guacd[322]: INFO:       Last user of connection "$712d0578-a044-42d6-b9e9-27278c7b63e4" disconnected
guacd[24]: INFO:        Connection "$712d0578-a044-42d6-b9e9-27278c7b63e4" removed.

 

All my connection profiles to this VM are affected. Connections to a Windows 10 VM are not affected. Creating a new profile for this VM did not solve it. I made sure that the correct settings are made - but I didn't touch anything in the connection settings in the last year anyway - "ignoring server certificate" is activated. I also do not have any problems connecting to that Windows 7 VM from a Windows 10 client.

 

Is there a way to fix this? It seems like my setting "ignoring server certificate" does not change anything since last update!

Link to comment
3dee Rookie

3dee

Posted
Posted (edited)
8 minutes ago, Taddeusz said:

@3dee In the RDP connection settings there's an option, "Ignore server certificate", make sure it's checked.

 

Let me quote myself :)

 

12 minutes ago, 3dee said:

"ignoring server certificate" is activated

 

12 minutes ago, 3dee said:

It seems like my setting "ignoring server certificate" does not change anything since last update!

 

 

I tried disabling the setting and enabling again and tried restarting the container, no success so far.

Edited by 3dee
added solution attempts
Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted

@3dee Sorry, I missed that. I wonder if since Windows 7 is end-of-life that means it won't also have its CA certificates updated? Meaning any certificates will forever be untrusted. Can you connect to that machine from another Windows machine? You might also look in the Windows logs to see if it shines any light on why it's not connecting.

Link to comment
3dee Rookie

3dee

Posted
Posted
26 minutes ago, Taddeusz said:

Can you connect to that machine from another Windows machine?


Yes:

44 minutes ago, 3dee said:

I also do not have any problems connecting to that Windows 7 VM from a Windows 10 client.

 

 

 

 

30 minutes ago, Taddeusz said:

You might also look in the Windows logs to see if it shines any light on why it's not connecting.

 

Yes, there is an error: 

Error ID 36874 - An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

 

 

 

Debug log: 

usermod: no changes
----------------------
User UID: 99
User GID: 100
----------------------
Using existing properties file.
Using existing MySQL extension.
Using existing TOTP extension.
No permissions changes needed.
Database exists.
Database upgrade not needed.
2023-03-28 19:49:42,645 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2023-03-28 19:49:42,645 INFO Set uid to user 0 succeeded
2023-03-28 19:49:42,657 INFO supervisord started with pid 23
2023-03-28 19:49:43,661 INFO spawned: 'guacd' with pid 24
2023-03-28 19:49:43,666 INFO spawned: 'mariadb' with pid 25
2023-03-28 19:49:43,670 INFO spawned: 'tomcat' with pid 26
guacd[24]: INFO:        Guacamole proxy daemon (guacd) version 1.5.0 started
guacd[24]: DEBUG:       Successfully bound AF_INET socket to host 0.0.0.0, port 4822
guacd[24]: INFO:        Listening on host 0.0.0.0, port 4822
2023-03-28 19:49:44,834 INFO success: guacd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2023-03-28 19:49:44,834 INFO success: mariadb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2023-03-28 19:49:44,835 INFO success: tomcat entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
guacd[24]: INFO:        Creating new client for protocol "rdp"
guacd[24]: INFO:        Connection ID is "$29971d88-dccb-4b42-bca7-f00b42602492"
guacd[112]: DEBUG:      Processing instruction: size
guacd[112]: DEBUG:      Processing instruction: audio
guacd[112]: DEBUG:      Processing instruction: video
guacd[112]: DEBUG:      Processing instruction: image
guacd[112]: DEBUG:      Processing instruction: timezone
guacd[112]: DEBUG:      Processing instruction: name
guacd[112]: DEBUG:      Parameter "console" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "console-audio" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "disable-auth" omitted. Using default value of 0.
guacd[112]: INFO:       Security mode: NLA
guacd[112]: DEBUG:      User resolution is 1920x955 at 96 DPI
guacd[112]: DEBUG:      Parameter "dpi" omitted. Using default value of 96.
guacd[112]: DEBUG:      Using resolution of 1920x955 at 96 DPI
guacd[112]: DEBUG:      Parameter "force-lossless" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "read-only" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "client-name" omitted. Using default value of "Guacamole RDP".
guacd[112]: DEBUG:      Parameter "enable-wallpaper" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "enable-theming" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "enable-font-smoothing" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "enable-full-window-drag" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "enable-desktop-composition" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "enable-menu-animations" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "disable-bitmap-caching" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "disable-offscreen-caching" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "color-depth" omitted. Using default value of 16.
guacd[112]: DEBUG:      Parameter "disable-audio" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "enable-drive" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "drive-name" omitted. Using default value of "Guacamole Filesystem".
guacd[112]: DEBUG:      Parameter "drive-path" omitted. Using default value of "".
guacd[112]: DEBUG:      Parameter "create-drive-path" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "disable-download" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "disable-upload" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "enable-sftp" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "sftp-hostname" omitted. Using default value of "xxxxxxxxxxxxx".
guacd[112]: DEBUG:      Parameter "sftp-port" omitted. Using default value of "22".
guacd[112]: DEBUG:      Parameter "sftp-username" omitted. Using default value of "xxxxxxxxxxxxx".
guacd[112]: DEBUG:      Parameter "sftp-password" omitted. Using default value of "".
guacd[112]: DEBUG:      Parameter "sftp-passphrase" omitted. Using default value of "".
guacd[112]: DEBUG:      Parameter "sftp-root-directory" omitted. Using default value of "/".
guacd[112]: DEBUG:      Parameter "sftp-server-alive-interval" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "sftp-disable-download" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "sftp-disable-upload" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "recording-name" omitted. Using default value of "recording".
guacd[112]: DEBUG:      Parameter "recording-exclude-output" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "recording-exclude-mouse" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "recording-exclude-touch" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "recording-include-keys" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "create-recording-path" omitted. Using default value of 0.
guacd[112]: INFO:       Resize method: display-update
guacd[112]: DEBUG:      Parameter "enable-touch" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "enable-audio-input" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "gateway-port" omitted. Using default value of 443.
guacd[112]: DEBUG:      Parameter "disable-copy" omitted. Using default value of 0.
guacd[112]: DEBUG:      Parameter "disable-paste" omitted. Using default value of 0.
guacd[112]: INFO:       No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
guacd[112]: DEBUG:      Parameter "wol-udp-port" omitted. Using default value of 9.
guacd[112]: DEBUG:      Parameter "wol-wait-time" omitted. Using default value of 0.
guacd[112]: INFO:       User "@ff711ba9-0d5b-4687-8252-85669b2cb3ed" joined connection "$29971d88-dccb-4b42-bca7-f00b42602492" (1 users now present)
guacd[112]: DEBUG:      Sending Wake-on-LAN packet, and pausing for 0 seconds.
guacd[112]: DEBUG:      Client is using protocol version "VERSION_1_5_0"
guacd[112]: INFO:       Loading keymap "base"
guacd[112]: INFO:       Loading keymap "de-de-qwertz"
guacd[112]: DEBUG:      Support for CLIPRDR (clipboard redirection) registered. Awaiting channel connection.
guacd[112]: DEBUG:      Support for static channel "rdpdr" loaded.
guacd[112]: DEBUG:      Support for static channel "rdpsnd" loaded.
guacd[112]: DEBUG:      Support for RAIL (RemoteApp) registered. Awaiting channel connection.
guacd[112]: DEBUG:      Local framebuffer format  PIXEL_FORMAT_BGRX32
guacd[112]: DEBUG:      Remote framebuffer format PIXEL_FORMAT_RGB16
guacd[112]: DEBUG:      transport_connect_tls:freerdp_set_last_error_ex ERRCONNECT_TLS_CONNECT_FAILED [0x00020008]
guacd[112]: DEBUG:      SVC "rdpdr" disconnected.
guacd[112]: DEBUG:      SVC "rdpsnd" disconnected.
guacd[112]: INFO:       RDP server closed/refused connection: SSL/TLS connection failed (untrusted/self-signed certificate?)
guacd[112]: INFO:       User "@ff711ba9-0d5b-4687-8252-85669b2cb3ed" disconnected (0 users remain)
guacd[112]: INFO:       Last user of connection "$29971d88-dccb-4b42-bca7-f00b42602492" disconnected
guacd[112]: DEBUG:      Requesting termination of client...
guacd[112]: DEBUG:      Client terminated successfully.
guacd[24]: INFO:        Connection "$29971d88-dccb-4b42-bca7-f00b42602492" removed.

 

 

Thanks for taking care so quickly!

Link to comment
3dee Rookie

3dee

Posted
Posted (edited)

I confirmed my Windows 7 NLA disable setting online, should be fine:

grafik.png.f2f5cec44c3b0991c09d7f29e2b60bf3.png

 

 

Still connection does not work :(

 

I tried all the Guacamole encryption settings, even the empty one..

 

It's always

RDP server closed/refused connection: SSL/TLS connection failed (untrusted/self-signed certificate?)

or

RDP server closed/refused connection: Server refused connection (wrong security type?)

Edited by 3dee
Link to comment
Kamvas Noob

Kamvas

Posted
Posted
On 3/27/2023 at 6:22 PM, Taddeusz said:

@Urbanpixels @FabienN @Kamvas I installed TightVNC server on my Windows 11 VM. I was able to connect to it through the Real VNC Viewer just fine so I know it was working. I started the VNC server with no password required. In Guacamole if I created the connection with NO port specified (blank port input box) it will not connect. It doesn't seem to assume port 5900 if no port is specified. If I specify port 5900 in the connection settings it successfully connects. I also did this test on 1.4.0 but have the same problem. If I don't specify a port it won't connect.

 

I'm not sure if this was able to reproduce your problem. I think the only thing I can say is to make sure both the IP and port are specified in the connection settings. I've been able to connect to any VNC server if I specify the port.

We all said that we did had passwords on our tight vnc servers. this is your base line for reproduce our connectivity issues..

i have 300 vnc servers... do you think i will connect to each one of them and disable the 1 out of 3 security wall i have to connect to my clients in order to solve a problem that did not existed before??? 

 

also i mentioned that if i try to leave the password blank (from my end on guacamole admin panel) and try to connect to the client, then it asks me to enter the password and when i do then i get the disconnect. (also i use as external port not the default but another port and from the client's end i reverse proxy to the proper one, and i had no problem so far)

 

hope that helps.

Link to comment
3dee Rookie

3dee

Posted
Posted
On 3/28/2023 at 9:05 PM, Taddeusz said:

@3dee I think there are registry settings to force RDP to use TLS 1.0/1.1 but I would consider that really the last thing you want to do if security is that important. It shouldn't be that huge of a problem if this computer is not directly on the internet. 

 

On 3/29/2023 at 12:21 AM, CryoRig said:

Fyi there is a update available for w7 which should enable tls1.2 for rdp sessions...

Have not tested it as i have no w7 machine

https://support.microsoft.com/en-us/topic/update-to-add-rds-support-for-tls-1-1-and-tls-1-2-in-windows-7-or-windows-server-2008-r2-8aff6954-a80d-411c-c75c-6aeaaab4f570

 

I did not find out how to force RDP to use TLS 1.0 nor 1.1.

 

I also had no success installing the KB3080079 update (yes, I have Service Pack 1, no, the update is not installed already, yes, I used x86 for my 32 Bit install).

 

I found out that RDP from my Windows 10 machine to the Win 7 VM already used TLS 1.2.

 

I was able to fix my issue with "RDP Wrapper Configuration". "Authentication Mode" is set from "Network Level Authentication" to "Default RDP Authentication".

 

 

Still, I'm happy that everything is working now again :) Thanks!!!

 

grafik.png.ea31ea8378c9cb03026f51bcc0dc5be3.png

Link to comment
ms4sman Rookie

ms4sman

Posted
Posted
On 3/27/2023 at 12:36 PM, Taddeusz said:

Looks like it's going to be fixed in 1.5.1. In their JIRA it's reported in GUACAMOLE-1741. It appears it's an incompatibility with the OpenSSL library so I hope the fix won't affect SSH.

Excellent, glad to hear that the issue is known and being worked on. I'll look forward to the 1.5.1 update and the following update to the container. 

 

In the meantime, I'm glad to have found the temporary solution of using no password, thanks to the others here with the same problem.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing