[Support] jasonbean - Apache Guacamole

Taddeusz

By Taddeusz
in Docker Containers

Recommended Posts

  • Replies 902
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Taddeusz
Taddeusz

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, SSH, and Telnet. This docker primarily has a MariaDB (MySQL) database built-in for authentication

fanningert
fanningert

@Taddeusz This option is active (Sorry is a German screenshot) and it was possible for me to connect to the machine. But from today something might be changed (Windows update)?   It is

Taddeusz
Taddeusz

Since you've moved to Nginx here's my reverse proxy settings for my own: map $http_upgrade $connection_upgrade { default upgrade; '' close; } location ^~ /guacamole/ { proxy_pass http://

Posted Images

Alex.vision Explorer

Alex.vision

Posted
Posted

My container just updated while I was connected, when it came back up I received an error when connecting. 

  

ERROR 
An error has occurred and this action cannot be completed. 
If the problem persists, please notify your system administrator or check your system logs.

 

I looked in the docker log, but found no obvious error.

  

----------------------
User UID: 99
User GID: 100
----------------------
Using existing properties file.
Using existing MySQL extension.
Using existing TOTP extension.
No permissions changes needed.
Database exists.
Database upgrade not needed.
2022-11-11 14:14:12,375 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2022-11-11 14:14:12,375 INFO Set uid to user 0 succeeded
2022-11-11 14:14:12,376 INFO supervisord started with pid 27
2022-11-11 14:14:13,378 INFO spawned: 'guacd' with pid 30
2022-11-11 14:14:13,378 INFO spawned: 'mariadb' with pid 31
2022-11-11 14:14:13,379 INFO spawned: 'tomcat' with pid 32
guacd[30]: INFO:        Guacamole proxy daemon (guacd) version 1.4.0 started
guacd[30]: INFO:        Listening on host 0.0.0.0, port 4822
2022-11-11 14:14:14,473 INFO success: guacd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-11 14:14:14,473 INFO success: mariadb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-11 14:14:14,473 INFO success: tomcat entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-11 14:14:15,569 INFO exited: mariadb (exit status 0; expected)

 

At this point I do not know where to look for a more advanced log.

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
46 minutes ago, Alex.vision said:

My container just updated while I was connected, when it came back up I received an error when connecting. 

  

ERROR 
An error has occurred and this action cannot be completed. 
If the problem persists, please notify your system administrator or check your system logs.

 

I looked in the docker log, but found no obvious error.

  

----------------------
User UID: 99
User GID: 100
----------------------
Using existing properties file.
Using existing MySQL extension.
Using existing TOTP extension.
No permissions changes needed.
Database exists.
Database upgrade not needed.
2022-11-11 14:14:12,375 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2022-11-11 14:14:12,375 INFO Set uid to user 0 succeeded
2022-11-11 14:14:12,376 INFO supervisord started with pid 27
2022-11-11 14:14:13,378 INFO spawned: 'guacd' with pid 30
2022-11-11 14:14:13,378 INFO spawned: 'mariadb' with pid 31
2022-11-11 14:14:13,379 INFO spawned: 'tomcat' with pid 32
guacd[30]: INFO:        Guacamole proxy daemon (guacd) version 1.4.0 started
guacd[30]: INFO:        Listening on host 0.0.0.0, port 4822
2022-11-11 14:14:14,473 INFO success: guacd entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-11 14:14:14,473 INFO success: mariadb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-11 14:14:14,473 INFO success: tomcat entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-11-11 14:14:15,569 INFO exited: mariadb (exit status 0; expected)

 

At this point I do not know where to look for a more advanced log.

I’m not at home right now so I can’t pull back the update.

 

 If you go to the container console you can go to, I think, /var/log/mysql. I think just look at the latest log file there.

Link to comment
Alex.vision Explorer

Alex.vision

Posted
Posted (edited)
24 minutes ago, Taddeusz said:

 If you go to the container console you can go to, I think, /var/log/mysql. I think just look at the latest log file there.

 

I was able to pull the following information. 

221107 13:44:41 mysqld_safe Starting mysqld daemon with databases from /config/databases
221109 14:34:01 mysqld_safe Logging to '/config/databases/mysql_safe.log'.
221109 14:34:01 mysqld_safe Starting mysqld daemon with databases from /config/databases
221111 14:01:59 mysqld_safe Logging to '/config/databases/189c729a4305.err'.
221111 14:01:59 mysqld_safe Starting mysqld daemon with databases from /config/databases
221111 14:12:19 mysqld_safe Logging to '/config/databases/189c729a4305.err'.
221111 14:12:19 mysqld_safe Starting mysqld daemon with databases from /config/databases
221111 14:14:13 mysqld_safe Logging to '/config/databases/189c729a4305.err'.
221111 14:14:13 mysqld_safe Starting mysqld daemon with databases from /config/databases
221111 15:01:04 mysqld_safe Logging to '/config/databases/c721f46dfcab.err'.
221111 15:01:04 mysqld_safe Starting mysqld daemon with databases from /config/databases
221111 15:31:31 mysqld_safe Logging to '/config/databases/c721f46dfcab.err'.
221111 15:31:31 mysqld_safe Starting mysqld daemon with databases from /config/databases

 

When I looked at 189c729a4305.err I found: 

221111 14:12:21 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended
221111 14:14:13 mysqld_safe Starting mysqld daemon with databases from /config/databases
2022-11-11 14:14:13 0 [Note] /usr/sbin/mysqld (mysqld 10.3.37-MariaDB-1:10.3.37+maria~deb10-log) starting as process 297 ...
/usr/sbin/mysqld: One can only use the --user switch if running as root
2022-11-11 14:14:13 0 [Note] InnoDB: Using Linux native AIO
2022-11-11 14:14:13 0 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins
2022-11-11 14:14:13 0 [Note] InnoDB: Uses event mutexes
2022-11-11 14:14:13 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2022-11-11 14:14:13 0 [Note] InnoDB: Number of pools: 1
2022-11-11 14:14:13 0 [Note] InnoDB: Using SSE2 crc32 instructions
2022-11-11 14:14:13 0 [Note] InnoDB: Initializing buffer pool, total size = 256M, instances = 1, chunk size = 128M
2022-11-11 14:14:13 0 [Note] InnoDB: Completed initialization of buffer pool
2022-11-11 14:14:13 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority().
2022-11-11 14:14:13 0 [Note] InnoDB: Transaction 6976 was in the XA prepared state.
2022-11-11 14:14:13 0 [Note] InnoDB: 1 transaction(s) which must be rolled back or cleaned up in total 0 row operations to undo
2022-11-11 14:14:13 0 [Note] InnoDB: Trx id counter is 6977
2022-11-11 14:14:13 0 [Note] InnoDB: 128 out of 128 rollback segments are active.
2022-11-11 14:14:13 0 [Note] InnoDB: Starting in background the rollback of recovered transactions
2022-11-11 14:14:13 0 [Note] InnoDB: Rollback of non-prepared transactions completed
2022-11-11 14:14:13 0 [Note] InnoDB: Creating shared tablespace for temporary tables
2022-11-11 14:14:13 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ...
2022-11-11 14:14:13 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB.
2022-11-11 14:14:13 0 [Note] InnoDB: 10.3.37 started; log sequence number 4990257; transaction id 6978
2022-11-11 14:14:13 0 [Note] InnoDB: Loading buffer pool(s) from /config/databases/ib_buffer_pool
2022-11-11 14:14:13 0 [Note] Plugin 'FEEDBACK' is disabled.
2022-11-11 14:14:13 0 [Note] InnoDB: Starting recovery for XA transactions...
2022-11-11 14:14:13 0 [Note] InnoDB: Transaction 6976 in prepared state after recovery
2022-11-11 14:14:13 0 [Note] InnoDB: Transaction contains changes to 1 rows
2022-11-11 14:14:13 0 [Note] InnoDB: 1 transactions in prepared state after recovery
2022-11-11 14:14:13 0 [Note] Found 1 prepared transaction(s) in InnoDB
2022-11-11 14:14:13 0 [ERROR] Found 1 prepared transactions! It means that mysqld was not shut down properly last time and critical recovery information (last binlog or tc.log file) was manually deleted after a crash. You have to start mysqld with --tc-heuristic-recover switch to commit or rollback pending transactions.
2022-11-11 14:14:13 0 [ERROR] Aborting

221111 14:14:15 mysqld_safe mysqld from pid file /var/run/mysqld/mysqld.pid ended

 

I do have another location running this docker, it updated with no issues.  So I don't know that its the update that caused the issue. 

 

I did try to run jasonbean/guacamole:1.4.0 already but it still had the same error, so perhaps what ever is borked mysql stayed with it. 

 

I didn't want to have to set up all my RDP sessions and 2FA, so I tried it on a backup config folder.  I can restore from my last docker backup, or if it doesn't work I can just delete the container and reinstall. I just wanted to skip the hassle. 

 

 

Edited by Alex.vision
Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
Just now, AtomZ said:

Just want to confirm before upgrading that this update does not include the latest SSH requirements to Unraid and to still use the workaround of certain algorithms? Is this still planned for after the new year? 


No, this does not include that. That fix should be included in Guacamole 1.5.0 when it gets released, most likely near the end of January.

  • Like 1
Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
5 minutes ago, slumcum said:

I am trying to use OpenID authentication with Authelia - but every time I load the extension and restart the container, the container removes this extension! - Why is this? OpenID is still supported by Guac, I've tried 1.3 and 1.4

 

 

Are you manually putting the OpenID extension in? I noticed an oversight in my Guacamole templates and I've added the OPT_OPENID variable. What you need to do is add the variable OPT_OPENID and set it to "Y". It should then copy the needed OpenID extension on start.

Link to comment
nik82 Newbie

nik82

Posted
Posted
On 11/10/2022 at 2:54 PM, Taddeusz said:


My TOTP is working fine. Look at the catalina.out file in the tomcat logs.

Not sure how to do that to be honest :/

 

Strange part is that if I now set up a new user and then enable OPT_TOTP, that user gets prompted to scan QR code on first login. 

 

Using Google authenticator I scan the QR code and I get a code response to put it but that code does not work. Not sure if something has mysteriously got corrupted or what is going on as it was working flawlessly before and just stopped working one day.

 

Super annoying nonetheless :(

Link to comment
psychofaktory Rookie

psychofaktory

Posted
Posted

Hello,

I have a problem getting the LDAPS connection to an Active Directory to work.

My environment looks like this:

  • Windows Server 2022 as Domain Controller with a public domain name
  • A Let's Encrypt wildcard certificate bound to the AD domain according to these instructions.
  • A test with ldp.exe locally on the windows server can successfully establish an LDAPS connection.
  • ApacheGuacamloe Docker with network type Custom br0 and the active variables OPT_MYSQL and OPT_LDAP
  • In guacamole.properties the comments in the mysql entries have been removed.
  • The LDAP entries were set according to official documentation
  • As a test, the corresponding container environment variables for LDAP were also set analogously
  • The certificate was exported from the domain controller according to these instructions and added to the Java certificate store

The command curl -v ldaps://dc.subdomain.domain.tld:636 can successfully connect to the directory from the Docker console.

Nevertheless, neither the users authorized via LDAP are listed in guacamole, nor is it possible to log in with them.

 

In the log catalina.out only these two errors can be found: 

13:14:06.191 [http-nio-8080-exec-6] WARN  o.a.i.d.pooled.PooledDataSource - Execution of ping query 'SELECT 1' failed: The last packet successfully received from the server was 3,887,635 milliseconds ago.  The last packet sent successfully to the server was 3,887,635 milliseconds ago. is longer than the server configured value of 'wait_timeout'. You should consider either expiring and/or testing connection validity before use in your application, increasing the server configured values for client timeouts, or using the Connector/J connection property 'autoReconnect=true' to avoid this problem.
13:14:07.031 [http-nio-8080-exec-6] WARN  o.a.g.r.auth.AuthenticationService - Authentication attempt from xx.xxx.xxx.xxx for user "DOMAIN\user" failed.

 

Advanced logging for LDAP has been enabled on the DC.
The event viewer shows these two entries when a logon attempt is made: 

Information:
Internal event: The LDAP server returned an error. 
 
Additional Data 
Error value:
00000003: LdapErr: DSID-0C060679, comment: Error decrypting ldap message, data 0, v4f7c
Warning:
Internal event: An LDAP client connection was closed because of an error. 
 
Client IP:
yy.yyy.yyy.yyy:51621 
 
Additional Data 
Error value:
3 Das System kann den angegebenen Pfad nicht finden. 
Internal ID:
c060672

 

 

Where is the error here or what have I overlooked here?

Link to comment
psychofaktory Rookie

psychofaktory

Posted
Posted

I continued to test and research.

 

My guess is that the certificate needed for LDAPs was not added correctly to the java keystore.
How to proceed with this docker for this?

 

For LDAP, do you need to manually add the Docker variables as described here, or is customizing guacamole.properties enough for this container?

 

I was also able to take the two parameters 'ldap-follow-referrals: false' and 'ldap-operation-timeout: 30' from these instructions.
Is anything known about this?

I would be grateful for any help!

Link to comment
  • 2 weeks later...
gtg524y Newbie

gtg524y

Posted
Posted
On 11/15/2022 at 4:23 AM, nik82 said:

Not sure how to do that to be honest :/

 

Strange part is that if I now set up a new user and then enable OPT_TOTP, that user gets prompted to scan QR code on first login. 

 

Using Google authenticator I scan the QR code and I get a code response to put it but that code does not work. Not sure if something has mysteriously got corrupted or what is going on as it was working flawlessly before and just stopped working one day.

 

Super annoying nonetheless :(

I am having the same issues as you. I'm still on Unraid 6.9.2. I have tried both the latest container and v1.4.0. I use Authy for my authentication. Old user, new user and new container all have the same issues. All I get is "Verification failed. Please try again." I can turn off TOTP and log in fine. I would like to TOTP running so I can turn the reverse proxy back on. Attached are my catalina.out files.

Does anyone have any suggestions? I don't see anything specific in the log.

catalina-tomcat9.out catalina-tomcat.out

Link to comment
randalotto Newbie

randalotto

Posted
Posted
On 7/10/2022 at 5:06 PM, studentgrant said:

Hi there, when using guacamole to connect to ubuntu 22.04 using the native RDP connection, the cursor appears as a square with corrupt graphics. If I connect from a windows RDP client the cursor displays correctly. any ideas on how to fix this?

 

I've tried the following:

* initiating my session with XORG rather than Wayland - no difference in behaviour

* trying a non chromium browser - no difference in behaviour

* changing the machine type from Q35 to I440- no difference in behaviour

 

My guacamole container is up to date - with no errors showing in the logs and connects perfectly to other VMs/machines'. 

 

 

This is driving me nuts.  According to a reddit thread I found, it's a bug in guacamole: https://issues.apache.org/jira/browse/GUACAMOLE-1717

 

I have no clue how to make that fix on my own, though.

Link to comment
  • 4 weeks later...
nik82 Newbie

nik82

Posted
Posted
On 12/11/2022 at 8:25 PM, gtg524y said:

That was it! I reverted to a previous version of Authy and that fixed it. I would have never figured that out on my own.

Thank you!

Hi, I am having the same issue. How did you revert to a previous version? (sorry a bit of a noob).

Link to comment
psychofaktory Rookie

psychofaktory

Posted
Posted
On 11/24/2022 at 9:58 AM, psychofaktory said:

I continued to test and research.

 

My guess is that the certificate needed for LDAPs was not added correctly to the java keystore.
How to proceed with this docker for this?

 

For LDAP, do you need to manually add the Docker variables as described here, or is customizing guacamole.properties enough for this container?

 

I was also able to take the two parameters 'ldap-follow-referrals: false' and 'ldap-operation-timeout: 30' from these instructions.
Is anything known about this?

I would be grateful for any help!

 

Can anybody help me with this?

Has anyone a working setup with guacamole docker an LDAPS with a Windows Domain Controller?

 

I would also like to change the name of the guacamole printer in the RDP sessions.
How could this be accomplished?

 

I also noticed that the clipboard does not seem to work via RDP.
What could be the problem here?

Link to comment
Taddeusz Collaborator

Taddeusz

Posted
  • Author
Posted
6 hours ago, J05u said:

Any idea how I can make Win11 working? 

Created win 11 vm but can't connect using guacamole :(

Do you use a Microsoft account or a local account to log in? If you’re using a Microsoft account it cannot be passwordless. If you use Windows Hello to login you must use the password at least once otherwise RDP will not let you login.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing