[Support] jasonbean - Apache Guacamole

[kasper219]

@Taddeusz

 

If I try for an outside of our network hostname I get a connection. I got it to connect to a computer at my house. However, is there a way to see a more indepth error other than  "error connecting to RDP server"???

 

So far the only RDP connection that works is off site (ssh and VNC work locally and remote). I have tried the container set up with Bridge, HOST, and br0 (to give it, its own IP). As far as I can tell there are no firewalls blocking it and I can use Remmina and other RDP clients to connect to the computers I am trying without issue. I have even tried VM to VM on the server and that is fine as well.

[kasper219]

17 minutes ago, Taddeusz said:

 

Are you able to ping that IP address from your unRAID server?

Yes I am.

[kasper219]

2 minutes ago, kasper219 said:

Yes I am.

I take that back, I was in one of the VMs not the shell for Unraid.

 

I got into unraid and I am not able to ping the VMs on br0. It seems that it can not find it. So maybe just a table fix in the settings?

[Taddeusz]

7 hours ago, kasper219 said:

I take that back, I was in one of the VMs not the shell for Unraid.

 

I got into unraid and I am not able to ping the VMs on br0. It seems that it can not find it. So maybe just a table fix in the settings?

 

Do you have your Docker set to run on a macvlan?

[kasper219]

54 minutes ago, Taddeusz said:

 

Do you have your Docker set to run on a macvlan?

 

 

I have VLAN shut off on all the network interfaces in the network settings and I don't see anything for macvlan in the docker settings. Also the routing table doesn't show anything for vlan it just says docker0 I will get a screen shot shortly.

 

Is there another spot to check if macvlan is being used?

[kasper219]

Here is the routing table (Got my desktop up a bit faster than i thought tonight)

 

Routing Table

 

Protocol	Route	Gateway	Metric
IPv4	default	192.168.0.1 via br0	1
IPv4	172.17.0.0/16	docker0	1
IPv4	192.168.0.0/24	br0	1
IPv4	192.168.122.0/24	virbr0	1

 

 

 

I have the VMs running on br0 and I have tried Host, Bridge and br0 for the docker.

 

[Taddeusz]

Something is going on with your local network if unRAID can’t ping that address. Is your unRAID server on the same subnet as the computer you’re trying to connect to?

[kasper219]

So here is the now goofy part of this whole thing.... I installed tightVNC on one of the computers that I couldn't connect to via RDP and I can connect using VNC so its not a network issue that it can't find it???

 

Is there a way to get the log to show more info as to why it is just saying that there was a connection error?

[Taddeusz]

1 hour ago, kasper219 said:

So here is the now goofy part of this whole thing.... I installed tightVNC on one of the computers that I couldn't connect to via RDP and I can connect using VNC so its not a network issue that it can't find it???

 

Is there a way to get the log to show more info as to why it is just saying that there was a connection error?

 

I think you can modify your guacamole.properties file and change the logging level for guacd. That is really the only pertinent log here since it is what is making the connection.

 

Did you double check and ensure you have Remote Desktop enabled? Is this Windows Professional?

[kasper219]

1 hour ago, Taddeusz said:

 

I think you can modify your guacamole.properties file and change the logging level for guacd. That is really the only pertinent log here since it is what is making the connection.

 

Did you double check and ensure you have Remote Desktop enabled? Is this Windows Professional?

I will try the log. Yes i have remote desktop enabled (Win7 Pro), I currently use RDP from another windows machine or Remmina from my laptop to connect to it when I am remote (I have tried it locally as well and I can connect from my laptop to the vm without issue when internal to the network. Also VM to VM works and Apache Guacamole only works to the VMs with VNC, so it can see it. That is what has me stumped. Apache Guacamole only seems to work with RDP on machines at another network, which also has me stumped.

[Taddeusz]

@kasper219 Just got back from vacation. Have you been able to figure this out or is it still a problem?

[kasper219]

@Taddeusz So far I have not been able to make any progress, it seems isolated to VMs that are on this server that Apache Guacamole cannot connect to, But I can with Remmina or RDP on the other Machine. I even went as far as setting up the docker on another machine that RDP and Remmina work on and Apache Guacamole still won't connect RDP to machines on a local network from a computer that Remmina works on, which has me shaking my head.... So it isn't isolated to just the docker on my Unraid box.

 

 

I can connect with VNC to a machine that RDP will not, which also makes no sense with Apache Guacamole.

 

 

Thoughts?

[Taddeusz]

@kasper219 Try selecting "Any" on "Security mode". If that is left unset on my Windows 10 vm it gives the same error.

[kasper219]

8 minutes ago, Taddeusz said:

@kasper219 Try selecting "Any" on "Security mode". If that is left unset on my Windows 10 vm it gives the same error.

That seems to have corrected it, which doesn't make sense unless there is an underlying issue with guacd or how the MySQL sets the security type?

[Taddeusz]

4 minutes ago, kasper219 said:

That seems to have corrected it, which doesn't make sense unless there is an underlying issue with guacd or how the MySQL sets the security type?

 

According to the log it defaults to RDP encryption if none is specified. At least on Windows 10 if I manually select "RDP encryption" or "TLS encryption" it won't connect. I have to select "Any" or "NLA (Network Level Authentication)" for it to connect.

[kasper219]

Correct. 

 

Thank you for the help, I don't think I would have tried "Any" as an option I tried not marking it and setting it to RDP as that is the type of connection I was trying to make. Unless with the update to RDP they did in the last quarter messed with that setting?

 

Either way Thank you again.

[Taddeusz]

4 minutes ago, kasper219 said:

Correct. 

 

Thank you for the help, I don't think I would have tried "Any" as an option I tried not marking it and setting it to RDP as that is the type of connection I was trying to make. Unless with the update to RDP they did in the last quarter messed with that setting?

 

Either way Thank you again.

 

The RDP and TLS encryption types are now considered legacy as NLA was introduced with Windows Vista. If you're connecting to a Windows machine there's actually a checkbox in the RDP settings to only allow connections via NLA. I believe it's defaulted to checked as that is the most secure connection type.

Edited June 25, 2018 by Taddeusz

[kasper219]

I was wondering what would be required to "share a connection" too allow others to connect to a session as a read only

 

https://guacamole.apache.org/doc/gug/using-guacamole.html  "Sharing the Connection"

 

So far I haven't found where I would have to set that up to allow users to share their connection under a share menu.

 

 

[Taddeusz]

30 minutes ago, kasper219 said:

I was wondering what would be required to "share a connection" too allow others to connect to a session as a read only

 

https://guacamole.apache.org/doc/gug/using-guacamole.html  "Sharing the Connection"

 

So far I haven't found where I would have to set that up to allow users to share their connection under a share menu.

 

 

 

I wasn't aware of this. It appears the documentation is spread out but here's where it explains it better: https://guacamole.apache.org/doc/gug/administration.html#idm140500640336672.

 

Basically it looks like in the connection list in settings you hit the "+" next to the connection on which you want to allow sharing and click "New Sharing Profile".

[kasper219]

Thank you. I agree the documentation is definitely spread out. I now have that working as well for when I need to use it.

[tjb_altf4]

Thanks for the docker!
I got stuck on RDP configuration for a while, but in my case I just needed to disable certificates and I was good to go

[Taddeusz]

On 7/21/2018 at 12:18 AM, tjb_altf4 said:

Thanks for the docker!
I got stuck on RDP configuration for a while, but in my case I just needed to disable certificates and I was good to go

 

I'm glad you figured it out. Personally I think the organization of the settings are a bit confusing. I think having the proxy parameters above the connection parameters is more confusing because a person is more likely to see the proxy hostname and assume that's for the remote computer. It's even happened to me on occasion even though I'm aware of it.

[Taddeusz]

Looks like Apache is preparing Guacamole for a 1.0.0 release. Not sure when it will be released since there have not yet been any RC's. I'm a little excited about this next release as there are changes that I think will make the final image a bit smaller.

 

They are definitely still aware of the VNC connection issue but it doesn't appear to be addressed yet.

[Chad Kunsman]

I hope it gets addressed. This setup is extremely slick and the reconnection issue is a stain on an otherwise perfect experience. 

[Taddeusz]

54 minutes ago, Chad Kunsman said:

I hope it gets addressed. This setup is extremely slick and the reconnection issue is a stain on an otherwise perfect experience. 

 

Yeah, I ended up installing xrdp on the Linux VM's just so I could remote into them without getting the disconnects. Actually finally ended up installing a Windows VM mainly because software I needed wasn't available on Linux.