[jira] [Commented] (GUACAMOLE-238) RDP Not Working on Server 2016 without Credentials

[Michael Jumper (JIRA)]

    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15898456#comment-15898456
 ] 

Michael Jumper commented on GUACAMOLE-238:
------------------------------------------

If your RDP server is configured for NLA (this is the default for recent 
versions of Windows Server), then the username and password will need to be 
stored for the connection, and the RDP server will reject connection attempts 
using other authentication schemes outright. From 
[http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#rdp-authentication]:

{quote}
Most RDP servers will provide a graphical login if the username, password, and 
domain parameters are omitted. One notable exception to this is Network Level 
Authentication, or NLA, which performs all authentication outside of a desktop 
session, and thus in the absence of a graphical interface. If your server 
requires NLA, you will need to manually choose this as your security mode, and 
you _must_ provide a username and password.
{quote}

If you don't want to store the username and password, you can either (1) 
disable the requirement for NLA on the RDP server in question or (2) provide 
the values using [parameter 
tokens|http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens]
 and ensure the Guacamole username/password will always match that of the RDP 
server (by integrating with LDAP or Active Directory, for example: 
http://guacamole.incubator.apache.org/doc/gug/ldap-auth.html).

> RDP Not Working on Server 2016 without Credentials
> --------------------------------------------------
>
>                 Key: GUACAMOLE-238
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-238
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole, guacamole-auth-jdbc-mysql, guacamole-auth-ldap
>    Affects Versions: 0.9.9, 0.9.10-incubating, 0.9.11-incubating
>         Environment: Debian 8.3, Nginx reverse proxy, public SSL
>            Reporter: Jesse Brinson
>            Priority: Minor
>
> RDP fails immediately on Server 2016 when no username/password are specified 
> in authentication parameters.  When I manually set username/password, it will 
> connect.
> Domain, hostname, RDP Encryption and port number are the only other 
> set-parameters. (also tried using different auth types). Server 2012 R2 and 
> back work ok with these variables, and credentials left blank.
> I've tried updating freerdp to the nightly version, and using Java 7 and 8, 
> still no success.
> Logs are only showing non-descriptive errors:
> catalina.out:
> {noformat}
> 17:08:03.734 [http-nio-8080-exec-23] INFO  o.a.g.tunnel.TunnelRequestService 
> - User "guacadmin" connected to connection "18".
> 17:08:03.858 [Thread-341] INFO  o.a.g.tunnel.TunnelRequestService - User 
> "guacadmin" disconnected from connection "18". Duration: 124 milliseconds
> 17:08:08.718 [http-nio-8080-exec-23] INFO  o.a.g.tunnel.TunnelRequestService 
> - User "guacadmin" connected to connection "18".
> Exception in thread "Thread-344" 17:08:08.761 [http-nio-8080-exec-28] INFO  
> o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from 
> connection "18". Duration: 42 milliseconds
> java.lang.IllegalStateException: Message will not be sent because the 
> WebSocket session has been closed
>         at 
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:354)
>         at 
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:311)
>         at 
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:675)
>         at 
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:220)
>         at 
> org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:172)
>         at 
> org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
>         at 
> org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:169)
> {noformat}
> syslog:
> {noformat}
> Mar  6 17:08:35 guacremote guacd[989]: Creating new client for protocol "rdp"
> Mar  6 17:08:35 guacremote guacd[989]: Connection ID is 
> "$4fe8d7cf-be40-4e3f-aa8b-d4006746a99c"
> Mar  6 17:08:35 guacremote guacd[9760]: Security mode: RDP
> Mar  6 17:08:35 guacremote guacd[9760]: Resize method: display-update
> Mar  6 17:08:35 guacremote guacd[9760]: User 
> "@243c393c-899b-4cb8-a128-1f3b4671a15f" joined connection 
> "$4fe8d7cf-be40-4e3f-aa8b-d4006746a99c" (1 users now present)
> Mar  6 17:08:35 guacremote guacd[9760]: Loading keymap "base"
> Mar  6 17:08:35 guacremote guacd[9760]: Loading keymap "en-us-qwerty"
> Mar  6 17:08:36 guacremote guacd[9760]: Error connecting to RDP server
> Mar  6 17:08:36 guacremote guacd[9760]: User 
> "@243c393c-899b-4cb8-a128-1f3b4671a15f" disconnected (0 users remain)
> Mar  6 17:08:36 guacremote guacd[9760]: Last user of connection 
> "$4fe8d7cf-be40-4e3f-aa8b-d4006746a99c" disconnected
> Mar  6 17:08:36 guacremote guacd[989]: Connection 
> "$4fe8d7cf-be40-4e3f-aa8b-d4006746a99c" removed.
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)