Pushing notifications to remote desktop
Hi, I am using Apache guacamole for accessing the remote console over https. I want to push notifications to remote Console. Pls let me know if there are APIs which I can use to do the same. Regards, Umesh
Re: ERROR : "Remote desktop currently unavailable"
GUACD server and RDP server are in the same network. Only one of the user faced this issue out of 80. *PING STATUS from GUACD server :-* [root@guacd-server]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=32.3 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=32.4 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=54 time=32.3 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=54 time=32.3 ms 64 bytes from 8.8.8.8: icmp_seq=5 ttl=54 time=32.4 ms 64 bytes from 8.8.8.8: icmp_seq=6 ttl=54 time=32.2 ms 64 bytes from 8.8.8.8: icmp_seq=7 ttl=54 time=32.4 ms 64 bytes from 8.8.8.8: icmp_seq=8 ttl=54 time=32.2 ms 64 bytes from 8.8.8.8: icmp_seq=9 ttl=54 time=32.1 ms 64 bytes from 8.8.8.8: icmp_seq=10 ttl=54 time=32.2 ms 64 bytes from 8.8.8.8: icmp_seq=11 ttl=54 time=32.4 ms 64 bytes from 8.8.8.8: icmp_seq=12 ttl=54 time=32.5 ms 64 bytes from 8.8.8.8: icmp_seq=13 ttl=54 time=32.4 ms 64 bytes from 8.8.8.8: icmp_seq=14 ttl=54 time=32.4 ms 64 bytes from 8.8.8.8: icmp_seq=15 ttl=54 time=32.4 ms *PING STATUS of RDP server from GUACD server :-* [root@ guacd-server]# ping 10.1.1.138 PING 10.1.1.138 (10.1.1.138) 56(84) bytes of data. 64 bytes from 10.1.1.138: icmp_seq=1 ttl=128 time=0.338 ms 64 bytes from 10.1.1.138: icmp_seq=2 ttl=128 time=0.304 ms 64 bytes from 10.1.1.138: icmp_seq=3 ttl=128 time=0.285 ms 64 bytes from 10.1.1.138: icmp_seq=4 ttl=128 time=0.291 ms 64 bytes from 10.1.1.138: icmp_seq=5 ttl=128 time=0.276 ms 64 bytes from 10.1.1.138: icmp_seq=6 ttl=128 time=0.314 ms 64 bytes from 10.1.1.138: icmp_seq=7 ttl=128 time=0.292 ms 64 bytes from 10.1.1.138: icmp_seq=8 ttl=128 time=0.320 ms 64 bytes from 10.1.1.138: icmp_seq=9 ttl=128 time=0.313 ms 64 bytes from 10.1.1.138: icmp_seq=10 ttl=128 time=0.266 ms 64 bytes from 10.1.1.138: icmp_seq=11 ttl=128 time=0.294 ms 64 bytes from 10.1.1.138: icmp_seq=12 ttl=128 time=0.256 ms On Tue, Jul 23, 2019 at 9:26 PM Nick Couchman wrote: > On Tue, Jul 23, 2019 at 11:37 AM Amarjeet Singh > wrote: > >> My guess is that the network you're working on is unstable enough that >>> you're losing data along the way. 150-200ms is a lot of latency >> >> Latency was 15ms at this moment. >> >> > Okay, but the point is, the errors you're getting don't really indicate > that anything is going wrong on the Guacamole Side. I don't see any > messages about segfaults or abnormal termination by either guacd or > Tomcat/Guacamole Client. It would seem that something inside the network > is causing issues - either momentary latency problems, or packet loss, or > something along those lines. From the looks of the messages on the RDP > server, it would appear this is likely happening between guacd and the RDP > server, as it looks like the RDP server terminates the connection. > > We'll be happy to help if there are any further log messages that are > available, or anything you can find that indicates it's an issue specific > to Guacamole, but at this point it's hard to say (for me, anyway) what the > issue is without more direct ability to look at the systems and networks > involved. > > -Nick > >>
Need Guacamole developer PM for further details.
Hello, Looking for a Guacamole developer to build a custom iframe/use Guac APi for split frame support and maintain mouse and keyboard focus when switching between windows. Its not new, but there are zero coding examples on the internet. Code must work in Mobile, and all HTML5 browsers. I would do this myself, but I am on 5 other projects that are time demanding. Thank You - A Cybersecurity Enablement Company We don't just run you through the motions, Our labs teach you how to think! Known good Guacamole installations -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Re: ERROR : "Remote desktop currently unavailable"
On Tue, Jul 23, 2019 at 11:37 AM Amarjeet Singh wrote: > My guess is that the network you're working on is unstable enough that >> you're losing data along the way. 150-200ms is a lot of latency > > Latency was 15ms at this moment. > > Okay, but the point is, the errors you're getting don't really indicate that anything is going wrong on the Guacamole Side. I don't see any messages about segfaults or abnormal termination by either guacd or Tomcat/Guacamole Client. It would seem that something inside the network is causing issues - either momentary latency problems, or packet loss, or something along those lines. From the looks of the messages on the RDP server, it would appear this is likely happening between guacd and the RDP server, as it looks like the RDP server terminates the connection. We'll be happy to help if there are any further log messages that are available, or anything you can find that indicates it's an issue specific to Guacamole, but at this point it's hard to say (for me, anyway) what the issue is without more direct ability to look at the systems and networks involved. -Nick >
Re: ERROR : "Remote desktop currently unavailable"
> > My guess is that the network you're working on is unstable enough that > you're losing data along the way. 150-200ms is a lot of latency Latency was 15ms at this moment. On Tue, Jul 23, 2019 at 9:06 PM Amarjeet Singh wrote: > RDP server is logging below two errors frequently :- > > >> *The RDP protocol component "DATA ENCRYPTION" detected an error in the >> protocol stream and has disconnected the client.The RDP protocol component >> WD detected an error in the protocol stream and has disconnected the >> client.* > > > RDP SERVER CONF > OS : Windows Server 2008 SP2 Enterprise > RAM : 20GB > CPU : 8vcpu > Active Users : 80 > > > GUACD SERVER CONF : > OS: Centos 7 > RAM : 12 GB > CPU : 8vcpu > > On Tue, Jul 23, 2019 at 8:23 PM Amarjeet Singh > wrote: > >> *ERROR *: The remote desktop server is currently unavailable. If the >> problem persists, please notify your system administrator, or check your >> system logs. >> >> Here are the logs for the following errors :- >> >> Catalina.out LOGS :- >> >> >>> 16:56:27.484 [http-bio-127.0.0.1-8080-exec-6323] INFO >>> o.a.g.tunnel.TunnelRequestService - User "anon00057" disconnected from >>> connection "". Duration: 54158 milliseconds >> >> >> >> var/log/messages :- >> >> >> Jul 23 16:56:27 guacd-server guacd: recv: Connection reset by peer >>> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: ERROR: Connection >>> closed. >>> Jul 23 16:56:27 guacd-server guacd[6554]: Connection closed. >>> Jul 23 16:56:27 guacd-server guacd[6554]: User >>> "@15ba25cb-f230-49c9-9957-748884029cd5" disconnected (0 users remain) >>> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:User >>> "@15ba25cb-f230-49c9-9957-748884029cd5" disconnected (0 users remain) >>> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Last user >>> of connection "$4f69540e-c913--9080-b381f9bd50a7" disconnected. >>> Jul 23 16:56:27 guacd-server guacd[6554]: Last user of connection >>> "$4f69540e-c913--9080-b381f9bd50a7" disconnected. >>> Jul 23 16:56:27 guacd-server guacd[6554]: Unloading device 0 (G) >>> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Unloading >>> device 0 (G) >>> Jul 23 16:56:27 guacd-server guacd[6554]: Closing channel "filerdr"... >>> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Closing >>> channel "filerdr"... >>> Jul 23 16:56:27 guacd-server guacd[6554]: Closing channel "resrdr"... >>> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Closing >>> channel "resrdr"... >>> Jul 23 16:56:28 guacd-server guacd: guacd[6554]: INFO:Internal >>> RDP client disconnected >>> Jul 23 16:56:28 guacd-server guacd[6554]: Internal RDP client >>> disconnected >>> Jul 23 16:56:28 guacd-server guacd: ERRINFO_SECURITY_DATA_TOO_SHORT >>> (0x10E0): >>> Jul 23 16:56:28 guacd-server guacd: (a) The dataSignature field of the >>> Fast-Path Input Event PDU (section 2.2.8.1.2) does not contain enough data. >>> Jul 23 16:56:28 guacd-server guacd: (b) The fipsInformation and >>> dataSignature fields of the Fast-Path Input Event PDU (section 2.2.8.1.2) >>> do not contain enough data. >> >> >> >> RDP SERVER LOGS :- >> >> >> The RDP protocol component WD detected an error in the protocol stream >>> and has disconnected the client. >> >> >> I have also checked the performance of RDP SERVER and GUACD server at the >> time of random disconnect. It was normal. >> >> *The RDP protocol component WD detected an error in the protocol stream >>> and has disconnected the client. * >> >> >> What does it mean ? >> anybody has any idea about it ? >> >> On Mon, Jul 22, 2019 at 12:21 PM Amarjeet Singh >> wrote: >> >>> Thanks Mike and Nick for the detailed description. I will look into the >>> following points :- >>> >>> - Performance of the server during the issues. I don't know anything about your environment - how many users, what size server, etc., but if there is excessive resource contention on the server running Tomcat and/or guacd, this could cause failures in the connections. - Network characteristics. Look between your clients and the Tomcat server, between Tomcat and guacd, and between guacd and the remote services. Look at bandwidth and latency. Monitor the network links for any erratic or inconsistent behavior. Your 150-200ms latency could be part of the problem, but, again, that depends on where that latency is. Depending on the network characteristics you may need to architect the Guacamole install a little differently (put guacd somewhere different, put the full Guacamole stack somewhere different, etc.). - Configuration. Guacamole works pretty well "out of the box" - that is, if you use the defaults, and things suggested in the manual, you are unlikely to get a bad configuration. If you start tweaking parameters, or you forget to set something up, you may end up with results like this. Follow the manual, avoid tuning things
Re: Disable SSL certificate verification with OpenID Connect Authentication
On Tue, Jul 23, 2019 at 9:13 AM Yang Yang wrote: > Hello, > > I’m testing OpenID Connect Authentication with https on, and got the > problem below. Could you help to tell how to disable ssl certificate > verification? Is there a “ssl_verify” flag that I can turn off? > > 17:11:56.117 [http-nio-8080-exec-2] DEBUG org.jose4j.http.Get - HTTP GET > of https://119.3.69.8:8443/auth/realms/Supra/protocol/openid-connect/certs > 17:11:56.125 [http-nio-8080-exec-2] INFO > o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: Unable > to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: > Unable to find a suitable verification key for JWS w/ header > {"alg":"RS256","typ" : "JWT","kid" : > "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected > exception (javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No subject alternative names > present) while obtaining or using keys from JWKS endpoint at > https://MY-OIDC-SERVER-URI/openid-connect/certs): > JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : > "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci...34IfpdFF8g > 17:11:56.128 [http-nio-8080-exec-2] DEBUG > o.a.g.a.o.t.TokenValidationService - Invalid JWT received. > org.jose4j.jwt.consumer.InvalidJwtException: Unable to process JOSE object > (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable > verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : > "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected > exception (javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No subject alternative names > present) while obtaining or using keys from JWKS endpoint at > https://MY-OIDC-SERVER-URI/openid-connect/certs): > JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : > "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci…34IfpdFF8g > > No, there is no such flag to disable verification, and I doubt you would want it. The error you're getting isn't because the certificate isn't trusted, it's because it doesn't have all of the information expected - namely, Subject Alternative Names. You can make sure that your OID server certificate is added to the Java cacerts keystore, and see if that helps, but I suspect that you need to resolve the issue with the response missing the SAN attribute. -Nick
Re: ERROR : "Remote desktop currently unavailable"
RDP server is logging below two errors frequently :- > *The RDP protocol component "DATA ENCRYPTION" detected an error in the > protocol stream and has disconnected the client.The RDP protocol component > WD detected an error in the protocol stream and has disconnected the > client.* RDP SERVER CONF OS : Windows Server 2008 SP2 Enterprise RAM : 20GB CPU : 8vcpu Active Users : 80 GUACD SERVER CONF : OS: Centos 7 RAM : 12 GB CPU : 8vcpu On Tue, Jul 23, 2019 at 8:23 PM Amarjeet Singh wrote: > *ERROR *: The remote desktop server is currently unavailable. If the > problem persists, please notify your system administrator, or check your > system logs. > > Here are the logs for the following errors :- > > Catalina.out LOGS :- > > >> 16:56:27.484 [http-bio-127.0.0.1-8080-exec-6323] INFO >> o.a.g.tunnel.TunnelRequestService - User "anon00057" disconnected from >> connection "". Duration: 54158 milliseconds > > > > var/log/messages :- > > > Jul 23 16:56:27 guacd-server guacd: recv: Connection reset by peer >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: ERROR: Connection >> closed. >> Jul 23 16:56:27 guacd-server guacd[6554]: Connection closed. >> Jul 23 16:56:27 guacd-server guacd[6554]: User >> "@15ba25cb-f230-49c9-9957-748884029cd5" disconnected (0 users remain) >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:User >> "@15ba25cb-f230-49c9-9957-748884029cd5" disconnected (0 users remain) >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Last user >> of connection "$4f69540e-c913--9080-b381f9bd50a7" disconnected. >> Jul 23 16:56:27 guacd-server guacd[6554]: Last user of connection >> "$4f69540e-c913--9080-b381f9bd50a7" disconnected. >> Jul 23 16:56:27 guacd-server guacd[6554]: Unloading device 0 (G) >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Unloading >> device 0 (G) >> Jul 23 16:56:27 guacd-server guacd[6554]: Closing channel "filerdr"... >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Closing >> channel "filerdr"... >> Jul 23 16:56:27 guacd-server guacd[6554]: Closing channel "resrdr"... >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Closing >> channel "resrdr"... >> Jul 23 16:56:28 guacd-server guacd: guacd[6554]: INFO:Internal >> RDP client disconnected >> Jul 23 16:56:28 guacd-server guacd[6554]: Internal RDP client disconnected >> Jul 23 16:56:28 guacd-server guacd: ERRINFO_SECURITY_DATA_TOO_SHORT >> (0x10E0): >> Jul 23 16:56:28 guacd-server guacd: (a) The dataSignature field of the >> Fast-Path Input Event PDU (section 2.2.8.1.2) does not contain enough data. >> Jul 23 16:56:28 guacd-server guacd: (b) The fipsInformation and >> dataSignature fields of the Fast-Path Input Event PDU (section 2.2.8.1.2) >> do not contain enough data. > > > > RDP SERVER LOGS :- > > > The RDP protocol component WD detected an error in the protocol stream and >> has disconnected the client. > > > I have also checked the performance of RDP SERVER and GUACD server at the > time of random disconnect. It was normal. > > *The RDP protocol component WD detected an error in the protocol stream >> and has disconnected the client. * > > > What does it mean ? > anybody has any idea about it ? > > On Mon, Jul 22, 2019 at 12:21 PM Amarjeet Singh > wrote: > >> Thanks Mike and Nick for the detailed description. I will look into the >> following points :- >> >> - Performance of the server during the issues. I don't know anything >>> about your environment - how many users, what size server, etc., but if >>> there is excessive resource contention on the server running Tomcat and/or >>> guacd, this could cause failures in the connections. >>> - Network characteristics. Look between your clients and the Tomcat >>> server, between Tomcat and guacd, and between guacd and the remote >>> services. Look at bandwidth and latency. Monitor the network links for >>> any erratic or inconsistent behavior. Your 150-200ms latency could be part >>> of the problem, but, again, that depends on where that latency is. >>> Depending on the network characteristics you may need to architect the >>> Guacamole install a little differently (put guacd somewhere different, put >>> the full Guacamole stack somewhere different, etc.). >>> - Configuration. Guacamole works pretty well "out of the box" - that >>> is, if you use the defaults, and things suggested in the manual, you are >>> unlikely to get a bad configuration. If you start tweaking parameters, or >>> you forget to set something up, you may end up with results like this. >>> Follow the manual, avoid tuning things unnecessarily, and go with what >>> others are doing that works. >>> - Log files. Look at the log files carefully. Both Tomcat and guacd >>> logs, along with system logs. Are you getting OOM killer errors on Linux? >>> Are you seeing segfaults? What is being logged at the time that the >>> connections fail? Remember, the messages that you've posted above are >>>
Re: ERROR : "Remote desktop currently unavailable"
On Tue, Jul 23, 2019 at 10:52 AM Amarjeet Singh wrote: > *ERROR *: The remote desktop server is currently unavailable. If the > problem persists, please notify your system administrator, or check your > system logs. > > Here are the logs for the following errors :- > > Catalina.out LOGS :- > > >> 16:56:27.484 [http-bio-127.0.0.1-8080-exec-6323] INFO >> o.a.g.tunnel.TunnelRequestService - User "anon00057" disconnected from >> connection "". Duration: 54158 milliseconds > > > > var/log/messages :- > > > Jul 23 16:56:27 guacd-server guacd: recv: Connection reset by peer >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: ERROR: Connection >> closed. >> Jul 23 16:56:27 guacd-server guacd[6554]: Connection closed. >> Jul 23 16:56:27 guacd-server guacd[6554]: User >> "@15ba25cb-f230-49c9-9957-748884029cd5" disconnected (0 users remain) >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:User >> "@15ba25cb-f230-49c9-9957-748884029cd5" disconnected (0 users remain) >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Last user >> of connection "$4f69540e-c913--9080-b381f9bd50a7" disconnected. >> Jul 23 16:56:27 guacd-server guacd[6554]: Last user of connection >> "$4f69540e-c913--9080-b381f9bd50a7" disconnected. >> Jul 23 16:56:27 guacd-server guacd[6554]: Unloading device 0 (G) >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Unloading >> device 0 (G) >> Jul 23 16:56:27 guacd-server guacd[6554]: Closing channel "filerdr"... >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Closing >> channel "filerdr"... >> Jul 23 16:56:27 guacd-server guacd[6554]: Closing channel "resrdr"... >> Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Closing >> channel "resrdr"... >> Jul 23 16:56:28 guacd-server guacd: guacd[6554]: INFO:Internal >> RDP client disconnected >> Jul 23 16:56:28 guacd-server guacd[6554]: Internal RDP client disconnected >> Jul 23 16:56:28 guacd-server guacd: ERRINFO_SECURITY_DATA_TOO_SHORT >> (0x10E0): >> Jul 23 16:56:28 guacd-server guacd: (a) The dataSignature field of the >> Fast-Path Input Event PDU (section 2.2.8.1.2) does not contain enough data. >> Jul 23 16:56:28 guacd-server guacd: (b) The fipsInformation and >> dataSignature fields of the Fast-Path Input Event PDU (section 2.2.8.1.2) >> do not contain enough data. > > > > RDP SERVER LOGS :- > > > The RDP protocol component WD detected an error in the protocol stream and >> has disconnected the client. > > > I have also checked the performance of RDP SERVER and GUACD server at the > time of random disconnect. It was normal. > > *The RDP protocol component WD detected an error in the protocol stream >> and has disconnected the client. * > > > What does it mean ? > anybody has any idea about it ? > My guess is that the network you're working on is unstable enough that you're losing data along the way. 150-200ms is a lot of latency, and if the packets are arriving out-of-order, or being lost, you may be seeing errors related to those scenarios. Depending on your level of visibility into the network, you might look at various components and see if you're noticing packet loss - you may not see this on the ends of the network (the client, the RDP server, or even the guacd server), so just because you look at network statistics there and don't see packet loss doesn't mean it isn't occurring. My other suggestion would be to attempt to locate guacd closer to the RDP server- on the same network segment, etc. You may also need to locate Guacamole Client (Tomcat) closer, as well, but that's something you'll have to experiment with to see what works better. -Nick
Re: ERROR : "Remote desktop currently unavailable"
*ERROR *: The remote desktop server is currently unavailable. If the problem persists, please notify your system administrator, or check your system logs. Here are the logs for the following errors :- Catalina.out LOGS :- > 16:56:27.484 [http-bio-127.0.0.1-8080-exec-6323] INFO > o.a.g.tunnel.TunnelRequestService - User "anon00057" disconnected from > connection "". Duration: 54158 milliseconds var/log/messages :- Jul 23 16:56:27 guacd-server guacd: recv: Connection reset by peer > Jul 23 16:56:27 guacd-server guacd: guacd[6554]: ERROR: Connection > closed. > Jul 23 16:56:27 guacd-server guacd[6554]: Connection closed. > Jul 23 16:56:27 guacd-server guacd[6554]: User > "@15ba25cb-f230-49c9-9957-748884029cd5" disconnected (0 users remain) > Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:User > "@15ba25cb-f230-49c9-9957-748884029cd5" disconnected (0 users remain) > Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Last user of > connection "$4f69540e-c913--9080-b381f9bd50a7" disconnected. > Jul 23 16:56:27 guacd-server guacd[6554]: Last user of connection > "$4f69540e-c913--9080-b381f9bd50a7" disconnected. > Jul 23 16:56:27 guacd-server guacd[6554]: Unloading device 0 (G) > Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Unloading > device 0 (G) > Jul 23 16:56:27 guacd-server guacd[6554]: Closing channel "filerdr"... > Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Closing > channel "filerdr"... > Jul 23 16:56:27 guacd-server guacd[6554]: Closing channel "resrdr"... > Jul 23 16:56:27 guacd-server guacd: guacd[6554]: INFO:Closing > channel "resrdr"... > Jul 23 16:56:28 guacd-server guacd: guacd[6554]: INFO:Internal RDP > client disconnected > Jul 23 16:56:28 guacd-server guacd[6554]: Internal RDP client disconnected > Jul 23 16:56:28 guacd-server guacd: ERRINFO_SECURITY_DATA_TOO_SHORT > (0x10E0): > Jul 23 16:56:28 guacd-server guacd: (a) The dataSignature field of the > Fast-Path Input Event PDU (section 2.2.8.1.2) does not contain enough data. > Jul 23 16:56:28 guacd-server guacd: (b) The fipsInformation and > dataSignature fields of the Fast-Path Input Event PDU (section 2.2.8.1.2) > do not contain enough data. RDP SERVER LOGS :- The RDP protocol component WD detected an error in the protocol stream and > has disconnected the client. I have also checked the performance of RDP SERVER and GUACD server at the time of random disconnect. It was normal. *The RDP protocol component WD detected an error in the protocol stream and > has disconnected the client. * What does it mean ? anybody has any idea about it ? On Mon, Jul 22, 2019 at 12:21 PM Amarjeet Singh wrote: > Thanks Mike and Nick for the detailed description. I will look into the > following points :- > > - Performance of the server during the issues. I don't know anything >> about your environment - how many users, what size server, etc., but if >> there is excessive resource contention on the server running Tomcat and/or >> guacd, this could cause failures in the connections. >> - Network characteristics. Look between your clients and the Tomcat >> server, between Tomcat and guacd, and between guacd and the remote >> services. Look at bandwidth and latency. Monitor the network links for >> any erratic or inconsistent behavior. Your 150-200ms latency could be part >> of the problem, but, again, that depends on where that latency is. >> Depending on the network characteristics you may need to architect the >> Guacamole install a little differently (put guacd somewhere different, put >> the full Guacamole stack somewhere different, etc.). >> - Configuration. Guacamole works pretty well "out of the box" - that is, >> if you use the defaults, and things suggested in the manual, you are >> unlikely to get a bad configuration. If you start tweaking parameters, or >> you forget to set something up, you may end up with results like this. >> Follow the manual, avoid tuning things unnecessarily, and go with what >> others are doing that works. >> - Log files. Look at the log files carefully. Both Tomcat and guacd >> logs, along with system logs. Are you getting OOM killer errors on Linux? >> Are you seeing segfaults? What is being logged at the time that the >> connections fail? Remember, the messages that you've posted above are >> intended for telling end-users what's going on - the log files are what's >> there to tell *you* what's going on. Don't forget to adjust the level of >> verbosity for both Guacamole Client ( >> http://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging) >> and >> guacd ( >> http://guacamole.apache.org/doc/gug/configuring-guacamole.html#guacd.conf >> ). > > > On Sat, Jul 20, 2019 at 5:33 PM Adrian Owen wrote: > >> What results you get with mstsc? >> >> >> >> Adrian >> >> >> >> *From:* Mike Jumper [mailto:mjum...@apache.org] >> *Sent:* 20 July 2019 07:36 >> *To:* user@guacamole.apache.org >>
RE: Disable SSL certificate verification with OpenID Connect Authentication
For testing and non-production use (or production at your own peril), you can add ".setSkipSignatureVerification()" to your JWTConsumerBuilder in the o.a.g.a.o.t.TokenValidationService of the OpenID extension. That worked for me but may not solve your exact problem. -Ryan -Original Message- From: Yang Yang Sent: Tuesday, July 23, 2019 9:13 AM To: user@guacamole.apache.org Subject: Disable SSL certificate verification with OpenID Connect Authentication Hello, I’m testing OpenID Connect Authentication with https on, and got the problem below. Could you help to tell how to disable ssl certificate verification? Is there a “ssl_verify” flag that I can turn off? 17:11:56.117 [http-nio-8080-exec-2] DEBUG org.jose4j.http.Get - HTTP GET of https://119.3.69.8:8443/auth/realms/Supra/protocol/openid-connect/certs 17:11:56.125 [http-nio-8080-exec-2] INFO o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected exception (javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present) while obtaining or using keys from JWKS endpoint at https://MY-OIDC-SERVER-URI/openid-connect/certs): JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci...34IfpdFF8g 17:11:56.128 [http-nio-8080-exec-2] DEBUG o.a.g.a.o.t.TokenValidationService - Invalid JWT received. org.jose4j.jwt.consumer.InvalidJwtException: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected exception (javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present) while obtaining or using keys from JWKS endpoint at https://MY-OIDC-SERVER-URI/openid-connect/certs): JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci…34IfpdFF8g Thanks, Yang - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
Disable SSL certificate verification with OpenID Connect Authentication
Hello, I’m testing OpenID Connect Authentication with https on, and got the problem below. Could you help to tell how to disable ssl certificate verification? Is there a “ssl_verify” flag that I can turn off? 17:11:56.117 [http-nio-8080-exec-2] DEBUG org.jose4j.http.Get - HTTP GET of https://119.3.69.8:8443/auth/realms/Supra/protocol/openid-connect/certs 17:11:56.125 [http-nio-8080-exec-2] INFO o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected exception (javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present) while obtaining or using keys from JWKS endpoint at https://MY-OIDC-SERVER-URI/openid-connect/certs): JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci...34IfpdFF8g 17:11:56.128 [http-nio-8080-exec-2] DEBUG o.a.g.a.o.t.TokenValidationService - Invalid JWT received. org.jose4j.jwt.consumer.InvalidJwtException: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"} due to an unexpected exception (javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present) while obtaining or using keys from JWKS endpoint at https://MY-OIDC-SERVER-URI/openid-connect/certs): JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : "4SUxbbXKnge_r1h1jgjQOUYQk7yg_bHnqBIZTFSPbxY"}->eyJhbGci…34IfpdFF8g Thanks, Yang