Re: Client timeout anomaly
Hi, I have no familiarity with the internals of Guacamole, but I do have a pretty strong network knowledge. Reading this email thread, the symptoms are very similar to something that has bit me more than once in my career. If there is a statefull firewall configured somewhere at either end of the connection, there may be a chance that the firewall is expiring states too quickly. Given that the web browser is opening a "tunnel" to Tomcat, rather than a more typical "short lived" https connection, a (misconfigured/aggressive) firewall may just think that wow, that connection is taking way too long and close the connection (even though there is traffic over the tunnel). I'd probably start on the client running Wireshark to capture packets up until the first reconnect. Unfortunately, analyzing a Wireshark data capture takes some very technical networking knowledge. I have to agree with Nick in that it seems likely to be a network level issue (either end) with the one ISP. Cheers, Steve Williams PS. I did a quick google and found the following blog post. I have never used sonic wall, but this is exactly what I was referring to, except over a VPN rather than a HTTPS tunnel. https://www.cantarus.com/news/blogs/details/SonicWALL-VPN-Tunnel-Configuration-Best-Practice-for-Remote-Desktop-Services ... TCP Timeout In my experience, the single biggest cause of dropped RDS connections over VPN tunnels is due to TCP timeout settings that are too low. When creating a firewall rule in SonicWALL firewalls, the TCP Connection Inactivity Timeout is set to 15 minutes by default. Although one might consider that an active RDS session should not be considered inactive by the SonicWALL, in practice this value can indeed cause the RDS connections to be dropped. Based on experience, I recommend this is changed to at least 120 minutes. ... On 16/12/2020 11:22 a.m., Nick Couchman wrote: On Wed, Dec 16, 2020 at 12:46 PM Pietro <mailto:gpietro4...@gmail.com>> wrote: Hi Nick, Honestly we are not convinced the issue is on the network. The 4G connection we experienced the issue with is fast and it is used daily with no issues or slowdowns. It is used for conference calls and with various remote desktop protocols (VNC, RDP) and clients (noVNC, xfreerdp and rdesktop) with no issues. We would like to use Guacamole with it as well. Whether the network is performing well or not does not necessarily indicate whether they're doing something to the traffic that could adversely impact the way in which Guacamole works. I'm not saying it's definitely the network, but, if that's the only network on which you experience problems, and other networks (like a different 4G network or WiFi) work fine, then I suspect it's something somehow related to the network. I'm just looking for common issues that point in one direction or another. Do the logs we sent you suggest that there might be problems in the guacamole code/protocol? No, the logs you've provided are not indicative of any problems in the code or protocol. Furthermore, again, the fact that it works fine on some networks (including other 4G networks), and that there are not many other users on the mailing list reporting these types of issues makes me less inclined to believe there's a bug in the code. The logs you sent indicate that guacd is not receiving the messages it expects from the client in the timeframe it expects them. This could be an issue with Tomcat or something else on the server, but it also could be an issue where the messages from the client are getting dropped somewhere along the way. Based on the information you've provided, I lean toward the later, but, again, it's just my guess. In particular if you check the events timing and their correlation with the components involved in the chain (e.g. browser-side and Tomcat-side) you should notice that "strange" things happen. Based on the log messages you provided, what I see is: - guacd stops receiving messages from the client, for some, as yet unknown, reason. - After a timeout period, guacd shuts down the connection, assuming that the user is no longer there. - Tomcat complains about the fact that the connection to guacd has been terminated unexpectedly. The only thing "strange" about this is why guacd stops receiving messages from the client, which is what needs to be investigated. The rest of the messages seem pretty normal to me. We are evaluating the use of Guacamole in an environment where there might be up to 25 concurrent users connected to the same RDP target (or VM). Users are spread all over the Europe and access through various networks, from here our concerns. Sure, understand the concern and the need to get it working correctly, and we're happy to help you work through the issues. Bu
Re: RDP issue Guacamole 1.1.0 new install, SSH works
Hi, To follow up on this, I have tracked it down to a core dump in freeRDP #0 0x0595f62d7a6b in _aligned_free () from /usr/local/lib/libwinpr2.so.0.0 #1 0x059695a59205 in Bitmap_Free () from /usr/local/lib/libfreerdp2.so.0.0 #2 0x059695a1979d in gdi_bitmap_update () from /usr/local/lib/libfreerdp2.so.0.0 #3 0x059695a75494 in fastpath_recv_update () from /usr/local/lib/libfreerdp2.so.0.0 #4 0x059695a73a63 in fastpath_recv_updates () from /usr/local/lib/libfreerdp2.so.0.0 #5 0x059695a6f438 in rdp_recv_pdu () from /usr/local/lib/libfreerdp2.so.0.0 #6 0x059695a6ea14 in rdp_recv_callback () from /usr/local/lib/libfreerdp2.so.0.0 #7 0x059695a77e33 in transport_check_fds () from /usr/local/lib/libfreerdp2.so.0.0 #8 0x059695a6fc41 in rdp_check_fds () from /usr/local/lib/libfreerdp2.so.0.0 #9 0x059695a58098 in freerdp_check_fds () from /usr/local/lib/libfreerdp2.so.0.0 #10 0x059695a58331 in freerdp_check_event_handles () from /usr/local/lib/libfreerdp2.so.0.0 #11 0x0596756a5e10 in guac_rdp_client_thread (data=Variable "data" is not available. I am troubleshooting the install of FreeRDP on my system. Thanks, Steve W. On 18/04/2020 5:16 p.m., Steve Williams wrote: Hi, I have recently installed guacamole 1.1.0 running under Tomcat 9.0.22. Right now, this is only running local to my Intranet, it's not publicly accessible for security reasons until I get it working. SSH sessions through guacamole work totally fine, but when I try an RDP session, it appears the child process is suddenly exiting silently. I have looked for a "core" file, but there isn't one. pcengine$ guacd -f -L debug guacd[28399]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started guacd[28399]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822 guacd[28399]: INFO: Listening on host 127.0.0.1, port 4822 guacd[28399]: INFO: Creating new client for protocol "rdp" guacd[28399]: INFO: Connection ID is "$eb17d7b3-8e23-42f5-8265-7d2f718a4188" guacd[53664]: DEBUG: Processing instruction: size guacd[53664]: DEBUG: Processing instruction: audio guacd[53664]: DEBUG: Processing instruction: video guacd[53664]: DEBUG: Processing instruction: image guacd[53664]: DEBUG: Processing instruction: timezone guacd[53664]: DEBUG: Parameter "console" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "console-audio" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "disable-auth" omitted. Using default value of 0. guacd[53664]: INFO: No security mode specified. Defaulting to security mode negotiation with server. guacd[53664]: DEBUG: User resolution is 1557x831 at 96 DPI guacd[53664]: DEBUG: Parameter "dpi" omitted. Using default value of 96. guacd[53664]: DEBUG: Using resolution of 1556x831 at 96 DPI guacd[53664]: DEBUG: Parameter "read-only" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "client-name" omitted. Using default value of "Guacamole RDP". guacd[53664]: DEBUG: Parameter "enable-wallpaper" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "enable-theming" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "enable-font-smoothing" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "enable-full-window-drag" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "enable-desktop-composition" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "enable-menu-animations" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "disable-bitmap-caching" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "disable-offscreen-caching" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "disable-glyph-caching" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "color-depth" omitted. Using default value of 16. guacd[53664]: DEBUG: Parameter "disable-audio" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "enable-printing" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "printer-name" omitted. Using default value of "Guacamole Printer". guacd[53664]: DEBUG: Parameter "enable-drive" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "drive-name" omitted. Using default value of "Guacamole Filesystem". guacd[53664]: DEBUG: Parameter "drive-path" omitted. Using default value of "". guacd[53664]: DEBUG: Parameter "create-drive-path" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "timezone&
RDP issue Guacamole 1.1.0 new install, SSH works
value of 0. guacd[53664]: DEBUG: Parameter "recording-include-keys" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "create-recording-path" omitted. Using default value of 0. guacd[53664]: INFO: Resize method: none guacd[53664]: DEBUG: Parameter "enable-audio-input" omitted. Using default value of 0. guacd[53664]: DEBUG: Parameter "gateway-port" omitted. Using default value of 443. guacd[53664]: INFO: User "@7ac6e2c7-6962-4eaf-b7a2-5d1d9376983d" joined connection "$eb17d7b3-8e23-42f5-8265-7d2f718a4188" (1 users now present) guacd[53664]: DEBUG: Client is using protocol version "VERSION_1_1_0" guacd[53664]: INFO: Loading keymap "base" guacd[53664]: INFO: Loading keymap "en-us-qwerty" guacd[53664]: DEBUG: Support for CLIPRDR (clipboard redirection) registered. Awaiting channel connection. guacd[53664]: DEBUG: Support for static channel "rdpdr" loaded. guacd[53664]: DEBUG: Support for static channel "rdpsnd" loaded. guacd[53664]: DEBUG: Local framebuffer format PIXEL_FORMAT_BGRX32 guacd[53664]: DEBUG: Remote framebuffer format PIXEL_FORMAT_RGB16 guacd[53664]: DEBUG: CLIPRDR (clipboard redirection) channel connected. guacd[53664]: DEBUG: SVC "rdpdr" connected. guacd[53664]: DEBUG: SVC "rdpsnd" connected. guacd[28399]: INFO: Connection "$eb17d7b3-8e23-42f5-8265-7d2f718a4188" removed. I have verified that the laptop I am trying to connect to has RDP enabled (by connecting from another laptop). I have also allocated DHCP static IP's to make sure they don't change unexpectedly! I am keeping things simple with a user-mapping.xml file and the relevant entry would be: ... rdp 192.168.124.101 3389 true What can I do to troubleshoot this further? Just for reference, here is an SSH session log file: guacd[28399]: INFO: Creating new client for protocol "ssh" guacd[28399]: INFO: Connection ID is "$9330e7a2-6547-49a5-8536-64163934eec0" guacd[85425]: INFO: Current locale does not use UTF-8. Some characters may not render correctly. guacd[85425]: DEBUG: Processing instruction: size guacd[85425]: DEBUG: Processing instruction: audio guacd[85425]: DEBUG: Processing instruction: video guacd[85425]: DEBUG: Processing instruction: image guacd[85425]: DEBUG: Processing instruction: timezone guacd[85425]: DEBUG: Parameter "scrollback" omitted. Using default value of 1000. guacd[85425]: DEBUG: Parameter "font-name" omitted. Using default value of "monospace". guacd[85425]: DEBUG: Parameter "font-size" omitted. Using default value of 12. guacd[85425]: DEBUG: Parameter "color-scheme" omitted. Using default value of "". guacd[85425]: DEBUG: Parameter "enable-sftp" omitted. Using default value of 0. guacd[85425]: DEBUG: Parameter "sftp-root-directory" omitted. Using default value of "/". guacd[85425]: DEBUG: Parameter "read-only" omitted. Using default value of 0. guacd[85425]: DEBUG: Parameter "typescript-name" omitted. Using default value of "typescript". guacd[85425]: DEBUG: Parameter "create-typescript-path" omitted. Using default value of 0. guacd[85425]: DEBUG: Parameter "recording-name" omitted. Using default value of "recording". guacd[85425]: DEBUG: Parameter "recording-exclude-output" omitted. Using default value of 0. guacd[85425]: DEBUG: Parameter "recording-exclude-mouse" omitted. Using default value of 0. guacd[85425]: DEBUG: Parameter "recording-include-keys" omitted. Using default value of 0. guacd[85425]: DEBUG: Parameter "create-recording-path" omitted. Using default value of 0. guacd[85425]: DEBUG: Parameter "server-alive-interval" omitted. Using default value of 0. guacd[85425]: DEBUG: Parameter "backspace" omitted. Using default value of 127. guacd[85425]: DEBUG: Parameter "terminal-type" omitted. Using default value of "linux". guacd[85425]: DEBUG: Parameter "timezone" omitted. Using default value of "America/Edmonton". guacd[85425]: INFO: User "@d6589f24-0284-4570-93e6-ea5e43692fef" joined connection "$9330e7a2-6547-49a5-8536-64163934eec0" (1 users now present) guacd[85425]: DEBUG: Client is using protocol version "VERSION_1_1_0" guacd[85425]: DEBUG: Successfully connected to host 192.168.124.4, port 22 guacd[85425]: WARNING: No known host keys provided, host identity will not be verified. guacd[85425]: DEBUG: Supported authentication methods: publickey,password guacd[85425]: WARNING: Unable to set the timezone: SSH server refused to set "TZ" variable. guacd[85425]: INFO: SSH connection successful. Thanks, Steve Williams - To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org