Re: Issues with Guacamole Disconnecting RDP sessions for remote user

2017-06-14 Thread James Fraser 
Thanks for the Suggestion

This is a home user but that does not conclude its not the router, I have 
requested this user to test using 4G internet and report back to me as it is 
very stable for me from my house and I am on only 2mbit down 1/4mbit upload and 
I sustain connections fine.



From: Christian Kraus <christian.kr...@ckc-it.at>
Sent: Wednesday, June 14, 2017 7:15:45 PM
To: user@guacamole.incubator.apache.org
Subject: AW: Issues with Guacamole Disconnecting RDP sessions for remote user



Is it possible that on this remote users there is a https spoofing configured 
on there firewall ?

I had the same behaviour on one client with https checking


rg

Christian



-Ursprüngliche Nachricht-
Von: James Fraser <james.fra...@veritec.com.au>
Gesendet: Mittwoch 14 Juni 2017 06:51
An: user@guacamole.incubator.apache.org
Betreff: RE: Issues with Guacamole Disconnecting RDP sessions for remote user

It might also be worth nothing that we are using Ubuntu 16.04 and Guacamole 
0.9.12



From: James Fraser [mailto:james.fra...@veritec.com.au]
Sent: Wednesday, 14 June 2017 2:30 PM
To: user@guacamole.incubator.apache.org
Subject: Issues with Guacamole Disconnecting RDP sessions for remote user

Hi All

Long time user of Guacamole here.

I have recently developed and deployed a Proof Of Concept

The design is running out of Microsoft Azure and the following is happening

NGINX is being used to run SSL and Auth
Auth to NGINX is done via the oauth2 proxy which is authing against our Azure 
AD (As a “webapp’ in Azure AD)

Once passing NGINX Auth you are handed over to Guacamole which is using LDAP 
authentication via Azure Active Directory Domain Services.

Our main office has really good internet 500/500 mbit and connection to servers 
via Guacamole from this location is silky smooth and nice and fast.

We have peers connected to the Guacamole Zone allowing us to access servers 
that are not internet facing and the proof of concept is working awesomely.

Except we have a few remote users who do not have the best internet connection 
but still capable of 10 mbits and ping latency of around 35ms (to the guac 
servers)

These users are experiencing RDP Disconnects, the type that does not auto 
prompt 15 seconds to reconnect but the grey window that just offers 
reconnect/home/logout

If they reconnect it reconnects fine for a short period but is happening every 
1-2 minutes

I have so far tried the following unsuccessfully:

  *   Firefox/Chrome/Internet Exploder
  *   Bypassing NGINX and having this user connect to Tomcat on 8080 over HTTP

The tomcat log shows the following:
Exception in thread "Thread-208" java.lang.IllegalStateException: Message will 
not be sent because the WebSocket session has been closed
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:384)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:340)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:755)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:252)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)
at 
org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
at 
org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:169)

Guacd does not seem to be logging anything worth mentioning to the syslog

I will note the RDP connections are to Server 2016 servers utilising NLA (With 
certificate ignored)

If anyone could shed some light on trouble shooting this would be excellent.

James Fraser • Microsoft Systems Engineer
P +61 2 6175 9200 • M 0402 260 606
E james.fra...@veritec.com.au<mailto:james.fra...@veritec.com.au> • W 
veritec.com.au<http://www.veritec.com.au>


--
This email was Malware checked by UTM 9. http://www.sophos.com


--
This email was Malware checked by UTM 9. http://www.sophos.com

AW: Issues with Guacamole Disconnecting RDP sessions for remote user

2017-06-14 Thread Christian Kraus 
Is it possible that on this remote users there is a https spoofing configured 
on there firewall ?

I had the same behaviour on one client with https checking



rg

Christian





-Ursprüngliche Nachricht-
Von: James Fraser <james.fra...@veritec.com.au>
Gesendet: Mittwoch 14 Juni 2017 06:51
An: user@guacamole.incubator.apache.org
Betreff: RE: Issues with Guacamole Disconnecting RDP sessions for remote user

It might also be worth nothing that we are using Ubuntu 16.04 and Guacamole 
0.9.12

 
 
 
From: James Fraser [mailto:james.fra...@veritec.com.au] 
 Sent: Wednesday, 14 June 2017 2:30 PM
 To: user@guacamole.incubator.apache.org
 Subject: Issues with Guacamole Disconnecting RDP sessions for remote user

 
Hi All

 
Long time user of Guacamole here.

 
I have recently developed and deployed a Proof Of Concept

 
The design is running out of Microsoft Azure and the following is happening

 
NGINX is being used to run SSL and Auth

Auth to NGINX is done via the oauth2 proxy which is authing against our Azure 
AD (As a “webapp’ in Azure AD)

 
Once passing NGINX Auth you are handed over to Guacamole which is using LDAP 
authentication via Azure Active Directory Domain Services.

 
Our main office has really good internet 500/500 mbit and connection to servers 
via Guacamole from this location is silky smooth and nice and fast.


 We have peers connected to the Guacamole Zone allowing us to access servers 
that are not internet facing and the proof of concept is working awesomely.

 
Except we have a few remote users who do not have the best internet connection 
but still capable of 10 mbits and ping latency of around 35ms (to the guac 
servers)

 
These users are experiencing RDP Disconnects, the type that does not auto 
prompt 15 seconds to reconnect but the grey window that just offers 
reconnect/home/logout

 
If they reconnect it reconnects fine for a short period but is happening every 
1-2 minutes

 
I have so far tried the following unsuccessfully:

*   Firefox/Chrome/Internet Exploder
*   Bypassing NGINX and having this user connect to Tomcat on 8080 over HTTP

 
The tomcat log shows the following:

Exception in thread "Thread-208" java.lang.IllegalStateException: Message will 
not be sent because the WebSocket session has been closed

    at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:384)

    at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:340)

    at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:755)

    at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:252)

    at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)

    at 
org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)

    at 
org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:169)

 
Guacd does not seem to be logging anything worth mentioning to the syslog

 
I will note the RDP connections are to Server 2016 servers utilising NLA (With 
certificate ignored)

 
If anyone could shed some light on trouble shooting this would be excellent.

 
James Fraser • Microsoft Systems Engineer
 P +61 2 6175 9200 • M 0402 260 606
 E james.fra...@veritec.com.au <mailto:james.fra...@veritec.com.au> • W 
veritec.com.au <http://www.veritec.com.au> 

 

-- 
This email was Malware checked by UTM 9. http://www.sophos.com

-- 
This email was Malware checked by UTM 9. http://www.sophos.com

RE: Issues with Guacamole Disconnecting RDP sessions for remote user

2017-06-13 Thread James Fraser 
It might also be worth nothing that we are using Ubuntu 16.04 and Guacamole 
0.9.12



From: James Fraser [mailto:james.fra...@veritec.com.au]
Sent: Wednesday, 14 June 2017 2:30 PM
To: user@guacamole.incubator.apache.org
Subject: Issues with Guacamole Disconnecting RDP sessions for remote user

Hi All

Long time user of Guacamole here.

I have recently developed and deployed a Proof Of Concept

The design is running out of Microsoft Azure and the following is happening

NGINX is being used to run SSL and Auth
Auth to NGINX is done via the oauth2 proxy which is authing against our Azure 
AD (As a "webapp' in Azure AD)

Once passing NGINX Auth you are handed over to Guacamole which is using LDAP 
authentication via Azure Active Directory Domain Services.

Our main office has really good internet 500/500 mbit and connection to servers 
via Guacamole from this location is silky smooth and nice and fast.

We have peers connected to the Guacamole Zone allowing us to access servers 
that are not internet facing and the proof of concept is working awesomely.

Except we have a few remote users who do not have the best internet connection 
but still capable of 10 mbits and ping latency of around 35ms (to the guac 
servers)

These users are experiencing RDP Disconnects, the type that does not auto 
prompt 15 seconds to reconnect but the grey window that just offers 
reconnect/home/logout

If they reconnect it reconnects fine for a short period but is happening every 
1-2 minutes

I have so far tried the following unsuccessfully:

  *   Firefox/Chrome/Internet Exploder
  *   Bypassing NGINX and having this user connect to Tomcat on 8080 over HTTP

The tomcat log shows the following:
Exception in thread "Thread-208" java.lang.IllegalStateException: Message will 
not be sent because the WebSocket session has been closed
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:384)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:340)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:755)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:252)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)
at 
org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
at 
org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:169)

Guacd does not seem to be logging anything worth mentioning to the syslog

I will note the RDP connections are to Server 2016 servers utilising NLA (With 
certificate ignored)

If anyone could shed some light on trouble shooting this would be excellent.

James Fraser * Microsoft Systems Engineer
P +61 2 6175 9200 * M 0402 260 606
E james.fra...@veritec.com.au<mailto:james.fra...@veritec.com.au> * W 
veritec.com.au<http://www.veritec.com.au>

Issues with Guacamole Disconnecting RDP sessions for remote user

2017-06-13 Thread James Fraser 
Hi All

Long time user of Guacamole here.

I have recently developed and deployed a Proof Of Concept

The design is running out of Microsoft Azure and the following is happening

NGINX is being used to run SSL and Auth
Auth to NGINX is done via the oauth2 proxy which is authing against our Azure 
AD (As a "webapp' in Azure AD)

Once passing NGINX Auth you are handed over to Guacamole which is using LDAP 
authentication via Azure Active Directory Domain Services.

Our main office has really good internet 500/500 mbit and connection to servers 
via Guacamole from this location is silky smooth and nice and fast.

We have peers connected to the Guacamole Zone allowing us to access servers 
that are not internet facing and the proof of concept is working awesomely.

Except we have a few remote users who do not have the best internet connection 
but still capable of 10 mbits and ping latency of around 35ms (to the guac 
servers)

These users are experiencing RDP Disconnects, the type that does not auto 
prompt 15 seconds to reconnect but the grey window that just offers 
reconnect/home/logout

If they reconnect it reconnects fine for a short period but is happening every 
1-2 minutes

I have so far tried the following unsuccessfully:

  *   Firefox/Chrome/Internet Exploder
  *   Bypassing NGINX and having this user connect to Tomcat on 8080 over HTTP

The tomcat log shows the following:
Exception in thread "Thread-208" java.lang.IllegalStateException: Message will 
not be sent because the WebSocket session has been closed
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:384)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:340)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:755)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:252)
at 
org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)
at 
org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
at 
org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:169)

Guacd does not seem to be logging anything worth mentioning to the syslog

I will note the RDP connections are to Server 2016 servers utilising NLA (With 
certificate ignored)

If anyone could shed some light on trouble shooting this would be excellent.

James Fraser * Microsoft Systems Engineer
P +61 2 6175 9200 * M 0402 260 606
E james.fra...@veritec.com.au * W 
veritec.com.au