RE: Issue with Windows 10 RDP
I’m not really sure what happened, but the network was down on that VM, so I disabled it and re-enabled it. Still got the errors. Then on the Guac side, for that connection, I changed the Hostname to be the IP, set Security Mode to none (blank), and clicked “Ignore server certificate”, and it let me in. Not sure why this didn’t work originally, but it seems good now. Thanks, Harry From: Devine, Harry (FAA) Sent: Friday, April 5, 2024 7:32 AM To: user@guacamole.apache.org Subject: RE: Issue with Windows 10 RDP CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. We have another set of Guacamole servers that have Windows connections and those work fine. We only have FIPS enabled on our Linux servers where Guac is installed, so I don’t see how that would be causing anything. Like I said earlier, I’ve tried every security setting in the Guac Connection page and none work. I’m just not sure what I’m missing on the Windows machine. The other Windows servers I mentioned earlier all prompt for a login name and password. This new one seems to get sent the user that’s logged into Guac and it rejects it. Thanks, Harry From: Sean Hulbert mailto:shulb...@securitycentric.net.INVALID>> Sent: Thursday, April 4, 2024 10:56 PM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Re: Issue with Windows 10 RDP CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. Windows 10 Pro default install does not enable NLA, however updates will enable it, make sure NLA is disabled on Windows OS. We run Windows OS in FIPS mode as part of our STIG, this works just fine. Our build out is on a Debian 11 OS using FIPS only encryption modules which are transparent to Guacamole. Only registry setting I recall is to make Windows prompt for login when the legal notice is not set in the GPO. Hope this helps. Thank You Sean Hulbert Founder / CEO Work Ph: 925.663.5565 Security Centric Inc. A Cybersecurity Virtualization Enablement Company StormCloud Gov, Protected CUI Environment! [cid:image001.png@01DA8751.526B10A0] Industry's most secure virtual desktops! FedRAMP MIL4 in process (RAR) System Award Management CAGE: 8AUV4 SAM ID: UMJLJ8A7BMT3 AFCEA San Francisco Chapter President If you have heard of a hacker by name, he/she has failed, fear the hacker you haven’t heard of! CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. Content within this email communication is not legally binding as a contract and no promises are guaranteed unless in a formal contract outside this email communication. igitur qui desiderat pacem, praeparet bellum!!! Epitoma Rei Militaris On 4/4/2024 7:16 PM, Nick Couchman wrote: On Thu, Apr 4, 2024 at 7:58 PM Jon Gerdes mailto:gerd...@blueloop.net>> wrote: Dear all Whatever that random internet link says, I have quite literally set up a Guacamole connection to a Windows 2022 server ... today. Please don't fiddle with your registry unless you now what you are doing - you will probably end up less secure and without a solution. Tend to agree, here - I use Guacamole on a daily basis to log in to Windows 10 and 11, and Windows Server 2003 - 2022, and I do not have to make special registry modifications to get it to work. Most of the servers use NLA. That said, I am not using FIPS mode. -Nick
RE: Issue with Windows 10 RDP
We have another set of Guacamole servers that have Windows connections and those work fine. We only have FIPS enabled on our Linux servers where Guac is installed, so I don’t see how that would be causing anything. Like I said earlier, I’ve tried every security setting in the Guac Connection page and none work. I’m just not sure what I’m missing on the Windows machine. The other Windows servers I mentioned earlier all prompt for a login name and password. This new one seems to get sent the user that’s logged into Guac and it rejects it. Thanks, Harry From: Sean Hulbert Sent: Thursday, April 4, 2024 10:56 PM To: user@guacamole.apache.org Subject: Re: Issue with Windows 10 RDP CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. Windows 10 Pro default install does not enable NLA, however updates will enable it, make sure NLA is disabled on Windows OS. We run Windows OS in FIPS mode as part of our STIG, this works just fine. Our build out is on a Debian 11 OS using FIPS only encryption modules which are transparent to Guacamole. Only registry setting I recall is to make Windows prompt for login when the legal notice is not set in the GPO. Hope this helps. Thank You Sean Hulbert Founder / CEO Work Ph: 925.663.5565 Security Centric Inc. A Cybersecurity Virtualization Enablement Company StormCloud Gov, Protected CUI Environment! [cid:image001.png@01DA872B.5E739EB0] Industry's most secure virtual desktops! FedRAMP MIL4 in process (RAR) System Award Management CAGE: 8AUV4 SAM ID: UMJLJ8A7BMT3 AFCEA San Francisco Chapter President If you have heard of a hacker by name, he/she has failed, fear the hacker you haven’t heard of! CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. Content within this email communication is not legally binding as a contract and no promises are guaranteed unless in a formal contract outside this email communication. igitur qui desiderat pacem, praeparet bellum!!! Epitoma Rei Militaris On 4/4/2024 7:16 PM, Nick Couchman wrote: On Thu, Apr 4, 2024 at 7:58 PM Jon Gerdes mailto:gerd...@blueloop.net>> wrote: Dear all Whatever that random internet link says, I have quite literally set up a Guacamole connection to a Windows 2022 server ... today. Please don't fiddle with your registry unless you now what you are doing - you will probably end up less secure and without a solution. Tend to agree, here - I use Guacamole on a daily basis to log in to Windows 10 and 11, and Windows Server 2003 - 2022, and I do not have to make special registry modifications to get it to work. Most of the servers use NLA. That said, I am not using FIPS mode. -Nick
Re: Issue with Windows 10 RDP
Windows 10 Pro default install does not enable NLA, however updates will enable it, make sure NLA is disabled on Windows OS. We run Windows OS in FIPS mode as part of our STIG, this works just fine. Our build out is on a Debian 11 OS using FIPS only encryption modules which are transparent to Guacamole. Only registry setting I recall is to make Windows prompt for login when the legal notice is not set in the GPO. Hope this helps. *Thank You* Sean Hulbert *Founder / CEO* *Work Ph:* 925.663.5565 *Security Centric Inc.* A Cybersecurity Virtualization Enablement Company /StormCloud Gov, Protected CUI Environment!/ Industry's most secure virtual desktops! */FedRAMP MIL4 in process (RAR)/* System Award Management *CAGE: 8AUV4* *SAM ID: UMJLJ8A7BMT3* AFCEA San Francisco Chapter President If you have heard of a hacker by name, he/she has failed, fear the hacker you haven’t heard of! CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. Content within this email communication is not legally binding as a contract and no promises are guaranteed unless in a formal contract outside this email communication. igitur qui desiderat pacem, praeparet bellum!!! Epitoma Rei Militaris On 4/4/2024 7:16 PM, Nick Couchman wrote: On Thu, Apr 4, 2024 at 7:58 PM Jon Gerdes wrote: Dear all Whatever that random internet link says, I have quite literally set up a Guacamole connection to a Windows 2022 server ... today. Please don't fiddle with your registry unless you now what you are doing - you will probably end up less secure and without a solution. Tend to agree, here - I use Guacamole on a daily basis to log in to Windows 10 and 11, and Windows Server 2003 - 2022, and I do not have to make special registry modifications to get it to work. Most of the servers use NLA. That said, I am not using FIPS mode. -Nick
Re: Issue with Windows 10 RDP
On Thu, Apr 4, 2024 at 7:58 PM Jon Gerdes wrote: > Dear all > > Whatever that random internet link says, I have quite literally set up a > Guacamole connection to a Windows 2022 server ... today. > > Please don't fiddle with your registry unless you now what you are doing - > you will probably end up less secure and without a solution. > > Tend to agree, here - I use Guacamole on a daily basis to log in to Windows 10 and 11, and Windows Server 2003 - 2022, and I do not have to make special registry modifications to get it to work. Most of the servers use NLA. That said, I am not using FIPS mode. -Nick >
Re: Issue with Windows 10 RDP
Dear all Whatever that random internet link says, I have quite literally set up a Guacamole connection to a Windows 2022 server ... today. Please don't fiddle with your registry unless you now what you are doing - you will probably end up less secure and without a solution. If I had to guess, it will be DNS. You must create the right environment for this sort of stuff and not subscribe to magic thinking. If you want a hand with that, we will need details (but no usernames or passwords - those are yours alone) of your network and what runs it. That regedit looks like it turns off authentication in some way which is a bad idea Cheers Jon On Thu, 2024-04-04 at 16:46 -0300, Juan Pablo Largente wrote: Some time ago, I dealt with the same issue. I had to change some Register values in order to be able to connect to Win 10 terminals. This link says which keys to change https://mangolassi.it/topic/17846/make-windows-10-server-2016-rdp-work-with-guacamole On Thu, Apr 4, 2024 at 4:42 PM Devine, Harry (FAA) wrote: I have “Any” now, but NLA didn’t work either. No matter what I choose, I get that “RDP server closed/refused connection: Server refused connection (wrong security type?)” error. Thanks, Harry From: Horváth Csaba mailto:horvathcsabalas...@gmail.com>> Sent: Thursday, April 4, 2024 3:31 PM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Re: Issue with Windows 10 RDP CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. Hi, Which security mode you have chosen? NLA is required for newer Windows versions. Cs. Devine, Harry (FAA) mailto:harry.dev...@faa.gov.invalid>> ezt írta (időpont: 2024. ápr. 4., Cs, 21:18): I am having an issue connecting to a new Windows 10 machine we stood up. I’ve had this issue before, but everything that was suggested for that issue doesn’t work here. I have enabled Remote Desktop on the server, added the local accounts needed, and added them to the Remote Desktop Users group. The Windows Firewall also is allowing RDP over 3389. On the Guac server, I set the connection security to Any, and I’m logged into Guac with my account that has a matching account on the Windows machine. When I log in, the windows says “The remote server is unavailable”, and /var/log/messages on the server (running Guac 1.5.4), shows: Apr 4 15:12:50 access guacd[2286]: Creating new client for protocol "rdp" Apr 4 15:12:50 access guacd[2286]: Connection ID is "$58d124a2-4e95-492d-8276-8ea335d08dc4" Apr 4 15:12:50 access guacd[1475582]: Security mode: Negotiate (ANY) Apr 4 15:12:50 access guacd[1475582]: Resize method: none Apr 4 15:12:50 access server[1652]: 15:12:50.415 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "816". Apr 4 15:12:50 access guacd[1475582]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Apr 4 15:12:50 access server[1652]: 15:12:50.416 [http-nio-8080-exec-1] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Apr 4 15:12:50 access guacd[1475582]: User "@b5fa063a-d482-4150-9d76-398043991dfd" joined connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" (1 users now present) Apr 4 15:12:50 access guacd[1475582]: Loading keymap "base" Apr 4 15:12:50 access guacd[1475582]: Loading keymap "en-us-qwerty" Apr 4 15:12:50 access guacd[1475582]: FIPS mode is enabled. Excluding NLA security mode from security negotiation (see:https://github.com/FreeRDP/FreeRDP/issues/3412). Apr 4 15:12:50 access guacd[1475582]: RDP server closed/refused connection: Server refused connection (wrong security type?) Apr 4 15:12:50 access guacd[1475582]: User "@b5fa063a-d482-4150-9d76-398043991dfd" disconnected (0 users remain) Apr 4 15:12:50 access guacd[1475582]: Last user of connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" disconnected Apr 4 15:12:50 access guacd[2286]: Connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" removed. Any ideas? I can’t seem to find any usable solutions when I research this online. Thanks, Harry [cid:ii_18eaaa585224cff311] Harry Devine Secure-OSE System Administrator Red Hat Certified System Administrator (RHCSA) Office: (609) 485-4218 Personal Cell: (609) 276-0555 FAA Cell: (609) 612-7274 Home Office/Telework: (609) 547-3579 Email :harry.dev...@faa.gov<mailto:harry.dev...@faa.gov> William J Hughes Technical Center Building 300 3rd Floor Column L20 Atlantic City, NJ 08405 -- JUAN PABLO LARGENTE GERENTE OPERATIVO [http://www.maersoft.com.ar/firmasMail/logo-maer-firmas.png]<http://www.maersoft.com.ar/> Av. Rivadavia 2358 3º Izq. CP 1034ACP -CABA, Argentina T. 50313969 maersoft.com.ar<http://maersoft.com.ar/>
Re: Issue with Windows 10 RDP
According to your guacd log, it looks like FIPS mode is enabled somewhere, which isn't compatible with NLA. I've been using Guacamole with Windows 10 with no issues, since Windows 10 was released. Here's my guacd log connecting to Windows 10: guacd[1]: INFO: Creating new client for protocol "rdp" guacd[1]: INFO: Connection ID is "$f3477e92-b703-49d6-919e-a63cb928255f" guacd[2378]: INFO: Security mode: Negotiate (ANY) guacd[2378]: INFO: Resize method: none guacd[2378]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. guacd[2378]: INFO: User "@7695c2df-202b-4f77-925a-59c38f01281e" joined connection "$f3477e92-b703-49d6-919e-a63cb928255f" (1 users now present) guacd[2378]: INFO: Recording of session will be saved to "/var/lib/guacamole/recordings/24c89d21-d71d-31a5-b3a0-e349dba3a2dc/57_redux.swiftlab.local_20240404_194834". guacd[2378]: INFO: Loading keymap "base" guacd[2378]: INFO: Loading keymap "en-us-qwerty" guacd[2378]: INFO: Connected to RDPDR 1.13 as client 0x0004 guacd[2378]: INFO: Connected to RDPDR 1.13 as client 0x0001 guacd[2378]: INFO: RDPDR user logged on guacd[2378]: INFO: Accepted format: 16-bit PCM with 2 channels at 44100 Hz guacd[2378]: INFO: Accepted format: 16-bit PCM with 2 channels at 44100 H On Thu, Apr 4, 2024 at 2:47 PM Devine, Harry (FAA) wrote: > If I change it to NLA, the browser just says “You have been disconnected”, > and /var/log/messages shows: > > > > Apr 4 15:42:40 access guacd[2286]: Creating new client for protocol "rdp" > > Apr 4 15:42:40 access guacd[2286]: Connection ID is > "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" > > Apr 4 15:42:40 access guacd[1476113]: Security mode: NLA > > Apr 4 15:42:40 access guacd[1476113]: NLA security mode was selected, but > is known to be currently incompatible with FIPS mode (see > FreeRDP/FreeRDP#3412). Security negotiation with the RDP server may fail > unless TLS security mode is selected instead. > > Apr 4 15:42:40 access guacd[1476113]: Resize method: none > > Apr 4 15:42:40 access guacd[1476113]: No clipboard line-ending > normalization specified. Defaulting to preserving the format of all line > endings. > > Apr 4 15:42:40 access guacd[1476113]: User > "@fa0b5239-e6bf-4751-995c-b3e71c1ee057" joined connection > "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" (1 users now present) > > Apr 4 15:42:40 access server[1652]: 15:42:40.905 [http-nio-8080-exec-10] > INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to > connection "816". > > Apr 4 15:42:40 access server[1652]: 15:42:40.905 [http-nio-8080-exec-10] > INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel > (not WebSocket). Performance may be sub-optimal. > > Apr 4 15:42:40 access guacd[1476113]: Loading keymap "base" > > Apr 4 15:42:40 access guacd[1476113]: Loading keymap "en-us-qwerty" > > Apr 4 15:42:41 access guacd[1476113]: RDP server closed/refused > connection: Security negotiation failed (wrong security type?) > > Apr 4 15:42:41 access guacd[1476113]: User > "@fa0b5239-e6bf-4751-995c-b3e71c1ee057" disconnected (0 users remain) > > Apr 4 15:42:41 access guacd[1476113]: Last user of connection > "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" disconnected > > Apr 4 15:42:41 access guacd[2286]: Connection > "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" removed. > > Apr 4 15:42:41 access server[1652]: 15:42:41.279 [http-nio-8080-exec-9] > INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" disconnected > from connection "816". Duration: 374 milliseconds > > > > If I change it to “TLS Encryption”, it fails the same way that Any does. > > > > Thanks, > > Harry > > > > *From:* Devine, Harry (FAA) > *Sent:* Thursday, April 4, 2024 3:40 PM > *To:* user@guacamole.apache.org > *Subject:* RE: Issue with Windows 10 RDP > > > > *CAUTION:* This email originated from outside of the Federal Aviation > Administration (FAA). Do not click on links or open attachments unless you > recognize the sender and know the content is safe. > > > > I have “Any” now, but NLA didn’t work either. No matter what I choose, I > get that “RDP server closed/refused connection: Server refused connection > (wrong security type?)” error. > > > > Thanks, > > Harry > > > > *From:* Horváth Csaba > *Sent:* Thursday, April 4, 2024 3:31 PM > *To:* user@guacamole.apache.org > *Subject:* Re: Issue with Windows 10 RDP > > > > *CAUTION:* This email originated from outside of the Federal Aviation > Ad
Re: Issue with Windows 10 RDP
Some time ago, I dealt with the same issue. I had to change some Register values in order to be able to connect to Win 10 terminals. This link says which keys to change https://mangolassi.it/topic/17846/make-windows-10-server-2016-rdp-work-with-guacamole On Thu, Apr 4, 2024 at 4:42 PM Devine, Harry (FAA) wrote: > I have “Any” now, but NLA didn’t work either. No matter what I choose, I > get that “RDP server closed/refused connection: Server refused connection > (wrong security type?)” error. > > > > Thanks, > > Harry > > > > *From:* Horváth Csaba > *Sent:* Thursday, April 4, 2024 3:31 PM > *To:* user@guacamole.apache.org > *Subject:* Re: Issue with Windows 10 RDP > > > > *CAUTION:* This email originated from outside of the Federal Aviation > Administration (FAA). Do not click on links or open attachments unless you > recognize the sender and know the content is safe. > > > > Hi, > > > > Which security mode you have chosen? NLA is required for newer Windows > versions. > > > > Cs. > > > > Devine, Harry (FAA) ezt írta (időpont: > 2024. ápr. 4., Cs, 21:18): > > I am having an issue connecting to a new Windows 10 machine we stood up. > I’ve had this issue before, but everything that was suggested for that > issue doesn’t work here. I have enabled Remote Desktop on the server, > added the local accounts needed, and added them to the Remote Desktop Users > group. The Windows Firewall also is allowing RDP over 3389. On the Guac > server, I set the connection security to Any, and I’m logged into Guac with > my account that has a matching account on the Windows machine. > > > > When I log in, the windows says “The remote server is unavailable”, and > /var/log/messages on the server (running Guac 1.5.4), shows: > > > > Apr 4 15:12:50 access guacd[2286]: Creating new client for protocol "rdp" > > Apr 4 15:12:50 access guacd[2286]: Connection ID is > "$58d124a2-4e95-492d-8276-8ea335d08dc4" > > Apr 4 15:12:50 access guacd[1475582]: Security mode: Negotiate (ANY) > > Apr 4 15:12:50 access guacd[1475582]: Resize method: none > > Apr 4 15:12:50 access server[1652]: 15:12:50.415 [http-nio-8080-exec-1] > INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to > connection "816". > > Apr 4 15:12:50 access guacd[1475582]: No clipboard line-ending > normalization specified. Defaulting to preserving the format of all line > endings. > > Apr 4 15:12:50 access server[1652]: 15:12:50.416 [http-nio-8080-exec-1] > INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel > (not WebSocket). Performance may be sub-optimal. > > Apr 4 15:12:50 access guacd[1475582]: User > "@b5fa063a-d482-4150-9d76-398043991dfd" joined connection > "$58d124a2-4e95-492d-8276-8ea335d08dc4" (1 users now present) > > Apr 4 15:12:50 access guacd[1475582]: Loading keymap "base" > > Apr 4 15:12:50 access guacd[1475582]: Loading keymap "en-us-qwerty" > > Apr 4 15:12:50 access guacd[1475582]: FIPS mode is enabled. Excluding NLA > security mode from security negotiation (see: > https://github.com/FreeRDP/FreeRDP/issues/3412). > > Apr 4 15:12:50 access guacd[1475582]: RDP server closed/refused > connection: Server refused connection (wrong security type?) > > Apr 4 15:12:50 access guacd[1475582]: User > "@b5fa063a-d482-4150-9d76-398043991dfd" disconnected (0 users remain) > > Apr 4 15:12:50 access guacd[1475582]: Last user of connection > "$58d124a2-4e95-492d-8276-8ea335d08dc4" disconnected > > Apr 4 15:12:50 access guacd[2286]: Connection > "$58d124a2-4e95-492d-8276-8ea335d08dc4" removed. > > > > Any ideas? I can’t seem to find any usable solutions when I research this > online. > > > > Thanks, > > Harry > > > > > > *Harry Devine* > > Secure-OSE System Administrator > > Red Hat Certified System Administrator (RHCSA) > > > > *Office*: (609) 485-4218 > > *Personal Cell: (609) 276-0555* > > *FAA Cell: (609) 612-7274* > > *Home Office/Telework: (609) 547-3579* > > > > *Email : harry.dev...@faa.gov * > > > > William J Hughes Technical Center > > Building 300 3rd Floor Column L20 > > Atlantic City, NJ 08405 > > > > > > > > -- JUAN PABLO LARGENTE GERENTE OPERATIVO <http://www.maersoft.com.ar/> Av. Rivadavia 2358 3º Izq. CP 1034ACP -CABA, Argentina T. 50313969 <+541150313969> maersoft.com.ar
RE: Issue with Windows 10 RDP
If I change it to NLA, the browser just says “You have been disconnected”, and /var/log/messages shows: Apr 4 15:42:40 access guacd[2286]: Creating new client for protocol "rdp" Apr 4 15:42:40 access guacd[2286]: Connection ID is "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" Apr 4 15:42:40 access guacd[1476113]: Security mode: NLA Apr 4 15:42:40 access guacd[1476113]: NLA security mode was selected, but is known to be currently incompatible with FIPS mode (see FreeRDP/FreeRDP#3412). Security negotiation with the RDP server may fail unless TLS security mode is selected instead. Apr 4 15:42:40 access guacd[1476113]: Resize method: none Apr 4 15:42:40 access guacd[1476113]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Apr 4 15:42:40 access guacd[1476113]: User "@fa0b5239-e6bf-4751-995c-b3e71c1ee057" joined connection "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" (1 users now present) Apr 4 15:42:40 access server[1652]: 15:42:40.905 [http-nio-8080-exec-10] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "816". Apr 4 15:42:40 access server[1652]: 15:42:40.905 [http-nio-8080-exec-10] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Apr 4 15:42:40 access guacd[1476113]: Loading keymap "base" Apr 4 15:42:40 access guacd[1476113]: Loading keymap "en-us-qwerty" Apr 4 15:42:41 access guacd[1476113]: RDP server closed/refused connection: Security negotiation failed (wrong security type?) Apr 4 15:42:41 access guacd[1476113]: User "@fa0b5239-e6bf-4751-995c-b3e71c1ee057" disconnected (0 users remain) Apr 4 15:42:41 access guacd[1476113]: Last user of connection "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" disconnected Apr 4 15:42:41 access guacd[2286]: Connection "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" removed. Apr 4 15:42:41 access server[1652]: 15:42:41.279 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" disconnected from connection "816". Duration: 374 milliseconds If I change it to “TLS Encryption”, it fails the same way that Any does. Thanks, Harry From: Devine, Harry (FAA) Sent: Thursday, April 4, 2024 3:40 PM To: user@guacamole.apache.org Subject: RE: Issue with Windows 10 RDP CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. I have “Any” now, but NLA didn’t work either. No matter what I choose, I get that “RDP server closed/refused connection: Server refused connection (wrong security type?)” error. Thanks, Harry From: Horváth Csaba mailto:horvathcsabalas...@gmail.com>> Sent: Thursday, April 4, 2024 3:31 PM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Re: Issue with Windows 10 RDP CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. Hi, Which security mode you have chosen? NLA is required for newer Windows versions. Cs. Devine, Harry (FAA) mailto:harry.dev...@faa.gov.invalid>> ezt írta (időpont: 2024. ápr. 4., Cs, 21:18): I am having an issue connecting to a new Windows 10 machine we stood up. I’ve had this issue before, but everything that was suggested for that issue doesn’t work here. I have enabled Remote Desktop on the server, added the local accounts needed, and added them to the Remote Desktop Users group. The Windows Firewall also is allowing RDP over 3389. On the Guac server, I set the connection security to Any, and I’m logged into Guac with my account that has a matching account on the Windows machine. When I log in, the windows says “The remote server is unavailable”, and /var/log/messages on the server (running Guac 1.5.4), shows: Apr 4 15:12:50 access guacd[2286]: Creating new client for protocol "rdp" Apr 4 15:12:50 access guacd[2286]: Connection ID is "$58d124a2-4e95-492d-8276-8ea335d08dc4" Apr 4 15:12:50 access guacd[1475582]: Security mode: Negotiate (ANY) Apr 4 15:12:50 access guacd[1475582]: Resize method: none Apr 4 15:12:50 access server[1652]: 15:12:50.415 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "816". Apr 4 15:12:50 access guacd[1475582]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Apr 4 15:12:50 access server[1652]: 15:12:50.416 [http-nio-8080-exec-1] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Apr 4 15:12:5
RE: Issue with Windows 10 RDP
I have “Any” now, but NLA didn’t work either. No matter what I choose, I get that “RDP server closed/refused connection: Server refused connection (wrong security type?)” error. Thanks, Harry From: Horváth Csaba Sent: Thursday, April 4, 2024 3:31 PM To: user@guacamole.apache.org Subject: Re: Issue with Windows 10 RDP CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. Hi, Which security mode you have chosen? NLA is required for newer Windows versions. Cs. Devine, Harry (FAA) mailto:harry.dev...@faa.gov.invalid>> ezt írta (időpont: 2024. ápr. 4., Cs, 21:18): I am having an issue connecting to a new Windows 10 machine we stood up. I’ve had this issue before, but everything that was suggested for that issue doesn’t work here. I have enabled Remote Desktop on the server, added the local accounts needed, and added them to the Remote Desktop Users group. The Windows Firewall also is allowing RDP over 3389. On the Guac server, I set the connection security to Any, and I’m logged into Guac with my account that has a matching account on the Windows machine. When I log in, the windows says “The remote server is unavailable”, and /var/log/messages on the server (running Guac 1.5.4), shows: Apr 4 15:12:50 access guacd[2286]: Creating new client for protocol "rdp" Apr 4 15:12:50 access guacd[2286]: Connection ID is "$58d124a2-4e95-492d-8276-8ea335d08dc4" Apr 4 15:12:50 access guacd[1475582]: Security mode: Negotiate (ANY) Apr 4 15:12:50 access guacd[1475582]: Resize method: none Apr 4 15:12:50 access server[1652]: 15:12:50.415 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "816". Apr 4 15:12:50 access guacd[1475582]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Apr 4 15:12:50 access server[1652]: 15:12:50.416 [http-nio-8080-exec-1] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Apr 4 15:12:50 access guacd[1475582]: User "@b5fa063a-d482-4150-9d76-398043991dfd" joined connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" (1 users now present) Apr 4 15:12:50 access guacd[1475582]: Loading keymap "base" Apr 4 15:12:50 access guacd[1475582]: Loading keymap "en-us-qwerty" Apr 4 15:12:50 access guacd[1475582]: FIPS mode is enabled. Excluding NLA security mode from security negotiation (see: https://github.com/FreeRDP/FreeRDP/issues/3412). Apr 4 15:12:50 access guacd[1475582]: RDP server closed/refused connection: Server refused connection (wrong security type?) Apr 4 15:12:50 access guacd[1475582]: User "@b5fa063a-d482-4150-9d76-398043991dfd" disconnected (0 users remain) Apr 4 15:12:50 access guacd[1475582]: Last user of connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" disconnected Apr 4 15:12:50 access guacd[2286]: Connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" removed. Any ideas? I can’t seem to find any usable solutions when I research this online. Thanks, Harry [cid:image001.png@01DA86A6.4AC68BF0] Harry Devine Secure-OSE System Administrator Red Hat Certified System Administrator (RHCSA) Office: (609) 485-4218 Personal Cell: (609) 276-0555 FAA Cell: (609) 612-7274 Home Office/Telework: (609) 547-3579 Email : harry.dev...@faa.gov<mailto:harry.dev...@faa.gov> William J Hughes Technical Center Building 300 3rd Floor Column L20 Atlantic City, NJ 08405
Re: Issue with Windows 10 RDP
Hi, Which security mode you have chosen? NLA is required for newer Windows versions. Cs. Devine, Harry (FAA) ezt írta (időpont: 2024. ápr. 4., Cs, 21:18): > I am having an issue connecting to a new Windows 10 machine we stood up. > I’ve had this issue before, but everything that was suggested for that > issue doesn’t work here. I have enabled Remote Desktop on the server, > added the local accounts needed, and added them to the Remote Desktop Users > group. The Windows Firewall also is allowing RDP over 3389. On the Guac > server, I set the connection security to Any, and I’m logged into Guac with > my account that has a matching account on the Windows machine. > > > > When I log in, the windows says “The remote server is unavailable”, and > /var/log/messages on the server (running Guac 1.5.4), shows: > > > > Apr 4 15:12:50 access guacd[2286]: Creating new client for protocol "rdp" > > Apr 4 15:12:50 access guacd[2286]: Connection ID is > "$58d124a2-4e95-492d-8276-8ea335d08dc4" > > Apr 4 15:12:50 access guacd[1475582]: Security mode: Negotiate (ANY) > > Apr 4 15:12:50 access guacd[1475582]: Resize method: none > > Apr 4 15:12:50 access server[1652]: 15:12:50.415 [http-nio-8080-exec-1] > INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to > connection "816". > > Apr 4 15:12:50 access guacd[1475582]: No clipboard line-ending > normalization specified. Defaulting to preserving the format of all line > endings. > > Apr 4 15:12:50 access server[1652]: 15:12:50.416 [http-nio-8080-exec-1] > INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel > (not WebSocket). Performance may be sub-optimal. > > Apr 4 15:12:50 access guacd[1475582]: User > "@b5fa063a-d482-4150-9d76-398043991dfd" joined connection > "$58d124a2-4e95-492d-8276-8ea335d08dc4" (1 users now present) > > Apr 4 15:12:50 access guacd[1475582]: Loading keymap "base" > > Apr 4 15:12:50 access guacd[1475582]: Loading keymap "en-us-qwerty" > > Apr 4 15:12:50 access guacd[1475582]: FIPS mode is enabled. Excluding NLA > security mode from security negotiation (see: > https://github.com/FreeRDP/FreeRDP/issues/3412). > > Apr 4 15:12:50 access guacd[1475582]: RDP server closed/refused > connection: Server refused connection (wrong security type?) > > Apr 4 15:12:50 access guacd[1475582]: User > "@b5fa063a-d482-4150-9d76-398043991dfd" disconnected (0 users remain) > > Apr 4 15:12:50 access guacd[1475582]: Last user of connection > "$58d124a2-4e95-492d-8276-8ea335d08dc4" disconnected > > Apr 4 15:12:50 access guacd[2286]: Connection > "$58d124a2-4e95-492d-8276-8ea335d08dc4" removed. > > > > Any ideas? I can’t seem to find any usable solutions when I research this > online. > > > > Thanks, > > Harry > > > > > > *Harry Devine* > > Secure-OSE System Administrator > > Red Hat Certified System Administrator (RHCSA) > > > > *Office*: (609) 485-4218 > > *Personal Cell: (609) 276-0555* > > *FAA Cell: (609) 612-7274* > > *Home Office/Telework: (609) 547-3579* > > > > *Email : harry.dev...@faa.gov * > > > > William J Hughes Technical Center > > Building 300 3rd Floor Column L20 > > Atlantic City, NJ 08405 > > > > > > >
Issue with Windows 10 RDP
I am having an issue connecting to a new Windows 10 machine we stood up. I've had this issue before, but everything that was suggested for that issue doesn't work here. I have enabled Remote Desktop on the server, added the local accounts needed, and added them to the Remote Desktop Users group. The Windows Firewall also is allowing RDP over 3389. On the Guac server, I set the connection security to Any, and I'm logged into Guac with my account that has a matching account on the Windows machine. When I log in, the windows says "The remote server is unavailable", and /var/log/messages on the server (running Guac 1.5.4), shows: Apr 4 15:12:50 access guacd[2286]: Creating new client for protocol "rdp" Apr 4 15:12:50 access guacd[2286]: Connection ID is "$58d124a2-4e95-492d-8276-8ea335d08dc4" Apr 4 15:12:50 access guacd[1475582]: Security mode: Negotiate (ANY) Apr 4 15:12:50 access guacd[1475582]: Resize method: none Apr 4 15:12:50 access server[1652]: 15:12:50.415 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "816". Apr 4 15:12:50 access guacd[1475582]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Apr 4 15:12:50 access server[1652]: 15:12:50.416 [http-nio-8080-exec-1] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Apr 4 15:12:50 access guacd[1475582]: User "@b5fa063a-d482-4150-9d76-398043991dfd" joined connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" (1 users now present) Apr 4 15:12:50 access guacd[1475582]: Loading keymap "base" Apr 4 15:12:50 access guacd[1475582]: Loading keymap "en-us-qwerty" Apr 4 15:12:50 access guacd[1475582]: FIPS mode is enabled. Excluding NLA security mode from security negotiation (see: https://github.com/FreeRDP/FreeRDP/issues/3412). Apr 4 15:12:50 access guacd[1475582]: RDP server closed/refused connection: Server refused connection (wrong security type?) Apr 4 15:12:50 access guacd[1475582]: User "@b5fa063a-d482-4150-9d76-398043991dfd" disconnected (0 users remain) Apr 4 15:12:50 access guacd[1475582]: Last user of connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" disconnected Apr 4 15:12:50 access guacd[2286]: Connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" removed. Any ideas? I can't seem to find any usable solutions when I research this online. Thanks, Harry [cid:image001.png@01DA86A3.31B5CC00] Harry Devine Secure-OSE System Administrator Red Hat Certified System Administrator (RHCSA) Office: (609) 485-4218 Personal Cell: (609) 276-0555 FAA Cell: (609) 612-7274 Home Office/Telework: (609) 547-3579 Email : harry.dev...@faa.gov William J Hughes Technical Center Building 300 3rd Floor Column L20 Atlantic City, NJ 08405
