Re: guacamole 0.9.9 immediately disconnects all sessions

2016-10-31 Thread Benjamin Cahill 
Hello again!

I just picked up this project recently and was delighted to find that a
restart of the VM I was testing it with fixed the issue! I guess I never
restarted the server in my earlier testing.

I'm disappointed because I work as a sysadmin and this should have been a
no-brainer. Apologies for the false alarm. I am really enjoying the program
and we will likely replace an old VPN server with this. Yay!

Thank you again for your willingness to help. :-)

Tata,
 - Benjamin

On Mon, Sep 19, 2016 at 9:49 AM Mike Jumper 
wrote:

> On Sun, Sep 18, 2016 at 1:27 PM, Steffen Moser 
> wrote:
> > ...
> >
> > Testing Guacamole with another minor revision of the 8.0 series of
> > Apache Tomcat would require me manually building and installing it from
> > the scratch as Oracle doesn't provide a suitable built. Is it
> > necessary/required to do such tests for the development of Guacamole?
> >
>
> No, not generally.
>
> For each release, we normally must perform regression tests against a
> servlet container which does not support WebSocket at all (like Tomcat
> 6), servlet containers for which we provide specific WebSocket
> implementations (like Tomcat 7 and Jetty 8), and a servlet container
> which supports the WebSocket API standardized via JSR 356 (Tomcat 8
> and others). Testing against multiple minor releases is rarely
> necessary.
>
> If we encounter an issue like the one you had during our own testing,
> then testing against various versions to determine where things break
> (and whether the problem is on our end) is warranted. The only time in
> recent memory where that happened was in the early days of Docker
> image development, when we found that WebSocket was broken in Tomcat
> 8.0.21 and 7.0.61. Tomcat fixed that rather quickly, and stepping
> backward one Tomcat release was sufficient to resolve the problem in
> the meantime.
>
> - Mike
>
-- 
SSgt. Benjamin Cahill / Information Systems
903-636-9222 / bcah...@alertacademy.com

Re: guacamole 0.9.9 immediately disconnects all sessions

2016-09-19 Thread Mike Jumper 
On Sun, Sep 18, 2016 at 1:27 PM, Steffen Moser  wrote:
> ...
>
> Testing Guacamole with another minor revision of the 8.0 series of
> Apache Tomcat would require me manually building and installing it from
> the scratch as Oracle doesn't provide a suitable built. Is it
> necessary/required to do such tests for the development of Guacamole?
>

No, not generally.

For each release, we normally must perform regression tests against a
servlet container which does not support WebSocket at all (like Tomcat
6), servlet containers for which we provide specific WebSocket
implementations (like Tomcat 7 and Jetty 8), and a servlet container
which supports the WebSocket API standardized via JSR 356 (Tomcat 8
and others). Testing against multiple minor releases is rarely
necessary.

If we encounter an issue like the one you had during our own testing,
then testing against various versions to determine where things break
(and whether the problem is on our end) is warranted. The only time in
recent memory where that happened was in the early days of Docker
image development, when we found that WebSocket was broken in Tomcat
8.0.21 and 7.0.61. Tomcat fixed that rather quickly, and stepping
backward one Tomcat release was sufficient to resolve the problem in
the meantime.

- Mike

Re: guacamole 0.9.9 immediately disconnects all sessions

2016-09-18 Thread Steffen Moser 
On 08/28/2016 06:03 PM, Steffen Moser wrote:
> On 08/13/2016 12:59 AM, Mike Jumper wrote:
>> On Fri, Aug 12, 2016 at 3:18 PM, Steffen Moser wrote:
>> On 08/12/2016 08:39 PM, Cahill, Benjamin wrote:
>>> ...
>>> 
>>> I failed to mention that I have already done this. The
>>> connections are also failing in the same way for Windows XP RDP
>>> connections as well as Linux SSH connections.
>>> 
>>> Other ideas?
>> 
>> I had quite similar problems when I upgraded from Tomcat 6 to
>> Tomcat 8 (both running on Solaris 11.3) after a server crash. The
>> RDP connection was closed immediately after opening it and the
>> message you mentioned was displayed. I didn't see any helpful logs,
>> but I must admit that I unfortunately didn't have much time for
>> further analyzing, because I had to restore the production system
>> after its breakdown.
>> 
>> Downgrading to Tomcat 6 fixed the problem for me.
>> 
>> 
>> Tomcat 8 *should* work fine (as should 7). I highly recommend
>> against downgrading all the way to Tomcat 6 - you'll lose support
>> for WebSocket, as well as any other enhancements the Tomcat
>> community has made since.
> 
> I totally agree, it was only a very quick fix. After a severe crash
> of one of our RAID systems, I had to re-setup a few things and used
> this to upgrade from Tomcat 6.0.45 to Tomcat 8.0.32. Both versions of
> Tomcat are available as packages in Oracle Solaris 11.3.
> 
> After the upgrade, I had exactly the same problem which Benjamin 
> reported about in this thread. So to get the system up quickly, I
> did the downgrade to Tomcat 6.0.45 and Guacamole began to work fine
> again. In the meantime (and also initiated by your message) I took
> some time to narrow down the problem. It seems it is related to
> websockets, and it also seems to be related to encryption. Currently,
> our users are accessing Guacamole directly which means there isn't
> any Apache or NGINX Reverse Proxy between user and the servlet
> container Tomcat. For this reason, Tomcat is doing the security (TLS)
> itself. As soon as I disable SSL/TLS and use HTTP instead of HTTPS
> for Guacamole, it works well with Tomcat 8.0.32. So there seems to be
> an issue which SSL/TLS, and we also found out that the issue does not
> affect all browsers: Safari on OS X 10.11.6 works well. Chrome and
> Firefox don't (tested with OS X, Windows and Linux).
> 
>> If you find Tomcat 8 is failing, it'd be better to try a
>> slightly-newer or slightly-older version of the same (but still
>> 8.0.x). You shouldn't need to fall down two whole major releases.
> 
> I've seen that there are some websocket-related changes and bug fixes
> in newer versions of Tomcat (beginning in version 8.0.33 and newer).
> I am going to upgrade the platform to the latest SRU (patch level) of
> Solaris 11.3 in the next days. This includes an upgrade to Tomcat
> 8.5.3. If the problem still occurs with this version of Tomcat, I'll
> spend time for digging more deeply.

Last week, I eventually updated the server zone to the latest Solaris
patch level which also brought a major upgrade of the "Tomcat-8" PKG
package from Tomcat 8.0.33 to Tomcat 8.5.3. While I had no success in
running Guacamole 0.9.9 on Tomcat 8.0.33 (the connection was immediately
closed as described by Benjamin in this thread's original posting),
there doesn't seem to occur any problem with Tomcat 8.5.3.

Everything seems to run quite well and it also seems to run more
smoothly (regarding latency) than on Tomcat 6.0.45 which has been in
production usage before (maybe caused by the availability of websockets
in Tomcat 8).

Testing Guacamole with another minor revision of the 8.0 series of
Apache Tomcat would require me manually building and installing it from
the scratch as Oracle doesn't provide a suitable built. Is it
necessary/required to do such tests for the development of Guacamole?

Kind regards,
Steffen


-- 

Dipl.-Inf. Steffen Moser
School of Advanced Professional StudiesRoom: 45.3.110
Ulm University Tel: +49.731.50-32407
Albert-Einstein-Allee 45   Fax: +49.731.50-32409
89081 Ulm, Germany   http://saps.uni-ulm.de/

Re: guacamole 0.9.9 immediately disconnects all sessions

2016-08-28 Thread Steffen Moser 
Hi Mike,

On 08/13/2016 12:59 AM, Mike Jumper wrote:
> On Fri, Aug 12, 2016 at 3:18 PM, Steffen Moser  > wrote:
> 
> Hi Benjamin,
> 
> On 08/12/2016 08:39 PM, Cahill, Benjamin wrote:
> >...
> >
> > I failed to mention that I have already done this. The connections are
> > also failing in the same way for Windows XP RDP connections as well as
> > Linux SSH connections.
> >
> > Other ideas?
> 
> I had quite similar problems when I upgraded from Tomcat 6 to Tomcat 8
> (both running on Solaris 11.3) after a server crash. The RDP connection
> was closed immediately after opening it and the message you mentioned
> was displayed. I didn't see any helpful logs, but I must admit that I
> unfortunately didn't have much time for further analyzing, because I had
> to restore the production system after its breakdown.
> 
> Downgrading to Tomcat 6 fixed the problem for me.
> 
> 
> Tomcat 8 *should* work fine (as should 7). I highly recommend against
> downgrading all the way to Tomcat 6 - you'll lose support for WebSocket,
> as well as any other enhancements the Tomcat community has made since.

I totally agree, it was only a very
quick fix. After a severe crash of one of our RAID systems, I had to
re-setup a few things and used this to upgrade from Tomcat 6.0.45 to
Tomcat 8.0.32. Both versions of Tomcat are available as packages in
Oracle Solaris 11.3.

After the upgrade, I had exactly the same problem which Benjamin
reported about in this thread. So to get the system up quickly, I did
the downgrade to Tomcat 6.0.45 and Guacamole began to work fine again.
In the meantime (and also initiated by your message) I took some time to
narrow down the problem. It seems it is related to websockets, and it
also seems to be related to encryption. Currently, our users are
accessing Guacamole directly which means there isn't any Apache or NGINX
Reverse Proxy between user and the servlet container Tomcat. For this
reason, Tomcat is doing the security (TLS) itself. As soon as I disable
SSL/TLS and use HTTP instead of HTTPS for Guacamole, it works well with
Tomcat 8.0.32. So there seems to be an issue which SSL/TLS, and we also
found out that the issue does not affect all browsers: Safari on OS X
10.11.6 works well. Chrome and Firefox don't (tested with OS X, Windows
and Linux).

> If you find Tomcat 8 is failing, it'd be better to try a slightly-newer
> or slightly-older version of the same (but still 8.0.x). You shouldn't
> need to fall down two whole major releases.

I've seen that there are some websocket-related changes and bug fixes in
newer versions of Tomcat (beginning in version 8.0.33 and newer). I am
going to upgrade the platform to the latest SRU (patch level) of Solaris
11.3 in the next days. This includes an upgrade to Tomcat 8.5.3. If the
problem still occurs with this version of Tomcat, I'll spend time for
digging more deeply.

Kind regards,
Steffen

Re: guacamole 0.9.9 immediately disconnects all sessions

2016-08-12 Thread Mike Jumper 
On Fri, Aug 12, 2016 at 3:18 PM, Steffen Moser 
wrote:

> Hi Benjamin,
>
> On 08/12/2016 08:39 PM, Cahill, Benjamin wrote:
> >...
> >
> > I failed to mention that I have already done this. The connections are
> > also failing in the same way for Windows XP RDP connections as well as
> > Linux SSH connections.
> >
> > Other ideas?
>
> I had quite similar problems when I upgraded from Tomcat 6 to Tomcat 8
> (both running on Solaris 11.3) after a server crash. The RDP connection
> was closed immediately after opening it and the message you mentioned
> was displayed. I didn't see any helpful logs, but I must admit that I
> unfortunately didn't have much time for further analyzing, because I had
> to restore the production system after its breakdown.
>
> Downgrading to Tomcat 6 fixed the problem for me.
>

Tomcat 8 *should* work fine (as should 7). I highly recommend against
downgrading all the way to Tomcat 6 - you'll lose support for WebSocket, as
well as any other enhancements the Tomcat community has made since.

If you find Tomcat 8 is failing, it'd be better to try a slightly-newer or
slightly-older version of the same (but still 8.0.x). You shouldn't need to
fall down two whole major releases.

The only version-specific issues I'm aware of with respect to Tomcat are
WebSocket being effectively broken in 7.0.61 and 8.0.21 (due to
https://bz.apache.org/bugzilla/show_bug.cgi?id=57776). They fixed that in
subsequent releases, though.

- Mike

Re: guacamole 0.9.9 immediately disconnects all sessions

2016-08-12 Thread Steffen Moser 
Hi Benjamin,

On 08/12/2016 08:39 PM, Cahill, Benjamin wrote:
>>> On Aug 12, 2016, at 12:59 , Cahill, Benjamin  
>>> wrote:
>>>
>>> Alrighty, my problem is that I cannot get guacamole 0.9.9 to connect
>>> using RDP or SSH. I have set up several profiles testing Windows 10
>>> (RDP), Windows XP (RDP), and Linux (SSH) boxes to no avail.
>>>
>>> I always get this error in my browser when attempting a connection:
>>>
>>> "An internal error has occurred within the Guacamole server, and the
>>> connection has been terminated. If the problem persists, please notify
>>> your system administrator, or check your system logs."
> 
> On Fri, Aug 12, 2016 at 12:16 PM, Dmitri Chebotarov  wrote:
>> Hi Benjamine
>>
>> If you testing it with Windows 10, change security layer in “Require use of 
>> specific security layer for remote (RDP) connections" to ‘RDP’ via Local GPO 
>> and try again.
>>
>> Security Layer = ‘RDP’ for
>>
>> start gpedit.msc
>>
>> Go to Computer Configuration/Administrative Templates/Windows 
>> Components/Remote Desktop Services/Remote Desktop Session 
>> Host/Security/Require use of specific security layer for remote (RDP) 
>> connections
>>
>> Assuming firewall on Windows 10 is open and RDP is enabled.
> 
> Thank you, Dmitri, for the suggestion.
> 
> I failed to mention that I have already done this. The connections are
> also failing in the same way for Windows XP RDP connections as well as
> Linux SSH connections.
> 
> Other ideas?

I had quite similar problems when I upgraded from Tomcat 6 to Tomcat 8
(both running on Solaris 11.3) after a server crash. The RDP connection
was closed immediately after opening it and the message you mentioned
was displayed. I didn't see any helpful logs, but I must admit that I
unfortunately didn't have much time for further analyzing, because I had
to restore the production system after its breakdown.

Downgrading to Tomcat 6 fixed the problem for me.

In our case, only the Guacamole client runs on Solaris, the "guacd"
daemon runs on the Linux VM which also hosts the RDP services (XRDP +
TigerVNC or X11RDP) server.

Maybe our problems are totally unrelated, but if there was an easy way
of downgrading your Tomcat to version 6, it might be worth a try to
narrow down the problem.

Kind regards,
Steffen


-- 

Dipl.-Inf. Steffen Moser
School of Advanced Professional StudiesRoom: O27/317
Ulm University Tel: +49.731.50-24179
Albert-Einstein-Allee 11   Fax: +49.731.50-24182
89081 Ulm, Germany   http://saps.uni-ulm.de/

Re: guacamole 0.9.9 immediately disconnects all sessions

2016-08-12 Thread Cahill, Benjamin 
>> On Aug 12, 2016, at 12:59 , Cahill, Benjamin  
>> wrote:
>>
>> Alrighty, my problem is that I cannot get guacamole 0.9.9 to connect
>> using RDP or SSH. I have set up several profiles testing Windows 10
>> (RDP), Windows XP (RDP), and Linux (SSH) boxes to no avail.
>>
>> I always get this error in my browser when attempting a connection:
>>
>> "An internal error has occurred within the Guacamole server, and the
>> connection has been terminated. If the problem persists, please notify
>> your system administrator, or check your system logs."

On Fri, Aug 12, 2016 at 12:16 PM, Dmitri Chebotarov  wrote:
> Hi Benjamine
>
> If you testing it with Windows 10, change security layer in “Require use of 
> specific security layer for remote (RDP) connections" to ‘RDP’ via Local GPO 
> and try again.
>
> Security Layer = ‘RDP’ for
>
> start gpedit.msc
>
> Go to Computer Configuration/Administrative Templates/Windows 
> Components/Remote Desktop Services/Remote Desktop Session 
> Host/Security/Require use of specific security layer for remote (RDP) 
> connections
>
> Assuming firewall on Windows 10 is open and RDP is enabled.

Thank you, Dmitri, for the suggestion.

I failed to mention that I have already done this. The connections are
also failing in the same way for Windows XP RDP connections as well as
Linux SSH connections.

Other ideas?

 - Benjamin

Re: guacamole 0.9.9 immediately disconnects all sessions

2016-08-12 Thread Dmitri Chebotarov 
Hi Benjamine

If you testing it with Windows 10, change security layer in “Require use of 
specific security layer for remote (RDP) connections" to ‘RDP’ via Local GPO 
and try again.

Security Layer = ‘RDP’ for

start gpedit.msc

Go to Computer Configuration/Administrative Templates/Windows Components/Remote 
Desktop Services/Remote Desktop Session Host/Security/Require use of specific 
security layer for remote (RDP) connections

Assuming firewall on Windows 10 is open and RDP is enabled.

Thank you,
--
Dmitri Chebotarov
ITS/SSG @ GMU
223 Aquia Building, Ffx, MSN: 1B5 [https://goo.gl/maps/w2nCJ6APrHC2]
Phone: (703) 993-6175 | Fax: (703) 993-3404
Public key: [https://goo.gl/SlE8tj]

> On Aug 12, 2016, at 12:59 , Cahill, Benjamin  wrote:
> 
> Hello!
> 
> This is my first time on the mailing list, and my first time using
> guacamole! I have heard many things about its awesome-ness and want to
> join in on the fun.
> 
> This is also the first mailing list I have used, so I would appreciate
> any advice or tips to help me help you help me. (haha!) I have set my
> Gmail editor to plain text mode and will be sure and reply on the
> bottom, as I have heard is appreciated. :-)
> 
> Alrighty, my problem is that I cannot get guacamole 0.9.9 to connect
> using RDP or SSH. I have set up several profiles testing Windows 10
> (RDP), Windows XP (RDP), and Linux (SSH) boxes to no avail.
> 
> I always get this error in my browser when attempting a connection:
> 
> "An internal error has occurred within the Guacamole server, and the
> connection has been terminated. If the problem persists, please notify
> your system administrator, or check your system logs."
> 
> After dutifully checking my system logs, I am still dumbfounded!
> 
> /var/log/syslog:
> 
> Aug 12 11:50:09 guac-test guacd[20075]: Protocol "rdp" selected
> Aug 12 11:50:09 guac-test guacd[20075]: Connection ID is
> "$28dacd08-07c5-4cc1-bbad-e09d4acbfd44"
> Aug 12 11:50:09 guac-test guacd[20075]: No security mode specified.
> Defaulting to RDP.
> Aug 12 11:50:09 guac-test guacd[20075]: Loading keymap "base"
> Aug 12 11:50:09 guac-test guacd[20075]: Loading keymap "en-us-qwerty"
> Aug 12 11:50:10 guac-test guacd[20075]: Starting client
> Aug 12 11:50:10 guac-test guacd[20075]: Client disconnected
> 
> /var/log/tomcat8/catalina.out:
> 
> 11:50:10.227 [http-nio-8080-exec-7] INFO
> o.g.g.net.basic.TunnelRequestService - User "guacadmin" connected to
> connection "1".
> Aug 12, 2016 11:50:10 AM
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler process
> FINE: Socket: 
> [org.apache.tomcat.util.net.NioEndpoint$KeyAttachment@21901082:org.apache.tomcat.util.net.NioChannel@5ff7f554:java.nio.channels.SocketChannel[connected
> local=/192.168.0.24:8080 remote=/192.168.0.253:60684]], Status in:
> [OPEN_READ], State out: [UPGRADING]
> Aug 12, 2016 11:50:10 AM
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler process
> FINE: Socket: 
> [org.apache.tomcat.util.net.NioEndpoint$KeyAttachment@21901082:org.apache.tomcat.util.net.NioChannel@5ff7f554:java.nio.channels.SocketChannel[connected
> local=/192.168.0.24:8080 remote=/192.168.0.253:60684]], Status in:
> [OPEN_READ], State out: [UPGRADED]
> Aug 12, 2016 11:50:10 AM
> org.apache.tomcat.websocket.server.WsFrameServer onDataAvailable
> FINE: wsFrameServer.onDataAvailable
> 11:50:10.233 [http-nio-8080-exec-8] INFO
> o.g.g.net.basic.TunnelRequestService - User "guacadmin" disconnected
> from connection "1". Duration: 6 milliseconds
> 
> This is with ".level = FINE" in /etc/tomcat8/logging.properties. There
> are many more logs from tomcat8 but I didn't want to post to many. I
> am new to both guacamole and tomcat but not to Linux. Let me know if I
> should look for something specific or provide other logs.
> 
> Ubuntu 16.04.
> Tried guacamole-0.8.3 from the Ubuntu repos and it worked but I wanted
> to use the latest version.
> Used a PPA here:
> https://launchpad.net/~dnjl/+archive/ubuntu/network-build/+packages
> That had the same problem I described above so then I built from
> source with the script here:
> http://chasewright.com/guacamole-with-mysql-on-ubuntu/
> I am using a VM and have returned to the base snapshot (just a base
> install of Ubuntu 16.04 + set IP) between each try, so there is
> nothing residual between them. All I have described above is what I
> see on the 0.9.9 build from source.
> 
> Any ideas would be greatly appreciated!
> 
> Thanks,
> - Benjamin Cahill



signature.asc
Description: Message signed with OpenPGP using GPGMail