Our use case is an online course: students (who pre-licensure healthcare professional) get hands-on training in the use of a Windows based software package they need to get a job.
The students log in via guacamole to access the software. The teacher shows them how to do different tasks (e.g. entering a prescription), and then the students do those tasks while the teacher watches. When the students get stuck, the teacher needs to be able to step in to show them how to complete the task. So the students are aware that they are being observed and we have two connections with one shadowing the other. A single teacher may be monitoring up to 10 students at a time as they complete short assignments. With respect to what happens when I connect a VNC client to an RDP session, the windows login screen is displayed. Once you log in, what happens next depends on how many active sessions there are. A base WIndows Server 2019 supplied by Amazon supports up to 2 simultaneous sessions. If 2 sessions are already active, the VNC connection will show a Windows blue screen asking which existing session you want to disconnect in order to proceed with your connection. Once you choose which connection to disconnect, a new console session is opened. Because of the strange issue that prevents VNC through guacamole (even though regular VNC works), I am doing 2 RDP sessions to the same server/different session through guacamole (one for student, one for teacher). I then use one of the session to look up the sessions using the quser command and then open a terminal server shadow session from the 2nd session (teacher) to the 1st session. It's convoluted, but it works! Thanks by the way for your time and advice. Any suggestions on how to do this better are most welcome, as the current setup is obviously not ideal. On Sat., Jul. 6, 2019, 5:44 p.m. Mike Jumper, <[email protected]> wrote: > > > On Sat, Jul 6, 2019 at 1:14 PM Hooman Katirai <[email protected]> > wrote: > >> After telneting from the guacamole server to the VNC server on port 5900 >> I get the following message: >> *RFB 003.008* >> >> Strangely, the "User @xxxxx joined connection $yyyyy (N users now >> present)" message is the last thing I see. There are no messages related >> to VNC or otherwise that come after that. >> >> After writing my initial post I was also able to replicate this on both >> guacamole 1.0.0 and on another server with guacamole with guacd >> 0.9.13-incubating (they both output the same message). >> > > It is unlikely that this is a bug in Guacamole (VNC support not > fundamentally broken), thus it is more likely that the cause is > environmental. With this in mind, I would expect you to be able to > reproduce this with absolutely any version. > > I don't think it's a firewall issue because I enabled all IP4 traffic >> between the guacamole server and the windows machine (at least long enough >> to prove it's not the firewall). >> > > If you're seeing that "RFB 003.008" message when connecting with telnet > from the Guacamole server to the same address and port, there is definitely > no firewall issue. That string is the initial, raw response from the VNC > server. > > One possible suspect is libvncserver-dev -- if you install with apt-get on >> ubuntu version 1.0 is installed but the guacamole website links to a github >> whose latest release is 0.9.12. Other than swapping these libraries not >> sure, what else to try. Any suggestions? >> > > Where are you seeing 1.0 for libvncserver-dev? The package listed in the > Ubuntu repositories for 18.04 is 0.9.11 plus patches: > > https://packages.ubuntu.com/bionic-updates/libvncserver-dev > > Have you tried testing against the "guacamole/guacd" Docker image? It > should serve well as a known-good baseline, if the suspicion is a bug in > the VNC library: > > > http://guacamole.apache.org/doc/gug/guacamole-docker.html#guacd-docker-external > > What I'm ultimately trying to accomplish is two simultaneous connections >> to the same session (whether RDP or VNC) to a Windows 2019 Server (which is >> the stock windows server Amazon EC2 provides). >> >> The simplest would be to make 2 RDP connections or 2 VNC connections. >> >> But I don't know how to completely automate the process from guacamole >> login to showing a remote session as I think would require knowledge of the >> session number in advance (please correct me if I'm wrong) -- and guacamole >> has no way of finding this, and I don't think it supports shadowing. >> > > Correct, though there is some development underway which may provide this, > at least on the Guacamole side: > > https://issues.apache.org/jira/browse/GUACAMOLE-360 > > What is the nature of these two connections? Is the idea that one shadows > the other, with the user of the original unaware that the connection is > being observed? Or is the user of the connection already expecting the > connection to be shared? Are both connections coming through Guacamole? > > As a result, I think I'm going to have to settle for two different >> connections -- one RDP and one VNC to achieve the two connections. But if >> there is a better way I'd be grateful for any suggestions. >> > > Have you verified that you can connect to your VNC server with a VNC > client while an RDP session is active? > > - Mike > >
