The file system had gotten corrupted and they fixed that. Once the VM came back online, we were unable to get the web interface to come up. We are using Apache with a RapidSSL certificate, and we proxy the requests to the guacamole backend as non ssl (i.e ProxyPass http://localhost:8080/guacamole).
Here’s what Red Hat had found in the logs that made them point me towards the keystore, even though I know that the SSL certificate was working before the disk corruption: And you have some SEVERE logs in Tomcat: ~~~ INFO: Deploying web application archive /var/lib/tomcat/webapps/guacamole.war Dec 26, 2019 10:48:10 AM org.apache.catalina.startup.TldConfig execute INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping u nneeded JARs during scanning can improve startup time and JSP compilation time. Dec 26, 2019 10:48:10 AM org.apache.catalina.startup.HostConfig deployWARs SEVERE: Error waiting for multi-thread deployment of WAR files to complete java.util.concurrent.ExecutionException: java.lang.InternalError: internal error: SHA-1 not available. at java.util.concurrent.FutureTask.report(FutureTask.java:122) at java.util.concurrent.FutureTask.get(FutureTask.java:192) at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:832) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:495) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1713) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:337) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:388) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:333) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1136) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:819) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1571) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1561) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.InternalError: internal error: SHA-1 not available. (...) Caused by: java.security.NoSuchAlgorithmException: SHA MessageDigest not available at sun.security.jca.GetInstance.getInstance(GetInstance.java:159) at java.security.Security.getImpl(Security.java:695) at java.security.MessageDigest.getInstance(MessageDigest.java:167) at sun.security.provider.SecureRandom.init(SecureRandom.java:106) ... 34 more ~~~ It seems that you tried to set up an SSL configuration, but your certificate and keystore are incomplete. This is causing an error while deploying all artifacts of Tomcat including the ROOT, manager and guacamole applications. Thanks, Harry From: Mike Jumper <mike.jum...@glyptodon.com> Sent: Monday, December 30, 2019 4:53 PM To: user@guacamole.apache.org Subject: Re: FW: Java Keystore What was the nature of the issue that RedHat resolved and what changes did they make between when things worked and when things stopped working? Is Tomcat configured for SSL, or are you using a proxy to provide SSL termination with internal communication between that proxy and Tomcat using unencrypted HTTP? - Mike On Mon, Dec 30, 2019, 13:27 Devine, Harry (FAA) <harry.dev...@faa.gov.invalid<mailto:harry.dev...@faa.gov.invalid>> wrote: Anyone have any insights on this? Our production server using Guacamole is down until I get this piece resolved. Thanks, Harry From: Devine, Harry (FAA) <harry.dev...@faa.gov.INVALID<mailto:harry.dev...@faa.gov.INVALID>> Sent: Friday, December 27, 2019 9:32 AM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Java Keystore We had an issue with one of our servers that Red Hat helped us fix. It had a package corruption. Now, even though HTTP and guac are started, I can’t get the guacamole interface to show up. We have our own SSL certificate and we forward requests to the guacamole backend. Red Hat is telling us that we need to update the keystore to reflect our SSL certificate but we can’t find it. I looked in /etc/tomcat/server.xml but nothing was shown. We are on RHEL 7.7 and Guacamole 0.9.13-incubating. The system has 2 java 1.7 packages and 2 1.8 packages installed, but I’m not sure which is being used by guacamole. Thanks for any help, Harry Harry Devine DOT/FAA/AJM-2431 Terminal Server (NASDAC) Adminstrator Red Hat Certfied System Adminstrator (RHCSA) harry.dev...@faa.gov<mailto:harry.dev...@faa.gov> (609)485-4218 Building 300, 3rd Floor, Column L20 (3L20)