Here's an abridged version of what we do for the Win machines:
Use secpol, set to not display last username
Set account lockout threshold, duration and counter
Allow connections from any version of RD
Regedit:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server\WinStations\RDP-Tcp]
“SecurityLayer”=dword:00000001
As we use WOL there's also some power management stuff to set.
Guacacmole I've previously described. FYI I don't set the sim
connection, nor do I set authentication detail (users first log into
Guacamole, then need to enter their Win user/pass).
This works fine, however I did have a similar issue to what you describe
with another client (Remmina worked, Win RDP client worked fine, but
Guacamole wouldn't) and although I no longer recollect the error number
in the end it turned out to be some specific security policy they'd
implemented on the Winboxen.
As I wasn't too involved in that side of it I can't be any more specific
but the above may be enough for you to get it operational anyway?
On 17/02/2020 5:15 a.m., Brett Ferrell wrote:
Yea, I've tried with and without NLA enabled on the target, and have
turned on ignore cert in gauc. Remmina seems only to have 32bit
color, negotiate security, and sound off, and it connects fine. I'm
sure I'm doing something wrong, but just in case someone sees it when
I don't. I really do appreciate the input.
* MacOS RDP connects fine
* Remmina on GuacVM connects fine
* NLA is disabled on Win10 target
* Guac-have checked IP and port (actual doesn't seem to care if port
is blank)
* Guac-have checked to 'ignore cert' (it does seem to need this)
* Guac-have set to 32b color (doesn't seem to care about this)
* Guac-have checked pass/user (it clearly breaks with a bad pass)
* Guac-have selected RDP protocol/location root
* Guac-have set simultaneous connections to 10/10
* Guac-security method, have tried blank/any/and NLA (when NLA was
turned on on Win10)
* Guac-everything else is blank
* Guac-log seems to connect briefly before the error 14 in guacd
* Guac-SSH protocol connects fine
Any RDP connection ends with ERROR 14. I think I'll try spinning up a
Ubuntu 16 VM to see if it acts different. Very odd and annoying.
--
Brett Ferrell
[email protected] <mailto:[email protected]>
On Sun, Feb 16, 2020, at 3:51 AM, ivanmarcus wrote:
Ok, sorry, I've never had that error and not knowing what had
transpired during the script install thought it may have been
something to do with that...
However, given you've utilised the steps I posted, and I know for
sure that works for Win10, you may simply find it's a matter of
setting the correct parameters in Guacamole and/or the Win10 box.
Other than the requisite IP address and port etc my Guacamole is set
only to "ignore server certificate" (and one or two other things
regarding font smooting and colour depth). Try setting that if you
haven't already.
Unfortunately the notes I have for my Win7/10 clients aren't to hand
at present, so I can't be sure if there's anything else we do, but if
that doesn't work you could try disabling NLA on the Win10 box to see
if that sorts it out.
On 16/02/2020 5:38 p.m., Brett Ferrell wrote:
Ivan,
Thanks, I just spun a fresh VM and ran through your steps (starting
with the 1:18 am posting), and everything seemed to go OK, but I
still get the ERROR 14 connecting to my Win10 VMs.
So, probably my other setup is/was working OK, and there's something
odd in my (Win10) configuration, but I can't think of what it might
be. As I say, I can RDP with the MS Mac client and Remmina (which
is totally vanilla) from the guac VM, so I know the client can work,
and both of my Guac vms are throwing this error. I'm sure that
should be telling me something, but I have no idea what it is.
Feb 16 04:21:34 guacdev guacd[31201]: Creating new client for
protocol "rdp"
Feb 16 04:21:34 guacdev guacd[31201]: Connection ID is
"$ed6a7ee8-e082-4dfb-be73
-9cdd920d080f"
Feb 16 04:21:34 guacdev guacd[32066]: No security mode specified.
Defaulting to
security mode negotiation with server.
Feb 16 04:21:34 guacdev guacd[32066]: Resize method: none
Feb 16 04:21:34 guacdev guacd[32066]: User
"@7866772d-d299-4583-b95f-b87d1682598
4" joined connection "$ed6a7ee8-e082-4dfb-be73-9cdd920d080f" (1
users now presen
t)
Feb 16 04:21:34 guacdev guacd[32066]: Loading keymap "base"
Feb 16 04:21:34 guacdev guacd[32066]: Loading keymap "en-us-qwerty"
Feb 16 04:21:35 guacdev guacd[32066]: Connected to RDPDR 1.13 as
client 0x0002
Feb 16 04:21:35 guacdev kernel: [ 4967.241677] guacd[32072]:
segfault at 0 ip 00
00000000000000 sp 00007f925133db18 *_error 14 in
guacd_*[5576d4bbf000+7000]
Feb 16 04:21:35 guacdev guacd[31201]: Connection
"$ed6a7ee8-e082-4dfb-be73-9cdd9
20d080f" removed.
bferrell@clone:/var/log$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: *Ubuntu 18.04.4 LTS*
Release: 18.04
Codename: bionic
--
Brett Ferrell
[email protected] <mailto:[email protected]>
On Fri, Feb 14, 2020, at 7:06 PM, ivanmarcus wrote:
I'm not familiar with the error, and I don't know what the most
recent form of that script does in terms of installed packages, but
it may be worth checking the version of FreeRDP you have installed
is compatible with whatever version of Guacamole you are running?
Guacamole 1.1.0 uses FreeRDP 2, earlier versions require FreerRDP 1.
Also, if you'd like to check out this thread you'll see a cople of
posts I made that show the steps required to install Guacamole
1.1.0 to a fresh Ubuntu server 18.04.2 VM:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ANNOUNCE-Apache-Guacamole-1-1-0-td7127.html
I ran through that install process several times so I'm reasonably
happy it should work 'out of the box' for RDP sessions if you
followed the steps laid down.
On 15/02/2020 10:16 a.m., bferrell wrote:
I used Mystic's install script
<https://github.com/MysticRyuujin/guac-install>
<https://github.com/MysticRyuujin/guac-install> to get Guacamole running
in a new Ubuntu 18.04 VM, and it connects to my Linux VNC clients fine, but
when I try to RDP it drops to black, tries to connect, and then fails with a
"you have been disconnected message". When I look at my syslog I see this.
Feb 14 21:03:29 guacamole guacd[1503]: Creating new client for protocol
"rdp"
Feb 14 21:03:29 guacamole guacd[1503]: Connection ID is "$xyz"
Feb 14 21:03:30 guacamole guacd[29738]: No security mode specified.
Defaulting to security mode negotiation with server.
Feb 14 21:03:30 guacamole guacd[29738]: Resize method: none
Feb 14 21:03:30 guacamole guacd[29738]: User "@abc" joined connection "$xyz"
(1 users now present)
Feb 14 21:03:30 guacamole guacd[29738]: Loading keymap "base"
Feb 14 21:03:30 guacamole guacd[29738]: Loading keymap "en-us-qwerty"
Feb 14 21:03:30 guacamole guacd[29738]: Connected to RDPDR 1.13 as client
0x0004
Feb 14 21:03:31 guacamole *kernel: [70397.118595] guacd[29744]: segfault at
0 ip 0000000000000000 sp 00007f388b7dcb18 error 14 in
guacd*[55899f077000+7000]
Feb 14 21:03:31 guacamole guacd[1503]: Connection "$xyz" removed.
--
Sent
from:http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail:[email protected]
<mailto:[email protected]>
For additional commands, e-mail:[email protected]
<mailto:[email protected]>
