Re: Can't reach an older Windows image(Windows server 2012 standard)

Rangesh Gupta Fri, 28 Aug 2020 13:45:32 -0700

Can you disable NLA on windows machine and try with TLS security mode.

You can use below command in powershell to disable NLA:


*$ComputerName = '<HOSTNAME>'   // Update your windows machine hostname.*



*(Get-WmiObject -class Win32_TSGeneralSetting -Namespace
root\cimv2\terminalservices -ComputerName $ComputerName -Filter
"TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)*



Thanks,

Rangesh

On Fri, Aug 28, 2020 at 4:11 PM Eder Cervantes Alcala <
[email protected]> wrote:

> Hi,
>
> *When I use security mode: ANY, this is what I get. It’s talking about
> certificate mismatching:*
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd: connected to
> 10.1.0.5:3389
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd: creating directory
> /sbin/.freerdp/certs
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd:
> certificate_store_open: error opening [/sbin/.freerdp/known_hosts] for
> writing
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd:
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd: @           WARNING:
> CERTIFICATE NAME MISMATCH!           @
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd:
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd: The hostname used
> for this connection (10.1.0.5)
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd: does not match the
> name given in the certificate:
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd: demoapp01
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd: A valid certificate
> for the wrong name should NOT be trusted!
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd: tls_connect:
> certificate not trusted, aborting.
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd[1745]: Connection
> "$1abd191a-bdb1-4cb6-84de-f26b4af6e115" removed.
> Aug 28 20:04:19 guacamole-linux7-8-from-import guacd: guacd[1745]:
> INFO:#011Connection "$1abd191a-bdb1-4cb6-84de-f26b4af6e115" removed.
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd[1745]: Creating new
> client for protocol "rdp"
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd[1745]: Connection ID
> is "$fc966494-546f-41cc-bcfe-344dbec8508b"
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd: guacd[1745]:
> INFO:#011Creating new client for protocol "rdp"
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd: guacd[1745]:
> INFO:#011Connection ID is "$fc966494-546f-41cc-bcfe-344dbec8508b"
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd[21745]: Security
> mode: ANY
> Aug 28 20:05:46 guacamole-linux7-8-from-import server: 20:05:46.519
> [http-bio-8080-exec-33] INFO  o.a.g.tunnel.TunnelRequestService - User
> "guac_adm" connected to connection "4".
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd: guacd[21745]:
> INFO:#011Security mode: ANY
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd[21745]: Resize
> method: none
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd: guacd[21745]:
> INFO:#011Resize method: none
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd[21745]: User
> "@c476282f-9735-4cac-a1b1-6aa87284a3a3" joined connection
> "$fc966494-546f-41cc-bcfe-344dbec8508b" (1 users now present)
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd: guacd[21745]:
> INFO:#011User "@c476282f-9735-4cac-a1b1-6aa87284a3a3" joined connection
> "$fc966494-546f-41cc-bcfe-344dbec8508b" (1 users now pres$
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd[21745]: Loading
> keymap "base"
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd: guacd[21745]:
> INFO:#011Loading keymap "base"
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd[21745]: Loading
> keymap "en-us-qwerty"
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd: guacd[21745]:
> INFO:#011Loading keymap "en-us-qwerty"
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd[21745]:
> Authentication requested but username or password not given
> Aug 28 20:05:46 guacamole-linux7-8-from-import guacd: guacd[21745]:
> INFO:#011Authentication requested but username or password not given
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd[21745]: Error
> connecting to RDP server
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd: guacd[21745]:
> ERROR:#011Error connecting to RDP server
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd[21745]: User
> "@c476282f-9735-4cac-a1b1-6aa87284a3a3" disconnected (0 users remain)
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd: guacd[21745]:
> INFO:#011User "@c476282f-9735-4cac-a1b1-6aa87284a3a3" disconnected (0 users
> remain)
>
> *If I try to ignore certificates, this is what I get:*
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd: connected to
> 10.1.0.5:3389
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd: creating directory
> /sbin/.freerdp/certs
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd:
> certificate_store_open: error opening [/sbin/.freerdp/known_hosts] for
> writing
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd: SSL_read: Failure in
> SSL library (protocol error?)
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd: Authentication
> failure, check credentials.
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd: If credentials are
> valid, the NTLMSSP implementation may be to blame.
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd[1745]: Connection
> "$fc966494-546f-41cc-bcfe-344dbec8508b" removed.
> Aug 28 20:05:47 guacamole-linux7-8-from-import guacd: guacd[1745]:
> INFO:#011Connection "$fc966494-546f-41cc-bcfe-344dbec8508b" removed.
> Aug 28 20:05:47 guacamole-linux7-8-from-import server: 20:05:47.576
> [http-bio-8080-exec-33] INFO  o.a.g.tunnel.TunnelRequestService - User
> "guac_adm" disconnected from connection "4". Duration: 105$
>
> Regards,
>
> Eder
>
>
> On Aug 28, 2020, at 12:50 PM, Rangesh Gupta <[email protected]>
> wrote:
>
> Hi Eder,
>
> Below is the error in your guacd log output:
>
> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd*: Error: protocol
> security negotiation failure.*
>
> Edit the connection and try different security modes. Possible values are:
> ANY, NLA, TLS, RDP. Hopefully one of the security mode should work.
>
>  More details you find below:
> https://guacamole.apache.org/doc/gug/configuring-guacamole.html#rdp
> <https://urldefense.com/v3/__https://guacamole.apache.org/doc/gug/configuring-guacamole.html*rdp__;Iw!!GqivPVa7Brio!MOKZekkXJEVxiRoPOc-AoadCMNLC6MhhlQYkbx2sp1AEuWt56_q_8v16fcHGNAhmT4Y$>
>
> Thanks and Regards,
> Rangesh
>
> On Fri, Aug 28, 2020 at 3:33 PM Eder Cervantes Alcala <
> [email protected]> wrote:
>
>> *Here is what is being output. The connection I am trying is 10.1.0.5.*
>>
>> Aug 28 18:02:31 guacamole-linux7-8-from-import guacd[14029]: Last user of
>> connection "$189398c9-de38-40e3-8ff7-63302483ba17" disconnected
>> Aug 28 18:02:31 guacamole-linux7-8-from-import guacd: connected to
>> 10.1.0.5:3389
>> <https://urldefense.com/v3/__http://10.1.0.5:3389__;!!GqivPVa7Brio!MOKZekkXJEVxiRoPOc-AoadCMNLC6MhhlQYkbx2sp1AEuWt56_q_8v16fcHG-i3Dyuw$>
>> Aug 28 18:02:31 guacamole-linux7-8-from-import guacd: Error: protocol
>> security negotiation failure
>> Aug 28 18:02:31 guacamole-linux7-8-from-import guacd[1745]: Connection
>> "$189398c9-de38-40e3-8ff7-63302483ba17" removed.
>> Aug 28 18:02:31 guacamole-linux7-8-from-import guacd: guacd[1745]:
>> INFO:#011Connection "$189398c9-de38-40e3-8ff7-63302483ba17" removed.
>> Aug 28 18:02:31 guacamole-linux7-8-from-import server: 18:02:31.654
>> [http-bio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User
>> "guac_adm" disconnected from connection "4". Duration: 131 $
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[1745]: Creating new
>> client for protocol "rdp"
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[1745]: Connection ID
>> is "$98173ad2-9806-48b1-94d9-2eb11ea4d6c9"
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[1745]:
>> INFO:#011Creating new client for protocol "rdp"
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[1745]:
>> INFO:#011Connection ID is "$98173ad2-9806-48b1-94d9-2eb11ea4d6c9"
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[14050]: No security
>> mode specified. Defaulting to RDP.
>> Aug 28 18:02:43 guacamole-linux7-8-from-import server: 18:02:43.536
>> [http-bio-8080-exec-18] INFO  o.a.g.tunnel.TunnelRequestService - User
>> "guac_adm" connected to connection "4".
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[14050]:
>> INFO:#011No security mode specified. Defaulting to RDP.
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[14050]: Resize
>> method: none
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[14050]:
>> INFO:#011Resize method: none
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[14050]: User
>> "@54c03d78-d690-4415-96c6-aef68cd78392" joined connection
>> "$98173ad2-9806-48b1-94d9-2eb11ea4d6c9" (1 users now present)
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[14050]:
>> INFO:#011User "@54c03d78-d690-4415-96c6-aef68cd78392" joined connection
>> "$98173ad2-9806-48b1-94d9-2eb11ea4d6c9" (1 users now pres$
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[14050]: Loading
>> keymap "base"
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[14050]:
>> INFO:#011Loading keymap "base"
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[14050]: Loading
>> keymap "en-us-qwerty"
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[14050]:
>> INFO:#011Loading keymap "en-us-qwerty"
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[14050]: Error
>> connecting to RDP server
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: recv: Connection
>> reset by peer
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[14050]:
>> ERROR:#011Error connecting to RDP server
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[14050]: User
>> "@54c03d78-d690-4415-96c6-aef68cd78392" disconnected (0 users remain)
>> Aug 28 18:02:43 guacamole-linux7-8-from-import server: 18:02:43.611
>> [http-bio-8080-exec-18] INFO  o.a.g.tunnel.TunnelRequestService - User
>> "guac_adm" disconnected from connection "4". Duration: 75 $
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[14050]:
>> INFO:#011User "@54c03d78-d690-4415-96c6-aef68cd78392" disconnected (0 users
>> remain)
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[14050]:
>> INFO:#011Last user of connection "$98173ad2-9806-48b1-94d9-2eb11ea4d6c9"
>> disconnected
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[14050]: Last user of
>> connection "$98173ad2-9806-48b1-94d9-2eb11ea4d6c9" disconnected
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: connected to
>> 10.1.0.5:3389
>> <https://urldefense.com/v3/__http://10.1.0.5:3389__;!!GqivPVa7Brio!MOKZekkXJEVxiRoPOc-AoadCMNLC6MhhlQYkbx2sp1AEuWt56_q_8v16fcHG-i3Dyuw$>
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: Error: protocol
>> security negotiation failure
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd[1745]: Connection
>> "$98173ad2-9806-48b1-94d9-2eb11ea4d6c9" removed.
>> Aug 28 18:02:43 guacamole-linux7-8-from-import guacd: guacd[1745]:
>> INFO:#011Connection "$98173ad2-9806-48b1-94d9-2eb11ea4d6c9" removed.
>>
>>
>> Aug 28 18:01:50 guacamole-linux7-8-from-import guacd[13979]: *Connected
>> to RDPDR 1.13* as client 0x0002
>> ^I also found this.
>>
>>
>>
>> On Aug 28, 2020, at 11:43 AM, Nick Couchman <[email protected]>
>> wrote:
>>
>> What about output/errors from guacd?
>>
>> On Fri, Aug 28, 2020 at 2:25 PM Eder Cervantes Alcala <
>> [email protected]> wrote:
>>
>>> <PastedGraphic-1.png>
>>> Here is the error I am getting.
>>>
>>> <PastedGraphic-2.png>
>>> The connection is timing out immediately without trying to connect.
>>>
>>> The guacamole server is running on OEL7.7 and the destination is Windows
>>> 2012 Server SE.
>>>
>>> I hope this is more helpful.
>>>
>>> Regards,
>>>
>>> Eder Cervantes
>>>
>>>
>>>
>>> On Aug 27, 2020, at 4:17 PM, ivanmarcus <[email protected]>
>>> wrote:
>>>
>>> It's difficult to advise on this problem without further information.
>>>
>>> A more detailed description than 'can't connect' would help, as would
>>> log data. For example, what error message do you get? Do you get an initial
>>> connection then drop out, or will it just not appear to connect at all?
>>>
>>> This information will inform the ultimate answer to your problem, but to
>>> give a general response I'd anticipate some issues with FreeRDP > 2.0.0 and
>>> earlier versions of Windows. Disabling caching, and reducing colour levels
>>> (via Guacamole) *may* assist in this area, but YMMV.
>>>
>>> On 28/08/2020 10:31 a.m., Eder Cervantes Alcala wrote:
>>>
>>> Hi,
>>>
>>> I can't connect to my windows image using Guacamole. I am using an older 
>>> version of Windows(2012 server standard). I can connect using rdp, so I was 
>>> wondering if freerdp might be incompatible with older versions of windows?
>>>
>>> Regards,
>>>
>>> Eder Cervantes
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>>
>>>
>>
>

Re: Can't reach an older Windows image(Windows server 2012 standard)

Reply via email to