We aren’t allowed to use telnet, but we do have the proper ports configured to be open on each target firewall (i.e port 5900-5903 for VNC, 3389 for RDP, etc.). Here’s what I get when I run in debug and try to connect:
[r...@ose-access.tc.secure-ose.faa.gov ~]#/usr/local/sbin/guacd -f -L debug guacd[39983]: INFO: Guacamole proxy daemon (guacd) version 1.2.0 started guacd[39983]: DEBUG: Successfully bound socket to host 127.0.0.1, port 4822 guacd[39983]: INFO: Listening on host 127.0.0.1, port 4822 guacd[39983]: INFO: Creating new client for protocol "vnc" guacd[39983]: INFO: Connection ID is "$a526ad4e-753c-4614-8d58-324d6bf7c689" guacd[40000]: DEBUG: Processing instruction: size guacd[40000]: DEBUG: Processing instruction: audio guacd[40000]: DEBUG: Processing instruction: video guacd[40000]: DEBUG: Processing instruction: image guacd[40000]: DEBUG: Processing instruction: timezone guacd[40000]: INFO: Cursor rendering: local guacd[40000]: DEBUG: Parameter "swap-red-blue" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "read-only" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "color-depth" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "dest-port" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "encodings" omitted. Using default value of "zrle ultra copyrect hextile zlib corre rre raw". guacd[40000]: DEBUG: Parameter "autoretry" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "reverse-connect" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "listen-timeout" omitted. Using default value of 5000. guacd[40000]: DEBUG: Parameter "enable-audio" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "enable-sftp" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "sftp-hostname" omitted. Using default value of "ose-admin.tc.secure-ose.faa.gov". guacd[40000]: DEBUG: Parameter "sftp-port" omitted. Using default value of "22". guacd[40000]: DEBUG: Parameter "sftp-username" omitted. Using default value of "". guacd[40000]: DEBUG: Parameter "sftp-password" omitted. Using default value of "". guacd[40000]: DEBUG: Parameter "sftp-passphrase" omitted. Using default value of "". guacd[40000]: DEBUG: Parameter "sftp-root-directory" omitted. Using default value of "/". guacd[40000]: DEBUG: Parameter "sftp-server-alive-interval" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "sftp-disable-download" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "sftp-disable-upload" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "recording-name" omitted. Using default value of "recording". guacd[40000]: DEBUG: Parameter "recording-exclude-output" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "recording-exclude-mouse" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "recording-include-keys" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "create-recording-path" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "disable-copy" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "disable-paste" omitted. Using default value of 0. guacd[40000]: DEBUG: Parameter "wol-send-packet" omitted. Using default value of 0. guacd[40000]: INFO: User "@dc82b683-22c9-47ae-9104-cb2c6e4b9994" joined connection "$a526ad4e-753c-4614-8d58-324d6bf7c689" (1 users now present) guacd[40000]: DEBUG: Client is using protocol version "VERSION_1_1_0" guacd[40000]: ERROR: Unable to connect to VNC server. guacd[40000]: INFO: User "@dc82b683-22c9-47ae-9104-cb2c6e4b9994" disconnected (0 users remain) guacd[40000]: INFO: Last user of connection "$a526ad4e-753c-4614-8d58-324d6bf7c689" disconnected guacd[40000]: DEBUG: Requesting termination of client... guacd[40000]: DEBUG: Client terminated successfully. guacd[39983]: INFO: Connection "$a526ad4e-753c-4614-8d58-324d6bf7c689" removed. Thanks, Harry From: Stefan Bogdan Cimpeanu <bog...@cimpeanu.org> Sent: Thursday, November 12, 2020 4:10 PM To: user@guacamole.apache.org Subject: Re: Issues with RDP and VNC in Guacamole 1.2 You can stop the guacd service and start it in foreground with debug mode like so: /usr/local/sbin/guacd -f -L debug Would give more insights. Just to clarify: I asked if there’s port connectivity from the guacamole box to the targets. Like can you telnet on 3389 from the guacamole box to your Windows box? Bogdan On 12 Nov 2020, at 23:05, Devine, Harry (FAA) <harry.dev...@faa.gov.INVALID<mailto:harry.dev...@faa.gov.INVALID>> wrote: Absolutely. I can connect to them from outside of Guacamole, and when I try to connect from within Guacamole, I get the “Home/Reconnect” error box immediately. Harry From: Stefan Bogdan Cimpeanu <bog...@cimpeanu.org<mailto:bog...@cimpeanu.org>> Sent: Thursday, November 12, 2020 4:04 PM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Re: Issues with RDP and VNC in Guacamole 1.2 These durations sure look like timeouts. Are you sure you have port connectivity from your guacamole box to the target VMs? Bogdan On 12 Nov 2020, at 20:52, Devine, Harry (FAA) <harry.dev...@faa.gov.INVALID<mailto:harry.dev...@faa.gov.INVALID>> wrote: We are trying to setup a VNC connection 2 servers: 1 is RHEL 7 and 1 is RHEL 8, and 1 RDP connection to a Windows 10 box that we have. For the RHEL servers, we get the following errors in /var/log/messages: Nov 12 13:47:02 ose-access guacd[21334]: Creating new client for protocol "vnc" Nov 12 13:47:02 ose-access guacd[21334]: Connection ID is "$b937cff4-7321-4ca9-9e16-0a3074db666f" Nov 12 13:47:02 ose-access guacd[36970]: Cursor rendering: local Nov 12 13:47:02 ose-access guacd[36970]: User "@7a218333-8f7b-44be-a08e-4d41e996d432" joined connection "$b937cff4-7321-4ca9-9e16-0a3074db666f" (1 users now present) Nov 12 13:47:02 ose-access server: 13:47:02.314 [http-bio-8080-exec-55] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "11". Nov 12 13:47:02 ose-access server: 13:47:02.314 [http-bio-8080-exec-55] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Nov 12 13:47:02 ose-access guacd[36970]: VNC server supports protocol version 3.8 (viewer 3.8) Nov 12 13:47:02 ose-access guacd[36970]: We have 2 security types to read Nov 12 13:47:02 ose-access guacd[36970]: 0) Received security type 19 Nov 12 13:47:02 ose-access guacd[36970]: Selecting security type 19 (0/2 in the list) Nov 12 13:47:02 ose-access guacd[36970]: 1) Received security type 2 Nov 12 13:47:02 ose-access guacd[36970]: Selected Security Scheme 19 Nov 12 13:47:02 ose-access guacd[36970]: Failed to initialized GnuTLS: Error in public key generation.. Nov 12 13:47:02 ose-access guacd[36970]: Unable to connect to VNC server. Nov 12 13:47:02 ose-access guacd[36970]: User "@7a218333-8f7b-44be-a08e-4d41e996d432" disconnected (0 users remain) Nov 12 13:47:02 ose-access guacd[36970]: Last user of connection "$b937cff4-7321-4ca9-9e16-0a3074db666f" disconnected Nov 12 13:47:07 ose-access guacd[21334]: Connection "$b937cff4-7321-4ca9-9e16-0a3074db666f" removed. Nov 12 13:47:17 ose-access server: 13:47:17.399 [http-bio-8080-exec-55] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" disconnected from connection "11". Duration: 15085 milliseconds Nov 12 13:47:17 ose-access server: 13:47:17.407 [http-bio-8080-exec-55] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Connection to guacd timed out. Nov 12 13:47:17 ose-access server: 13:47:17.407 [http-bio-8080-exec-56] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" disconnected from connection "11". Duration: 15093 milliseconds For the RDP connection, we get: Nov 12 13:45:49 ose-access guacd[21334]: Creating new client for protocol "rdp" Nov 12 13:45:49 ose-access guacd[21334]: Connection ID is "$5dcee526-43dd-4a5a-88e2-8c9a830716ff" Nov 12 13:45:49 ose-access guacd[36938]: Security mode: TLS Nov 12 13:45:49 ose-access guacd[36938]: Resize method: none Nov 12 13:45:49 ose-access guacd[36938]: User "@aa01b7af-8e97-456e-8c5e-a36b8ad956d9" joined connection "$5dcee526-43dd-4a5a-88e2-8c9a830716ff" (1 users now present) Nov 12 13:45:49 ose-access server: 13:45:49.769 [http-bio-8080-exec-55] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "9". Nov 12 13:45:49 ose-access server: 13:45:49.769 [http-bio-8080-exec-55] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Nov 12 13:45:49 ose-access guacd[36938]: Loading keymap "base" Nov 12 13:45:49 ose-access guacd[36938]: Loading keymap "en-us-qwerty" Nov 12 13:45:50 ose-access guacd[36938]: Error connecting to RDP server Nov 12 13:45:50 ose-access guacd[36938]: User "@aa01b7af-8e97-456e-8c5e-a36b8ad956d9" disconnected (0 users remain) Nov 12 13:45:50 ose-access guacd[36938]: Last user of connection "$5dcee526-43dd-4a5a-88e2-8c9a830716ff" disconnected Nov 12 13:45:50 ose-access guacd[21334]: Connection "$5dcee526-43dd-4a5a-88e2-8c9a830716ff" removed. Nov 12 13:46:00 ose-access server: 13:46:00.178 [http-bio-8080-exec-51] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" disconnected from connection "9". Duration: 10409 milliseconds Nov 12 13:46:00 ose-access server: 13:46:00.179 [http-bio-8080-exec-63] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" disconnected from connection "9". Duration: 10410 milliseconds We can use MobaXterm to get to all 3 servers successfully, so it can’t be the VNC server or RDP server on the target machines. So, what can we look at on Guacamole to get this to work? Thanks, Harry Harry Devine DOT/FAA/AJM-2431 Secure-OSE Administrator Red Hat Certified System Administrator (RHCSA) harry.dev...@faa.gov<mailto:harry.dev...@faa.gov> (609)485-4218 Building 300, 3rd floor, Column L20 (3L20)