On Sat, Feb 20, 2021 at 7:21 PM Fertig, Brian <brian.fer...@philips.com.invalid> wrote:
> So got this issue.. I setup a Windows 10 host in Guac. I have checked > firewalls, settings, etc. I cant make heads or tails. This is in the > GUACD log.. > > > > Feb 21 03:17:05 ip-172-31-6-188 tomcat9[111889]: 03:17:05.399 > [http-nio-8080-exec-6] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to > guacd at localhost:4822. > > Feb 21 03:17:05 ip-172-31-6-188 guacd[115076]: Creating new client for > protocol "rdp" > > Feb 21 03:17:05 ip-172-31-6-188 guacd[115076]: Connection ID is > "$1217b78c-d8f5-4826-a381-4cd1ebd85654" > > Feb 21 03:17:05 ip-172-31-6-188 guacd[143235]: Security mode: Negotiate > (ANY) > > Feb 21 03:17:05 ip-172-31-6-188 guacd[143235]: Resize method: none > > Feb 21 03:17:05 ip-172-31-6-188 guacd[143235]: User > "@d45054ab-6557-45c8-bc93-b6d06a578993" joined connection > "$1217b78c-d8f5-4826-a381-4cd1ebd85654" (1 users now present) > > Feb 21 03:17:05 ip-172-31-6-188 guacd[143235]: Loading keymap "base" > > Feb 21 03:17:05 ip-172-31-6-188 guacd[143235]: Loading keymap > "en-us-qwerty" > > Feb 21 03:17:20 ip-172-31-6-188 guacd[143235]: RDP server closed/refused > connection: Connection failed (server unreachable?) > > Feb 21 03:17:20 ip-172-31-6-188 guacd[143235]: User > "@d45054ab-6557-45c8-bc93-b6d06a578993" disconnected (0 users remain) > > Feb 21 03:17:20 ip-172-31-6-188 guacd[143235]: Last user of connection > "$1217b78c-d8f5-4826-a381-4cd1ebd85654" disconnected > > Feb 21 03:17:20 ip-172-31-6-188 guacd[115076]: Connection > "$1217b78c-d8f5-4826-a381-4cd1ebd85654" removed. > > > > On the windows host I get this error: > > A fatal error occurred while creating a TLS client credential. The > internal error state is 10011. > > > > So I know what the SCHANNEL error is. I have dealt with it quite a bit. > HOWEVER I don’t have the foggiest idea how to fix it with Guac. What > Crypto should I be using? This is the latest and greatest Windows 10. > > > > Now I have said to not use SSL/Crypto in the guac settings. I have also > disabled NLA and enabled the security setting in the registry. Any > insights would be awesome! > You shouldn't need to disable NLA or TLS, especially with most recent versions of Windows requiring these mechanisms by default. They should just work, either with embedded credentials, credential pass-through, or automatic credential prompting. What specific parameters and values are you specifying for the Guacamole connection? Michael Jumper CEO, Lead Developer Glyptodon Inc <https://enterprise.glyptodon.com/>.