Hi Shaun, Would you be able to perform a git bisect against guacamole-server to narrow this down to a specific commit?
Michael Jumper CEO, Lead Developer Glyptodon Inc <https://enterprise.glyptodon.com/>. On Wed, Mar 3, 2021 at 5:11 AM Shaun Tarves <[email protected]> wrote: > Hi Nick, > > We did some more thorough testing yesterday and are pretty confident the > problem was introduced in guacd 1.1.0 - our testing with 1.0.0 was not able > to reproduce the issue, but 1.1, 1.2, and 1.3 all exhibit the same issue > disconnecting with the negotiated (likely RDP) encryption method. > > On Mon, Mar 1, 2021 at 12:12 PM Shaun Tarves < > [email protected]> wrote: > >> Confirmed we see the issue with the guacd 1.2 image as well. We'll try >> rolling back further to 1.1 if that helps. Maybe we can narrow down a >> window. >> >> On Mon, Mar 1, 2021 at 12:09 PM Shaun Tarves < >> [email protected]> wrote: >> >>> Hi Nick, >>> >>> We are using the guacd Docker image, so FreeRDP is at whatever version >>> is included in that. >>> >>> In the meantime, we will try rolling back to 1.2 and maybe even 1.1 to >>> see if we can find when this was introduced. >>> >>> On Mon, Mar 1, 2021 at 12:04 PM Nick Couchman <[email protected]> wrote: >>> >>>> On Mon, Mar 1, 2021 at 11:55 AM Shaun Tarves >>>> <[email protected]> wrote: >>>> >>>>> Since upgrading our guacd to 1.3, we have seen RDP connection >>>>> instability when having the guacamole configuration set to `any` for an >>>>> RDP >>>>> connection and the server is set to *Require use of specific security >>>>> layer >>>>> for remote (RDP) connections* values of *Not Configured*, *Enabled and set >>>>> to Negotiate*, or *Enabled and set to RDP*. >>>>> ... >>>>> >>>>> - In the Windows Administrative Event log, look for: [Warning, >>>>> RemoteDesktopServices-RdpCoreTS, Event ID 105] >>>>> - In the guacd log for the corresponding remote access server, >>>>> look for: guacd[28117]: DEBUG:#011ERRINFO_DECRYPT_FAILED >>>>> (0x00001192):(a) Decryption using Standard RDP Security mechanisms >>>>> (section >>>>> 5.3.6) failed. >>>>> >>>>> Feb 8 19:56:18 ip-172-16-10-253 journal: guacd[1322]: >>>>> DEBUG:#011ERRINFO_DECRYPT_FAILED (0x00001192):(a) Decryption using >>>>> Standard RDP Security mechanisms (section 5.3.6) failed.Feb 8 19:56:18 >>>>> ip-172-16-10-253 journal: guacd[1322]: DEBUG:#011BIO_read returned a >>>>> system error 104: Connection reset by peerFeb 8 19:56:18 >>>>> ip-172-16-10-253 journal: guacd[1322]: ERROR:#011Connection closed. >>>>> >>>>> >>>> You say this has changed when upgrading to guacd 1.3 - did you also >>>> upgrade FreeRDP libraries at the same time? If you go back to the previous >>>> version of guacd, but keep the FreeRDP libraries the same, do you continue >>>> to see the same issues? >>>> >>>> The reason I ask is because these error messages look more related to >>>> FreeRDP than they do to guacd - they are lower-level than Guacamole's error >>>> messages - and so I'm wondering if there's something in the underlying >>>> FreeRDP library contributing to the issue. It still could be something in >>>> guacd - something we need to handle differently - but I'm just curious what >>>> all changed when you changed versions... >>>> >>>> -Nick >>>> >>>
