Hi
These seem to be from the same user with 4 sessions this morning
There seem to be various causes
That user logs in via a highly available corporate network so it should be
reliable
I am curious about these two logged events
"The disconnection was initiated by an administrative tool on the server
running in the user's session.”
Could the user be doing something?
Thanks
{"log":"guacd[4579]: INFO:\u0009Security mode:
TLS\n","stream":"stderr","time":"2022-06-01T22:13:57.633941741Z"}
{"log":"guacd[4579]: INFO:\u0009Resize method:
none\n","stream":"stderr","time":"2022-06-01T22:13:57.633971191Z"}
{"log":"guacd[4579]: INFO:\u0009User \"@f4323947-d674-4c68-b96b-b531ffa9297a\"
joined connection \"$91cffa3c-27c0-4249-b1d8-02f80fea833e\" (1 users now
present)\n","stream":"stderr","time":"2022-06-01T22:13:57.6339754Z"}
{"log":"guacd[4579]: INFO:\u0009Loading keymap
\"base\"\n","stream":"stderr","time":"2022-06-01T22:13:57.633979772Z"}
{"log":"guacd[4579]: INFO:\u0009Loading keymap
\"en-us-qwerty\"\n","stream":"stderr","time":"2022-06-01T22:13:57.633983343Z"}
{"log":"guacd[4579]: INFO:\u0009guacdr
connected.\n","stream":"stderr","time":"2022-06-01T22:13:57.796612295Z"}
{"log":"guacd[4579]: INFO:\u0009guacsnd
connected.\n","stream":"stderr","time":"2022-06-01T22:13:57.796644932Z"}
{"log":"guacd[4579]: INFO:\u0009Connected to RDPDR 1.13 as client
0x0002\n","stream":"stderr","time":"2022-06-01T22:13:58.192025403Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0001,
length=44\n","stream":"stderr","time":"2022-06-01T22:13:58.193162577Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0002,
length=8\n","stream":"stderr","time":"2022-06-01T22:13:58.193176746Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0003,
length=8\n","stream":"stderr","time":"2022-06-01T22:13:58.193180768Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0004,
length=8\n","stream":"stderr","time":"2022-06-01T22:13:58.193184335Z"}
{"log":"guacd[4579]: INFO:\u0009Ignoring server capability set type=0x0005,
length=8\n","stream":"stderr","time":"2022-06-01T22:13:58.193187874Z"}
{"log":"guacd[4579]: INFO:\u0009Sending
capabilities...\n","stream":"stderr","time":"2022-06-01T22:13:58.193191363Z"}
{"log":"guacd[4579]: INFO:\u0009Capabilities
sent.\n","stream":"stderr","time":"2022-06-01T22:13:58.193194705Z"}
{"log":"guacd[4579]: INFO:\u0009Client ID
confirmed\n","stream":"stderr","time":"2022-06-01T22:13:58.193198732Z"}
{"log":"guacd[4579]: INFO:\u0009User logged
on\n","stream":"stderr","time":"2022-06-01T22:14:04.0027861Z"}
{"log":"guacd[4579]: INFO:\u0009All supported devices
sent.\n","stream":"stderr","time":"2022-06-01T22:14:04.002820339Z"}
{"log":"guacd[4579]: INFO:\u0009RDP server closed connection: Manually logged
off.\n","stream":"stderr","time":"2022-06-01T22:40:10.423593688Z"}
{"log":"guacd[4579]: INFO:\u0009User \"@f4323947-d674-4c68-b96b-b531ffa9297a\"
disconnected (0 users
remain)\n","stream":"stderr","time":"2022-06-01T22:40:10.435378454Z"}
{"log":"guacd[4579]: INFO:\u0009Last user of connection
\"$91cffa3c-27c0-4249-b1d8-02f80fea833e\"
disconnected\n","stream":"stderr","time":"2022-06-01T22:40:10.435410989Z"}
{"log":"connected to
10.202.3.224:3389\n","stream":"stdout","time":"2022-06-01T22:40:10.436055299Z"}
{"log":"ERRINFO_UNKNOWN 0x0000000C: Unknown
error.\n","stream":"stdout","time":"2022-06-01T22:40:10.436065196Z"}
{"log":"guacd[1]: INFO:\u0009Connection
\"$91cffa3c-27c0-4249-b1d8-02f80fea833e\"
removed.\n","stream":"stderr","time":"2022-06-01T22:40:10.440702894Z"}
{"log":"guacd[1]: INFO:\u0009Creating new client for protocol
\"rdp\"\n","stream":"stderr","time":"2022-06-01T22:40:13.613303991Z"}
{"log":"guacd[1]: INFO:\u0009Connection ID is
\"$64b09ff5-13bb-45fa-b5b4-f720efb400a6\"\n","stream":"stderr","time":"2022-06-01T22:40:13.613973335Z"}
{"log":"guacd[4589]: INFO:\u0009Security mode:
TLS\n","stream":"stderr","time":"2022-06-01T22:40:13.661183687Z"}
{"log":"guacd[4589]: INFO:\u0009Resize method:
none\n","stream":"stderr","time":"2022-06-01T22:40:13.661354918Z"}
{"log":"guacd[4589]: INFO:\u0009User \"@d4750f03-694f-44e5-a688-698adf714d1e\"
joined connection \"$64b09ff5-13bb-45fa-b5b4-f720efb400a6\" (1 users now
present)\n","stream":"stderr","time":"2022-06-01T22:40:13.661544289Z"}
{"log":"guacd[4589]: INFO:\u0009Loading keymap
\"base\"\n","stream":"stderr","time":"2022-06-01T22:40:13.662016355Z"}
{"log":"guacd[4589]: INFO:\u0009Loading keymap
\"en-us-qwerty\"\n","stream":"stderr","time":"2022-06-01T22:40:13.662030183Z"}
{"log":"guacd[4589]: INFO:\u0009guacdr
connected.\n","stream":"stderr","time":"2022-06-01T22:40:13.820068964Z"}
{"log":"guacd[4589]: INFO:\u0009guacsnd
connected.\n","stream":"stderr","time":"2022-06-01T22:40:13.820100551Z"}
{"log":"guacd[4589]: INFO:\u0009Connected to RDPDR 1.13 as client
0x0002\n","stream":"stderr","time":"2022-06-01T22:40:14.286537381Z"}
{"log":"guacd[4589]: INFO:\u0009Ignoring server capability set type=0x0001,
length=44\n","stream":"stderr","time":"2022-06-01T22:40:14.287787446Z"}
{"log":"guacd[4589]: INFO:\u0009Ignoring server capability set type=0x0002,
length=8\n","stream":"stderr","time":"2022-06-01T22:40:14.287798696Z"}
{"log":"guacd[4589]: INFO:\u0009Ignoring server capability set type=0x0003,
length=8\n","stream":"stderr","time":"2022-06-01T22:40:14.287802528Z"}
{"log":"guacd[4589]: INFO:\u0009Ignoring server capability set type=0x0004,
length=8\n","stream":"stderr","time":"2022-06-01T22:40:14.287805973Z"}
{"log":"guacd[4589]: INFO:\u0009Ignoring server capability set type=0x0005,
length=8\n","stream":"stderr","time":"2022-06-01T22:40:14.287809642Z"}
{"log":"guacd[4589]: INFO:\u0009Sending
capabilities...\n","stream":"stderr","time":"2022-06-01T22:40:14.287813064Z"}
{"log":"guacd[4589]: INFO:\u0009Capabilities
sent.\n","stream":"stderr","time":"2022-06-01T22:40:14.287818803Z"}
{"log":"guacd[4589]: INFO:\u0009Client ID
confirmed\n","stream":"stderr","time":"2022-06-01T22:40:14.288048059Z"}
{"log":"guacd[4589]: INFO:\u0009User logged
on\n","stream":"stderr","time":"2022-06-01T22:40:53.704426763Z"}
{"log":"guacd[4589]: INFO:\u0009All supported devices
sent.\n","stream":"stderr","time":"2022-06-01T22:40:53.704464643Z"}
{"log":"guacd[4589]: INFO:\u0009RDP server closed connection: Manually
disconnected.\n","stream":"stderr","time":"2022-06-01T23:09:42.884677534Z"}
{"log":"guacd[4589]: INFO:\u0009User \"@d4750f03-694f-44e5-a688-698adf714d1e\"
disconnected (0 users
remain)\n","stream":"stderr","time":"2022-06-01T23:09:42.884982011Z"}
{"log":"guacd[4589]: INFO:\u0009Last user of connection
\"$64b09ff5-13bb-45fa-b5b4-f720efb400a6\"
disconnected\n","stream":"stderr","time":"2022-06-01T23:09:42.884996159Z"}
{"log":"connected to
10.202.3.148:3389\n","stream":"stdout","time":"2022-06-01T23:09:42.88587036Z"}
{"log":"ERRINFO_RPC_INITIATED_DISCONNECT_BY_USER
(0x0000000B):\n","stream":"stdout","time":"2022-06-01T23:09:42.885880203Z"}
{"log":"The disconnection was initiated by an administrative tool on the server
running in the user's
session.\n","stream":"stdout","time":"2022-06-01T23:09:42.885884161Z"}
{"log":"guacd[1]: INFO:\u0009Connection
\"$64b09ff5-13bb-45fa-b5b4-f720efb400a6\"
removed.\n","stream":"stderr","time":"2022-06-01T23:09:42.890570614Z"}
{"log":"guacd[1]: INFO:\u0009Creating new client for protocol
\"rdp\"\n","stream":"stderr","time":"2022-06-01T23:09:47.440281804Z"}
{"log":"guacd[1]: INFO:\u0009Connection ID is
\"$e4a04c06-1381-4d19-b2ab-95e695d644c2\"\n","stream":"stderr","time":"2022-06-01T23:09:47.444034951Z"}
{"log":"guacd[4599]: INFO:\u0009Security mode:
TLS\n","stream":"stderr","time":"2022-06-01T23:09:47.485166304Z"}
{"log":"guacd[4599]: INFO:\u0009Resize method:
none\n","stream":"stderr","time":"2022-06-01T23:09:47.485200891Z"}
{"log":"guacd[4599]: INFO:\u0009User \"@4f593e5f-1f34-40ca-af4c-05dada81b1f0\"
joined connection \"$e4a04c06-1381-4d19-b2ab-95e695d644c2\" (1 users now
present)\n","stream":"stderr","time":"2022-06-01T23:09:47.485205273Z"}
{"log":"guacd[4599]: INFO:\u0009Loading keymap
\"base\"\n","stream":"stderr","time":"2022-06-01T23:09:47.485931046Z"}
{"log":"guacd[4599]: INFO:\u0009Loading keymap
\"en-us-qwerty\"\n","stream":"stderr","time":"2022-06-01T23:09:47.485940499Z"}
{"log":"guacd[4599]: INFO:\u0009guacdr
connected.\n","stream":"stderr","time":"2022-06-01T23:09:47.538009098Z"}
{"log":"guacd[4599]: INFO:\u0009guacsnd
connected.\n","stream":"stderr","time":"2022-06-01T23:09:47.538038448Z"}
{"log":"guacd[4599]: INFO:\u0009Connected to RDPDR 1.13 as client
0x0003\n","stream":"stderr","time":"2022-06-01T23:09:47.673723551Z"}
{"log":"guacd[4599]: INFO:\u0009Ignoring server capability set type=0x0001,
length=44\n","stream":"stderr","time":"2022-06-01T23:09:47.674932579Z"}
{"log":"guacd[4599]: INFO:\u0009Ignoring server capability set type=0x0002,
length=8\n","stream":"stderr","time":"2022-06-01T23:09:47.674946511Z"}
{"log":"guacd[4599]: INFO:\u0009Ignoring server capability set type=0x0003,
length=8\n","stream":"stderr","time":"2022-06-01T23:09:47.674950686Z"}
{"log":"guacd[4599]: INFO:\u0009Ignoring server capability set type=0x0004,
length=8\n","stream":"stderr","time":"2022-06-01T23:09:47.674954378Z"}
{"log":"guacd[4599]: INFO:\u0009Ignoring server capability set type=0x0005,
length=8\n","stream":"stderr","time":"2022-06-01T23:09:47.674957908Z"}
{"log":"guacd[4599]: INFO:\u0009Sending
capabilities...\n","stream":"stderr","time":"2022-06-01T23:09:47.674961481Z"}
{"log":"guacd[4599]: INFO:\u0009Capabilities
sent.\n","stream":"stderr","time":"2022-06-01T23:09:47.674964889Z"}
{"log":"guacd[4599]: INFO:\u0009Client ID
confirmed\n","stream":"stderr","time":"2022-06-01T23:09:47.674968207Z"}
{"log":"guacd[4599]: INFO:\u0009RDP server closed connection: Manually logged
off.\n","stream":"stderr","time":"2022-06-01T23:10:22.307578295Z"}
{"log":"guacd[4599]: INFO:\u0009User \"@4f593e5f-1f34-40ca-af4c-05dada81b1f0\"
disconnected (0 users
remain)\n","stream":"stderr","time":"2022-06-01T23:10:22.33316709Z"}
{"log":"guacd[4599]: INFO:\u0009Last user of connection
\"$e4a04c06-1381-4d19-b2ab-95e695d644c2\"
disconnected\n","stream":"stderr","time":"2022-06-01T23:10:22.333196954Z"}
{"log":"connected to
10.202.3.224:3389\n","stream":"stdout","time":"2022-06-01T23:10:22.333922141Z"}
{"log":"ERRINFO_UNKNOWN 0x0000000C: Unknown
error.\n","stream":"stdout","time":"2022-06-01T23:10:22.333935769Z"}
{"log":"guacd[1]: INFO:\u0009Connection
\"$e4a04c06-1381-4d19-b2ab-95e695d644c2\"
removed.\n","stream":"stderr","time":"2022-06-01T23:10:22.335473926Z"}
{"log":"guacd[1]: INFO:\u0009Creating new client for protocol
\"rdp\"\n","stream":"stderr","time":"2022-06-01T23:11:19.154325048Z"}
{"log":"guacd[1]: INFO:\u0009Connection ID is
\"$2dae2712-7381-4120-bf5d-48f01237c5cf\"\n","stream":"stderr","time":"2022-06-01T23:11:19.155005618Z"}
{"log":"guacd[4609]: INFO:\u0009Security mode:
TLS\n","stream":"stderr","time":"2022-06-01T23:11:19.201020849Z"}
{"log":"guacd[4609]: INFO:\u0009Resize method:
none\n","stream":"stderr","time":"2022-06-01T23:11:19.201282133Z"}
{"log":"guacd[4609]: INFO:\u0009User \"@e61a42fe-25fe-42a3-9698-5152678abc92\"
joined connection \"$2dae2712-7381-4120-bf5d-48f01237c5cf\" (1 users now
present)\n","stream":"stderr","time":"2022-06-01T23:11:19.201293884Z"}
{"log":"guacd[4609]: INFO:\u0009Loading keymap
\"base\"\n","stream":"stderr","time":"2022-06-01T23:11:19.201916909Z"}
{"log":"guacd[4609]: INFO:\u0009Loading keymap
\"en-us-qwerty\"\n","stream":"stderr","time":"2022-06-01T23:11:19.201924311Z"}
{"log":"guacd[4609]: INFO:\u0009guacsnd
connected.\n","stream":"stderr","time":"2022-06-01T23:11:19.256185266Z"}
{"log":"guacd[4609]: INFO:\u0009guacdr
connected.\n","stream":"stderr","time":"2022-06-01T23:11:19.256215494Z"}
{"log":"guacd[4609]: INFO:\u0009Connected to RDPDR 1.13 as client
0x0003\n","stream":"stderr","time":"2022-06-01T23:11:19.384059933Z"}
{"log":"guacd[4609]: INFO:\u0009Ignoring server capability set type=0x0001,
length=44\n","stream":"stderr","time":"2022-06-01T23:11:19.385162824Z"}
{"log":"guacd[4609]: INFO:\u0009Ignoring server capability set type=0x0002,
length=8\n","stream":"stderr","time":"2022-06-01T23:11:19.385234252Z"}
{"log":"guacd[4609]: INFO:\u0009Ignoring server capability set type=0x0003,
length=8\n","stream":"stderr","time":"2022-06-01T23:11:19.385249635Z"}
{"log":"guacd[4609]: INFO:\u0009Ignoring server capability set type=0x0004,
length=8\n","stream":"stderr","time":"2022-06-01T23:11:19.385253301Z"}
{"log":"guacd[4609]: INFO:\u0009Ignoring server capability set type=0x0005,
length=8\n","stream":"stderr","time":"2022-06-01T23:11:19.385256674Z"}
{"log":"guacd[4609]: INFO:\u0009Sending
capabilities...\n","stream":"stderr","time":"2022-06-01T23:11:19.385261317Z"}
{"log":"guacd[4609]: INFO:\u0009Capabilities
sent.\n","stream":"stderr","time":"2022-06-01T23:11:19.385264611Z"}
{"log":"guacd[4609]: INFO:\u0009Client ID
confirmed\n","stream":"stderr","time":"2022-06-01T23:11:19.385267876Z"}
{"log":"guacd[4609]: INFO:\u0009User logged
on\n","stream":"stderr","time":"2022-06-01T23:11:26.086452762Z"}
{"log":"guacd[4609]: INFO:\u0009All supported devices
sent.\n","stream":"stderr","time":"2022-06-01T23:11:26.086486954Z"}
{"log":"guacd[1]: INFO:\u0009Creating new client for protocol
\"rdp\"\n","stream":"stderr","time":"2022-06-01T23:50:42.525291336Z"}
{"log":"guacd[1]: INFO:\u0009Connection ID is
\"$d7383f4f-be74-4be2-afff-c410d64948d8\"\n","stream":"stderr","time":"2022-06-01T23:50:42.526117346Z"}
{"log":"guacd[4609]: INFO:\u0009RDP server closed connection: Manually
disconnected.\n","stream":"stderr","time":"2022-06-01T23:58:50.658559868Z"}
{"log":"guacd[4609]: INFO:\u0009User \"@e61a42fe-25fe-42a3-9698-5152678abc92\"
disconnected (0 users
remain)\n","stream":"stderr","time":"2022-06-01T23:58:50.697768096Z"}
{"log":"guacd[4609]: INFO:\u0009Last user of connection
\"$2dae2712-7381-4120-bf5d-48f01237c5cf\"
disconnected\n","stream":"stderr","time":"2022-06-01T23:58:50.697800359Z"}
{"log":"connected to
10.202.3.224:3389\n","stream":"stdout","time":"2022-06-01T23:58:50.698617157Z"}
{"log":"ERRINFO_RPC_INITIATED_DISCONNECT_BY_USER
(0x0000000B):\n","stream":"stdout","time":"2022-06-01T23:58:50.698630621Z"}
{"log":"The disconnection was initiated by an administrative tool on the server
running in the user's
session.\n","stream":"stdout","time":"2022-06-01T23:58:50.698634569Z"}
From: Michael Jumper <[email protected]>
Sent: Wednesday, June 1, 2022 2:45 PM
To: [email protected]
Subject: Re: Frequent disconnections occurring now
CAUTION: This email originated from outside of the organization. Do not click
links or open attachments unless you recognize the sender and know the content
is safe.
On Tue, May 31, 2022, 23:37 Lockhart, Roland
<[email protected]<mailto:[email protected]>> wrote:
These are the guacd logs for a session which I was disconnected from today
while working
...
{"log":"guacd[4459]: ERROR:\u0009User is not
responding.\n","stream":"stderr","time":"2022-06-01T05:27:37.281117085Z"}
If you were indeed still connected (you didn't close the browser tab), this
indicates that there was a network disruption. Something interrupted
communication and resulted in Guacamole considering your connection closed and
cleaning up your connection.
Other users are reporting disconnected sessions of 46 seconds and such like
You will need to locate the logs for those disconnects to determine the cause.
The fact that other connections closed is not enough to determine why they
closed.
- Mike
==================================================================== Attention
Email Disclaimer Notice - This message is the property of AAM Pty Ltd. The
information in this email is confidential and may be legally privileged. It is
intended solely for the addressee. Access to this email by anyone else is
unauthorised. If you are not the intended recipient, any disclosure, copying,
distribution or any action taken or omitted to be taken in reliance on it is
prohibited and may be unlawful. If you have received this message in error
please notify AAM Pty Ltd immediately via email to [email protected] This
email has been scanned and cleared by Exchange Online Protection, however AAM
Pty Ltd does not guarantee this message free of viruses, or interference.
