Hi Alexandre,
No didn't have that error. My MYSQL Server (Percona to be exact) is using SSL but without any CA. Perhaps that is the issue on MySQL side. Sander. ---- Op do, 23 feb 2023 07:44:59 +0100 schreef Alexandre Roumiantsev <mailto:[email protected]> ---- Hello Thanks Sander. You pointed me to problematic place. However after adding " -e MYSQL_SSL_MODE=disabled" I get problem some deeper: 06:33:09.618 [http-nio-8080-exec-6] WARN o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: mysql" within your guacamole.properties. 06:33:09.618 [http-nio-8080-exec-6] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error: ### Error querying database. Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Public Key Retrieval is not allowed ### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne ### The error occurred while executing a query ### Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Public Key Retrieval is not allowed Do you had same? How you avoid it? Thanks again, Alexandre. On Wed, 2023-02-22 at 21:21 +0100, Sander Kaldenhoven wrote: Hi Alexandre, Encountered the same issue today after upgrading Docker container. Downgraded to 1.4.0 got a better error message warning me for unsecured connection to MySQL. Wed Feb 22 20:50:49 CET 2023 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification. What I did next was to include the following option for Docker container creation after finding the option mysql-ssl-mode (https://guacamole.apache.org/doc/gug/jdbc-auth.html) for guacamole. -e MYSQL_SSL_MODE=disabled After this the connection is ok again and Guacamole works again. Kind Regards, Sander.
