Re: Problem with update from 1.4.0 to 1.5.0

[Brian Snyder]

I was having some very similar errors. I went down the same path with SSL certs and the whole time the issue was Tomcat 10. After some advice I changed back to Tomcat 9 and all of those errors resolved. On Mar 3, 2023, at 11:18 AM, Alexandre Roumiantsev <r...@mail.wplus.net> wrote:  Hello It was announced about some changes: Nick Couchman added a comment - 03/Mar/23 14:08 MySQL Connector/J has been updated. However I does not see any changes. No success with 1.5.0. I see same problem. Does somebody have success with container version 1.5.0 guacamole? Alexandre  On Thu, 2023-02-23 at 11:47 +0300, Alexandre Roumiantsev wrote: Hello Thank you Sebastian and Sander. Now I understand the problem. I agree with Sebastian about the 1.4.0 and 1.5.0 version differences regarding guacamole related jdbc connections. This is a big headache for me Best regards, Alexandre On Thu, 2023-02-23 at 06:57 +0000, Sebastian Männling wrote: Hi, probably I ran into the same (or at least a similar) issue… I ended up with creating a self signed cert for the MySQL container and adding the self signing CA to guacamoles Java trust store… After that guacamole was able to communicate properly with the database. To me it looks like 1.5.0 behaves differently in regard of jdbc connections (not necessarily related to guacamole itself, but maybe some used/included library does?) Never the less, the above mentioned steps “fixed” it for me. Greetings, Sebastian  On Thu, Feb 23, 2023 at 07:44, Alexandre Roumiantsev <r...@mail.wplus.net> wrote: Hello Thanks Sander. You pointed me to problematic place. However after adding  " -e MYSQL_SSL_MODE=disabled" I get problem some deeper: 06:33:09.618 [http-nio-8080-exec-6] WARN o.a.g.e.AuthenticationProviderFacade - The "mysql" authentication provider has encountered an internal error which will halt the authentication process. If this is unexpected or you are the developer of this authentication provider, you may wish to enable debug-level logging. If this is expected and you wish to ignore such failures in the future, please set "skip-if-unavailable: mysql" within your guacamole.properties. 06:33:09.618 [http-nio-8080-exec-6] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error: ### Error querying database. Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Public Key Retrieval is not allowed ### The error may exist in org/apache/guacamole/auth/jdbc/user/UserMapper.xml ### The error may involve org.apache.guacamole.auth.jdbc.user.UserMapper.selectOne ### The error occurred while executing a query ### Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Public Key Retrieval is not allowed Do you had same? How you avoid  it? Thanks again, Alexandre. On Wed, 2023-02-22 at 21:21 +0100, Sander Kaldenhoven wrote: Hi Alexandre, Encountered the same issue today after upgrading Docker container. Downgraded to 1.4.0 got a better error message warning me for unsecured connection to MySQL. Wed Feb 22 20:50:49 CET 2023 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification. What I did next was to include the following option for Docker container creation after finding the option mysql-ssl-mode (https://guacamole.apache.org/doc/gug/jdbc-auth.html) for guacamole.  -e MYSQL_SSL_MODE=disabled After this the connection is ok again and Guacamole works again. Kind Regards, Sander.