On Thu, Jan 4, 2024 at 2:00 AM Vieri <rentor...@yahoo.com.invalid> wrote:
> Hi, > > I understand what you're saying about docker images and reverting to > 1.5.3, Mike. > However, in my case I'm NOT using Docker. > > As I said, I have two different hosts and BOTH are using FreeRDP 2.4.1 (am > not using 2.10.0 as you suggest). > The 2 hosts are 2 different machines. The only software that changes is, > as I said, guacd (and Apache Tomcat to be exact, but it's still 8.5 on > both). > > I have NOT tried downgrading guacamole to 1.5.3. > I am using 1.4.0 on my old system and 1.5.4 on the new one. > Obviously, 1.4.0 and 1.5.3 have vulnerabilities that I want to get rid of, > so I'm eager to move to 1.5.4. However, this issue is a show stopper. > > Also, while I understand that the error "Major bug, unable to allocate a > TLS value for currentThread" comes from FreeRDP, I also reported in my > previous post that all other protocols are also affected. > My telnet and ssh connections fail too, but they obviously do not use > FreeRDP. > So, it seems that as soon as guacd hits the FreeRDP issue, every single > connection type (including those that do not use FreeRDP) fail. > A guacd restart makes every single connection type work again -- not just > RDP. > I might be wrong, and I don't have more information to offer (my guacd > 1.5.4 process was restarted and working fine for now). > However, it seems that the FreeRDP "failure" has a crippling effect on > guacd not just for RDP connections. > > I highly doubt that FreeRDP is having any impact on other guacd connections - I suspect that you're hitting some other limitation in the number of files/sockets open that is causing all new connections to fail, and the FreeRDP one just happens to be the most likely one or first one to hit the issue. You might look at things like the "nofile" hard and soft limits for the user running guacd and see if you're running up against that. IIRC, opening sockets counts as opening a "file" in Linux, so if you are opening a lot of connections, you may be hitting that. It may not be nofile specifically, so you might need to investigate other limits, either in /etc/security/limits.conf, or sysctl, and see if you're running up against any of those. -Nick
