If I change it to NLA, the browser just says “You have been disconnected”, and /var/log/messages shows:
Apr 4 15:42:40 access guacd[2286]: Creating new client for protocol "rdp" Apr 4 15:42:40 access guacd[2286]: Connection ID is "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" Apr 4 15:42:40 access guacd[1476113]: Security mode: NLA Apr 4 15:42:40 access guacd[1476113]: NLA security mode was selected, but is known to be currently incompatible with FIPS mode (see FreeRDP/FreeRDP#3412). Security negotiation with the RDP server may fail unless TLS security mode is selected instead. Apr 4 15:42:40 access guacd[1476113]: Resize method: none Apr 4 15:42:40 access guacd[1476113]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Apr 4 15:42:40 access guacd[1476113]: User "@fa0b5239-e6bf-4751-995c-b3e71c1ee057" joined connection "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" (1 users now present) Apr 4 15:42:40 access server[1652]: 15:42:40.905 [http-nio-8080-exec-10] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "816". Apr 4 15:42:40 access server[1652]: 15:42:40.905 [http-nio-8080-exec-10] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Apr 4 15:42:40 access guacd[1476113]: Loading keymap "base" Apr 4 15:42:40 access guacd[1476113]: Loading keymap "en-us-qwerty" Apr 4 15:42:41 access guacd[1476113]: RDP server closed/refused connection: Security negotiation failed (wrong security type?) Apr 4 15:42:41 access guacd[1476113]: User "@fa0b5239-e6bf-4751-995c-b3e71c1ee057" disconnected (0 users remain) Apr 4 15:42:41 access guacd[1476113]: Last user of connection "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" disconnected Apr 4 15:42:41 access guacd[2286]: Connection "$f67e0010-36ff-4dcf-abb6-0d4d25a2fd12" removed. Apr 4 15:42:41 access server[1652]: 15:42:41.279 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" disconnected from connection "816". Duration: 374 milliseconds If I change it to “TLS Encryption”, it fails the same way that Any does. Thanks, Harry From: Devine, Harry (FAA) <harry.dev...@faa.gov.INVALID> Sent: Thursday, April 4, 2024 3:40 PM To: user@guacamole.apache.org Subject: RE: Issue with Windows 10 RDP CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. I have “Any” now, but NLA didn’t work either. No matter what I choose, I get that “RDP server closed/refused connection: Server refused connection (wrong security type?)” error. Thanks, Harry From: Horváth Csaba <horvathcsabalas...@gmail.com<mailto:horvathcsabalas...@gmail.com>> Sent: Thursday, April 4, 2024 3:31 PM To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Re: Issue with Windows 10 RDP CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. Hi, Which security mode you have chosen? NLA is required for newer Windows versions. Cs. Devine, Harry (FAA) <harry.dev...@faa.gov.invalid<mailto:harry.dev...@faa.gov.invalid>> ezt írta (időpont: 2024. ápr. 4., Cs, 21:18): I am having an issue connecting to a new Windows 10 machine we stood up. I’ve had this issue before, but everything that was suggested for that issue doesn’t work here. I have enabled Remote Desktop on the server, added the local accounts needed, and added them to the Remote Desktop Users group. The Windows Firewall also is allowing RDP over 3389. On the Guac server, I set the connection security to Any, and I’m logged into Guac with my account that has a matching account on the Windows machine. When I log in, the windows says “The remote server is unavailable”, and /var/log/messages on the server (running Guac 1.5.4), shows: Apr 4 15:12:50 access guacd[2286]: Creating new client for protocol "rdp" Apr 4 15:12:50 access guacd[2286]: Connection ID is "$58d124a2-4e95-492d-8276-8ea335d08dc4" Apr 4 15:12:50 access guacd[1475582]: Security mode: Negotiate (ANY) Apr 4 15:12:50 access guacd[1475582]: Resize method: none Apr 4 15:12:50 access server[1652]: 15:12:50.415 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "816". Apr 4 15:12:50 access guacd[1475582]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Apr 4 15:12:50 access server[1652]: 15:12:50.416 [http-nio-8080-exec-1] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Apr 4 15:12:50 access guacd[1475582]: User "@b5fa063a-d482-4150-9d76-398043991dfd" joined connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" (1 users now present) Apr 4 15:12:50 access guacd[1475582]: Loading keymap "base" Apr 4 15:12:50 access guacd[1475582]: Loading keymap "en-us-qwerty" Apr 4 15:12:50 access guacd[1475582]: FIPS mode is enabled. Excluding NLA security mode from security negotiation (see: https://github.com/FreeRDP/FreeRDP/issues/3412). Apr 4 15:12:50 access guacd[1475582]: RDP server closed/refused connection: Server refused connection (wrong security type?) Apr 4 15:12:50 access guacd[1475582]: User "@b5fa063a-d482-4150-9d76-398043991dfd" disconnected (0 users remain) Apr 4 15:12:50 access guacd[1475582]: Last user of connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" disconnected Apr 4 15:12:50 access guacd[2286]: Connection "$58d124a2-4e95-492d-8276-8ea335d08dc4" removed. Any ideas? I can’t seem to find any usable solutions when I research this online. Thanks, Harry [cid:image001.png@01DA86A6.EB6B45A0] Harry Devine Secure-OSE System Administrator Red Hat Certified System Administrator (RHCSA) Office: (609) 485-4218 Personal Cell: (609) 276-0555 FAA Cell: (609) 612-7274 Home Office/Telework: (609) 547-3579 Email : harry.dev...@faa.gov<mailto:harry.dev...@faa.gov> William J Hughes Technical Center Building 300 3rd Floor Column L20 Atlantic City, NJ 08405
