RE: Issue with VNC on new 1.5.4 installation

Fri, 26 Apr 2024 10:52:54 -0700 

Update:  after some playing around and digging around, it appears as though the 
VNC connections work when we disable FIPS on the RHEL 8 Guacamole server.  
However, it is a security requirement set by our organization to have FIPS 
enabled, so how can we make this work with FIPS enabled?

Thanks,
Harry

-----Original Message-----
From: Devine, Harry (FAA) <[email protected]> 
Sent: Thursday, April 25, 2024 9:55 AM
To: [email protected]
Subject: RE: Issue with VNC on new 1.5.4 installation

CAUTION: This email originated from outside of the Federal Aviation 
Administration (FAA). Do not click on links or open attachments unless you 
recognize the sender and know the content is safe.


I am now running guacd in Debug mode via "/usr/local/sbin/guacd -f -L debug", 
and here's what I see when I try to connect to a VNC connection:

guacd[4319]: INFO:      Creating new client for protocol "vnc"
guacd[4319]: INFO:      Connection ID is "$b2d849e6-b5e5-4b56-94e6-839c29da92c6"
guacd[4369]: DEBUG:     Processing instruction: size
guacd[4369]: DEBUG:     Processing instruction: audio
guacd[4369]: DEBUG:     Processing instruction: video
guacd[4369]: DEBUG:     Processing instruction: image
guacd[4369]: DEBUG:     Processing instruction: timezone
guacd[4369]: DEBUG:     Processing instruction: name
guacd[4369]: INFO:      Cursor rendering: local
guacd[4369]: DEBUG:     Parameter "swap-red-blue" omitted. Using default value 
of 0.
guacd[4369]: DEBUG:     Parameter "color-depth" omitted. Using default value of 
0.
guacd[4369]: DEBUG:     Parameter "force-lossless" omitted. Using default value 
of 0.
guacd[4369]: DEBUG:     Parameter "dest-port" omitted. Using default value of 0.
guacd[4369]: DEBUG:     Parameter "encodings" omitted. Using default value of 
"zrle ultra copyrect hextile zlib corre rre raw".
guacd[4369]: DEBUG:     Parameter "autoretry" omitted. Using default value of 0.
guacd[4369]: DEBUG:     Parameter "reverse-connect" omitted. Using default 
value of 0.
guacd[4369]: DEBUG:     Parameter "listen-timeout" omitted. Using default value 
of 5000.
guacd[4369]: DEBUG:     Parameter "enable-audio" omitted. Using default value 
of 0.
guacd[4369]: DEBUG:     Parameter "enable-sftp" omitted. Using default value of 
0.
guacd[4369]: DEBUG:     Parameter "sftp-hostname" omitted. Using default value 
of "xxx.xxx.xxx.xxx".
guacd[4369]: DEBUG:     Parameter "sftp-port" omitted. Using default value of 
"22".
guacd[4369]: DEBUG:     Parameter "sftp-username" omitted. Using default value 
of "".
guacd[4369]: DEBUG:     Parameter "sftp-password" omitted. Using default value 
of "".
guacd[4369]: DEBUG:     Parameter "sftp-passphrase" omitted. Using default 
value of "".
guacd[4369]: DEBUG:     Parameter "sftp-root-directory" omitted. Using default 
value of "/".
guacd[4369]: DEBUG:     Parameter "sftp-server-alive-interval" omitted. Using 
default value of 0.
guacd[4369]: DEBUG:     Parameter "sftp-disable-download" omitted. Using 
default value of 0.
guacd[4369]: DEBUG:     Parameter "sftp-disable-upload" omitted. Using default 
value of 0.
guacd[4369]: DEBUG:     Parameter "recording-name" omitted. Using default value 
of "recording".
guacd[4369]: DEBUG:     Parameter "recording-exclude-output" omitted. Using 
default value of 0.
guacd[4369]: DEBUG:     Parameter "recording-exclude-mouse" omitted. Using 
default value of 0.
guacd[4369]: DEBUG:     Parameter "recording-include-keys" omitted. Using 
default value of 0.
guacd[4369]: DEBUG:     Parameter "create-recording-path" omitted. Using 
default value of 0.
guacd[4369]: DEBUG:     Parameter "disable-copy" omitted. Using default value 
of 0.
guacd[4369]: DEBUG:     Parameter "disable-paste" omitted. Using default value 
of 0.
guacd[4369]: DEBUG:     Parameter "wol-send-packet" omitted. Using default 
value of 0.
guacd[4369]: INFO:      User "@8f157edc-f209-45de-808e-734861dd5816" joined 
connection "$b2d849e6-b5e5-4b56-94e6-839c29da92c6" (1 users now present)
guacd[4369]: DEBUG:     Client is using protocol version "VERSION_1_5_0"
guacd[4369]: DEBUG:     GCrypt initialization started.
guacd[4369]: DEBUG:     GCrypt initialization completed.
guacd[4369]: ERROR:     Unable to connect to VNC server.
guacd[4369]: INFO:      User "@8f157edc-f209-45de-808e-734861dd5816" 
disconnected (0 users remain)
guacd[4369]: INFO:      Last user of connection 
"$b2d849e6-b5e5-4b56-94e6-839c29da92c6" disconnected
guacd[4369]: DEBUG:     Requesting termination of client...
guacd[4369]: DEBUG:     Client terminated successfully.
guacd[4319]: INFO:      Connection "$b2d849e6-b5e5-4b56-94e6-839c29da92c6" 
removed.
guacd[4319]: DEBUG:     Unable to request termination of client process: No 
such process
guacd[4319]: DEBUG:     All child processes for connection 
"$b2d849e6-b5e5-4b56-94e6-839c29da92c6" have been terminated.

Thanks,
Harry

-----Original Message-----
From: Devine, Harry (FAA) <[email protected]>
Sent: Thursday, April 25, 2024 9:33 AM
To: [email protected]
Subject: RE: Issue with VNC on new 1.5.4 installation

CAUTION: This email originated from outside of the Federal Aviation 
Administration (FAA). Do not click on links or open attachments unless you 
recognize the sender and know the content is safe.


I upgraded the installation to 1.5.5, and the issue still occurs:

Apr 25 09:31:38 tfdm-access guacd[2297]: Creating new client for protocol "vnc"
Apr 25 09:31:38 tfdm-access guacd[2297]: Connection ID is 
"$9d945aa9-e0b1-4a68-8eb7-7cc94946c966"
Apr 25 09:31:38 tfdm-access guacd[3870]: Cursor rendering: local Apr 25 
09:31:38 tfdm-access guacd[3870]: User "@d9be5151-dfa2-42fe-b873-4ccd2dacdf97" 
joined connection "$9d945aa9-e0b1-4a68-8eb7-7cc94946c966" (1 users now present) 
Apr 25 09:31:38 tfdm-access server[1662]: 09:31:38.289 [http-nio-8080-exec-8] 
INFO  o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to 
connection "79".
Apr 25 09:31:38 tfdm-access guacd[3870]: VNC server supports protocol version 
3.8 (viewer 3.8) Apr 25 09:31:38 tfdm-access guacd[3870]: We have 2 security 
types to read Apr 25 09:31:38 tfdm-access guacd[3870]: 0) Received security 
type 19 Apr 25 09:31:38 tfdm-access guacd[3870]: Selecting security type 19 
(0/2 in the list) Apr 25 09:31:38 tfdm-access guacd[3870]: 1) Received security 
type 2 Apr 25 09:31:38 tfdm-access guacd[3870]: Selected Security Scheme 19 Apr 
25 09:31:38 tfdm-access guacd[3870]: Failed to initialized GnuTLS: Error in 
public key generation..
Apr 25 09:31:38 tfdm-access guacd[3870]: Unable to connect to VNC server.
Apr 25 09:31:38 tfdm-access server[1662]: 09:31:38.292 [http-nio-8080-exec-8] 
INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not 
WebSocket). Performance may be sub-optimal.
Apr 25 09:31:38 tfdm-access guacd[3870]: User 
"@d9be5151-dfa2-42fe-b873-4ccd2dacdf97" disconnected (0 users remain) Apr 25 
09:31:38 tfdm-access guacd[3870]: Last user of connection 
"$9d945aa9-e0b1-4a68-8eb7-7cc94946c966" disconnected Apr 25 09:31:38 
tfdm-access guacd[2297]: Connection "$9d945aa9-e0b1-4a68-8eb7-7cc94946c966" 
removed.
Apr 25 09:31:38 tfdm-access server[1662]: 09:31:38.861 [http-nio-8080-exec-9] 
INFO  o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from 
connection "79". Duration: 568 milliseconds Apr 25 09:31:38 tfdm-access 
server[1662]: 09:31:38.866 [http-nio-8080-exec-10] INFO  
o.a.g.tunnel.TunnelRequestService - User "guacadmin" disconnected from 
connection "79". Duration: 574 milliseconds Apr 25 09:31:42 tfdm-access 
server[1662]: 09:31:42.954 [http-nio-8080-exec-7] WARN  
o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: No such 
tunnel.

Thanks,
Harry

-----Original Message-----
From: Devine, Harry (FAA) <[email protected]>
Sent: Thursday, April 25, 2024 8:32 AM
To: [email protected]
Subject: RE: Issue with VNC on new 1.5.4 installation

CAUTION: This email originated from outside of the Federal Aviation 
Administration (FAA). Do not click on links or open attachments unless you 
recognize the sender and know the content is safe.


I have an Ansible Role that we use to install Guacamole.  If I changed the 
version in that role to 1.5.5 and re-run it to re-install Guacamole, do you 
think that would be good to try and test if that fix worked for us?

Thanks,
Harry

-----Original Message-----
From: Ivanmarcus <[email protected]>
Sent: Wednesday, April 24, 2024 4:33 PM
To: [email protected]
Subject: Re: Issue with VNC on new 1.5.4 installation

CAUTION: This email originated from outside of the Federal Aviation 
Administration (FAA). Do not click on links or open attachments unless you 
recognize the sender and know the content is safe.


Harry,

I'd start debugging here:

Failed to initialized GnuTLS: Error in public key generation

Now, without knowing more about your setup I wonder if the issue could be 
related to this?:

https://issues.apache.org/jira/browse/GUACAMOLE-1921

It's been a while since I used VNC with Guacamole, and I'm not au fait with the 
detail around this bug, but as it's dealt with in Guacamole
1.5.5 you might want to trial that and see if the error persists.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected] B 
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB  [  X  
ܚX KK[XZ[  \ \ ][  X  ܚX P XX [[ K \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[ 
 \ \ Z[ XX [[ K \X K ܙ B B 
KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB  [  X  
ܚX KK[XZ[
 \ \ ][  X  ܚX P XX [[ K \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \ Z[ XX [[ K \X K ܙ B

Reply via email to