On Sat, Dec 28, 2024 at 4:46 AM Bjoern Wuest <[email protected]>
wrote:
> Situation:
>
> Connecting to Win11 via RDP is stalled with message "Verbindungsaufbau zu
> Guacamole. Bitte warten..." ("Connecting to Guacamole. Please wait...")
>
> Logs of Guacd:
> Guacamole-Daemon | guacd[12716]: INFO: Security mode: Negotiate (ANY)
> Guacamole-Daemon | guacd[12716]: INFO: Resize method: none
> Guacamole-Daemon | guacd[12716]: INFO: No clipboard line-ending
> normalization specified. Defaulting to preserving the format of all line
> endings.
> Guacamole-Daemon | guacd[12716]: INFO: User
> "@1d391979-237b-4976-b77b-1bd04e65fa4f" joined connection
> "$d626b302-583c-4f52-a2d0-899d15cc2e63" (1 users now present)
> Guacamole-Daemon | guacd[12716]: INFO: Loading keymap "base"
> Guacamole-Daemon | guacd[12716]: INFO: Loading keymap "en-us-qwerty"
> Guacamole-Daemon | guacd[12716]: INFO: User
> "@1d391979-237b-4976-b77b-1bd04e65fa4f" disconnected (0 users remain)
> Guacamole-Daemon | guacd[12716]: INFO: Last user of connection
> "$d626b302-583c-4f52-a2d0-899d15cc2e63" disconnected
> Guacamole-Daemon | guacd[1]: INFO: Creating new client for protocol
> "rdp"
> Guacamole-Daemon | guacd[1]: INFO: Connection ID is
> "$99af5d2b-e692-4310-b7c4-e36c3f19dccb"
> Guacamole-Daemon | guacd[12726]: INFO: Security mode: Negotiate (ANY)
> Guacamole-Daemon | guacd[12726]: INFO: Resize method: none
> Guacamole-Daemon | guacd[12726]: INFO: No clipboard line-ending
> normalization specified. Defaulting to preserving the format of all line
> endings.
> Guacamole-Daemon | guacd[12726]: INFO: User
> "@e26a1d50-8a72-4fa3-9397-da8ce5965251" joined connection
> "$99af5d2b-e692-4310-b7c4-e36c3f19dccb" (1 users now present)
> Guacamole-Daemon | guacd[12726]: INFO: Loading keymap "base"
> Guacamole-Daemon | guacd[12726]: INFO: Loading keymap "en-us-qwerty"
>
> Logs of Guacamole:
> Guacamole | 08:29:22.290 [http-nio-8080-exec-9] INFO
> o.a.g.r.auth.AuthenticationService - User "..." successfully authenticated
> from 80.187.72.238.
> Guacamole | 08:29:25.787 [http-nio-8080-exec-3] INFO
> o.a.g.tunnel.TunnelRequestService - User "..." connected to connection "7".
>
>
> Environment:
> * Guacamole 1.5.5 in Docker
> * Client: Win11, 24H2, latest patch level, RDP on standard port 3389
>
> Docker compose config:
> guacamole-guacd:
> image: guacamole/guacd:${guacamole_version}
> container_name: Guacamole-Daemon
> restart: always
> guacamole:
> image: guacamole/guacamole:${guacamole_version}
> container_name: Guacamole
> restart: always
> environment:
> - GUACD_HOSTNAME=guacamole-guacd
> - POSTGRESQL_HOSTNAME=...
> - POSTGRESQL_DATABASE=...
> - POSTGRESQL_USER=...
> - POSTGRESQL_PASSWORD=...
> - POSTGRESQL_AUTO_CREATE_ACCOUNTS=true
> - REMOTE_IP_VALVE_ENABLED=true
> # EntraID OIDC config
> - EXTENSIONS=auth-sso-openid
> - OPENID_AUTHORIZATION_ENDPOINT=...
> - OPENID_JWKS_ENDPOINT=...
> - OPENID_ISSUER=...
> - OPENID_REDIRECT_URI=...
> - OPENID_CLIENT_ID=...
> - OPENID_USERNAME_CLAIM_TYPE=email
> - OPENID_SCOPE=openid email profile
> - EXTENSION_PRIORITY=*, openid
> depends_on:
> guacamole-guacd:
> condition: service_started
> guacamole-postgres:
> condition: service_healthy
>
>
You'll probably need to dig into some packet captures using tcpdump and see
what's happening at that level - if you're getting a response from the RDP
server, etc. This seems like a lower-level network issue if you're just
seeing a hang, there, and no error messages.
> Also, RDP connection to any Linux using Wayland does not work,.. But SSH
> connections do work.
>
I suspect this is because the RDP implementations typically associated with
Wayland require the Graphics Pipeline support (formerly known as RemoteFX),
which is being implemented in Guacamole 1.6.0, but doesn't exist in any of
the current releases. We've run into this specifically when trying to
connect to the Gnome RDP server.
-Nick
