0.9.13 is from 2020, I'd upgrade it then were I in your shoes (in a test environment of course).
Those don't look like the same errors as the log you shared originally, it's "Security Scheme 0", not 2, and "Too many security failures" is new. On Mon, May 11, 2026 at 11:15 AM Devine, Harry (FAA) <[email protected]> wrote: > For one thing, we’re not using Docker. We compile Guacamole from source. > The VNC server package appears to be 0.9.13-11: > > > > [[email protected] ~]#rpm -qa |grep libvncserver > > libvncserver-0.9.13-11.el9.x86_64 > > libvncserver-devel-0.9.13-11.el9.x86_64 > > > > And that version exists on other Guacamole servers that we support, and > those also use VNC connections, and those all work without incident. But > this server continuously fails VNC. I was able to remove some of the old > packages that were installed via rpmfusion-free-el8 before the OS and Guac > 1.6 upgrade: > > > > rpm -e --nosignature opencore-amr > > rpm -e --nosignature vo-amrwbenc > > rpm -e --nosignature x264-xlibs x265-xlibs > > rpm -e --nosignature x264-libs x265-libs > > Then could reinstall the ffmpeg-devel package: > > dnf install ffmpeg-devel > > Then I recompiled the guacamole-server 1.6 code from source and > reinstalled: > > ./configure –with-init-dir=/etc/init.d > > make > > make install > > I restarted Guacamole and Tomcat: > > /etc/init.d/guacd stop > > /etc/init.d/guacd start > > Systemctl restart tomcat > > And I get the same errors when trying to connect to a VNC connection: > > May 11 14:13:32 tfdm-access guacd[1651]: Creating new client for protocol > "vnc" > > May 11 14:13:32 tfdm-access guacd[1651]: Connection ID is > "$9fb8fa82-153e-48a3-857c-34cd4facbbf3" > > May 11 14:13:32 tfdm-access guacd[4048]: Cursor rendering: local > > May 11 14:13:32 tfdm-access guacd[4048]: The libvncclient library does not > support remote resize. > > May 11 14:13:32 tfdm-access guacd[4048]: User > "@135aab56-f600-4fbb-84a0-a6cc8eee4cca" joined connection > "$9fb8fa82-153e-48a3-857c-34cd4facbbf3" (1 users now present) > > May 11 14:13:32 tfdm-access guacd[4048]: VNC server supports protocol > version 3.3 (viewer 3.8) > > May 11 14:13:32 tfdm-access guacd[4048]: Selected Security Scheme 0 > > *May 11 14:13:32 tfdm-access guacd[4048]: VNC connection failed: Too many > security failures* > > *May 11 14:13:32 tfdm-access guacd[4048]: Unable to connect to VNC server.* > > May 11 14:13:33 tfdm-access guacd[4048]: User > "@135aab56-f600-4fbb-84a0-a6cc8eee4cca" disconnected (0 users remain) > > May 11 14:13:33 tfdm-access guacd[4048]: Last user of connection > "$9fb8fa82-153e-48a3-857c-34cd4facbbf3" disconnected > > > > Thanks, > > Harry > > > > [image: Image] > > Harry Devine > > Secure-OSE System Administrator > > U.S. Department of Transportation > > FAA/AJM-2432 > > (609) 485-4218 (Office) > > (609) 612-7274 (FAA Cell) > > [email protected] <[email protected]> > > > > *William J Hughes Technical Center* > > *Building 300 3rd Floor Column L20* > > *Atlantic City NJ 08405* > > > > > > *From:* Weston Thayer <[email protected]> > *Sent:* Monday, May 11, 2026 1:57 PM > *To:* Devine, Harry (FAA) <[email protected]> > *Cc:* [email protected] > *Subject:* Re: Issue with VNC in 1.6.0 > > > > *CAUTION:* This email originated from outside of the Federal Aviation > Administration (FAA). Do not click on links or open attachments unless you > recognize the sender and know the content is safe. > > > > Based on guacd’s Dockerfile, I think it will grab whatever release of > libvncclient that happens to be latest is > > https://github.com/LibVNC/libvncserver/tags > > > > Since that last one was 2024, that’s probably what you’re using but you > could query your guacd server. > > > > Was whatever Guacamole version you were on before released before Dec. > 2024? If so seems possible you were using libvnc 0.9.14 (released in 2022). > You could try downgrading to it. > > > > On Mon, May 11, 2026 at 9:38 AM Devine, Harry (FAA) <[email protected]> > wrote: > > I installed the TigerVNC client and connected to one of the VNC servers > successfully. Trying to connect with Guacamole 1.6.0 fails immediately. > > > > Thanks, > > Harry > > > > > > [image: Image] > > Harry Devine > > Secure-OSE System Administrator > > U.S. Department of Transportation > > FAA/AJM-2432 > > (609) 485-4218 (Office) > > (609) 612-7274 (FAA Cell) > > [email protected] <[email protected]> > > > > *William J Hughes Technical Center* > > *Building 300 3rd Floor Column L20* > > *Atlantic City NJ 08405* > > > > > > *From:* Weston Thayer via user <[email protected]> > *Sent:* Monday, May 11, 2026 12:30 PM > *To:* [email protected] > *Cc:* Weston Thayer <[email protected]> > *Subject:* Re: Issue with VNC in 1.6.0 > > > > *CAUTION:* This email originated from outside of the Federal Aviation > Administration (FAA). Do not click on links or open attachments unless you > recognize the sender and know the content is safe. > > > > Hi Harry, > > > > Guacamole uses libvncclient, 1.6.0 probably brought along an upgrade of > that underlying library, so I think that underlying change is a reasonable > hypothesis. > > Your logs show "Security Type 2 and Scheme 2", which gives important info > on the VNC server. My approach would be to try and connect to the server > with a different VNC client than Guacamole as a way to narrow it down. Also > understand what VNC server software and version is on the problematic > server. Upgrading it might be an easy fix, or switching to a different VNC > auth type. > > > > On Mon, May 11, 2026 at 8:28 AM Devine, Harry (FAA) via user < > [email protected]> wrote: > > Does ANYONE have any ideas on this? I have a few dozen users that can no > longer access any of their VNC connections, and they’re all looking to me > to tell them why. And I can’t find anything. I’m really stuck and could > use some help. > > > > Thanks, > > Harry > > > > > > [image: Image] > > Harry Devine > > Secure-OSE System Administrator > > U.S. Department of Transportation > > FAA/AJM-2432 > > (609) 485-4218 (Office) > > (609) 612-7274 (FAA Cell) > > [email protected] <[email protected]> > > > > *William J Hughes Technical Center* > > *Building 300 3rd Floor Column L20* > > *Atlantic City NJ 08405* > > > > > > *From:* Devine, Harry (FAA) via user <[email protected]> > *Sent:* Friday, May 8, 2026 10:26 AM > *To:* user <[email protected]> > *Cc:* Devine, Harry (FAA) <[email protected]> > *Subject:* Issue with VNC in 1.6.0 > > > > *CAUTION:* This email originated from outside of the Federal Aviation > Administration (FAA). Do not click on links or open attachments unless you > recognize the sender and know the content is safe. > > > > We upgraded one of our Guacamole servers to 1.6.0 this morning. We’ve > done this to a half-dozen or so previously, so I know it works. But on > this server, the users can now no longer connect to any VNC connections, > and I can’t seem to find what changed. I’ve asked them to verify that the > password for VNC on the connection side is still valid, but they haven’t > checked yet. I thought I’d put an excerpt from the log to see if anyone > has any ideas on where to look for answers. > > > > Thanks, > > Harry > > > > May 8 10:12:33 tfdm-access guacd[78029]: Creating new client for protocol > "vnc" > > May 8 10:12:33 tfdm-access guacd[78029]: Connection ID is > "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" > > May 8 10:12:33 tfdm-access guacd[78486]: Cursor rendering: local > > May 8 10:12:33 tfdm-access guacd[78486]: The libvncclient library does > not support remote resize. > > May 8 10:12:33 tfdm-access guacd[78486]: User > "@e1e7896f-fe81-4967-8fd9-9447460e831a" joined connection > "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" (1 users now present) > > May 8 10:12:33 tfdm-access server[78114]: 10:12:33.494 > [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService - User > "harry.devine" connected to connection "361". > > May 8 10:12:33 tfdm-access server[78114]: 10:12:33.495 > [http-nio-8080-exec-1] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet > - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. > > May 8 10:12:33 tfdm-access guacd[78486]: VNC server supports protocol > version 3.8 (viewer 3.8) > > May 8 10:12:33 tfdm-access guacd[78486]: We have 1 security types to read > > May 8 10:12:33 tfdm-access guacd[78486]: 0) Received security type 2 > > May 8 10:12:33 tfdm-access guacd[78486]: Selecting security type 2 (0/1 > in the list) > > May 8 10:12:33 tfdm-access guacd[78486]: Selected Security Scheme 2 > > May 8 10:12:33 tfdm-access guacd[78486]: VNC connection failed: > Authentication failure > > May 8 10:12:33 tfdm-access guacd[78486]: Unable to connect to VNC server. > > May 8 10:12:33 tfdm-access guacd[78486]: User > "@e1e7896f-fe81-4967-8fd9-9447460e831a" disconnected (0 users remain) > > May 8 10:12:33 tfdm-access guacd[78486]: Last user of connection > "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" disconnected > > May 8 10:12:33 tfdm-access guacd[78029]: Connection > "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" removed. > > > > > > [image: Image] > > Harry Devine > > Secure-OSE System Administrator > > U.S. Department of Transportation > > FAA/AJM-2432 > > (609) 485-4218 (Office) > > (609) 612-7274 (FAA Cell) > > [email protected] <[email protected]> > > > > *William J Hughes Technical Center* > > *Building 300 3rd Floor Column L20* > > *Atlantic City NJ 08405* > > > > > >
