The “too many security failures” has always been received since I’ve upgraded. And my RHEL 9 OS doesn’t have any newer libvncserver available. 0.9.3 is the latest version available from the RHEL9 repos as well as the EPEL repository. Also, this is the same version that is installed on several other servers that have 1.6.0 and successfully connect to VNC connections on those systems.
Thanks, Harry [Image] Harry Devine Secure-OSE System Administrator U.S. Department of Transportation FAA/AJM-2432 (609) 485-4218 (Office) (609) 612-7274 (FAA Cell) [email protected]<mailto:[email protected]> William J Hughes Technical Center Building 300 3rd Floor Column L20 Atlantic City NJ 08405 From: Weston Thayer <[email protected]> Sent: Monday, May 11, 2026 2:20 PM To: Devine, Harry (FAA) <[email protected]> Cc: [email protected] Subject: Re: Issue with VNC in 1.6.0 CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. 0.9.13 is from 2020, I'd upgrade it then were I in your shoes (in a test environment of course). Those don't look like the same errors as the log you shared originally, it's "Security Scheme 0", not 2, and "Too many security failures" is new. On Mon, May 11, 2026 at 11:15 AM Devine, Harry (FAA) <[email protected]<mailto:[email protected]>> wrote: For one thing, we’re not using Docker. We compile Guacamole from source. The VNC server package appears to be 0.9.13-11: [[email protected]<mailto:[email protected]> ~]#rpm -qa |grep libvncserver libvncserver-0.9.13-11.el9.x86_64 libvncserver-devel-0.9.13-11.el9.x86_64 And that version exists on other Guacamole servers that we support, and those also use VNC connections, and those all work without incident. But this server continuously fails VNC. I was able to remove some of the old packages that were installed via rpmfusion-free-el8 before the OS and Guac 1.6 upgrade: rpm -e --nosignature opencore-amr rpm -e --nosignature vo-amrwbenc rpm -e --nosignature x264-xlibs x265-xlibs rpm -e --nosignature x264-libs x265-libs Then could reinstall the ffmpeg-devel package: dnf install ffmpeg-devel Then I recompiled the guacamole-server 1.6 code from source and reinstalled: ./configure –with-init-dir=/etc/init.d make make install I restarted Guacamole and Tomcat: /etc/init.d/guacd stop /etc/init.d/guacd start Systemctl restart tomcat And I get the same errors when trying to connect to a VNC connection: May 11 14:13:32 tfdm-access guacd[1651]: Creating new client for protocol "vnc" May 11 14:13:32 tfdm-access guacd[1651]: Connection ID is "$9fb8fa82-153e-48a3-857c-34cd4facbbf3" May 11 14:13:32 tfdm-access guacd[4048]: Cursor rendering: local May 11 14:13:32 tfdm-access guacd[4048]: The libvncclient library does not support remote resize. May 11 14:13:32 tfdm-access guacd[4048]: User "@135aab56-f600-4fbb-84a0-a6cc8eee4cca" joined connection "$9fb8fa82-153e-48a3-857c-34cd4facbbf3" (1 users now present) May 11 14:13:32 tfdm-access guacd[4048]: VNC server supports protocol version 3.3 (viewer 3.8) May 11 14:13:32 tfdm-access guacd[4048]: Selected Security Scheme 0 May 11 14:13:32 tfdm-access guacd[4048]: VNC connection failed: Too many security failures May 11 14:13:32 tfdm-access guacd[4048]: Unable to connect to VNC server. May 11 14:13:33 tfdm-access guacd[4048]: User "@135aab56-f600-4fbb-84a0-a6cc8eee4cca" disconnected (0 users remain) May 11 14:13:33 tfdm-access guacd[4048]: Last user of connection "$9fb8fa82-153e-48a3-857c-34cd4facbbf3" disconnected Thanks, Harry [Image] Harry Devine Secure-OSE System Administrator U.S. Department of Transportation FAA/AJM-2432 (609) 485-4218 (Office) (609) 612-7274 (FAA Cell) [email protected]<mailto:[email protected]> William J Hughes Technical Center Building 300 3rd Floor Column L20 Atlantic City NJ 08405 From: Weston Thayer <[email protected]<mailto:[email protected]>> Sent: Monday, May 11, 2026 1:57 PM To: Devine, Harry (FAA) <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]> Subject: Re: Issue with VNC in 1.6.0 CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. Based on guacd’s Dockerfile, I think it will grab whatever release of libvncclient that happens to be latest is https://github.com/LibVNC/libvncserver/tags Since that last one was 2024, that’s probably what you’re using but you could query your guacd server. Was whatever Guacamole version you were on before released before Dec. 2024? If so seems possible you were using libvnc 0.9.14 (released in 2022). You could try downgrading to it. On Mon, May 11, 2026 at 9:38 AM Devine, Harry (FAA) <[email protected]<mailto:[email protected]>> wrote: I installed the TigerVNC client and connected to one of the VNC servers successfully. Trying to connect with Guacamole 1.6.0 fails immediately. Thanks, Harry [Image] Harry Devine Secure-OSE System Administrator U.S. Department of Transportation FAA/AJM-2432 (609) 485-4218 (Office) (609) 612-7274 (FAA Cell) [email protected]<mailto:[email protected]> William J Hughes Technical Center Building 300 3rd Floor Column L20 Atlantic City NJ 08405 From: Weston Thayer via user <[email protected]<mailto:[email protected]>> Sent: Monday, May 11, 2026 12:30 PM To: [email protected]<mailto:[email protected]> Cc: Weston Thayer <[email protected]<mailto:[email protected]>> Subject: Re: Issue with VNC in 1.6.0 CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. Hi Harry, Guacamole uses libvncclient, 1.6.0 probably brought along an upgrade of that underlying library, so I think that underlying change is a reasonable hypothesis. Your logs show "Security Type 2 and Scheme 2", which gives important info on the VNC server. My approach would be to try and connect to the server with a different VNC client than Guacamole as a way to narrow it down. Also understand what VNC server software and version is on the problematic server. Upgrading it might be an easy fix, or switching to a different VNC auth type. On Mon, May 11, 2026 at 8:28 AM Devine, Harry (FAA) via user <[email protected]<mailto:[email protected]>> wrote: Does ANYONE have any ideas on this? I have a few dozen users that can no longer access any of their VNC connections, and they’re all looking to me to tell them why. And I can’t find anything. I’m really stuck and could use some help. Thanks, Harry [Image] Harry Devine Secure-OSE System Administrator U.S. Department of Transportation FAA/AJM-2432 (609) 485-4218 (Office) (609) 612-7274 (FAA Cell) [email protected]<mailto:[email protected]> William J Hughes Technical Center Building 300 3rd Floor Column L20 Atlantic City NJ 08405 From: Devine, Harry (FAA) via user <[email protected]<mailto:[email protected]>> Sent: Friday, May 8, 2026 10:26 AM To: user <[email protected]<mailto:[email protected]>> Cc: Devine, Harry (FAA) <[email protected]<mailto:[email protected]>> Subject: Issue with VNC in 1.6.0 CAUTION: This email originated from outside of the Federal Aviation Administration (FAA). Do not click on links or open attachments unless you recognize the sender and know the content is safe. We upgraded one of our Guacamole servers to 1.6.0 this morning. We’ve done this to a half-dozen or so previously, so I know it works. But on this server, the users can now no longer connect to any VNC connections, and I can’t seem to find what changed. I’ve asked them to verify that the password for VNC on the connection side is still valid, but they haven’t checked yet. I thought I’d put an excerpt from the log to see if anyone has any ideas on where to look for answers. Thanks, Harry May 8 10:12:33 tfdm-access guacd[78029]: Creating new client for protocol "vnc" May 8 10:12:33 tfdm-access guacd[78029]: Connection ID is "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" May 8 10:12:33 tfdm-access guacd[78486]: Cursor rendering: local May 8 10:12:33 tfdm-access guacd[78486]: The libvncclient library does not support remote resize. May 8 10:12:33 tfdm-access guacd[78486]: User "@e1e7896f-fe81-4967-8fd9-9447460e831a" joined connection "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" (1 users now present) May 8 10:12:33 tfdm-access server[78114]: 10:12:33.494 [http-nio-8080-exec-1] INFO o.a.g.tunnel.TunnelRequestService - User "harry.devine" connected to connection "361". May 8 10:12:33 tfdm-access server[78114]: 10:12:33.495 [http-nio-8080-exec-1] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. May 8 10:12:33 tfdm-access guacd[78486]: VNC server supports protocol version 3.8 (viewer 3.8) May 8 10:12:33 tfdm-access guacd[78486]: We have 1 security types to read May 8 10:12:33 tfdm-access guacd[78486]: 0) Received security type 2 May 8 10:12:33 tfdm-access guacd[78486]: Selecting security type 2 (0/1 in the list) May 8 10:12:33 tfdm-access guacd[78486]: Selected Security Scheme 2 May 8 10:12:33 tfdm-access guacd[78486]: VNC connection failed: Authentication failure May 8 10:12:33 tfdm-access guacd[78486]: Unable to connect to VNC server. May 8 10:12:33 tfdm-access guacd[78486]: User "@e1e7896f-fe81-4967-8fd9-9447460e831a" disconnected (0 users remain) May 8 10:12:33 tfdm-access guacd[78486]: Last user of connection "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" disconnected May 8 10:12:33 tfdm-access guacd[78029]: Connection "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" removed. [Image] Harry Devine Secure-OSE System Administrator U.S. Department of Transportation FAA/AJM-2432 (609) 485-4218 (Office) (609) 612-7274 (FAA Cell) [email protected]<mailto:[email protected]> William J Hughes Technical Center Building 300 3rd Floor Column L20 Atlantic City NJ 08405
