Re: Issue with VNC in 1.6.0

Mon, 11 May 2026 13:34:19 -0700 

Harry,
What VNC servers are you having issues connecting to? Apologies if you
already mentioned it, but I didn't see it in the e-mails. I'll try to see
if I can reproduce the issue...

-Nick

On Mon, May 11, 2026 at 3:00 PM Weston Thayer via user <
[email protected]> wrote:

> I’m loathe to toss out AI responses, but it did suggest checking the
> password length. Thought 8 was the max but some clients had lax standards
> allowing longer, perhaps that is more enforced.
>
> On Mon, May 11, 2026 at 11:54 AM Devine, Harry (FAA) <[email protected]>
> wrote:
>
>> I installed libwebsockets-devel, recompiled, and reinstalled the guacd
>> server (via make install).  Restarted everything and it didn’t make a
>> difference.  The clients are using TigerVNC and everything was working on
>> 1.5.5.  Now it seems as though something on that client end is no longer
>> compatible with 1.6, but I can figure out what it is just yet.  The
>> password is the same as is has been, and the Guac VNC connection doesn’t
>> have any options for setting security that I can see.
>>
>>
>>
>> If you can think of anything else, please reach out.  I’m grateful for
>> your help!
>>
>>
>>
>> Thanks,
>>
>> Harry
>>
>>
>>
>>
>>
>> [image: Image]
>>
>> Harry Devine
>>
>> Secure-OSE System Administrator
>>
>> U.S. Department of Transportation
>>
>> FAA/AJM-2432
>>
>> (609) 485-4218 (Office)
>>
>> (609) 612-7274 (FAA Cell)
>>
>> *[email protected] <[email protected]>*
>>
>>
>>
>> *William J Hughes Technical Center*
>>
>> *Building 300 3rd Floor Column L20*
>>
>> *Atlantic City NJ 08405*
>>
>>
>>
>>
>>
>> *From:* Weston Thayer <[email protected]>
>> *Sent:* Monday, May 11, 2026 2:49 PM
>> *To:* Devine, Harry (FAA) <[email protected]>
>> *Cc:* [email protected]
>> *Subject:* Re: Issue with VNC in 1.6.0
>>
>>
>>
>> *CAUTION:* This email originated from outside of the Federal Aviation
>> Administration (FAA). Do not click on links or open attachments unless you
>> recognize the sender and know the content is safe.
>>
>>
>>
>> IIRC Guacamole can work without WebSockets, but I’ve never used that
>> feature. Is
>>
>> guacamole/websocket-tunnel not logged for all connections for you
>> (successful or not)? It is for me, that’s where the web client hits to
>> start a connection.
>>
>>
>>
>> On Mon, May 11, 2026 at 11:40 AM Devine, Harry (FAA) <
>> [email protected]> wrote:
>>
>> Real quick:  I see the following in the Tomcat local_access log when my
>> VNC connection fails:
>>
>>
>>
>> 127.0.0.1 - - [11/May/2026:14:35:36 -0400] "GET
>> /guacamole/websocket-tunnel?token=29F6C76BB08EA28198593B8AF33B99E9F5D040D1BB66AD408590570CA13FC740&GUAC_DATA_SOURCE=mysql&GUAC_ID=243&GUAC_TYPE=c&GUAC_WIDTH=1904&GUAC_HEIGHT=903&GUAC_DPI=96&GUAC_TIMEZONE=America%2FNew_York&GUAC_AUDIO=audio%2FL8&GUAC_AUDIO=audio%2FL16&GUAC_IMAGE=image%2Fjpeg&GUAC_IMAGE=image%2Fpng&GUAC_IMAGE=image%2Fwebp
>> HTTP/1.1" 404 781
>>
>>
>>
>> It references websocket-tunnel.  But when I built from source, I remember
>> that the ./configure specifically said that libwebsockets was not found:
>>
>>
>>
>> configure: WARNING:
>>
>>   --------------------------------------------
>>
>>    Unable to find libwebsockets.
>>
>>    Support for Kubernetes will be disabled.
>>
>>   --------------------------------------------
>>
>>
>>
>> We aren’t using Docker or Kubernetes, but is WebSockets required?  Should
>> I look into installing libwebsockets-devel and recompiling from source?
>> Would that make a difference?
>>
>>
>>
>> Thanks,
>>
>> Harry
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> [image: Image]
>>
>> Harry Devine
>>
>> Secure-OSE System Administrator
>>
>> U.S. Department of Transportation
>>
>> FAA/AJM-2432
>>
>> (609) 485-4218 (Office)
>>
>> (609) 612-7274 (FAA Cell)
>>
>> *[email protected] <[email protected]>*
>>
>>
>>
>> *William J Hughes Technical Center*
>>
>> *Building 300 3rd Floor Column L20*
>>
>> *Atlantic City NJ 08405*
>>
>>
>>
>>
>>
>> *From:* Weston Thayer via user <[email protected]>
>> *Sent:* Monday, May 11, 2026 2:24 PM
>> *To:* Devine, Harry (FAA) <[email protected]>
>> *Cc:* [email protected]; Weston Thayer <[email protected]>
>> *Subject:* Re: Issue with VNC in 1.6.0
>>
>>
>>
>> *CAUTION:* This email originated from outside of the Federal Aviation
>> Administration (FAA). Do not click on links or open attachments unless you
>> recognize the sender and know the content is safe.
>>
>>
>>
>> Maybe a red herring then, strange. Good luck!
>>
>>
>>
>> On Mon, May 11, 2026 at 11:22 AM Devine, Harry (FAA) <
>> [email protected]> wrote:
>>
>> The “too many security failures” has always been received since I’ve
>> upgraded.  And my RHEL 9 OS doesn’t have any newer libvncserver available.
>> 0.9.3 is the latest version available from the RHEL9 repos as well as the
>> EPEL repository.  Also, this is the same version that is installed on
>> several other servers that have 1.6.0 and successfully connect to VNC
>> connections on those systems.
>>
>>
>>
>> Thanks,
>>
>> Harry
>>
>>
>>
>>
>>
>> [image: Image]
>>
>> Harry Devine
>>
>> Secure-OSE System Administrator
>>
>> U.S. Department of Transportation
>>
>> FAA/AJM-2432
>>
>> (609) 485-4218 (Office)
>>
>> (609) 612-7274 (FAA Cell)
>>
>> *[email protected] <[email protected]>*
>>
>>
>>
>> *William J Hughes Technical Center*
>>
>> *Building 300 3rd Floor Column L20*
>>
>> *Atlantic City NJ 08405*
>>
>>
>>
>>
>>
>> *From:* Weston Thayer <[email protected]>
>> *Sent:* Monday, May 11, 2026 2:20 PM
>> *To:* Devine, Harry (FAA) <[email protected]>
>> *Cc:* [email protected]
>> *Subject:* Re: Issue with VNC in 1.6.0
>>
>>
>>
>> *CAUTION:* This email originated from outside of the Federal Aviation
>> Administration (FAA). Do not click on links or open attachments unless you
>> recognize the sender and know the content is safe.
>>
>>
>>
>> 0.9.13 is from 2020, I'd upgrade it then were I in your shoes (in a test
>> environment of course).
>>
>>
>>
>> Those don't look like the same errors as the log you shared originally,
>> it's "Security Scheme 0", not 2, and "Too many security failures" is new.
>>
>>
>>
>> On Mon, May 11, 2026 at 11:15 AM Devine, Harry (FAA) <
>> [email protected]> wrote:
>>
>> For one thing, we’re not using Docker.  We compile Guacamole from
>> source.  The VNC server package appears to be 0.9.13-11:
>>
>>
>>
>> [[email protected] ~]#rpm -qa |grep libvncserver
>>
>> libvncserver-0.9.13-11.el9.x86_64
>>
>> libvncserver-devel-0.9.13-11.el9.x86_64
>>
>>
>>
>> And that version exists on other Guacamole servers that we support, and
>> those also use VNC connections, and those all work without incident. But
>> this server continuously fails VNC.  I was able to remove some of the old
>> packages that were installed via rpmfusion-free-el8 before the OS and Guac
>> 1.6 upgrade:
>>
>>
>>
>> rpm -e --nosignature opencore-amr
>>
>> rpm -e --nosignature vo-amrwbenc
>>
>> rpm -e --nosignature x264-xlibs x265-xlibs
>>
>> rpm -e --nosignature x264-libs x265-libs
>>
>> Then could reinstall the ffmpeg-devel package:
>>
>> dnf install ffmpeg-devel
>>
>> Then I recompiled the guacamole-server 1.6 code from source and
>> reinstalled:
>>
>> ./configure –with-init-dir=/etc/init.d
>>
>> make
>>
>> make install
>>
>> I restarted Guacamole and Tomcat:
>>
>> /etc/init.d/guacd stop
>>
>> /etc/init.d/guacd start
>>
>> Systemctl restart tomcat
>>
>> And I get the same errors when trying to connect to a VNC connection:
>>
>> May 11 14:13:32 tfdm-access guacd[1651]: Creating new client for protocol
>> "vnc"
>>
>> May 11 14:13:32 tfdm-access guacd[1651]: Connection ID is
>> "$9fb8fa82-153e-48a3-857c-34cd4facbbf3"
>>
>> May 11 14:13:32 tfdm-access guacd[4048]: Cursor rendering: local
>>
>> May 11 14:13:32 tfdm-access guacd[4048]: The libvncclient library does
>> not support remote resize.
>>
>> May 11 14:13:32 tfdm-access guacd[4048]: User
>> "@135aab56-f600-4fbb-84a0-a6cc8eee4cca" joined connection
>> "$9fb8fa82-153e-48a3-857c-34cd4facbbf3" (1 users now present)
>>
>> May 11 14:13:32 tfdm-access guacd[4048]: VNC server supports protocol
>> version 3.3 (viewer 3.8)
>>
>> May 11 14:13:32 tfdm-access guacd[4048]: Selected Security Scheme 0
>>
>> *May 11 14:13:32 tfdm-access guacd[4048]: VNC connection failed: Too many
>> security failures*
>>
>> *May 11 14:13:32 tfdm-access guacd[4048]: Unable to connect to VNC
>> server.*
>>
>> May 11 14:13:33 tfdm-access guacd[4048]: User
>> "@135aab56-f600-4fbb-84a0-a6cc8eee4cca" disconnected (0 users remain)
>>
>> May 11 14:13:33 tfdm-access guacd[4048]: Last user of connection
>> "$9fb8fa82-153e-48a3-857c-34cd4facbbf3" disconnected
>>
>>
>>
>> Thanks,
>>
>> Harry
>>
>>
>>
>> [image: Image]
>>
>> Harry Devine
>>
>> Secure-OSE System Administrator
>>
>> U.S. Department of Transportation
>>
>> FAA/AJM-2432
>>
>> (609) 485-4218 (Office)
>>
>> (609) 612-7274 (FAA Cell)
>>
>> [email protected] <[email protected]>
>>
>>
>>
>> *William J Hughes Technical Center*
>>
>> *Building 300 3rd Floor Column L20*
>>
>> *Atlantic City NJ 08405*
>>
>>
>>
>>
>>
>> *From:* Weston Thayer <[email protected]>
>> *Sent:* Monday, May 11, 2026 1:57 PM
>> *To:* Devine, Harry (FAA) <[email protected]>
>> *Cc:* [email protected]
>> *Subject:* Re: Issue with VNC in 1.6.0
>>
>>
>>
>> *CAUTION:* This email originated from outside of the Federal Aviation
>> Administration (FAA). Do not click on links or open attachments unless you
>> recognize the sender and know the content is safe.
>>
>>
>>
>> Based on guacd’s Dockerfile, I think it will grab whatever release of
>> libvncclient that happens to be latest is
>>
>> https://github.com/LibVNC/libvncserver/tags
>>
>>
>>
>> Since that last one was 2024, that’s probably what you’re using but you
>> could query your guacd server.
>>
>>
>>
>> Was whatever Guacamole version you were on before released before Dec.
>> 2024? If so seems possible you were using libvnc 0.9.14 (released in 2022).
>> You could try downgrading to it.
>>
>>
>>
>> On Mon, May 11, 2026 at 9:38 AM Devine, Harry (FAA) <[email protected]>
>> wrote:
>>
>> I installed the TigerVNC client and connected to one of the VNC servers
>> successfully.  Trying to connect with Guacamole 1.6.0 fails immediately.
>>
>>
>>
>> Thanks,
>>
>> Harry
>>
>>
>>
>>
>>
>> [image: Image]
>>
>> Harry Devine
>>
>> Secure-OSE System Administrator
>>
>> U.S. Department of Transportation
>>
>> FAA/AJM-2432
>>
>> (609) 485-4218 (Office)
>>
>> (609) 612-7274 (FAA Cell)
>>
>> [email protected] <[email protected]>
>>
>>
>>
>> *William J Hughes Technical Center*
>>
>> *Building 300 3rd Floor Column L20*
>>
>> *Atlantic City NJ 08405*
>>
>>
>>
>>
>>
>> *From:* Weston Thayer via user <[email protected]>
>> *Sent:* Monday, May 11, 2026 12:30 PM
>> *To:* [email protected]
>> *Cc:* Weston Thayer <[email protected]>
>> *Subject:* Re: Issue with VNC in 1.6.0
>>
>>
>>
>> *CAUTION:* This email originated from outside of the Federal Aviation
>> Administration (FAA). Do not click on links or open attachments unless you
>> recognize the sender and know the content is safe.
>>
>>
>>
>> Hi Harry,
>>
>>
>>
>> Guacamole uses libvncclient, 1.6.0 probably brought along an upgrade of
>> that underlying library, so I think that underlying change is a reasonable
>> hypothesis.
>>
>> Your logs show "Security Type 2 and Scheme 2", which gives important info
>> on the VNC server. My approach would be to try and connect to the server
>> with a different VNC client than Guacamole as a way to narrow it down. Also
>> understand what VNC server software and version is on the problematic
>> server. Upgrading it might be an easy fix, or switching to a different VNC
>> auth type.
>>
>>
>>
>> On Mon, May 11, 2026 at 8:28 AM Devine, Harry (FAA) via user <
>> [email protected]> wrote:
>>
>> Does ANYONE have any ideas on this?  I have a few dozen users that can no
>> longer access any of their VNC connections, and they’re all looking to me
>> to tell them why.  And I can’t find anything.  I’m really stuck and could
>> use some help.
>>
>>
>>
>> Thanks,
>>
>> Harry
>>
>>
>>
>>
>>
>> [image: Image]
>>
>> Harry Devine
>>
>> Secure-OSE System Administrator
>>
>> U.S. Department of Transportation
>>
>> FAA/AJM-2432
>>
>> (609) 485-4218 (Office)
>>
>> (609) 612-7274 (FAA Cell)
>>
>> [email protected] <[email protected]>
>>
>>
>>
>> *William J Hughes Technical Center*
>>
>> *Building 300 3rd Floor Column L20*
>>
>> *Atlantic City NJ 08405*
>>
>>
>>
>>
>>
>> *From:* Devine, Harry (FAA) via user <[email protected]>
>> *Sent:* Friday, May 8, 2026 10:26 AM
>> *To:* user <[email protected]>
>> *Cc:* Devine, Harry (FAA) <[email protected]>
>> *Subject:* Issue with VNC in 1.6.0
>>
>>
>>
>> *CAUTION:* This email originated from outside of the Federal Aviation
>> Administration (FAA). Do not click on links or open attachments unless you
>> recognize the sender and know the content is safe.
>>
>>
>>
>> We upgraded one of our Guacamole servers to 1.6.0 this morning.  We’ve
>> done this to a half-dozen or so previously, so I know it works.  But on
>> this server, the users can now no longer connect to any VNC connections,
>> and I can’t seem to find what changed.  I’ve asked them to verify that the
>> password for VNC on the connection side is still valid, but they haven’t
>> checked yet.  I thought I’d put an excerpt from the log to see if anyone
>> has any ideas on where to look for answers.
>>
>>
>>
>> Thanks,
>>
>> Harry
>>
>>
>>
>> May  8 10:12:33 tfdm-access guacd[78029]: Creating new client for
>> protocol "vnc"
>>
>> May  8 10:12:33 tfdm-access guacd[78029]: Connection ID is
>> "$40b21c0e-7b73-48b5-88c9-040043ffe7fd"
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: Cursor rendering: local
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: The libvncclient library does
>> not support remote resize.
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: User
>> "@e1e7896f-fe81-4967-8fd9-9447460e831a" joined connection
>> "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" (1 users now present)
>>
>> May  8 10:12:33 tfdm-access server[78114]: 10:12:33.494
>> [http-nio-8080-exec-1] INFO  o.a.g.tunnel.TunnelRequestService - User
>> "harry.devine" connected to connection "361".
>>
>> May  8 10:12:33 tfdm-access server[78114]: 10:12:33.495
>> [http-nio-8080-exec-1] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet
>> - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: VNC server supports protocol
>> version 3.8 (viewer 3.8)
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: We have 1 security types to read
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: 0) Received security type 2
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: Selecting security type 2 (0/1
>> in the list)
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: Selected Security Scheme 2
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: VNC connection failed:
>> Authentication failure
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: Unable to connect to VNC server.
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: User
>> "@e1e7896f-fe81-4967-8fd9-9447460e831a" disconnected (0 users remain)
>>
>> May  8 10:12:33 tfdm-access guacd[78486]: Last user of connection
>> "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" disconnected
>>
>> May  8 10:12:33 tfdm-access guacd[78029]: Connection
>> "$40b21c0e-7b73-48b5-88c9-040043ffe7fd" removed.
>>
>>
>>
>>
>>
>> [image: Image]
>>
>> Harry Devine
>>
>> Secure-OSE System Administrator
>>
>> U.S. Department of Transportation
>>
>> FAA/AJM-2432
>>
>> (609) 485-4218 (Office)
>>
>> (609) 612-7274 (FAA Cell)
>>
>> [email protected] <[email protected]>
>>
>>
>>
>> *William J Hughes Technical Center*
>>
>> *Building 300 3rd Floor Column L20*
>>
>> *Atlantic City NJ 08405*
>>
>>
>>
>>
>>
>>

Reply via email to