I have Guacamole up and running and talking to our older 2008r2 servers, but on a few of them, it would not form an RDP connection no matter what I tried. I eventually narrowed it down to the TLS1.1/1.2 patch being installed (https://support.microsoft.com/en-us/kb/3080079). Once that is installed, it appears I cannot get Guacamole to establish an RDP session.
After a bit of seaching, I found you can set the following registry value which allows the server to drop back and use RDP encryption. Even after setting this value, the TLS and NLA will not work from Guacamole, it must be set to RDP encryption. HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer = 0 If I attempt TLS or NLA, I can see the following message in the Windows Event log: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Is there anyway to enable TLS1.1/1.2 instead of using TLS1.0? Configuration: CentOS 7.2 Tomcat 8 Thanks, Peter
