I confirm that my problem was caused by Kaspersky scanning the web traffic from the guacamole server. I had to add exceptions for the guacamole URL and now performance is back to normal.
Back in 0.9.9 Kaspersky would block the connections altogether unless I added the exceptions. That has been fixed in 0.9.12 but it still hammers performance. I'm pretty sure this would apply to any other virus scanner that scans network traffic so I hope this information may prove useful to others. Cheers Andy. ________________________________ From: Andy Pattrick [[email protected]] Sent: 07 June 2017 15:23 To: [email protected] Subject: RE: 0.9.12 poor RDP performance vs 0.9.9 Hold that, I think it might be Kaspersky scanning the traffic on the 0.9.12 install slowing it down. I'll confirm after investigations. ________________________________ From: Andy Pattrick [[email protected]] Sent: 07 June 2017 13:59 To: [email protected] Subject: 0.9.12 poor RDP performance vs 0.9.9 Hi, I have 0.9.12 up and running in docker and compared to my 0.9.9 docker installation, RDP performance is very poor. there seems to be a lot of lag in mouse clicks and response from the target machine. Also when initially connecting with 0.9.12 I always seem to get the attached screen and have to reconnect a few times to get it, whereas this never happens with 0.9.9 I am using the same target machine in both cases (windows 7 Ultimate VM) so it's not that, and I am running the two Guacamole servers in exactly the same environment so I don't believe it's that either. I've tried fiddling about with the various RDP authentication settings but with no improvement. My other connection settings are the same in both servers. It appears that something has been done in the RDP code that has really damaged the performance between these two versions. Has anyone else seen this or can anyone offer any advice or ideas? If I can't improve it I am going to have to revert to 0.9.9 to have usable RDP performance but I don't really want to because I want the rebranding / customisation support that came with later versions. Cheers Andy. ________________________________ From: Marco Casavecchia Morganti [[email protected]] Sent: 07 June 2017 11:58 To: [email protected] Subject: Re: LDAP_USER_BASE_DN pointing to an AD Security Group Hi Andy, I see, I installed it from sources instead. Maybe I could send you the compiled jar, that should be easier for you. — MCM On 7 Jun 2017, at 12:54, Andy Pattrick <[email protected]<mailto:[email protected]>> wrote: Hi Marco, Thanks for your reply. That's exactly what I would like to do but unfortunately I am running guacamole in docker so I'm not sure I can use this patch very easily. Hopefully this will find it's way into the official docker image. Cheers Andy ________________________________ From: Marco Casavecchia Morganti [[email protected]<mailto:[email protected]>] Sent: 07 June 2017 10:37 To: [email protected]<mailto:[email protected]> Subject: Re: LDAP_USER_BASE_DN pointing to an AD Security Group Hello, I developed a small patch for the guacamole-auth-ldap extension that allows you to specify in the guacamole.properties a new property: ldap-users-filter. Basically if you apply the patch, you can add an LDAP condition that must be satisfied by the users to become guacamole users. So if you set it as something like this: ldap-users-filter: memberOf=CN=Guacamole,OU=Service Gropus,OU=Domain,DC=my,DC=lan only the users that belongs to the specified group will be listed in the guacamole interface and will be allowed to access Guacamole. At that time I tried to submit the patch to the developers but I wasn’t able to set up the whole environment needed to do that, so I gave up, hoping that my patch would be added by someone else sooner or later. The patch is very simple and you can find it attached to this mail. I applied it successfully to the latest incubating releases (0.9.11 and 0.9.12), I hope it will be helpful. Best Regards — MCM Click here<https://www.mailcontrol.com/sr/MZbqvYs5QwJvpeaetUwhCQ==> to report this email as spam.
