Is it possible that on this remote users there is a https spoofing configured on there firewall ?
I had the same behaviour on one client with https checking rg Christian -----Ursprüngliche Nachricht----- Von: James Fraser <[email protected]> Gesendet: Mittwoch 14 Juni 2017 06:51 An: [email protected] Betreff: RE: Issues with Guacamole Disconnecting RDP sessions for remote user It might also be worth nothing that we are using Ubuntu 16.04 and Guacamole 0.9.12 From: James Fraser [mailto:[email protected]] Sent: Wednesday, 14 June 2017 2:30 PM To: [email protected] Subject: Issues with Guacamole Disconnecting RDP sessions for remote user Hi All Long time user of Guacamole here. I have recently developed and deployed a Proof Of Concept The design is running out of Microsoft Azure and the following is happening NGINX is being used to run SSL and Auth Auth to NGINX is done via the oauth2 proxy which is authing against our Azure AD (As a “webapp’ in Azure AD) Once passing NGINX Auth you are handed over to Guacamole which is using LDAP authentication via Azure Active Directory Domain Services. Our main office has really good internet 500/500 mbit and connection to servers via Guacamole from this location is silky smooth and nice and fast. We have peers connected to the Guacamole Zone allowing us to access servers that are not internet facing and the proof of concept is working awesomely. Except we have a few remote users who do not have the best internet connection but still capable of 10 mbits and ping latency of around 35ms (to the guac servers) These users are experiencing RDP Disconnects, the type that does not auto prompt 15 seconds to reconnect but the grey window that just offers reconnect/home/logout If they reconnect it reconnects fine for a short period but is happening every 1-2 minutes I have so far tried the following unsuccessfully: * Firefox/Chrome/Internet Exploder * Bypassing NGINX and having this user connect to Tomcat on 8080 over HTTP The tomcat log shows the following: Exception in thread "Thread-208" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:384) at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:340) at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:755) at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:252) at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195) at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37) at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:169) Guacd does not seem to be logging anything worth mentioning to the syslog I will note the RDP connections are to Server 2016 servers utilising NLA (With certificate ignored) If anyone could shed some light on trouble shooting this would be excellent. James Fraser • Microsoft Systems Engineer P +61 2 6175 9200 • M 0402 260 606 E [email protected] <mailto:[email protected]> • W veritec.com.au <http://www.veritec.com.au> -- This email was Malware checked by UTM 9. http://www.sophos.com -- This email was Malware checked by UTM 9. http://www.sophos.com
