Open aroundmyroom opened 2 years ago
aroundmyroom
commented
2 years ago using the installation script (not the upgrade script) changed it to 1.4.0 and then an import of the mysql dump I created before gave me a working 1.4.0 with all my remote servers
b0se
commented
2 years ago the update script works for me fine...my only change was the version number ;)
aroundmyroom
commented
2 years ago the update script works for me fine...my only change was the version number ;)
gave all kinds of 'connection' errors. at my side . .
2022-01-03 17:10:22] [info] WARNING: An illegal reflective access operation has occurred [2022-01-03 17:10:22] [info] WARNING: Illegal reflective access by org.apache.ibatis.ognl.OgnlRuntime (file:/etc/guacamole/extensions/guacamole-auth-jdbc-mysql-1.3.0. jar) to method java.util.Collections$EmptySet.isEmpty()
No clue why it could not work. Only after I did the installation script it might an issue between mariadb / mysql but actually no clue whatsoever (but in my end it was solved by using the installation script, changing to 1.4.0 and than the dump of the database importing
stanthewizzard
commented
2 years ago doesn't work for me ... unable to connect to my vm after upgrade
An internal error has occurred within the Guacamole server, and the connection has been terminated. If the problem persists, please notify your system administrator, or check your system logs
aroundmyroom
commented
2 years ago @stanthewizzard try adding in /etc/guacamole a file:
guacd.conf
it has to contain this content
[server] bind_host = 0.0.0.0 bind_port = 4822
than restart services
stanthewizzard
commented
2 years ago I can access the Guacamole page. I can see the VMs. I got this message after clicking to acces a VM.
I think that your methods is the one when not having access to guacamole ? Thanks for the tips
stanthewizzard
commented
2 years ago and not working
aroundmyroom
commented
2 years ago nope .. If you upgrade from 1.3.0 to 1.4.0 you have access to the webpage, access to the db, but you cannot start any RDP session, probably as your server cannot bind to the host / port of the guacd service.
After creating the guacd.conf file you need to restart the server or your services with systemctl another user reported that disabling ipv6 solved his issue
stanthewizzard
commented
2 years ago so updated from 1.3.0 to 1.40 neither guacd.conf nor disabling ipv6 worked
I'm stuck :( Thank for your help
aroundmyroom
commented
2 years ago @stanthewizzard than you might show what catalina.out / log is showing in /var/log/tomcatx cause you might have a complete different error.
and otherwise try dumping your database data into a file than install the 1.4.0 version check if you can make a working environment with 1 remote session
If that succeeds re-import your own data .. and you should be able to use it.
If not .. no further clue l;)
Zer0b0x
commented
2 years ago @stanthewizzard try adding in /etc/guacamole a file:
guacd.conf
it has to contain this content
[server] bind_host = 0.0.0.0 bind_port = 4822
than restart services
After do this my SSH connections works again, but no my RDP session. Do you have any ideas ? i had do an guac-upgrade. Many thanks
J0hnMatrix
commented
2 years ago Same issue here. Here are the logs when I try to initiate a RDP connection (SSH is fine)
[2022-01-18 14:01:26] [info] 14:01:26.453 [http-nio-8080-exec-5] INFO o.a.g.tunnel.TunnelRequestService - User "" connected to connection "3". [2022-01-18 14:01:26] [info] Exception in thread "Thread-22" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:439) [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:311) [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:251) [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:192) [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37) [2022-01-18 14:01:26] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152) [2022-01-18 14:01:26] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53) [2022-01-18 14:01:26] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253) [2022-01-18 14:01:26] [info] 14:01:26.900 [http-nio-8080-exec-7] INFO o.a.g.tunnel.TunnelRequestService - User "" disconnected from connection "3". Duration: 447 milliseconds [2022-01-18 14:01:46] [info] 14:01:46.166 [http-nio-8080-exec-10] INFO o.a.g.tunnel.TunnelRequestService - User "" connected to connection "3". [2022-01-18 14:01:46] [info] 14:01:46.590 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User "" disconnected from connection "3". Duration: 424 milliseconds [2022-01-18 14:01:46] [info] Exception in thread "Thread-24" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed [2022-01-18 14:01:46] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:439) [2022-01-18 14:01:46] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:311) [2022-01-18 14:01:46] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:251)
The following entry seems suspicious:
Exception in thread "Thread-22" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
And I have noticed during the upgrade that wsock32 libraries aren't presents.
buff0k
commented
2 years ago [server] bind_host = 0.0.0.0 bind_port = 4822
This fixes it for me, perhaps we should include the creation of this file in the script?
aroundmyroom
commented
2 years ago @buff0k see #208
J0hnMatrix
commented
2 years ago [server] bind_host = 0.0.0.0 bind_port = 4822
This fixes it for me, perhaps we should include the creation of this file in the script?
This has effectively solved the ssh connectivity issue but not the rdp. I will search for a fix.
pezhore
commented
2 years ago There's more to fix RDP - by default it appears the guacd service is running as the daemon user... and that user's home directory (/usr/sbin) isn't writable.
Jan 21 20:55:40 guacamole.local guacd[19050]: Creating new client for protocol "rdp"
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[19050]: INFO: Creating new client for protocol "rdp"
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[19050]: INFO: Connection ID is "$<UID>"
Jan 21 20:55:40 guacamole.local guacd[19050]: Connection ID is "$<UID>"
Jan 21 20:55:40 guacamole.local guacd[21034]: FreeRDP initialization may fail: The current user's home directory ("/usr/sbin") is not writable, but FreeRDP generally requires a writable home directory for storage
of configuration files and certificates.
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: WARNING: FreeRDP initialization may fail: The current user's home directory ("/usr/sbin") is not writable, but FreeRDP generally requires a writable home directory for storage of configuration files and certificates.
Jan 21 20:55:40 guacamole.local guacd[21034]: Security mode: NLA
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Security mode: NLA
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Resize method: none
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: User "@<UID" joined connection "$<UID>" (1 users now present)
Jan 21 20:55:40 guacamole.local guacd[21034]: Resize method: none
Jan 21 20:55:40 guacamole.local guacd[21034]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
Jan 21 20:55:40 guacamole.local guacd[21034]: User "@<UID" joined connection "$<UID>" (1 users now present)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: 20:55:40.295 [http-nio-127.0.0.1-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService - User "pezhore" connected to connection "965".
Jan 21 20:55:40 guacamole.local guacd[21034]: Loading keymap "base"
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Loading keymap "base"
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Loading keymap "en-us-qwerty"
Jan 21 20:55:40 guacamole.local guacd[21034]: Loading keymap "en-us-qwerty"
Jan 21 20:55:40 guacamole.local guacd[21034]: RDP server closed/refused connection: Security negotiation failed (wrong security type?)
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: RDP server closed/refused connection: Security negotiation failed (wrong security type?)
Jan 21 20:55:40 guacamole.local guacd[21034]: User "@<UID" disconnected (0 users remain)
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: User "@<UID" disconnected (0 users remain)
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Last user of connection "$<UID>" disconnected
Jan 21 20:55:40 guacamole.local guacd[21034]: Last user of connection "$<UID>" disconnected
Jan 21 20:55:40 guacamole.local tomcat9[19196]: 20:55:40.648 [http-nio-127.0.0.1-8080-exec-7] INFO o.a.g.tunnel.TunnelRequestService - User "pezhore" disconnected from connection "965". Duration: 353 milliseconds
Jan 21 20:55:40 guacamole.local tomcat9[19196]: Exception in thread "Thread-7" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:425)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:309)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:250)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)
Jan 21 20:55:40 guacamole.local guacd[19050]: Connection "$<UID>" removed.
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[19050]: INFO: Connection "$<UID>" removed.Once we changed the guacd service to run as a user with a writable home directory, RDP resumed working.
J0hnMatrix
commented
2 years ago You are right, after changing the used user account in /etc/systemd/system/guacd.service from daemon to root solve the issue. But I don't know if this is good to do it from a security perspective.
pezhore
commented
2 years ago You are right, after changing the used user account in /etc/systemd/system/guacd.service from daemon to root solve the issue. But I don't know if this is good to do it from a security perspective.
I wouldn't necessarily run it as root, just create a new guacd user for the service. As long as that user has a home directory that's writable, it should work just fine.
stanthewizzard
commented
2 years ago Tried create new user guacd (with /home/guacd writable) changed /etc/systemd/system/guacd.service to guacd user added guacd.conf (with [server] bind_host = 0.0.0.0 bind_port = 4822)
Still not working for RDP :(
BankaiNoJutsu
commented
2 years ago I can confirm that adding guacd.conf and changing user in service file from daemon to any user having a home folder works fine after 1.3.0 to 1.4.0 upgrade.
stanthewizzard
commented
2 years ago Reinstalled a new debian used the script connected to the DB (dump before) reinjected the dump after install works like a charm
seederp2p
commented
2 years ago Hi!
Upgraded my ubuntu 20.04.4 box with tomcat9.
Upgrade 1.3.0 to 1.4.0. and now I can't login with ldap extension (already upgraded the extension).
If I use the 1.3.0 extension it allows me to login but won't show me my connections... I've no permissions.
Rolled back.
seederp2p
commented
2 years ago Extension "guacamole-auth-jdbc-mysql-1.4.0.jar" could not be loaded: Extension "MySQL Authentication" is not compatible with this version of Guacamole.
Extension "guacamole-auth-ldap-1.4.0.jar" could not be loaded: Extension "LDAP Authentication" is not compatible with this version of Guacamole.
Guacamole proxy daemon (guacd) version 1.4.0 started guacd[1576]: INFO: Guacamole proxy daemon (guacd) version 1.4.0 started guacd[1576]: INFO: Listening on host 127.0.0.1, port 4822
seederp2p
commented
2 years ago Nevermind... my link at /var/lib/tomcat9/webapps wasn't ok.
Now everything works.
sebthesun
commented
2 years ago @pezhore solution worked for me, thank
Happy New Year !
new year, new version of Guacamole, I tried to upgrade to 1.4.0 but after 1.4.0 is loaded (I used the upgrade script and replace 1.3.0 with 1.4.0) I see that there is no remote session possible, all other stuff is working but no rdp, no ssh etc..
I hope you guys can see what is needed for a good upgrade from 1.3.0 to 1.4.0