Open aroundmyroom opened 2 years ago
using the installation script (not the upgrade script) changed it to 1.4.0 and then an import of the mysql dump I created before gave me a working 1.4.0 with all my remote servers
the update script works for me fine...my only change was the version number ;)
the update script works for me fine...my only change was the version number ;)
gave all kinds of 'connection' errors. at my side . .
2022-01-03 17:10:22] [info] WARNING: An illegal reflective access operation has occurred [2022-01-03 17:10:22] [info] WARNING: Illegal reflective access by org.apache.ibatis.ognl.OgnlRuntime (file:/etc/guacamole/extensions/guacamole-auth-jdbc-mysql-1.3.0. jar) to method java.util.Collections$EmptySet.isEmpty()
No clue why it could not work. Only after I did the installation script it might an issue between mariadb / mysql but actually no clue whatsoever (but in my end it was solved by using the installation script, changing to 1.4.0 and than the dump of the database importing
doesn't work for me ... unable to connect to my vm after upgrade
An internal error has occurred within the Guacamole server, and the connection has been terminated. If the problem persists, please notify your system administrator, or check your system logs
@stanthewizzard try adding in /etc/guacamole a file:
guacd.conf
it has to contain this content
[server] bind_host = 0.0.0.0 bind_port = 4822
than restart services
I can access the Guacamole page. I can see the VMs. I got this message after clicking to acces a VM.
I think that your methods is the one when not having access to guacamole ? Thanks for the tips
and not working
nope .. If you upgrade from 1.3.0 to 1.4.0 you have access to the webpage, access to the db, but you cannot start any RDP session, probably as your server cannot bind to the host / port of the guacd service.
After creating the guacd.conf file you need to restart the server or your services with systemctl another user reported that disabling ipv6 solved his issue
so updated from 1.3.0 to 1.40 neither guacd.conf nor disabling ipv6 worked
I'm stuck :( Thank for your help
@stanthewizzard than you might show what catalina.out / log is showing in /var/log/tomcatx cause you might have a complete different error.
and otherwise try dumping your database data into a file than install the 1.4.0 version check if you can make a working environment with 1 remote session
If that succeeds re-import your own data .. and you should be able to use it.
If not .. no further clue l;)
@stanthewizzard try adding in /etc/guacamole a file:
guacd.conf
it has to contain this content
[server] bind_host = 0.0.0.0 bind_port = 4822
than restart services
After do this my SSH connections works again, but no my RDP session. Do you have any ideas ? i had do an guac-upgrade. Many thanks
Same issue here. Here are the logs when I try to initiate a RDP connection (SSH is fine)
[2022-01-18 14:01:26] [info] 14:01:26.453 [http-nio-8080-exec-5] INFO o.a.g.tunnel.TunnelRequestService - User "" connected to connection "3". [2022-01-18 14:01:26] [info] Exception in thread "Thread-22" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:439) [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:311) [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:251) [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:192) [2022-01-18 14:01:26] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37) [2022-01-18 14:01:26] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152) [2022-01-18 14:01:26] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53) [2022-01-18 14:01:26] [info] #011at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253) [2022-01-18 14:01:26] [info] 14:01:26.900 [http-nio-8080-exec-7] INFO o.a.g.tunnel.TunnelRequestService - User "" disconnected from connection "3". Duration: 447 milliseconds [2022-01-18 14:01:46] [info] 14:01:46.166 [http-nio-8080-exec-10] INFO o.a.g.tunnel.TunnelRequestService - User "" connected to connection "3". [2022-01-18 14:01:46] [info] 14:01:46.590 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User "" disconnected from connection "3". Duration: 424 milliseconds [2022-01-18 14:01:46] [info] Exception in thread "Thread-24" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed [2022-01-18 14:01:46] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:439) [2022-01-18 14:01:46] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:311) [2022-01-18 14:01:46] [info] #011at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:251)
The following entry seems suspicious:
Exception in thread "Thread-22" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
And I have noticed during the upgrade that wsock32 libraries aren't presents.
[server] bind_host = 0.0.0.0 bind_port = 4822
This fixes it for me, perhaps we should include the creation of this file in the script?
@buff0k see #208
[server] bind_host = 0.0.0.0 bind_port = 4822
This fixes it for me, perhaps we should include the creation of this file in the script?
This has effectively solved the ssh connectivity issue but not the rdp. I will search for a fix.
There's more to fix RDP - by default it appears the guacd
service is running as the daemon
user... and that user's home directory (/usr/sbin
) isn't writable.
Jan 21 20:55:40 guacamole.local guacd[19050]: Creating new client for protocol "rdp"
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[19050]: INFO: Creating new client for protocol "rdp"
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[19050]: INFO: Connection ID is "$<UID>"
Jan 21 20:55:40 guacamole.local guacd[19050]: Connection ID is "$<UID>"
Jan 21 20:55:40 guacamole.local guacd[21034]: FreeRDP initialization may fail: The current user's home directory ("/usr/sbin") is not writable, but FreeRDP generally requires a writable home directory for storage
of configuration files and certificates.
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: WARNING: FreeRDP initialization may fail: The current user's home directory ("/usr/sbin") is not writable, but FreeRDP generally requires a writable home directory for storage of configuration files and certificates.
Jan 21 20:55:40 guacamole.local guacd[21034]: Security mode: NLA
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Security mode: NLA
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Resize method: none
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: User "@<UID" joined connection "$<UID>" (1 users now present)
Jan 21 20:55:40 guacamole.local guacd[21034]: Resize method: none
Jan 21 20:55:40 guacamole.local guacd[21034]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
Jan 21 20:55:40 guacamole.local guacd[21034]: User "@<UID" joined connection "$<UID>" (1 users now present)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: 20:55:40.295 [http-nio-127.0.0.1-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService - User "pezhore" connected to connection "965".
Jan 21 20:55:40 guacamole.local guacd[21034]: Loading keymap "base"
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Loading keymap "base"
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Loading keymap "en-us-qwerty"
Jan 21 20:55:40 guacamole.local guacd[21034]: Loading keymap "en-us-qwerty"
Jan 21 20:55:40 guacamole.local guacd[21034]: RDP server closed/refused connection: Security negotiation failed (wrong security type?)
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: RDP server closed/refused connection: Security negotiation failed (wrong security type?)
Jan 21 20:55:40 guacamole.local guacd[21034]: User "@<UID" disconnected (0 users remain)
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: User "@<UID" disconnected (0 users remain)
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[21034]: INFO: Last user of connection "$<UID>" disconnected
Jan 21 20:55:40 guacamole.local guacd[21034]: Last user of connection "$<UID>" disconnected
Jan 21 20:55:40 guacamole.local tomcat9[19196]: 20:55:40.648 [http-nio-127.0.0.1-8080-exec-7] INFO o.a.g.tunnel.TunnelRequestService - User "pezhore" disconnected from connection "965". Duration: 353 milliseconds
Jan 21 20:55:40 guacamole.local tomcat9[19196]: Exception in thread "Thread-7" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:425)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:309)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:250)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
Jan 21 20:55:40 guacamole.local tomcat9[19196]: at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)
Jan 21 20:55:40 guacamole.local guacd[19050]: Connection "$<UID>" removed.
Jan 21 20:55:40 guacamole.local guacd[19050]: guacd[19050]: INFO: Connection "$<UID>" removed.
Once we changed the guacd service to run as a user with a writable home directory, RDP resumed working.
You are right, after changing the used user account in /etc/systemd/system/guacd.service from daemon to root solve the issue. But I don't know if this is good to do it from a security perspective.
You are right, after changing the used user account in /etc/systemd/system/guacd.service from daemon to root solve the issue. But I don't know if this is good to do it from a security perspective.
I wouldn't necessarily run it as root, just create a new guacd user for the service. As long as that user has a home directory that's writable, it should work just fine.
Tried create new user guacd (with /home/guacd writable) changed /etc/systemd/system/guacd.service to guacd user added guacd.conf (with [server] bind_host = 0.0.0.0 bind_port = 4822)
Still not working for RDP :(
I can confirm that adding guacd.conf and changing user in service file from daemon to any user having a home folder works fine after 1.3.0 to 1.4.0 upgrade.
Reinstalled a new debian used the script connected to the DB (dump before) reinjected the dump after install works like a charm
Hi!
Upgraded my ubuntu 20.04.4 box with tomcat9.
Upgrade 1.3.0 to 1.4.0. and now I can't login with ldap extension (already upgraded the extension).
If I use the 1.3.0 extension it allows me to login but won't show me my connections... I've no permissions.
Rolled back.
Extension "guacamole-auth-jdbc-mysql-1.4.0.jar" could not be loaded: Extension "MySQL Authentication" is not compatible with this version of Guacamole.
Extension "guacamole-auth-ldap-1.4.0.jar" could not be loaded: Extension "LDAP Authentication" is not compatible with this version of Guacamole.
Guacamole proxy daemon (guacd) version 1.4.0 started guacd[1576]: INFO: Guacamole proxy daemon (guacd) version 1.4.0 started guacd[1576]: INFO: Listening on host 127.0.0.1, port 4822
Nevermind... my link at /var/lib/tomcat9/webapps wasn't ok.
Now everything works.
@pezhore solution worked for me, thank
Happy New Year !
new year, new version of Guacamole, I tried to upgrade to 1.4.0 but after 1.4.0 is loaded (I used the upgrade script and replace 1.3.0 with 1.4.0) I see that there is no remote session possible, all other stuff is working but no rdp, no ssh etc..
I hope you guys can see what is needed for a good upgrade from 1.3.0 to 1.4.0