Quantcast

Cannot connect using RDP

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Cannot connect using RDP

adrianz
Hello,

I am having a strange issue connecting to my Windows 10 PC using RDP. It tries to connect but almost immediately I get the red 'Connection error' message box. Doing further investigation I found the following:

guacd[13905]: INFO:     Guacamole proxy daemon (guacd) version 0.9.11-incubating started
guacd[13905]: DEBUG:    Unable to bind socket to host ::1, port 4822: Address family not supported by protocol
guacd[13905]: DEBUG:    Successfully bound socket to host 127.0.0.1, port 4822
guacd[13905]: INFO:     Listening on host 127.0.0.1, port 4822
guacd[13905]: INFO:     Creating new client for protocol "rdp"
guacd[13905]: INFO:     Connection ID is "$40db7722-d9be-49fc-8291-3fa8d8c709ab"
guacd[13943]: DEBUG:    Parameter "console" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "console-audio" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "disable-auth" omitted. Using default value of 0.
guacd[13943]: INFO:     Security mode: RDP
guacd[13943]: DEBUG:    User resolution is 1197x843 at 96 DPI
guacd[13943]: DEBUG:    Parameter "dpi" omitted. Using default value of 96.
guacd[13943]: DEBUG:    Using resolution of 1196x843 at 96 DPI
guacd[13943]: DEBUG:    Parameter "read-only" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "enable-wallpaper" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "enable-theming" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "enable-full-window-drag" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "enable-desktop-composition" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "enable-menu-animations" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "enable-printing" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "enable-drive" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "drive-path" omitted. Using default value of "".
guacd[13943]: DEBUG:    Parameter "create-drive-path" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "enable-sftp" omitted. Using default value of 0.
guacd[13943]: DEBUG:    Parameter "sftp-hostname" omitted. Using default value of "192.168.205.168".
guacd[13943]: DEBUG:    Parameter "sftp-port" omitted. Using default value of "22".
guacd[13943]: DEBUG:    Parameter "sftp-username" omitted. Using default value of "radu".
guacd[13943]: DEBUG:    Parameter "sftp-password" omitted. Using default value of "".
guacd[13943]: DEBUG:    Parameter "sftp-passphrase" omitted. Using default value of "".
guacd[13943]: DEBUG:    Parameter "recording-name" omitted. Using default value of "recording".
guacd[13943]: DEBUG:    Parameter "create-recording-path" omitted. Using default value of 0.
guacd[13943]: INFO:     Resize method: none
guacd[13943]: DEBUG:    Parameter "enable-audio-input" omitted. Using default value of 0.
guacd[13943]: INFO:     User "@e8fe711d-6dbc-41b7-981c-eb8b309064d6" joined connection "$40db7722-d9be-49fc-8291-3fa8d8c709ab" (1 users now present)
guacd[13943]: INFO:     Loading keymap "base"
guacd[13943]: INFO:     Loading keymap "en-us-qwerty"
connected to 192.168.205.168:3389
recv: Connection reset by peer
Error: protocol security negotiation or connection failure
guacd[13943]: ERROR:    Error connecting to RDP server
guacd[13943]: INFO:     User "@e8fe711d-6dbc-41b7-981c-eb8b309064d6" disconnected (0 users remain)
guacd[13943]: INFO:     Last user of connection "$40db7722-d9be-49fc-8291-3fa8d8c709ab" disconnected
guacd[13905]: INFO:     Connection "$40db7722-d9be-49fc-8291-3fa8d8c709ab" removed.


I have tried many combinations of authentication but to no avail.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cannot connect using RDP

adrianz
After more trial and error I found that it works but I have to input the username AND password. Without both username and password it does not work. Is there a way to just have the username and enter the password manually?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cannot connect using RDP

adrianz
If I enter just the username I get the following errors in guacd:

guacd[16152]: INFO:     Loading keymap "en-us-qwerty"
connected to 192.168.205.168:3389
creating directory /root/.config/freerdp
creating directory /root/.config/freerdp/certs
creating directory /root/.config/freerdp/server
certificate_store_open: error opening [/root/.config/freerdp/known_hosts] for writing
guacd[16152]: INFO:     Authentication requested but username or password not given
Could not open SAM file!
Could not open SAM file!
SSL_read: Failure in SSL library (protocol error?)
SSL_read: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied
credssp_recv() error: -1
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
Error: protocol security negotiation or connection failure


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cannot connect using RDP

Mike Jumper
Recent versions of Windows enable TLS (with a self-signed cert) and NLA by default.

If you want to be prompted with a traditional Windows login screen, you will need to disable NLA. With NLA enabled, the username and password must be provided in the connection parameters. Integrating guac with AD or LDAP such that the guac username/password is always the same as the Windows username/password would allow use of parameter tokens for this:


For TLS to work with a self-signed cert, you will need to set the connection parameter telling Guacamole to ignore the certificate.

- Mike


On Mar 15, 2017 11:51 AM, "adrianz" <[hidden email]> wrote:
If I enter just the username I get the following errors in guacd:

guacd[16152]: INFO:     Loading keymap "en-us-qwerty"
connected to 192.168.205.168:3389
creating directory /root/.config/freerdp
creating directory /root/.config/freerdp/certs
creating directory /root/.config/freerdp/server
certificate_store_open: error opening [/root/.config/freerdp/known_hosts]
for writing
guacd[16152]: INFO:     Authentication requested but username or password
not given
Could not open SAM file!
Could not open SAM file!
SSL_read: Failure in SSL library (protocol error?)
SSL_read: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access
denied
credssp_recv() error: -1
Authentication failure, check credentials.
If credentials are valid, the NTLMSSP implementation may be to blame.
Error: protocol security negotiation or connection failure






--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Cannot-connect-using-RDP-tp550p552.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Cannot connect using RDP

adrianz
Thank you for the quick reply.

By disabling NLA do you mean just going into the Windows remote system setting and unchecking the box 'Allow connections only from computers running Remote Desktop with Network Level Authentication'? If so, that box is already unchecked. Also, the setting to ignore certificate is checked as well in the connection settings.
Loading...