Issues with Guacamole Disconnecting RDP sessions for remote user

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Issues with Guacamole Disconnecting RDP sessions for remote user

James Fraser

Hi All

 

Long time user of Guacamole here.

 

I have recently developed and deployed a Proof Of Concept

 

The design is running out of Microsoft Azure and the following is happening

 

NGINX is being used to run SSL and Auth

Auth to NGINX is done via the oauth2 proxy which is authing against our Azure AD (As a “webapp’ in Azure AD)

 

Once passing NGINX Auth you are handed over to Guacamole which is using LDAP authentication via Azure Active Directory Domain Services.

 

Our main office has really good internet 500/500 mbit and connection to servers via Guacamole from this location is silky smooth and nice and fast.


We have peers connected to the Guacamole Zone allowing us to access servers that are not internet facing and the proof of concept is working awesomely.

 

Except we have a few remote users who do not have the best internet connection but still capable of 10 mbits and ping latency of around 35ms (to the guac servers)

 

These users are experiencing RDP Disconnects, the type that does not auto prompt 15 seconds to reconnect but the grey window that just offers reconnect/home/logout

 

If they reconnect it reconnects fine for a short period but is happening every 1-2 minutes

 

I have so far tried the following unsuccessfully:

  • Firefox/Chrome/Internet Exploder
  • Bypassing NGINX and having this user connect to Tomcat on 8080 over HTTP

 

The tomcat log shows the following:

Exception in thread "Thread-208" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:384)

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:340)

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:755)

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:252)

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)

        at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)

        at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:169)

 

Guacd does not seem to be logging anything worth mentioning to the syslog

 

I will note the RDP connections are to Server 2016 servers utilising NLA (With certificate ignored)

 

If anyone could shed some light on trouble shooting this would be excellent.

 

James Fraser • Microsoft Systems Engineer
P +61 2 6175 9200 • M 0402 260 606
E [hidden email] • W veritec.com.au

 

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Issues with Guacamole Disconnecting RDP sessions for remote user

James Fraser

It might also be worth nothing that we are using Ubuntu 16.04 and Guacamole 0.9.12

 

 

 

From: James Fraser [mailto:[hidden email]]
Sent: Wednesday, 14 June 2017 2:30 PM
To: [hidden email]
Subject: Issues with Guacamole Disconnecting RDP sessions for remote user

 

Hi All

 

Long time user of Guacamole here.

 

I have recently developed and deployed a Proof Of Concept

 

The design is running out of Microsoft Azure and the following is happening

 

NGINX is being used to run SSL and Auth

Auth to NGINX is done via the oauth2 proxy which is authing against our Azure AD (As a “webapp’ in Azure AD)

 

Once passing NGINX Auth you are handed over to Guacamole which is using LDAP authentication via Azure Active Directory Domain Services.

 

Our main office has really good internet 500/500 mbit and connection to servers via Guacamole from this location is silky smooth and nice and fast.


We have peers connected to the Guacamole Zone allowing us to access servers that are not internet facing and the proof of concept is working awesomely.

 

Except we have a few remote users who do not have the best internet connection but still capable of 10 mbits and ping latency of around 35ms (to the guac servers)

 

These users are experiencing RDP Disconnects, the type that does not auto prompt 15 seconds to reconnect but the grey window that just offers reconnect/home/logout

 

If they reconnect it reconnects fine for a short period but is happening every 1-2 minutes

 

I have so far tried the following unsuccessfully:

  • Firefox/Chrome/Internet Exploder
  • Bypassing NGINX and having this user connect to Tomcat on 8080 over HTTP

 

The tomcat log shows the following:

Exception in thread "Thread-208" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:384)

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.startMessage(WsRemoteEndpointImplBase.java:340)

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase$TextMessageSendHandler.write(WsRemoteEndpointImplBase.java:755)

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendPartialString(WsRemoteEndpointImplBase.java:252)

        at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)

        at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)

        at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:169)

 

Guacd does not seem to be logging anything worth mentioning to the syslog

 

I will note the RDP connections are to Server 2016 servers utilising NLA (With certificate ignored)

 

If anyone could shed some light on trouble shooting this would be excellent.

 

James Fraser • Microsoft Systems Engineer
P +61 2 6175 9200 • M 0402 260 606
E [hidden email] • W veritec.com.au

 

Loading...