0

I am trying to setup up guacamole in a Digital Ocean Droplet (Ubuntu 18.04). I followed the steps provided in https://computingforgeeks.com/install-and-use-guacamole-on-ubuntu/ to setup guacamole and used Postgresql to authenticate guacamole by following the instructions provided in https://guacamole.apache.org/doc/gug/jdbc-auth.html#idm46227496294336.

The installation got over and I am able to access the webpage at http://droplet-ip:8080/guacamole, but when I try to connect to a remote machine over RDP I get a connection error stating 'The remote desktop server is currently unavailable. If the problem persists, please notify your system administrator, or check your system logs.'

enter image description here

I have checked the login credentials of the remote device, it's hostip and RDP port number, everything is correct. I am able to login to the machine through Remote Desktop Connection in Windows. I can also login to the same remote machine with same credentials in a perfectly working guacamole setup in another digitalocean droplet.

I have also tried this by installing guacamole using docker by following instructions provided in https://wiki.networksecuritytoolkit.org/index.php/HowTo_Setup_Guacamole, but still face the same problem. What am I doing wrong? I would be happy if someone could help me solve this problem

Jonath Sujan
  • 83
  • 1
  • 1
  • 12
  • Hi, would you mind to include your connection parameter? (normally this happens when you have configure the authentication part wrongly or the guacd is not able to access to your windows rdp server) – Song Lim May 12 '21 at 09:49
  • @SongLim Following are the connection parameters 1) Protocol - RDP 2) Hostname - Public IP of my AWS instance 3) RDP Port - 3389 4) Username - Username of my instance 5) Password of the instance 6) Security mode - Any 7) Enables Ignore Server Certificate. Left others untouched. These same parameters works perfectly with the other digitalocean droplet I have installed guacamole on. My colleagues too tried installing guacamole in a ubuntu droplet and faced the same problem. – Jonath Sujan May 12 '21 at 14:58
  • The configuration looks fine. Do you have NLA (Network Level Authentication enabled in your rdp server? – Song Lim May 13 '21 at 04:01
  • Yes I have NLA enabled in my RDP server. The connection was not established when NLA was enabled. I tried disabling NLA in my AWS instance and restarted the machine. But still I couldn't establish a connection. – Jonath Sujan May 13 '21 at 12:16
  • You can try enable debug level log in guacd and check if it report any messages. If you not sure how to configure the log level for guacd, you may refer here: https://guacamole.apache.org/doc/1.3.0/gug/configuring-guacamole.html#guacd.conf – Song Lim May 17 '21 at 01:52

1 Answers1

0

I was finally able to figure out why I was not able to connect to a remote device in Guacamole.

  1. My Digital Ocean Linux droplets had freeRDP already installed. But Guacamole Server 1.3.0 works on freeRDP2. I had to make Guacamole send requests through freeRDP2.
  2. I have enabled SFTP in the connection settings. But somehow the OpenSSH was corrupted in the remote machine resulting in connection error. So, I disabled SFTP. I think guacamole tries to establish RDP and SFTP connection in the very beginning, so even if one of the protocols fail, connection cannot be established. I am not proficient with guacamole so not sure with this point.

After resolving these problems, guacamole was able to send connection request to the remote machine. I checked the status using netstat and the status was SYN_SENT, but there was no response from the remote server. The problem was Firewall.

I allowed the ports for RDP in windows firewall, but the remote machine was in a network which had external firewall. I added the Guacamole Server IP in allowed list for NAT forwarding in the firewall device and finally I was able to establish a connection with the remote machine.

Jonath Sujan
  • 83
  • 1
  • 1
  • 12