0

Our Guacamole server (v1.4.0) died so we recovered what files we could and setup a new server:
Ubuntu 22.04
Guacamole 1.5.0
Tomcat 9.0.73
Proxied via Nginx
openjdk 11.0.18 2023-01-17

We're using LDAP and TOTP authentication.

After getting new server setup our users can login and connect as before however we're seeing websocket errors every minute where user is given red banner with message:

The remote desktop server encountered an error and has closed the connection. Please try again or contact your system administrator.

Checking Tomcat logs I see in catalina.out the following each time:

Exception in thread "Thread-4" java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
    at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:442)
    at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:314)
    at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:254)
    at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:195)
    at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
    at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
    at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
    at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)

We've not made any changes to our RDP or VNC servers or network firewalls so I suspect is some issue with configuration on new Guacamole install. I've ensured the server built with all modules required (including libwebsockets) and have tried a few different Tomcat server versions to see if some bug there.

At this point I'm out of ideas and not seeing much else to try from search engines and would much appreciate any guidance on what else to check.

Edit: Since posting I've also tried:

  • Disabling ipv6
  • Upgrading to openjdk 19
  • Tomcat version 9.0.71 and 9.0.21 (version we were on prior)
  • Guacamole 1.4.0 (failed to install, deprecated code)
  • Added guacd.conf with host bound to 127.0.0.1 (prior we did not need this)

Error persists

s3rvant
  • 1
  • 2

1 Answers1

0

Issue ended up being firewall related

Simply allowing Guacamole to pass through firewall was not maintaining the websocket connection however using NAT to translate the packet did work

s3rvant
  • 1
  • 2
  • Hi. I am having this exact issue... guac sever is on a raspberry pi, and I'm trying to set up ssh connection to a macbook on the same network. Would you mind elaborating or pointing to a resource where you learned how to do the NAT traversal. I used a Port Trigger function on my router but I'm really not sure what it does. – ta4h1r Jul 23 '23 at 03:54
  • In my case there was a Palo Alto firewall between Guac and our servers and the firewall had a NAT section on its web console where I was able to setup the rule. I've since done similar via pfSense firewalls as well. Main thing is to locate the NAT area on your specific firewall / router; I'm not familiar with the term "port trigger" as to whether that's similar to NAT. – s3rvant Jul 24 '23 at 12:12