I finally decided to bite the bullet and upgrade my laptop to Windows 11 Pro, so that I could use RDP instead of VNC. The primary reason I did this is to make remote access faster. Not only is the RDP protocol much faster than VNC(prob more secure too), but I’ll be connecting to my laptop, which is much newer, with twice the RAM, some sort of i7 processor, and the wifi card seems a bit stronger.
The config was quite simple after I learned to interpret this gobbledygook below:
Oct 01 19:45:13 thecweb.com guacd[1382772]: Creating new client for protocol "rdp"
Oct 01 19:45:13 thecweb.com guacd[1382772]: guacd[1382772]: INFO: Creating new client for protocol "rdp"
Oct 01 19:45:13 thecweb.com guacd[1382772]: guacd[1382772]: INFO: Connection ID is "$7bea9685-1e55-4f4e-b0bf-7fc3f5fd0a5a"
Oct 01 19:45:13 thecweb.com guacd[1382772]: Connection ID is "$7bea9685-1e55-4f4e-b0bf-7fc3f5fd0a5a"
Oct 01 19:45:13 thecweb.com guacd[1382975]: FreeRDP initialization may fail: The current user's home directory ("/usr/sbin") is not writable, but FreeRDP generally requires a writable home directory for storage of configura>
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: WARNING: FreeRDP initialization may fail: The current user's home directory ("/usr/sbin") is not writable, but FreeRDP generally requires a writable home di>
Oct 01 19:45:13 thecweb.com guacd[1382975]: No security mode specified. Defaulting to security mode negotiation with server.
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: No security mode specified. Defaulting to security mode negotiation with server.
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: Resize method: none
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: User "@f96cd9fe-6e30-495b-8b36-dbd32578750f" joined connection "$7bea9685-1e55-4f4e-b0bf-7fc3f5fd0a5a" (1 users now present)
Oct 01 19:45:13 thecweb.com guacd[1382975]: Resize method: none
Oct 01 19:45:13 thecweb.com tomcat9[1382777]: 19:45:13.459 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService - User "cweb" connected to connection "RDP on hp360".
Oct 01 19:45:13 thecweb.com guacd[1382975]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings.
Oct 01 19:45:13 thecweb.com guacd[1382975]: User "@f96cd9fe-6e30-495b-8b36-dbd32578750f" joined connection "$7bea9685-1e55-4f4e-b0bf-7fc3f5fd0a5a" (1 users now present)
Oct 01 19:45:13 thecweb.com guacd[1382975]: Loading keymap "base"
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: Loading keymap "base"
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: Loading keymap "en-us-qwerty"
Oct 01 19:45:13 thecweb.com guacd[1382975]: Loading keymap "en-us-qwerty"
Oct 01 19:45:13 thecweb.com guacd[1382975]: Certificate validation failed
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: Certificate validation failed
Oct 01 19:45:13 thecweb.com guacd[1382975]: RDP server closed/refused connection: SSL/TLS connection failed (untrusted/self-signed certificate?)
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: RDP server closed/refused connection: SSL/TLS connection failed (untrusted/self-signed certificate?)
Oct 01 19:45:13 thecweb.com guacd[1382975]: User "@f96cd9fe-6e30-495b-8b36-dbd32578750f" disconnected (0 users remain)
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: User "@f96cd9fe-6e30-495b-8b36-dbd32578750f" disconnected (0 users remain)
Oct 01 19:45:13 thecweb.com guacd[1382975]: guacd[1382975]: INFO: Last user of connection "$7bea9685-1e55-4f4e-b0bf-7fc3f5fd0a5a" disconnected
Oct 01 19:45:13 thecweb.com guacd[1382975]: Last user of connection "$7bea9685-1e55-4f4e-b0bf-7fc3f5fd0a5a" disconnected
Oct 01 19:45:13 thecweb.com tomcat9[1382777]: 19:45:13.855 [http-nio-8080-exec-3] INFO o.a.g.tunnel.TunnelRequestService - User "cweb" disconnected from connection "RDP on hp360". Duration: 396 milliseconds
Oct 01 19:45:13 thecweb.com guacd[1382772]: Connection "$7bea9685-1e55-4f4e-b0bf-7fc3f5fd0a5a" removed.
Oct 01 19:45:13 thecweb.com guacd[1382772]: guacd[1382772]: INFO: Connection "$7bea9685-1e55-4f4e-b0bf-7fc3f5fd0a5a" removed.
The bolded lines are what I needed to figure this out. Really it was quite obvious where that error was coming from once I decided to try to connect from a Windows PC. Seasoned admins should be familiar with the message below:
And it turns out that Guacamole has not way of dealing with this at login. So I added the bolded param to the config file and restarted things and boom goes the dynamite.
<connection name="RDP on hp360">
<protocol>rdp</protocol>
<param name="hostname">hp360</param>
<param name="port">3389</param>
<param name="ignore-cert">true</param>
</connection>
Now, I did spend a little bit more time on an error above the one about issues writing to /usr/sbin. A red herring to be sure. Maybe I should have paid more attention to the fact that the error says it may cause issues, not that it will cause issues. After I changed permissions to /usr/sbin/.config so that the Freerdp client could write there, the error persists, but it is still writing config files there, so not sure. I only mention it because it wasted like 30 minutes of my time.