Hi Mike, Ok, that explains why websocket was still showing, I will remove the parameter if not needed.
Setting up reverse proxy on the box will probably be the next step in that case, as would probably be quicker than the firewall vendor response. Many thanks, Craig From: Mike Jumper <[email protected]> Sent: 27 September 2021 18:49 To: [email protected] Subject: Re: Exhausted simultaneous connection error This message originated from outside your organization ________________________________ On Mon, Sep 27, 2021 at 9:29 AM Stratton, Craig <[email protected]<mailto:[email protected]>> wrote: Hi Mike, Nick, Running out of ideas now, at least until the Firewall vendor responds to my support case. I have set the enable-websocket: false and also now changed Tomcat to SSL support, as shown in this syslog entry: “Sep 27 15:50:33 psmguc01 tomcat9[142913]: 15:50:33.634 [https-openssl-nio-8443-e xec-15] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal." Still no joy, am in the same boat. ... I have a the Catalina log entry from 2 connection attempts, and even though WebSocket is disabled, it seems the first connection attempt still tries to use it. There is no "enable-websocket" property and attempting to set it will have no effect. You'll see some references to that property in ancient documentation for versions of Guacamole back when WebSocket was still considered experimental, but this has not been the case for years. WebSocket is always enabled. If your firewall vendor can help correct things such that WebSocket works, that would be the best path forward. If you want to block WebSocket entirely for now to attempt to work around the firewall issues, you can set up a reverse proxy and configure that proxy to explicitly block access to the WebSocket tunnel. For example, Apache HTTPD normally has to be manually configured to handle WebSocket traffic for Guacamole's WebSocket tunnel: http://guacamole.apache.org/doc/gug/proxying-guacamole.html#websocket-and-apache<http://guacamole.apache.org/doc/gug/proxying-guacamole.html#websocket-and-apache> If you alter that to instead return 404, or set up a different reverse proxy like Nginx and configure it to do the same, you will block WebSocket. Michael Jumper CEO, Lead Developer Glyptodon Inc<https://glyp.to/>. Public Sector Partnership Services Limited (PSPS) is a Local Authority Trading Company, wholly owned by East Lindsey District Council, South Holland District Council and Boston Borough Council in Lincolnshire. PSPS delivers services to and on behalf of the three District Councils. Registered Company details: Public Sector Partnership Services Limited, 2 New Bailey, 6 Stanley Street, Salford, Greater Manchester M3 5GS Registered in England, Number – 07289357 Confidentiality: This e-mail and its attachments are intended for the above named only and may contain confidential and privileged information. If you are not the intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error, please notify the sender. The views expressed in this message are my own, and any negotiations by email are subject to formal contract. Any correspondence with the sender will be subject to automatic monitoring for inappropriate content. Your information will be processed in accordance with the law, in particular current Data Protection legislation. If you have contacted Public Sector Partnership Services for a service then your personal data will be processed in order to provide that service or answer your enquiry. For full details of our Privacy Policy and your rights please go to our website at https://www.pspsl.co.uk/privacy. The information that you provide will only be used for Company purposes unless there is a legal authority to do otherwise. The contents of e-mails may have to be disclosed to a request under the Data Protection Act and the Freedom of Information Act 2000.
