Yes, it is enabled on the host we’re connecting to. Will make note of NLA being deprecated. Is there a tech out there that is replacing it?
Not to get off of the original request, though… Any pointers on what to collect / investigate / how to investigate…etc? Thank you, Brad Turnbough Senior Technology Analyst [cid:Backlund-Investment-logo_20ce9d6e-04b9-4d73-9d17-cfc69decf4cc.gif] P: 309.272.2739 F: 309.272.2839 www.betterbanks.com<http://www.betterbanks.com/> www.statestreetbank.com<http://www.statestreetbank.com> NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). If you are not the intended recipient, nor the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply e-mail and then delete this message, including any attachments. From: Sean Hulbert <shulb...@securitycentric.net.INVALID> Sent: Tuesday, July 23, 2024 10:58 AM To: user@guacamole.apache.org Subject: Re: Assistance in troubleshooting unsuccessful RDP Connection External email. Please make sure you trust this source before clicking links or opening attachments. Appears you have Security mode: NLA enabled, you can either make sure the Windows VDI/system has it enabled or disable on both ends. It provides no real protection and is being depreciated by Microsoft. Thank You Sean Hulbert Security Centric Inc. A Cybersecurity Virtualization Enablement Company StormCloud Gov, Protected CUI Environment! [cid:image001.png@01DADCEF.DC3EAB40] Industry's most secure CMMC virtual desktops! FedRAMP MIL4 in process (RAR) System Award Management CAGE: 8AUV4 SAM ID: UMJLJ8A7BMT3 AFCEA San Francisco Chapter President If you have heard of a hacker by name, he/she has failed, fear the hacker you haven’t heard of! CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. Content within this email communication is not legally binding as a contract and no promises are guaranteed unless in a formal contract outside this email communication. igitur qui desiderat pacem, praeparet bellum!!! Epitoma Rei Militaris On 7/23/2024 8:44 AM, Brad Turnbough wrote: I should add the following: Ubuntu 20.04 Guac 1.5.0 I created a whole new connection in Guac – no change in outcome. Here is output of /var/log/syslog for the connection (tail –f /var/log/syslog | grep –I guacd) Jul 23 10:37:09 knx-guacamole-01 guacd[831]: Creating new client for protocol "rdp" Jul 23 10:37:09 knx-guacamole-01 guacd[831]: Connection ID is "$9a8cb86d-bd6f-4f69-b871-6952461a1129" Jul 23 10:37:09 knx-guacamole-01 guacd[667528]: Security mode: NLA Jul 23 10:37:09 knx-guacamole-01 guacd[667528]: Resize method: none Jul 23 10:37:09 knx-guacamole-01 guacd[667528]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Jul 23 10:37:09 knx-guacamole-01 guacd[667528]: User "@14b966a9-36c7-4b89-aa77-d8966ad6ae88" joined connection "$9a8cb86d-bd6f-4f69-b871-6952461a1129" (1 users now present) Jul 23 10:37:09 knx-guacamole-01 guacd[667528]: Loading keymap "base" Jul 23 10:37:09 knx-guacamole-01 guacd[667528]: Loading keymap "en-us-qwerty" Jul 23 10:37:20 knx-guacamole-01 guacd[831]: Creating new client for protocol "rdp" Jul 23 10:37:20 knx-guacamole-01 guacd[831]: Connection ID is "$89ab8eb3-b5a5-431f-816f-fa7393db319f" Jul 23 10:37:20 knx-guacamole-01 guacd[667554]: Security mode: NLA Jul 23 10:37:20 knx-guacamole-01 guacd[667554]: Resize method: none Jul 23 10:37:20 knx-guacamole-01 guacd[667554]: No clipboard line-ending normalization specified. Defaulting to preserving the format of all line endings. Jul 23 10:37:20 knx-guacamole-01 guacd[667554]: User "@6386d3c3-cee0-4689-bc52-b10b48d9e9a5" joined connection "$89ab8eb3-b5a5-431f-816f-fa7393db319f" (1 users now present) Jul 23 10:37:20 knx-guacamole-01 guacd[667554]: Loading keymap "base" Jul 23 10:37:20 knx-guacamole-01 guacd[667554]: Loading keymap "en-us-qwerty" Jul 23 10:37:27 knx-guacamole-01 guacd[667528]: RDP server closed/refused connection: Disconnected. Jul 23 10:37:29 knx-guacamole-01 guacd[667528]: User "@14b966a9-36c7-4b89-aa77-d8966ad6ae88" disconnected (0 users remain) Jul 23 10:37:29 knx-guacamole-01 guacd[667528]: Last user of connection "$9a8cb86d-bd6f-4f69-b871-6952461a1129" disconnected Jul 23 10:37:29 knx-guacamole-01 guacd[831]: Connection "$9a8cb86d-bd6f-4f69-b871-6952461a1129" removed. Jul 23 10:37:30 knx-guacamole-01 guacd[667554]: Connected to RDPDR 1.13 as client 0x0025 Jul 23 10:37:34 knx-guacamole-01 guacd[667554]: RDPDR user logged on From: Brad Turnbough <bturnbo...@backlundinvestment.com><mailto:bturnbo...@backlundinvestment.com> Sent: Tuesday, July 23, 2024 10:31 AM To:user@guacamole.apache.org<mailto:user@guacamole.apache.org> Subject: Assistance in troubleshooting unsuccessful RDP Connection An RDP connection that was previously working is now no longer working. We have probably around 60 RDP connections configured and this is the only one not operating correctly. I have verified that I can indeed still RDP into the box using the windows native RDP client. What logs / debug flags / etc… need to be turned on and collected in order to provide meaningful information to troubleshoot and fix this issue? Thanks, Brad
