Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

guacd: client retrieval failed.

2012-05-21
2013-03-15
  • Nathan Wagner
    Nathan Wagner
    2012-05-21

    I've seen this issue mentioned elsewhere, but no solutions that's worked for me.  I'm running opensuse 12.1, and compiled 0.6.0 from source.  User-mapping.xml I'm reasonably sure is being read, as I'm able to authenticate against that.  What I notice, is that after i click login on the main page, it immediately says "connected, waiting first update"  It then sticks there for a little while, then gives a "Server Error".  in messages I notice that it takes several seconds after clicking login for it to state that it's spawning the client, then coinciding with the server error message, I get a client retrieval failed.  no other logging.
    I can ping the remote server, I can vnc to the remote server from the host.  I've heard of using vnc4server but i've not actually figured out what that is honestly.  I've tried a variety of vnc clients on the host, but haven't had any different luck

    This was very successful when i implemented 0.4.0 on opensuse 11.1, so I don't know if it's something with the different OS that might be the problem.

    If I left anything out that might help, just let me know.

    Thanks.

     
  • Michael Jumper
    Michael Jumper
    2012-05-21

    Do you see any errors in syslog prior to "client retrieval failed"?

     
  • Nathan Wagner
    Nathan Wagner
    2012-05-21

    No, the only thing I see.  If i've just started guacd is:
    May 21 09:12:13 linux-502l guacd: Started, listening on port 4822
    May 21 09:12:55 linux-502l guacd: Spawning client
    May 21 09:13:10 linux-502l guacd: Client retrieval failed

     
  • Michael Jumper
    Michael Jumper
    2012-05-21

    Are you trying to use 0.4.0 guacd with 0.6.0 guacamole.war? A recent build of guacd would have the process ID in the logs, along with slightly more verbose error codes and reasons.

    The 0.6.0 version of the webapp is only compatible with the 0.6.0 versions of guacd, libguac, etc. due to changes in the API and protocol.

     
  • Nathan Wagner
    Nathan Wagner
    2012-05-21

    I had previously attempted 0.4.0 on this box, maybe i didn't remove it correctly.

    Let me remove things thoroughly.

     
  • Nathan Wagner
    Nathan Wagner
    2012-05-21

    May 21 13:38:32 linux-502l guacd: Protocol "vnc" selected
    May 21 13:38:32 linux-502l guacd: VNC server supports protocol version 3.7 (viewer 3.8)
    May 21 13:38:32 linux-502l guacd: We have 2 security types to read
    May 21 13:38:32 linux-502l guacd: 0) Received security type 18
    May 21 13:38:32 linux-502l guacd: Selecting security type 18 (0/2 in the list)
    May 21 13:38:32 linux-502l guacd: 1) Received security type 2
    May 21 13:38:32 linux-502l guacd: Selected Security Scheme 18
    May 21 13:39:10 linux-502l guacd: GnuTLS initialized.
    May 21 13:39:10 linux-502l guacd: TLS session initialized.
    May 21 13:39:10 linux-502l guacd: TLS anonymous credential created.
    May 21 13:39:10 linux-502l guacd: TLS handshake blocking.
    May 21 13:39:11 linux-502l guacd: TLS handshake done.
    May 21 13:39:11 linux-502l guacd: We have 1 security types to read
    May 21 13:39:11 linux-502l guacd: 0) Received security type 2
    May 21 13:39:11 linux-502l guacd: Selecting security type 2 (0/1 in the list)
    May 21 13:39:11 linux-502l guacd: VNC authentication succeeded
    May 21 13:39:11 linux-502l guacd: Desktop name "admin@linux-502l"
    May 21 13:39:11 linux-502l guacd: Connected to VNC server, using protocol version 3.7
    May 21 13:39:11 linux-502l guacd: VNC server default format:
    May 21 13:39:11 linux-502l guacd:   16 bits per pixel.
    May 21 13:39:11 linux-502l guacd:   Least significant byte first in each pixel.
    May 21 13:39:11 linux-502l guacd:   TRUE colour: max red 31 green 63 blue 31, shift red 11 green 5 blue 0
    May 21 13:39:11 linux-502l guacd: Unknown encoding 'tight'
    May 21 13:39:11 linux-502l guacd: Starting client
    May 21 13:39:11 linux-502l guacd: Error reading instruction: End of stream reached while reading instruction: End of input stream
    May 21 13:39:11 linux-502l guacd: Client finished normally

     
  • Michael Jumper
    Michael Jumper
    2012-05-21

    Are you using Tomcat or a different servlet container? Is Tomcat (or whichever servlet container you are using) behind a proxy, such as mod_proxy_ajp?

    I notice authentication for VNC appears to use TLS. What VNC server are you using? Can you describe the configuration?

     
  • Nathan Wagner
    Nathan Wagner
    2012-05-21

    I am using tomcat6.  I am in a proxy environment, but I didn't set it up, so I'm not sure war type.  It's the vncserver that came with opensuse 12.1.  It still works on the opensuse 11 box I have in the same environment, so I don't think it's the network.

    Do you have a suggestion for a certain kind of vnc configuration?

     
  • Michael Jumper
    Michael Jumper
    2012-05-21

    It's likely the proxy is buffering the Guacamole instruction stream, which is causing the connection to timeout. This is a pretty common problem when first installing Guacamole behind a proxy, since many proxies will buffer all data transferred over HTTP until the connection is closed, thus effectively blocking the streaming Guacamole relies on.

    If you have access to the configuration of your proxy, try to configure it to automatically flush packets rather than buffer them. In the case of mod_proxy_ajp, this is flushpackets=on. Nginx has a similar option for their reverse proxy. Other proxies likely have similar options as well.

    The alternative to this would be to use HTTPS rather than HTTP, as proxies will not buffer HTTPS.

    Regarding VNC, I can't recommend against whatever OpenSUSE uses by default, as I have never used OpenSUSE. I have had good experiences with RealVNC's server (which is the vnc4server you refer to earlier); it's the fastest I've used. That doesn't mean OpenSUSE's default choice isn't good, though - I'll have to give it a try at some point.

    Given that you are using a proxy, I'd proceed under the assumption that that is the cause of the connection problems. Different VNC servers dp perform better or worse than each other, but generally they all work; you won't get blatant connection failure like you see now.

     
  • Nathan Wagner
    Nathan Wagner
    2012-05-22

    I have like I said an opensuse 11 box in the same environment running guac 0.4.0.  this is what i see on a connection there, looks good.
    May 22 06:05:04 w-suse11 guacd: Spawning client
    May 22 06:05:04 w-suse11 guacd: VNC server supports protocol version 3.7 (viewer 3.8)
    May 22 06:05:04 w-suse11 guacd: We have 2 security types to read
    May 22 06:05:04 w-suse11 guacd: 0) Received security type 18
    May 22 06:05:04 w-suse11 guacd: 1) Received security type 2
    May 22 06:05:04 w-suse11 guacd: Selecting security type 2 (1/2 in the list)
    May 22 06:05:04 w-suse11 guacd: Selected Security Scheme 2
    May 22 06:05:05 w-suse11 guacd: VNC authentication succeeded
    May 22 06:05:05 w-suse11 guacd: Desktop name "root@w-suse11"
    May 22 06:05:05 w-suse11 guacd: Connected to VNC server, using protocol version 3.7
    May 22 06:05:05 w-suse11 guacd: VNC server default format:
    May 22 06:05:05 w-suse11 guacd:   32 bits per pixel.
    May 22 06:05:05 w-suse11 guacd:   Least significant byte first in each pixel.
    May 22 06:05:05 w-suse11 guacd:   TRUE colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
    May 22 06:05:05 w-suse11 guacd: Unknown encoding 'tight'

    Neither are being hosted using https.

     
  • Michael Jumper
    Michael Jumper
    2012-05-24

    The initial connection can be expected to succeed on the guacd side, but if your proxy is buffering data between the web application and the JavaScript client, you will continue to see "Error reading instruction: End of stream reached while reading instruction: End of input stream" in syslog, and the connection from the JavaScript client to the web application will fail.

    If you are still having the problem you described earlier with being unable to connect, you need to either start using HTTPS, or try to modify your proxy settings.