I am using the docker image of guacamole (oznu/guacamole:amd64). When I try to connect to a RDP host, I get the message "You have been disconnected".
In the configuration, I set the following parameters:
Protocol = RDP
Network/Hostname = ...
Network/Port = 3389
Authentication/Username = ...
Authentication/Password = ...
Authentication/Security mode = any (also tried all the others)
Authentication/Ignore server certificate = Checked
When I look into the logs of the docker container after a failed connection attempt, I see the following error:
17:54:40.256 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService - User "guacadmin" connected to connection "1".
guacd[533]: INFO: Loading keymap "base"
guacd[533]: INFO: Loading keymap "en-us-qwerty"
guacd[533]: INFO: Connected to RDPDR 1.13 as client 0x0002
*** Error in `guacd': munmap_chunk(): invalid pointer: 0x000055d216529840 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7f5f2e172bfb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7f5f2e178fc6]
/usr/lib/x86_64-linux-gnu/libwinpr2.so.2(Stream_Free+0x2f)[0x7f5f2974577f]
/usr/lib/x86_64-linux-gnu/libfreerdp2.so.2(+0x7840d)[0x7f5f29d2c40d]
/usr/lib/x86_64-linux-gnu/libfreerdp2.so.2(+0x78a25)[0x7f5f29d2ca25]
/usr/lib/x86_64-linux-gnu/libfreerdp2.so.2(freerdp_channels_check_fds+0x35)[0x7f5f29d2d5f5]
/usr/lib/x86_64-linux-gnu/libfreerdp2.so.2(freerdp_check_event_handles+0x48)[0x7f5f29d2b128]
/usr/local/lib/libguac-client-rdp.so(guac_rdp_client_thread+0x287)[0x7f5f2a01e927]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x74a4)[0x7f5f2f6fb4a4]
/lib/x86_64-linux-gnu/libc.so.6(clone+0x3f)[0x7f5f2e1ead0f]
======= Memory map: ========
...
The RDP host machine is running Windows 10. I tested it with another machine also running Windows 10.
I also verified:
Other machines can connect to that RDP host using the same hostname, port, username and password as supplied
The host can be pinged from within the docker container
If the credential are not correct I get a different error saying the log in has failed, so the credentials are actually verified by the RDP host
In Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp "UserAuthentication" is 0 and "SecurityLayer" is 1
I expected the RDP connection to work
Related
Docker desktop was working fine but after a reboot the docker desktop doesn't start at all.
I've tried switchDaemon, Switch to Windows container etc., but none of them starts.
I'm using WSL2 and all my containers are linux based. If I re-install then I'll lose all data and images.
wsl --list
Windows Subsystem for Linux Distributions:
Ubuntu-20.04 (Default)
docker-desktop
docker-desktop-data
Every restart attempt results with the following log entires.
open \\.\pipe\dockerProcd: The system cannot find the file specified.
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Log:
[2022-08-01T14:09:47.861542400Z][com.docker.backend.exe][I] (15e5c8d5) 4b373d33-BackendAPI S->C DockerDesktopElectron POST /nps (1.6312ms): OK
[2022-08-01T14:09:50.286711200Z][com.docker.backend.exe][I] (e474d45c) 4b373d33-BackendAPI S<-C DockerDesktopElectron POST /analytics/track
[2022-08-01T14:09:50.287235200Z][com.docker.backend.exe][I] (e474d45c) 4b373d33-BackendAPI S<-C DockerDesktopElectron bind: {"body":null,"event":"actionMenuSwitchWindowsDaemon"}
[2022-08-01T14:09:50.287758600Z][com.docker.backend.exe][I] (e474d45c) 4b373d33-BackendAPI S->C DockerDesktopElectron POST /analytics/track (1.0474ms): OK
[2022-08-01T14:09:50.288277300Z][com.docker.backend.exe][I] Usage statistics: actionMenuSwitchWindowsDaemon
[2022-08-01T14:09:50.288277300Z][com.docker.backend.exe][I] anonymous remaining time: 23h35m58.7117227s
[2022-08-01T14:09:51.767785100Z][IPCServer ][Info ] (3f58fd7b) acc5d626-CSharpAPI S<-C DockerDesktopElectron POST /desktop/switch-engine
[2022-08-01T14:09:51.773786400Z][IPCServer ][Info ] (3f58fd7b) acc5d626-CSharpAPI S->C DockerDesktopElectron POST /desktop/switch-engine (6ms): OK
[2022-08-01T14:09:53.056235800Z][WslKeepAlive ][Info ] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
[2022-08-01T14:09:53.059234500Z][WslKeepAlive ][Info ] wsl keep-alive stopped
[2022-08-01T14:09:53.059234500Z][WslKeepAlive ][Warning] stopped unexpectedly
[2022-08-01T14:09:53.244964600Z][vpnkit-bridge.exe][W] windows: still waiting for dns-forwarder, volume-contents, lifecycle-server, wsl2-bootstrap-expose-ports, devenv-volumes, procd, docker, debug-shell, diagnosticd, wsl2-cross-distro-service, log after 10.01406s
[2022-08-01T14:10:03.238970300Z][vpnkit-bridge.exe][W] windows: still waiting for dns-forwarder, volume-contents, lifecycle-server, wsl2-bootstrap-expose-ports, devenv-volumes, procd, docker, debug-shell, diagnosticd, wsl2-cross-distro-service, log after 20.0080657s
[2022-08-01T14:10:05.610766100Z][com.docker.backend.exe][W] 526c5971-PauseHDL /pause/events server not replying: Get "http://ipc/pause/events": open \\.\pipe\dockerProcd: The system cannot find the file specified.
[2022-08-01T14:10:13.241610100Z][vpnkit-bridge.exe][W] windows: still waiting for lifecycle-server, wsl2-bootstrap-expose-ports, devenv-volumes, procd, docker, dns-forwarder, volume-contents, wsl2-cross-distro-service, log, debug-shell, diagnosticd after 30.0105872s
I have a problem like this. I am very new to hyper ledger fabric. I attach a shell to a running peer container in visual studio code and hit peer node start command in that terminal it gives me an error saying that,
2018-09-13 09:08:04.621 UTC [nodeCmd] status -> INFO 040 Error trying to get status from local peer: rpc error: code = Unknown desc
= access denied
status:UNKNOWN
Error: Error trying to connect to local peer: rpc error: code = Unknown desc = access denied
Can Someone help me to solve this problem? I search a lot but I was unable to find a solution to my problem. Thank You?
edit: the problem is you are using an old card with a new setup. when you create the app and then restarted the environment, it leads to the regeneration of the certificates.
I guess the problem is the FABRIC_VERSION. When you set it to hlfv1 and get bash into peer container (docker exec -it peer0.org1.example.com bash), the peer commands are working properly but when you set it to hlfv12 there are some peer commands are not working. I guess there is something wrong with the startup scripts. There is no "creds" folder exists under hlfv12/composer like hlfv1/composer by the way..
The peer node status command must be called by an administrator of the peer (someone who holds a private key matching one of the public keys in the MSP admincerts folder).
You need to run peer commands on a properly configured (by correct authentication materials) client. In my case it was CLI node.
Peer node logs:
root#bba2c96e744e:/# peer node status
2019-04-04 13:26:18.407 UTC [nodeCmd] status -> INFO 001 Error trying to get status from local peer: rpc error: code = Unknown desc = access denied
status:UNKNOWN
Error: Error trying to connect to local peer: rpc error: code = Unknown desc = access denied
root#bba2c96e744e:/# peer chaincode list --installed
Error: Bad response: 500 - access denied for [getinstalledchaincodes]: Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]
root#bba2c96e744e:/# peer logging getlevel system
Error: rpc error: code = Unknown desc = access denied
CLI node logs:
root#4079f33980f3:/# peer node status
status:STARTED
root#4079f33980f3:/# peer chaincode list --installed
Get installed chaincodes on peer:
Name: ccc, Version: 1.0, Path: chaincode/ccc, Id: e75e5770a29401d840b46a775854a1bb8576c6d83cf2832dce650d2a984ab29a
root#4079f33980f3:/# peer logging getlevel system
2019-04-04 13:26:02.287 UTC [cli/logging] getLevel -> INFO 001 Current log level for peer module 'system': INFO
I followed this tutorial to setup myorg/composer-rest-server and everything was working fine till I import card but when I make a GET request to /api/system/ping it returns 500 Error:
{"error":{"statusCode":500,"name":"Error","message":"Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]","stack":"Error: Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]\n at client.getUserContext.then.then.catch (/home/composer/.npm-global/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:393:34)\n at <anonymous>\n at process._tickDomainCallback (internal/process/next_tick.js:228:7)"}}
So I checked the logs for rest container, it can't seem to find 127.0.0.1:7054. Here is the error log.
Unhandled error for request GET /api/system/ping: Error: Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]
at client.getUserContext.then.then.catch (/home/composer/.npm-global/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:393:34)
at <anonymous>
at process._tickDomainCallback (internal/process/next_tick.js:228:7)
So I checked the logs for the container ca.org1.example.com, and it is listening to port 7054
2018/04/01 09:57:25 [DEBUG] CA initialization successful
2018/04/01 09:57:25 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server
2018/04/01 09:57:25 [DEBUG] 1 CA instance(s) running on server
2018/04/01 09:57:25 [INFO] Listening on http://0.0.0.0:7054
I think i need to change 127.0.0.1 to 0.0.0.0 but not sure how to do it the right way. Could also be a firewall issue?
Here's my .composer/cards/restadmin#myserver/connection.json
{"name":"hlfv1","x-type":"hlfv1","x-commitTimeout":300,"version":"1.0.0","client":{"organization":"Org1","connection":{"timeout":{"peer":{"endorser":"300","eventHub":"300","eventReg":"300"},"orderer":"300"}}},"channels":{"composerchannel":{"orderers":["orderer.example.com"],"peers":{"peer0.org1.example.com":{}}}},"organizations":{"Org1":{"mspid":"Org1MSP","peers":["peer0.org1.example.com"],"certificateAuthorities":["ca.org1.example.com"]}},"orderers":{"orderer.example.com":{"url":"grpc://orderer.example.com:7050"}},"peers":{"peer0.org1.example.com":{"url":"grpc://peer0.org1.example.com:7051","eventUrl":"grpc://peer0.org1.example.com:7053"}},"certificateAuthorities":{"ca.org1.example.com":{"url":"http://ca.org1.example.com:7054","caName":"ca.org1.example.com"}}}
I'm using AWS EC2
OS: Ubuntu 16.04.3 LTS,
Docker: 17.12.0-ce,
Composer: v0.19.0
Fabric: v1.1
Which card have you imported? If it is the restadmin card, I think you may have imported a Card containing an expired One-Time secret. After the rest admin card was used to start the REST server (in the container) the secret was replaced with certificates - so if you export the restadmin card again with a different name composer card export -c restadmin#trade-network -f restadmin-cert.card you will see that it is a larger file because of the certificates. You should be able to import and use this new .card file.
(If you were using a different card e.g. jdoe - did you run the sed command for this card to correct the addresses?)
In an effort to be OAuth'd with Etsy, I have tried countless solutions in C# to at least start the authentication process (ie get the login URL):
eg
mashery.com, http://term.ie/oauth/example/client.php and question #8321034
but the response is always the same:
oauth_problem=signature_invalid&debug_sbs=GET&https%3A%2F%2Fopenapi.etsy.com%2Fv2%2Foauth%2Frequest_token&oauth_consumer_key%3D...my-consumer-key...%26oauth_nonce%3D2de91e1361d1906bbae04b15f42ab38d%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1502362164%26oauth_version%3D1.0%26scope%3Dlistings_w%2520listings_r
and so I'm resorting to the dreaded world of PHP...
On my machine, I've installed the following (Windows 10):
XAMPP (xampp-win32-7.1.7-0-VC14-installer) with default options
JDK (jdk-8u144-windows-i586)
JRE (jre-8u144-windows-i586)
php_oauth.dll ([php_oauth-2.0.2-7.1-ts-vc14-x86.zip][4]) and copying it to C:\xampp\php\ext
[cacert.pem][4], (dated Jun 7 03:12:05 2017) and coping it to the following directories:
C:\xampp\perl\vendor\lib\Mozilla\CA
C:\xampp\phpMyAdmin\vendor\guzzle\guzzle\src\Guzzle\Http\Resources
Apache and Tomcat would not run to begin with from XAMPP because it said that ports 443 and 80 were being used/blocked and so I duly changed these to 444 and 122 in
C:\xampp\apache\conf\extra\httpd-ssl.conf
C:\xampp\apache\conf\httpd.conf
All good so far but when I run the following script in my browser (http://localhost:444/dashboard/etsy.php):
<?php
$base_uri = 'https://openapi.etsy.com';
$api_key = 'my-etsy-api-key';
$secret = 'my-etsy-api-secret';
$oauth = new OAuth($api_key, $secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
$req_token = $oauth->getRequestToken($base_uri .= "/v2/oauth/request_token?scope=listings_w%20transactions_r", 'oob');
$login_url = $req_token['login_url'];
print "Please log in and allow access: $login_url \n\n";
$verifier = readline("Please enter verifier: ");
$verifier = trim($verifier);
$oauth->setToken($req_token['oauth_token'], $req_token['oauth_token_secret']);
$acc_token = $oauth->getAccessToken($base_uri .= "/v2/oauth/access_token", null, $verifier);
$oauth_token = $acc_token['oauth_token'];
$oauth_token_secret = $acc_token['oauth_token_secret'];
$oauth->setToken($oauth_token, $oauth_token_secret);
print "Token: $oauth_token \n\n";
print "Secret: $oauth_token_secret \n\n";
?>
I get the following error message:
Fatal error: Uncaught OAuthException: making the request failed (Peer
certificate cannot be authenticated with given CA certificates) in
C:\xampp\htdocs\dashboard\etsy.php:8 Stack trace: #0
C:\xampp\htdocs\dashboard\etsy.php(8):
OAuth->getRequestToken('https://openapi...', 'oob') #1 {main} thrown
in C:\xampp\htdocs\dashboard\etsy.php on line 8
I've tried running the script with each thread safe, x86 version of OAuth (http://windows.php.net/downloads/pecl/releases) - stop, restart Apache) but no luck.
I'm at my wits end.
How to I resolve this Peer certificate problem?
Simply disable the SSL on local.
$oauth->disableSSLChecks()
Oauth by default using CURL SSL Certificate. The simple way for local apache server is to disable it. Either configure the SSL for the CURL. It will also resolve the issue for oauth.
as per php documentation
we can set the certificate path simply.
$oauth->setCAPath("F:\xampp\php\extras\ssl\cacert.pem");
print_r($oauth->getCAPath());
You can also set the request engine to curl or php stream if the ssl is already configured.
Official PHP documentation
I'm trying to login to Roundcube only the program won't let me.
I can login to the said account from the shell and mail is setup and working correctly on my server for user 'admin'. It's RC that is the problem. If I check my logs:
/usr/local/www/roundcube/logs/errors
they show:
[21-Sep-2013 17:19:02 +0100]: IMAP Error: Login failed for admin from ip.ip.ip.ip. Could not connect to ip.ip.ip.ip:143:
Connection refused in /usr/local/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 184
(POST /roundcube/?_task=login&_action=login)
which doesn't give me many clues really, just leads me to:
public function connect($host, $user, $pass, $port=143, $use_ssl=null) {}
from
rcube_imap.php
Stuff I've tried, editing:
/usr/local/www/roundcube/config/main.inc.php
with:
// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null to use
// best server supported one)
//$rcmail_config['imap_auth_type'] = LOGIN;
$rcmail_config['imap_auth_type'] = null;
// Log IMAP conversation to <log_dir>/imap or to syslog
$rcmail_config['imap_debug'] = /var/log/imap;
With a failed login attempt
/var/log/imap
doesn't even get written to, leaving me no clues. I'm using dovecot and Sendmail on a FreeBSD box with full root access. It's not an incorrect username password combination for sure.
Several Googles on the string 'Roundcube: Connection to storage server failed' are fruitless.
EDIT:
I needed an entry in
/etc/rc.conf
dovecot_enable="YES"
Schoolboy error.
I had the same problem with a letsencrypt certificate and resolve it by disabling peer authentication:
$config['imap_conn_options'] = array(
'ssl' => array('verify_peer' => true, 'verfify_peer_name' => false),
'tls' => array('verify_peer' => true, 'verfify_peer_name' => false),
);
Afterwards you can set the connection string like this (starttls):
$config['default_host'] = 'tls://your-host.tld';
$config['default_port'] = '143';
$config['smtp_server'] = 'tls://your-host.tld';
$config['smtp_port'] = '25';
Or like this (ssl approach):
$config['default_host'] = 'ssl://your-host.tld';
$config['default_port'] = '993';
$config['smtp_server'] = 'ssl://your-host.tld';
$config['smtp_port'] = '587';
Make sure you use the fully qualified hostname of the certificate in the connection string (like your-host.tld) and not an internal hostname (like localhost).
Hope that helps someone else.
Change the maildir to whatever your system uses.
Change Dovecot mail_location setting to
mail_location = maildir:~/Mail
Change Postfix home_mailbox setting to
home_mailbox = Mail/
Restart services and away you go
Taken from this fedoraforum post
If you run fail2ban, then dovecot might get banned following failed Roundcube login attempts. This has happened to me twice already...
First, check if this is indeed the case:
sudo fail2ban-client status dovecot
If you get an output similar to this:
Status for the jail: dovecot
|- Filter
| |- Currently failed: 1
| |- Total failed: 8
| `- File list: /var/log/mail.log
`- Actions
|- Currently banned: 1
|- Total banned: 2
`- Banned IP list: X.X.X.X
i.e. the Currently banned number is higher than 0, then fail2ban was a bit overeager and you have to "unban" dovecot.
Run the fail2ban client in interactive mode:
sudo fail2ban-client -i
and at the fail2ban> prompt enter the following:
set dovecot unbanip X.X.X.X
where X.X.X.X is the IP address of your Dovecot server.
Exit from the interactive client and run sudo fail2ban-client status dovecot again. The Currently banned: field now should have a value of 0. What's more important, RoundCube should work again :-)
The issue is in your mail server.
Check your ports in your mail server and reset it (if necessary):
Port 25 (and 587) must be open for SMTP
Port 143 (and 993) must be open for IMAP
Port 110 must be open for POP3
Also open those ports in your firewall settings.
sudo dovecot should solve the problem.
If not restart dovecot
sudo service dovecot restart