Guacamole : 500 Internal Server Error

[SomaanJaved]

Description

I created the Guacamole Virtual Desktops workspace service in Azure TRE, but when attempting to establish a connection, I encounter a "500 Internal Server Error." I also created a Windows VM resource but encounter the same error when trying to connect.

More Info
could not get claim "email": failed to fetch claims from profile URL: error making request to profile URL: unexpected status "401": {"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience.","innerError":{"date":"2023-08-16T18:58:01","request-id":"45da9725-4ae8-449f-8ea0-7813d5807de7","client-request-id":"45da9725-4ae8-449f-8ea0-7813d5807de7"}}}
Request ID: 4ea9587b-ebc7-40ff-8690-d004707bf8d2

Steps

The steps I have tried are:

1. Headed to the app registration in the Azure portal and Added a redirect URI > Add a platform > Web > then pasted the Guacamole URI in the redirect URI box.
2. Checked the ID tokens checkbox
3. I have OAuth2 Proxy version v7.4.0

[marrobi]

Hello, what release are you running?

Can you check the user has an email in AAD as per could not get claim "email":

We do have a recent fix to ensure Guacamole will work with users without emails. #3548

[SomaanJaved]

Hi Marcus,
Thank you for your response.

After assigning an email to user in AAD, Guacamole connected but I am not able to access the remote desktop server.

I'm getting following error:
"The remote desktop server has denied access to this connection. If you require access, please ask your system administrator to grant your account access, or check your system settings."

I'm inexperienced with this, so your help means a lot to me.

[marrobi]

Is this a Windows or Linux VM? Suggest you try a Windows VM first.

If Linux, ensure you have Nexus installed and it is operational. We are aware of this issue - #3642

[SomaanJaved]

I apologize for not clarifying this earlier.
I am currently working on a Windows 10 Machine with a VM size of 2 CPUs and 8 GB of RAM.
Additionally, the option to enable access to shared storage is also selected.

Workspace service configuration:

[marrobi]

Can you confirm the VM is running? Windows VMs very rarely have issues.

[SomaanJaved]

After unchecking the "Expose externally" option in the Update-Workspace service, the issue has been successfully resolved.
I sincerely appreciate your support.

[marrobi]

Hmm, sounds strange.

Can you look at the versions in the bottom right of the UI - hover over the (i).

Are you running the main branch or a release via the deployment repo?

[SomaanJaved]

Sure I can check,
This is my version:

However, I'm encountering another error upon connecting to the Ubuntu 18.04 Data Science VM.
Your assistance is required to resolve this issue.

"The remote desktop server is currently unreachable. If the problem persists, please notify your system administrator, or check your system logs."

Note: Connecting on the Windows VM works fine, but I'm encountering this issue while trying to connect on the Ubuntu VM.

[marrobi]

Ok, have you got the Nexus Package mirror deployed? It's required for Linux VMs.

If so can you check it is running from a Windows VM, we have a known issue here #3642

[SomaanJaved]

Thank you for your response.
I'm relatively new to this and not very experienced.
Could you please explain a bit more about how I can check if Nexus Package mirrors deployed on my Linux VM? Also, if you could provide some straightforward steps on how to resolve this issue I couldn't understand the link you sent above.
That would be really helpful. I'm encountering the "remote desktop server unreachable" issue on linux VM and any guidance you can provide would be greatly appreciated.

[marrobi]

Have you followed this guidance: https://microsoft.github.io/AzureTRE/v0.13.0/tre-admins/setup-instructions/configuring-shared-services/#deploy-configure-nexus-service ?

[SomaanJaved]

Yes, I have followed the guidance but I'm not reachable to the public domain "https://nexus-{TRE_ID}.{LOCATION}.cloudapp.azure.com" neither from Jumbox nor from the browser.

In Jumpbox ( Nexus VM):

In browser: