latest changes

backend/src/websocket/rdp.ts

@@ -174,15 +174,18 @@ export async function rdpWebsocket(fastify: FastifyInstance) {
           dpi: '96',
           'color-depth': '32',
           'ignore-cert': 'true',
-          security: 'nla',            // FreeRDP 3.x dropped 'any'; NLA is what Windows 11 uses by default
+          // 'nla' = Network Level Authentication (CredSSP). Required for Windows 11 22H2+ which
+          // mandates CredSSP v6. FreeRDP 3.x handles CredSSP v6 properly.
+          security: 'nla',
           'disable-auth': 'false',
           'enable-drive': 'false',
           'create-drive-path': 'false',
           'enable-printing': 'false',
+          'disable-audio': 'true',
           'disable-glyph-caching': 'false',
-          // disable-gfx removed: FreeRDP 3.x handles GFX pipeline correctly; disabling it caused crashes
+          'disable-gfx': 'true',
           'cert-tofu': 'true',
-          'resize-method': 'display-update',
+          'resize-method': 'reconnect',
         };
 
         // Acknowledge whichever VERSION_x_y_z guacd advertises.
@@ -194,24 +197,33 @@ export async function rdpWebsocket(fastify: FastifyInstance) {
           }
         }
 
-        // 3. Connect with values guacd requested
-        const argValues = argNames.map((name) => rdpParams[name] ?? '');
-        guacd.write(buildInstruction('connect', ...argValues));
+        // 3. Send size instruction so guacd populates client->info.optimal_width/height/resolution.
+        //    Without this, guacd logs "0x0 at 0 DPI" and FreeRDP may use a zero-size display.
+        guacd.write(buildInstruction('size', rdpParams.width, rdpParams.height, rdpParams.dpi));
 
-        // 4. Read ready instruction
+        // 4. Connect with values guacd requested
+        const argValues = argNames.map((name) => rdpParams[name] ?? '');
+        const connectInstruction = buildInstruction('connect', ...argValues);
+        fastify.log.info(
+          { argNames, argValues, connectInstruction: connectInstruction.substring(0, 500) },
+          'RDP: sending connect instruction'
+        );
+        guacd.write(connectInstruction);
+
+        // 5. Read ready instruction
         const readyInstruction = await readInstruction(guacd, tcpBuf);
         fastify.log.info({ readyInstruction }, 'RDP: guacd ready instruction received');
         if (readyInstruction[0] !== 'ready') {
           throw new Error(`guacd handshake failed: expected 'ready', got '${readyInstruction[0]}'`);
         }
 
-        // 5. Send the tunnel UUID as a Guacamole internal instruction.
+        // 6. Send the tunnel UUID as a Guacamole internal instruction.
         //    WebSocketTunnel (1.5.0+) expects opcode "" (empty string) with the
         //    UUID as the single argument: "0.,36.<uuid>;"
         const guacdUUID = readyInstruction[1] ?? randomUUID();
         socket.send(buildInstruction('', guacdUUID));
 
-        // 6. Flush any buffered bytes that arrived after 'ready'
+        // 7. Flush any buffered bytes that arrived after 'ready'
         if (tcpBuf.value.length > 0) {
           fastify.log.info({ flushed: tcpBuf.value.substring(0, 300) }, 'RDP: flushing buffered data after ready');
           if (socket.readyState === WebSocket.OPEN) socket.send(tcpBuf.value);
@@ -230,7 +242,8 @@ export async function rdpWebsocket(fastify: FastifyInstance) {
       // --- Proxy mode ---
       guacd.on('data', (data: Buffer) => {
         const text = data.toString('utf8');
-        fastify.log.debug({ guacdData: text.substring(0, 300) }, 'RDP: data from guacd');
+        // Log all data during proxy phase at info level so we can see error instructions
+        fastify.log.info({ guacdData: text.substring(0, 500) }, 'RDP: data from guacd');
         if (socket.readyState === WebSocket.OPEN) socket.send(text);
       });