workspaces-issues icon indicating copy to clipboard operation
workspaces-issues copied to clipboard

Published 20 hours ago verified publisher icon kasmtech

[Bug] - SSL Verification Error when connecting Kasm Windows Service to Kasm

Open grizzlycode opened this issue 1 year ago • 4 comments

Describe the bug

I'm trying to install the Kasm Windows Service on a Windows 11 box.

I followed the guide to installing the "Kasm Windows Service" here.

I tried following your YouTube video here, but you don't even cover the Windows agent at all...you mention a dedicated video to installing the "Windows Service" at the 5 minute mark, however, I looked in the comments plus all your YouTube videos and see no dedicated video to the "Kasm Windows Service" install and usage.

I get the following error when trying to execute agent syntax provided by Kasm:

“2024-04-05 10:19:28,823 - __main__ - WARNING - The jwt_public_key file is not defined or does not exist.

urllib3\connectionpool.py:1095: InsecureRequestWarning: Unverified HTTPS request is being made to host '1.2.3.4'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings

2024-04-05 10:19:28,885 - __main__ - ERROR - Registration failed: Access Denied!”

To Reproduce Steps to reproduce the behavior:

  1. Navigate to Admin > Infrastructure > Servers > Add
  2. Complete form and switch on "Agent Install" follow instructions on agent install
  3. Upon executing this syntax in Windows 11 I get the error I mentioned above

.\agent.exe --register-host 1.2.3.4 --register-port 443 --server-id <id> --register-token <token>

  1. Unable to proceed because of error

Expected behavior Execute agent syntax and Windows service connects to Kasm securely.

Screenshots If applicable, add screenshots to help explain your problem.

Workspaces Version Version 1.15

Workspaces Installation Method Single Server

Client Browser (please complete the following information):

  • OS: Windows 11
  • Browser: chrome
  • Version: 124

Workspace Server Information (please provide the output of the following commands):

  • uname -a

Linux KASM 6.5.0-26-generic #26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

  • cat /etc/os-release

PRETTY_NAME="Ubuntu 22.04.4 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.4 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy

  • sudo docker info

Client: Docker Engine - Community Version: 26.0.0 Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) Version: v0.13.1 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) Version: v2.5.0 Path: /usr/local/lib/docker/cli-plugins/docker-compose

Server: Containers: 9 Running: 9 Paused: 0 Stopped: 0 Images: 54 Server Version: 26.0.0 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: ae07eda36dd25f8a1b98dfbf587313b99c0190bb runc version: v1.1.12-0-g51d5e94 init version: de40ad0 Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 6.5.0-26-generic Operating System: Ubuntu 22.04.4 LTS OSType: linux Architecture: x86_64 CPUs: 6 Total Memory: 23.46GiB Name: KASM ID: f0321ac0-89ae-4b43-a511-00901e2748f1 Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

  • sudo docker ps | grep kasm

01a9256c3cca kasmweb/nginx:1.25.3 "/docker-entrypoint.…" 4 weeks ago Up 8 minutes 80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp kasm_proxy 2d9da98364cc kasmweb/agent:1.15.0 "/bin/sh -c '/usr/bi…" 4 weeks ago Up 8 minutes (healthy) 4444/tcp kasm_agent d054f129f6dc kasmweb/share:1.15.0 "/bin/sh -c '/usr/bi…" 4 weeks ago Up 8 minutes (healthy) 8182/tcp kasm_share 2c723f855e41 kasmweb/api:1.15.0 "/bin/sh -c '/usr/bi…" 4 weeks ago Up 8 minutes (healthy) 8080/tcp kasm_api d05afc98dfc6 kasmweb/manager:1.15.0 "/bin/sh -c '/usr/bi…" 4 weeks ago Up 8 minutes (healthy) 8181/tcp kasm_manager 6af8ecf13616 kasmweb/kasm-guac:1.15.0 "/dockerentrypoint.sh" 4 weeks ago Up 8 minutes (healthy) kasm_guac fe6d9a22d242 redis:5-alpine "docker-entrypoint.s…" 4 weeks ago Up 8 minutes 6379/tcp kasm_redis 045647c6c2ed postgres:12-alpine "docker-entrypoint.s…" 4 weeks ago Up 8 minutes (healthy) 5432/tcp kasm_db

Additional context Add any other context about the problem here.

Both systems are on static IPs in the same network. I can ping both devices from the other. I'm not using any custom SSL certs. I'm just trying to connect to the self-signed cert created by KASM, but ufortunately can't connect due to SSL verification. I would imagine this SSL checking would of been anticipated during development? How do I get past this without creating custom certs?

grizzlycode avatar Apr 06 '24 16:04 grizzlycode

I had a similar issue; for me I had to toggle on "Agent Installed" in Servers and hit Save before running the command. image

breagan1983 avatar Apr 09 '24 21:04 breagan1983

I had a similar issue; for me I had to toggle on "Agent Installed" in Servers and hit Save before running the command.

Wierd, but this actually works. Thanks @breagan1983 for sharing!

I hope they get it to work correctly or at least update the steps so users know how to get this to actually work. As it currently stands it's not intutive to save first then execute at least not without further instructions.

For that reason I would like to keep this issue open until its resolved correctly with either doing it before the "save" which seems logical with current instructions or with updated instructions to copy the agent command line then press "save" button then execute the command in the Windows box to the "Agent Instructions."

grizzlycode avatar Apr 09 '24 23:04 grizzlycode

Werid, I just happend to get the same error, however I had the server enabled and agent enabled before running the commands.

CrazyWolf13 avatar Aug 26 '24 16:08 CrazyWolf13

I found workaround: You can save the settings and after that you can again enter the command with kasm client registration

MaxBal avatar Aug 31 '24 05:08 MaxBal