workspaces-issues icon indicating copy to clipboard operation
workspaces-issues copied to clipboard
verified publisher icon kasmtech

[Bug] - Kasm Desktop Service connection failures, possible forward proxy issue

Open Clancy508 opened this issue 1 year ago • 1 comments

Describe the bug On a fresh Windows 11 24H2 install the Kasm Desktop Service fails to receive communication from the Kasm Workspaces host for certain API calls, but not others (running the single server deployment inside a VM)

To Reproduce

  1. Set up a Windows 11 VM and fully update it
  2. Establish a connection from Kasm to the Windows VM using RDP
  3. Install the Kasm Desktop Service as per the official instructions
  4. The Desktop Service throws an error saying that the Kasm instance can't connect to the Desktop Service via port 4902
  5. Close out of but do not delete the session
  6. Re-open the session - confirm that the Desktop Services are indeed active and working, with file upload and download both now available and fully functional
  7. Delete the session
  8. Attempt to open a new session on the same workspace

Expected behavior The session opens

Workspaces Version Version 1.16.1

Workspaces Installation Method Single Server on a dedicated Ubuntu 24.04 host, of note using a forward proxy (although the forward proxy is not in between Kasm and the Windows machine)

Client Browser (please complete the following information):

  • OS: Fedora 41
  • Firefox 134

Workspace Server Information (please provide the output of the following commands):

  • uname -a
  • Linux kasm 6.8.0-51-generic #52-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec 5 13:09:44 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
  • cat /etc/os-release
  • PRETTY_NAME="Ubuntu 24.04.1 LTS" NAME="Ubuntu" VERSION_ID="24.04" VERSION="24.04.1 LTS (Noble Numbat)" VERSION_CODENAME=noble ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=noble LOGO=ubuntu-logo
  • sudo docker info
  • `Client: Version: 26.1.3 Context: default Debug Mode: false Plugins: compose: Docker Compose (Docker Inc.) Version: 2.27.1+ds1-0ubuntu1~24.04.1 Path: /usr/libexec/docker/cli-plugins/docker-compose

Server: Containers: 11 Running: 11 Paused: 0 Stopped: 0 Images: 15 Server Version: 26.1.3 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan kasmweb/sidecar:1.1 macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init containerd version: runc version: init version: Security Options: apparmor seccomp Profile: builtin cgroupns Kernel Version: 6.8.0-51-generic Operating System: Ubuntu 24.04.1 LTS OSType: linux Architecture: x86_64 CPUs: 8 Total Memory: 11.64GiB Name: kasm ID: Docker Root Dir: /var/lib/docker Debug Mode: false HTTP Proxy: HTTPS Proxy: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false`

  • sudo docker ps | grep kasm
  • 14f67d9b7991 kasmweb/api:1.16.1 "/bin/sh -c '/usr/bi…" 2 weeks ago Up 4 hours (healthy) 8080/tcp kasm_api 8e8a946dd666 kasmweb/proxy:1.16.1 "/docker-entrypoint.…" 3 weeks ago Up 4 hours 80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp kasm_proxy 5946fa9e1934 kasmweb/rdp-https-gateway:1.16.1 "/opt/rdpgw/rdpgw" 3 weeks ago Up 4 hours (healthy) kasm_rdp_https_gateway c7e0097d7f45 kasmweb/share:1.16.1 "/bin/sh -c '/usr/bi…" 3 weeks ago Up 4 hours (healthy) 8182/tcp kasm_share 0833ca1cd1b4 kasmweb/rdp-gateway:1.16.1 "/start.sh" 3 weeks ago Up 4 hours (healthy) 0.0.0.0:3389->3389/tcp, :::3389->3389/tcp kasm_rdp_gateway 14387d4d0178 kasmweb/agent:1.16.1 "/bin/sh -c '/usr/bi…" 3 weeks ago Up 4 hours (healthy) 4444/tcp kasm_agent 796eed05bc1d redis:5-alpine "docker-entrypoint.s…" 3 weeks ago Up 4 hours 6379/tcp kasm_redis 5b470240d507 kasmweb/manager:1.16.1 "/usr/bin/startup.sh…" 3 weeks ago Up 4 hours (healthy) 8181/tcp kasm_manager 5f26f49f624d kasmweb/kasm-guac:1.16.1 "/dockerentrypoint.sh" 3 weeks ago Up 4 hours (healthy) kasm_guac af433ac870be postgres:14-alpine "docker-entrypoint.s…" 3 weeks ago Up 4 hours (healthy) 5432/tcp kasm_db

I have manually verified that port 4902 is open and connectable - the Kasm host can connect to 4902 using nc, and as mentioned some of the features that depend on the services being able to communicate back to the host via 4902 do work (file transfers, both upload and download). I am using a second network interface for Kasm - Windows communication, but I did test using the main interface as well, and for the sake of not confounding things the RDP connection is on the same interface, and I have verified that the Windows system can connect to the Kasm web interface through a browser on port 443 to confirm I have tried doing this with the full scorched earth approach on the Windows side - even completely disabling Defender Firewall doesn't fix it (after having confirmed that the automatic firewall rules were installed and correct).

Perusing the error logs shows that the system is attempting to use a proxy for the failed API calls - I'm not really sure why, since it's only doing this for some calls and not others, and I've not configured a proxy for Kasm (I have configured a proxy for Docker but I'm not really sure why Kasm is trying to use it for this, particularly since it's using an out of date IP address (the proxy has been reconfigured on a different IP and the Docker proxy has been updated to reflect this) and only using it for some API calls...)

Clancy508 avatar Jan 21 '25 07:01 Clancy508

experienced the same thing several months ago with a fresh kasm deployment on a physical machine using official instructions.

xpbl avatar Jan 29 '25 23:01 xpbl