logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
gcouch  
#1 Posted : Wednesday, May 14, 2014 10:30:02 PM(UTC)
gcouch


Rank: Newbie

Joined: 5/14/2014(UTC)
Posts: 2
United States
Location: Michigan

Thanks: 1 times
Hello,

I have setup screenconnect for the company I'm with and needed to maximize compatibility with outside customers. To do this I have setup the web interface to run on HTTPS using a Go Daddy cert for *.mydomain.com. It automatically redirects from HTTP. Then we found that port 8041 was blocked by quite a few of our clients so I moved the relay to a separate IP and port 80 on the same server. IP listeners were configured for both the IPs. The web.config is as follows

Quote:

</httpModules>
<add name="BaseUrlRedirectionModule" type="BaseUrlRedirectionModule" />
</httpModules>
</appSettings>
<add key="WebServerListenUri" value="https://192.168.1.205:443/" />
<add key="WebServerAlternateListenUri" value="http://192.168.1.205:80/" />
<add key="RelayListenUri" value="relay://192.168.1.206:80/" />
<add key="RedirectFromBaseUrl" value="http://connect.mydomain.com/" />
<add key="RedirectToBaseUrl" value="https://connect.mydomain.com/" />
<add key="RelayAddressableUri" value="relay://relay.mydomain.com:80/" />
</appSettings>


SSL works flawlessly, We have all the appropriate outside DNS records and firewall rules, all screenconnect tests are green. However, quite often when a client or employee in the domain LAN tries to run the screenconnect clickonce join they are unable to do so and receive the following error:

Quote:

SOURCES
Deployment url : https://192.168.1.205/Bi...pport&y=Guest&r=
...
ERROR DETAILS
Following errors were detected during this operation.
* [5/14/2014 5:46:41 PM] System.Deployment.Application.DeploymentDownloadException (Unknown subtype)
- Downloading https://192.168.1.205/Bi...pport&y=Guest&r= did not succeed.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)
at System.Deployment.Application.SystemNetDownloader.DownloadAllFiles()
at System.Deployment.Application.FileDownloader.Download(SubscriptionState subState)
at System.Deployment.Application.DownloadManager.DownloadManifestAsRawFile(Uri& sourceUri, String targetPath, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestDirectBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestBypass(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, SubscriptionState& subState, IDownloadNotification notification, DownloadOptions options)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.Net.WebException
- The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
- Source: System
- Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)
--- Inner Exception ---
System.Security.Authentication.AuthenticationException
- The remote certificate is invalid according to the validation procedure.
- Source: System
- Stack trace:
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)


Edit: External users download the screenconnect client and the client calls to the private address. What can I do to change this?

Thanks!

Edited by user Thursday, May 15, 2014 12:26:35 PM(UTC)  | Reason: Not specified

John  
#2 Posted : Friday, May 16, 2014 2:40:50 PM(UTC)
John


Rank: Guest

Medals: Level 2: Lent a Helping Hand! 10 Thanks!

Joined: 3/25/2014(UTC)
Posts: 226

Thanks: 5 times
Was thanked: 12 time(s) in 11 post(s)
I believe we spoke on the phone and resolved a similar issue -- are you all set now? If that was you, i'll explain how we resolved the issue

gcouch  
#3 Posted : Friday, May 16, 2014 2:54:11 PM(UTC)
gcouch


Rank: Newbie

Joined: 5/14/2014(UTC)
Posts: 2
United States
Location: Michigan

Thanks: 1 times
Yeah I think this was you. It all works, turns out it was the outside DNS record for the relay url.

This is a great software and we are looking forward to an unlimited license.
John  
#4 Posted : Friday, May 16, 2014 3:24:22 PM(UTC)
John


Rank: Guest

Medals: Level 2: Lent a Helping Hand! 10 Thanks!

Joined: 3/25/2014(UTC)
Posts: 226

Thanks: 5 times
Was thanked: 12 time(s) in 11 post(s)
Thanks for your compliment and letting the forum know you're all set and what it was.
bigdessert  
#5 Posted : Friday, May 16, 2014 3:49:28 PM(UTC)
bigdessert


Rank: Advanced Member

Medals: ScreenConnect Advisor: Focus Group MemberLevel 3: Shirt off your back! Received 25 Thanks!

Joined: 9/13/2010(UTC)
Posts: 708
Location: Minnesota

Thanks: 1 times
Was thanked: 44 time(s) in 32 post(s)
Please note for future readers...


When running the relay on port 80 I have found many pieces of security software and border appliances can interfere with the traffic. This is because a lot of these software packages are set to sniff port 80 traffic.

Just something to be aware of in the future.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.