logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
Konceptech.net  
#1 Posted : Saturday, January 3, 2015 11:21:50 PM(UTC)
Konceptech.net


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 7/26/2013(UTC)
Posts: 69
Canada
Location: Quebec

Thanks: 10 times
Was thanked: 3 time(s) in 2 post(s)
Hi,

I want to know the way to change the relay url of my existing configuration.

The goal is to protect the main url which is the webserver.

But i don't want to pass the relay traffic through CloudFlare.

I know that the setting is in the web.config, but i'm not aware of what is gonna append since i change to relay.mysupportdomain.com

<add key="RelayListenUri" value="relay://+:8041/" />

Thanks!

Paul Moore  
#2 Posted : Saturday, January 3, 2015 11:57:04 PM(UTC)
Paul Moore


Rank: Advanced Member

Medals: Level 3: Shirt off your back! Received 25 Thanks!

Joined: 9/16/2011(UTC)
Posts: 334

Thanks: 5 times
Was thanked: 70 time(s) in 44 post(s)
You shouldn't need to alter the RelayListenUri" parameter, but you will need to tell Screenconnect to use a different "RelayAddressableUri".

<add key="RelayAddressableUri" value="relay://mysupportdomain.com/" />

Then, add a new subdomain in your CF zone file and make it "inactive" (grey icon), so it'll observe the DNS configuration but won't route data through Cloudflare.

Just be aware, it's possible to route web traffic through CF insecurely (or less secure, depending on your viewpoint). The "Flexible" option terminates SSL/TLS at Cloudflare, meaning your traffic travels over the transport layer in plain text between CF and your server. If you want end-to-end/origin-based encryption, you need either "Full" or "Full Strict", the latter checking the validity of the cert your server presents. If you use keyless TLS, you won't need to hand over your private key.
ScreenConnect Reporting - Collects live & historical information including session times.
http://goo.gl/nrF3e9
thanks 1 user thanked Paul Moore for this useful post.
Konceptech.net on 1/4/2015(UTC)
Konceptech.net  
#3 Posted : Sunday, January 4, 2015 1:57:19 PM(UTC)
Konceptech.net


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 7/26/2013(UTC)
Posts: 69
Canada
Location: Quebec

Thanks: 10 times
Was thanked: 3 time(s) in 2 post(s)
Okay, seems that you'r aware of this kind of setup.

Just to be sure, let me know if i understand well.

i already added a subdomain in my CF zone file that point to the static IP of SC. (relay.xxxx.com)

The main domain is used to point to the webserver, and is used only by SC. (xxxx.com)

My relay is on the default port.

I add a new parameter: <add key="RelayAddressableUri" value="relay://relay.mysupportdomain.com:8041/" />

Is that correct? Also, do you think if i have to update all the clients to aply this new parameter?

What is gonna append since i save the config?

Thanks for you help!
Konceptech.net  
#4 Posted : Sunday, January 4, 2015 2:28:56 PM(UTC)
Konceptech.net


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 7/26/2013(UTC)
Posts: 69
Canada
Location: Quebec

Thanks: 10 times
Was thanked: 3 time(s) in 2 post(s)
The settings i'm gonna apply:

<add key="WebServerListenUri" value="https://+:443/" />
<add key="WebServerAlternateListenUri" value="http://+:80/" />
<add key="RelayListenUri" value="relay://+:8041/" />
<add key="RelayAddressableUri" value="relay://relay.domain.tld:8041/" />
<add key="RedirectFromBaseUrl" value="http://*/" />
<add key="RedirectToBaseUrl" value="https://domain.tld:443/" />
Paul Moore  
#5 Posted : Sunday, January 4, 2015 4:32:41 PM(UTC)
Paul Moore


Rank: Advanced Member

Medals: Level 3: Shirt off your back! Received 25 Thanks!

Joined: 9/16/2011(UTC)
Posts: 334

Thanks: 5 times
Was thanked: 70 time(s) in 44 post(s)
Spot on.

You don't need to specify :443 on the last line, as that's the default for SSL/TLS.

<add key="RedirectToBaseUrl" value="https://domain.tld/" />

You will need to update your clients for them to pick up the change, but

<add key="RelayListenUri" value="relay://+:8041/" />

... means existing ones will connect via CF, new ones will bypass CF.
ScreenConnect Reporting - Collects live & historical information including session times.
http://goo.gl/nrF3e9
Konceptech.net  
#6 Posted : Sunday, January 4, 2015 7:20:05 PM(UTC)
Konceptech.net


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 7/26/2013(UTC)
Posts: 69
Canada
Location: Quebec

Thanks: 10 times
Was thanked: 3 time(s) in 2 post(s)
Very helpfull!

Your are looking as a SC team member! (i know you don't)

;)

Strangely the Host's client seems to connect to the old url ... when i check under "status" it still the old one, but on the computer it is on on the new one ...

It's like i have to reload the client for the host, i don't remember how to do.

Thanks!

Edited by user Sunday, January 4, 2015 7:26:34 PM(UTC)  | Reason: Not specified

Paul Moore  
#7 Posted : Sunday, January 4, 2015 7:30:07 PM(UTC)
Paul Moore


Rank: Advanced Member

Medals: Level 3: Shirt off your back! Received 25 Thanks!

Joined: 9/16/2011(UTC)
Posts: 334

Thanks: 5 times
Was thanked: 70 time(s) in 44 post(s)
You'll have to mass select them and hit "reinstall".

Cheers.
ScreenConnect Reporting - Collects live & historical information including session times.
http://goo.gl/nrF3e9
Konceptech.net  
#8 Posted : Sunday, January 4, 2015 7:38:43 PM(UTC)
Konceptech.net


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 7/26/2013(UTC)
Posts: 69
Canada
Location: Quebec

Thanks: 10 times
Was thanked: 3 time(s) in 2 post(s)
Originally Posted by: Paul Moore Go to Quoted Post
You'll have to mass select them and hit "reinstall".

Cheers.


That's what i done, but it's on my side where i seems to have the trouble, i mean the portion of code that is stored in the host computer that launch the program to take the control of the client.

Another thing, but i think it's about the beta 5.1, all of the clients under Windows Xp, fail to update and the Elsinore.ScreenConnect.ClientReinstall.exe is crashing.

I think i will wait another couple of weeks, to be able to update all the clients, since i reactivate CF, which block the relay.

Thanks for your time.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.