search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.06k stars 545 forks source link

COOKIE: ERR: Bad AESGCM cookie due to exception: Error: Unsupported state or unable to authenticate data #4726

Open sistemmsn opened 1 year ago

sistemmsn commented 1 year ago

Hello, how are you? I've been trying to understand the error that occurs when I install the agent to a linux in LAN mode for a while:

maybe it's not a bug as such but a configuration issue but the truth is I already looked for it I don't see the light hehehehe.

I also modified the hosts file, because I thought I wanted a resolution issue but not so before touching the hosts I was already presenting these problems

To Reproduce

I first confirm the json file before connecting my equipment.

The errors are the following: This error is from the agent side when I install it on a linux, I want to clarify that I already tried it with the ip and it still doesn't work, this only happens on linux servers in its Alma Linux 8.6 X64 version. image

Second meshcentral server side evidence image

in windows it works normally

Server Software (please complete the following information):

Client Device (please complete the following information):

Your config.json file

{
  "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "AgentCoreDump": true,
    "MongoDb":"mongodb://127.0.0.1:27017/meshcentral",
    "mongodbcol": "meshcentral",
    "LANonly": true,
    "sessionKey": "MyReallySecretPassword1",
    "port": 443,
    "aliasPort": 443,
    "redirPort": 80,
    "redirAliasPort": 80,
    "Minify": true,
    "SessionTime": 15,
    "ClickOnce": true,
    "BrowserPong": 60,
    "BrowserPing": 10,
    "AgentPing": 10,
    "AgentPong":60,
    "AgentIdleTimeout": 150,
    "AllowHighQualityDesktop": false,
    "AuthLog": "/var/log/mesh_auth.log",
    "Log": "main,web,webrequest,cert",
    "MaxInvalidLogin":{"time": 3, "count": 5, "coolofftime": 10},
    "DesktopMultiplex": true,
    "Plugins":{
            "enable": true
    },
    "AutoBackup":{
              "backupIntervalHours":24,
              "keepLastDaysBackup":5,
              "zipPassword": "JCuhU2_hgd4OdjsV*",
              "_backupPath": "/tmp/backups"
   }
  },
  "domains": {
    "": {
      "TitlePicture": "titulo.png",
      "LoginPicture": "login.png",
      "footer": "<a href='https://sample.com'>Helpdesk</a>",
      "loginfooter": "Este es un servidor de uso empresarial",
      "_siteStyle": "1",
      "WelcomePicture": "welco.png",
      "WelcomePictureFullScreen": true,
      "WelcomeText" : "SISTEMA ES PROPIEDAD DE sample, Y ES PARA USO AUTORIZADO. CUALQUIER USO INDEBIDO DEL SISTEMA SERA INTERCEPTADO, MONITOREADO, GRABADO E INSPECCIONADO. PARA ACCEDER AL EQUIPO EL USUARIO ASUME LAS POLITICAS DE SEGURIDAD, DE LO CONTRARIO SE TOMARAN LAS MEDIDAS LEGALES CORRESPONDIENTES.",
      "agentCustomization": {
              "displayName": "sample-curso",
              "description": "sample agent for remote monitoring, management and assistance.",
              "companyName": "sample-Company",
              "serviceName": "udemyagent",
              "image": "login.png",
              "installText": "Este es el Agente de instalación para el acceso remoto",
              "fileName": "udemy-agent"
            },
      "assistantCustomization": {
              "title": "sample® CALL™",
              "image": "login.png",
              "fileName": "compagny-sample"
            },
      "mstsc": true,
      "ssh": true,
      "GeoLocation": false,
      "novnc": true,
      "AutoRemoveInactiveDevices": 6,
      "agentInviteCodes": true,
      "SessionRecording":{
              "onlySelectedUsers": true,
              "onlySelectedUserGroups": true,
              "onlySelectedDeviceGroups": true,
              "_filepath": "/opt/meshcentral/meshcentral-data/session_recording",
              "index": true,
              "protocols": [ 1, 2, 5]
            },
      "PasswordRequeriments": {
              "min": 8,
              "max": 128,
              "upper": 1,
              "lower": 1,
              "numeric": 1,
              "nonalpha": 1,
              "reset": 90,
              "force2factor": true,
              "skip2factor": "127.0.0.1"

            },
      "_agentFileInfo": {
        "_icon": "agent.ico",
        "filedescription": "sample_filedescription",
        "fileversion": "0.1.2.3",
        "internalname": "sample_internalname",
        "legalcopyright": "sample_legalcopyright",
        "originalfilename": "sample_originalfilename",
        "productname": "sample_productname",
        "productversion": "v0.1.2.3"
      },
      "UserSessionIdleTimeout": 15,      
      "_userNameIsEmail": true
    }
  }
  }
}

also try adding these lines but it doesn't work either:

    "_certURL": "https://mesh.sample.corp",
    "_CookieIpCheck": false,
    "_CookieEncoding": "hex",
    "_IgnoreAgentHashCheck": true,
    "_FastCert": true,
    "_ExactPorts":true,
    "_Restore": true, `
sistemmsn commented 1 year ago

Hello, I just did the quick installation using a debian 11 server, there is the same install the server and agent and it turns out that if the issue works now it is that alma linux does not work correctly I share evidence servertrace.csv

it gives the same errors both in the agent and in the server but the difference is that if I connect, I do not configure anything in config.json as it starts it

I just applied my configuration presented in my case and the debian 11 server works correctly both in server mode and in client mode

image

try to install the agent that delivers me from the new "Debian" server to an Alma linux client and the server does not appear and gives the errors presented in my case

sistemmsn commented 1 year ago

Same situation with rocky linux 8 agents do not connect

dxdemetriou commented 1 year ago

I had a similar issue on MeshCentral server in Rocky Linux that agents couldn't connect. Probably it was newer version of mongodb in nodes (4.11.0 instead of 4.9.1) so I just recreated the node_modules.

Or probably it's an OS issue (as both Alma and Rocky are using the same packages), like this: https://forums.rockylinux.org/t/package-tzdata-java-2022f-1-el8-noarch-rpm-is-not-signed/7761

This issue happens on older Rocky & Alma versions too?

sistemmsn commented 1 year ago

I had a similar issue on MeshCentral server in Rocky Linux that agents couldn't connect. Probably it was newer version of mongodb in nodes (4.11.0 instead of 4.9.1) so I just recreated the node_modules.

Or probably it's an OS issue (as both Alma and Rocky are using the same packages), like this: https://forums.rockylinux.org/t/package-tzdata-java-2022f-1-el8-noarch-rpm-is-not-signed/7761

This issue happens on older Rocky & Alma versions too?

I carried out the tests both using the native mesh database and using mongo always using the newest version since I added the repo, I have only tested in alma 8 and in rocky 8, I did not want to test in the new versions since sometimes because they are new they cause more problems hehehehe.

sistemmsn commented 1 year ago

It seems that the problem is at the moment of the certificate validation, I have a meshcentral server in wan mode with rocky Linux and if it works without problems, I attach evidence:

Mode: WAN

image

image