search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
3.99k stars 536 forks source link

Long Delay for User Consent in Meshcentral Connections #6372

Open Domkra opened 1 week ago

Domkra commented 1 week ago

**Describe the bug A clear and concise description of what the bug is.**

I noticed that when I try to connect to a desktop using Meshcentral, the request for user consent takes about 90 to 120 seconds before the customer can confirm access. However, when I use Meshcentral without the consent request, the connection to the desktop is established in 1 second.

**To Reproduce Steps to reproduce the behavior:**

If not set up, enable User Consent first:

  1. Go to ‘My Device’
  2. Select a client
  3. Click on ‘Desktop’
  4. Click on ‘Connect’ Wait and, if necessary, time the process. In our test case with 6 clients, we measured times between 90 and 120 seconds.

Expected behavior A clear and concise description of what you expected to happen.

I expected the connection to the remote client to be established faster, as it was a few weeks or months ago. The time of 90 to 120 seconds seems too long to establish a connection to a customer.

Server Software (please complete the following information):

Client Device (please complete the following information):

Remote Device (please complete the following information):

Additional context Add any additional context about the problem here.

A few weeks or months ago, I am not sure exactly how long, this behavior did not occur, and the user prompt was much faster. No changes were made to the configuration, which is why this behavior surprises me. Only updates to Node.js and Meshcentral were performed.

Your config.json file This is what our configuration looks like, of course, we have changed all sensitive data.

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "cert": "server.server.de",
    "MongoDb": "mongodb://127.0.0.1:27017",
    "MongoDbName": "meshcentral",
    "MongoDBBulkOperations": true,
    "_WANonly": true,
    "_LANonly": true,
    "_maintenanceMode": true,
    "port": 443,
    "redirPort": 80,
    "nice404": true,
    "agentIdleTimeout": 150,
    "webPageLengthRandomization": true,
    "compression": true,
    "amtScanner": false,
    "allowHighQualityDesktop": true,
    "AutoBackup": {
      "backupIntervalHours": 24,
      "keepLastDaysBackup": 30,
      "zipPassword": "*******",
      "backupPath": "/opt/meshcentral/meshcentral-backups"
      },

    "_redirects": {
      "meshcommander": "https://www.meshcommander.com/"
    },
    "__maxInvalidLogin": "Time in minutes, max amount of bad logins from a source IP in the time before logins are rejected.",
    "maxInvalidLogin": {
      "time": 10,
      "count": 10,
      "coolofftime": 10
    },
    "__maxInvalid2fa": "Time in minutes, max amount of bad two-factor authentication from a source IP in the time before 2FA's are rejected.",
    "maxInvalid2fa": {
      "time": 10,
      "count": 10,
      "coolofftime": 10
    },

    "authLog": "/opt/meshcentral/logs/meshcentral-logs/auth.log",
    "meshErrorLogPath": "/opt/meshcentral/logs/meshcentral-logs/"

  },
  "domains": {
    "": {
      "allowedOrigin": [ "server1.server.de", "server2.server.de" ],
      "unknownUserRootRedirect": "https://server1.de",

      "title": "MeshCentral",
      "title2": "",
      "_newAccounts": false,
      "_userNameIsEmail": false,
      "mobileSite": true,
      "_maxDeviceView": 250,
      "nightMode": 2,
      "allowSavingDeviceCredentials": false,
      "guestDeviceSharing": true,
      "DeviceSearchBarServerAndClientName": true,
      "AutoRemoveInactiveDevices": 90,
      "myServer": {
        "Backup": true,
        "Restore": true,
        "Upgrade": true,
        "ErrorLog": true,
        "Console": true,
        "Trace": true
      },
      "geoLocation": false,
      "novnc": false,
      "mstsc": false,
      "ssh": false,

      "agentCustomization": {
        "displayName": "CompanyName® Meshcentral™",
        "description": "agent for remote monitoring, management and assistance.",
        "companyName": "Meshcentral Company",
        "serviceName": "Meshcentralagent",
        "__comment__": "_fileName setzt namen der .exe file",
        "image": "company-white.png",
        "_backgroundColor": "#006c72"
      },

      "agentFileInfo": {
        "_icon": "agent.ico",
        "filedescription": "Meshcnentral Background Service Agent",
        "fileversion": "1.1.22.0",
        "internalname": "sample_internalname",
        "_legalcopyright": "sample_legalcopyright",
        "originalfilename": "sample_originalfilename",
        "productname": "MeshCentral Agent",
        "productversion": "v1.1.22.0"
      },

      "assistantConfig": [ "disableUpdate=0" ],
      "_sessionRecording": {
        "_onlySelectedUsers": true,
        "_onlySelectedUserGroups": true,
        "onlySelectedDeviceGroups": true,
        "filepath": "/opt/meshcentral/records/",
        "index": true,
        "maxRecordings": 10,
        "maxRecordingDays": 20,
        "maxRecordingSizeMegabytes": 30,
        "__protocols__": "Is an array: 1 = Terminal, 2 = Desktop, 5 = Files, 100 = Intel AMT WSMAN, 101 = Intel AMT Redirection, 200 = Messenger",
        "protocols": [ 1, 2, 5, 200 ]
      },

      "ipBlockedUserRedirect": "https://www.company.de/",
      "___userSessionIdleTimeout__": "Number of user idle minutes before auto-disconnect",
      "userSessionIdleTimeout": 30,
      "_urlSwitching": false,
      "desktopPrivacyBarText": "Verbunden mit: {0}",
      "_limits": {
        "_maxDevices": 100,
        "_maxUserAccounts": 100,
        "_maxUserSessions": 100,
        "_maxAgentSessions": 100,
        "maxSingleUserSessions": 10
      },
      "___passwordRequirements__":"",
      "passwordRequirements": {
        "min": 16,
        "max": 128,
        "upper": 1,
        "lower": 1,
        "numeric": 1,
        "nonalpha": 1,
        "reset": 90,
        "_force2factor": true,
        "oldPasswordBan": 3,
        "banCommonPasswords": false,
        "twoFactorTimeout": 300
      },

      "smtp": {
        "host": "smtp.server1.de",
        "port": 25,
        "from": "meshcentral@company.de",

        "tls": false,
        "_tlscertcheck": false,
        "_tlsstrict": true,
        "_emailDelaySeconds": 300,

       "__Kommentarbereich__": "Informationen zu den TLS Pararmetern",
       "__tls__": "When 'tls' is set to true, TLS is used immidiatly when connecting. For SMTP servers that use TLSSTART, set this to 'false' and TLS will still be used.",
       "___tlscertcheck__": "When set to false, the TLS certificate of the SMTP server is not checked.",
       "__tlsstrict__": "When set to true, TLS cypher setup is more limited, SSLv2 and SSLv3 are not allowed."
      },

      "authStrategies": {
        "__comment__": "This section is used to allow users to login using other accounts. You will need to get an API key from the services and register callback URL's",
        "oidc": {
          "authorizationURL": "*****",
          "callbackURL": "*****",
          "clientid": "meshcentral",
          "clientsecret": "*****",
          "issuer": "*****",
          "tokenURL": "*****",
          "userInfoURL": "*****",
          "logouturl": "*****",
          "newAccounts": true,
          "newAccountsRights": [
            "nonewgroups",
            "notools",
            "nonewdevices",
            "locksettings"
          ],
          "groups": {
            "required": [
              "/Meshcentral-Admins-App",
              "/Meshcentral-Alle-Clients-steuern-App",
              "/Meshcentral-KN-Clients-steuern-App",
              "/Meshcentral-KN-Clients-steuern-ohne-Abfrage-App",
              "/Meshcentral-gruppe1-steuern-App",
              "/Meshcentral-gruppe2-steuern-App",
              "/Meshcentral-gruppe3-steuern-App",
              "/Meshcentral-gruppe4-steuern-App",
              "/Meshcentral-gruppe5-steuern-App"
            ],
            "siteadmin": ["/Meshcentral-Admins-App"],
            "sync": {
              "enabled": true,
              "filter": [
                "/Meshcentral-Admins-App",
                "/Meshcentral-Alle-Clients-steuern-App",
                "/Meshcentral-KN-Clients-steuern-App",
                "/Meshcentral-KN-Clients-steuern-ohne-Abfrage-App",
                "/Meshcentral-gruppe1-steuern-App",
                "/Meshcentral-gruppe2-steuern-App",
                "/Meshcentral-gruppe3-steuern-App",
                "/Meshcentral-gruppe4-steuern-App",
                "/Meshcentral-gruppe5-steuern-App"
              ]
            }
          }
        }
      }
    }
  }
}
si458 commented 1 week ago

thank you for this, i think your issue is similar to https://github.com/Ylianst/MeshCentral/issues/6290 and i believe the issue is something to do with the win-userconsent module and sadly thats part of the meshagent code so im going to have to dig into the agent and see whats wrong then build new agents etc 👎

one quick thing, are all your remote devices the same OS AND version?

have you tried a mix of different OS like windows 10/11/server 2019/etc? also have you tried different versions like 22h2, 24h2, etc ?

si458 commented 1 week ago

if you are happy to debug something for me please can you try these steps and in the extact order!

  1. stop your meshagent from running as a service
  2. download psexec
  3. run cmd as admin
  4. run psexec.exe -i -s "c:\program files\MeshCentral\MeshAgent\meshagent.exe" run (your file path might be different)
  5. in the console tab of the device in the web ui run eval "console.setInfoLevel(1);"
  6. try connecting from the web ui with consent
  7. watch the black window that popped up in step 4 at all its logs
  8. see what stage it sort of hangs or crashes

this is what im doing at the moment to get it crash as such for https://github.com/Ylianst/MeshCentral/issues/6290

Domkra commented 6 days ago

My test devices were a mix of Windows 10 and Windows 11, with different versions, some with 22h2 and some with 23h2. We do not manage servers with Meshcentral, and it is not planned.

I followed the steps, but it doesn’t hang at any point. The request goes through, I can confirm it, and the connection is established. However, I noticed that during debugging, the connection was established much faster. The time until the user consent prompt appeared was 90-120 seconds in my previous tests, but during debugging, it was 10-20 seconds.

Do you need the logs that were output in psexec? If so, do the logs contain any sensitive data besides the server address and ports?

si458 commented 6 days ago

@Domkra wow ok that's interesting? That to me screams that there is an issue with your machines? And just a screenshot would be fine, hide anytbing you concider secret But I think it's similar output to the other issue that's linked to this issue and its screenshots

Domkra commented 6 days ago

I find that strange if it could be due to the machines, because I’m sure it worked without these problems before. Since then, we haven’t made any changes to our machines. We only performed updates from Windows 10 to Windows 11.

I have attached the output I got from psexec.

psexec_log here ``` Connecting to: wss://meshserver:443/agent.ashx 2024-09-11 07:54:20 AM: Control Channel Idle Timeout = 120 seconds Connected. Server verified meshcore... Launching meshcore... eval(): console.setInfoLevel(1); PIPE:https.clientRequest [0] PIPE:tls.socket [0] PIPE:https.httpStream [0] PIPE:http.WebSocketStream.encoded [0] PIPE:tls.socket [1] PIPE:http.WebSocketStream.decoded [0] DPI of Primary Display is: 96 SETTING BACKGROUND BRUSH, 6895104 Primary Display: {"x":0,"y":0,"w":1920,"h":1032} => x: 670, y: 368 PixelFormatStatus: 0 PixelFormat: 2498570 FromScan0: 0 GetRes_W: 0 GetRes_H: 0 Source DPI: 95.9865951538086 X 95.9865951538086 SetRes: 2 GdipGetImageGraphicsContext: 0 GdipSetSmoothingMode: 0 InterpolationModeBicubic: 2 DrawImage: 0 GetScaledHBITMAP: 0 ImageDispose: 0 WM_CREATE WM_ERASEBKGND PixelFormatStatus: 0 PixelFormat: 2498570 FromScan0: 0 GetRes_W: 0 GetRes_H: 0 Source DPI: 96 X 96 SetRes: 2 GdipGetImageGraphicsContext: 0 GdipSetSmoothingMode: 0 InterpolationModeBicubic: 2 DrawImage: 0 GetScaledHBITMAP: 0 ImageDispose: 0 WM_ERASEBKGND WM_ERASEBKGND WM_ERASEBKGND WM_ERASEBKGND WM_ERASEBKGND WM_ERASEBKGND WM_ERASEBKGND WM_ERASEBKGND WM_CTLCOLORSTATIC => 330778, -452907839 WM_CTLCOLORSTATIC => 330782, 872491950 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_CTLCOLORSTATIC => 199850, 134294480 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_CTLCOLORSTATIC => 592934, 134294480 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_CTLCOLORSTATIC => 199852, 134294480 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_ERASEBKGND WM_ERASEBKGND WM_ERASEBKGND WM_CTLCOLORSTATIC => 265566, 822160438 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_ERASEBKGND WM_CTLCOLORSTATIC => 265566, 838937654 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_ERASEBKGND WM_CTLCOLORSTATIC => 265566, 855714870 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_ERASEBKGND WM_ERASEBKGND WM_ERASEBKGND WM_CTLCOLORSTATIC => 265566, 906046518 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_ERASEBKGND WM_CTLCOLORSTATIC => 265566, 922823734 RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable RETURN VALUE DETECTED, _GenericMarshal.Variable WM_ERASEBKGND WM_CTLCOLORSTATIC => 265566, 1560357900 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_ERASEBKGND WM_CTLCOLORSTATIC => 265566, 1577135116 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_ERASEBKGND WM_ERASEBKGND Monitor: 0 = Width[1920] BarHeight[32] BarWidth[864] SETTING BACKGROUND BRUSH, 6895104 Monitor: 1 = Width[1920] BarHeight[32] BarWidth[864] SETTING BACKGROUND BRUSH, 6895104 PIPE:MeshAgent.kvmSession [0] RETURN VALUE DETECTED, _GenericMarshal.Variable message pump exited PixelFormatStatus: 0 PixelFormat: 2498570 FromScan0: 0 GetRes_W: 0 GetRes_H: 0 Source DPI: 96 X 96 SetRes: 2 GdipGetImageGraphicsContext: 0 GdipSetSmoothingMode: 0 InterpolationModeBicubic: 2 DrawImage: 0 GetScaledHBITMAP: 0 ImageDispose: 0 PixelFormatStatus: 0 PixelFormat: 2498570 FromScan0: 0 GetRes_W: 0 GetRes_H: 0 Source DPI: 72.00899505615234 X 72.00899505615234 SetRes: 2 GdipGetImageGraphicsContext: 0 GdipSetSmoothingMode: 0 InterpolationModeBicubic: 2 DrawImage: 0 GetScaledHBITMAP: 0 ImageDispose: 0 PixelFormatStatus: 0 PixelFormat: 2498570 FromScan0: 0 GetRes_W: 0 GetRes_H: 0 Source DPI: 72.00899505615234 X 72.00899505615234 SetRes: 2 GdipGetImageGraphicsContext: 0 GdipSetSmoothingMode: 0 InterpolationModeBicubic: 2 DrawImage: 0 GetScaledHBITMAP: 0 ImageDispose: 0 PixelFormatStatus: 0 PixelFormat: 2498570 FromScan0: 0 GetRes_W: 0 GetRes_H: 0 Source DPI: 96 X 96 SetRes: 2 GdipGetImageGraphicsContext: 0 GdipSetSmoothingMode: 0 InterpolationModeBicubic: 2 DrawImage: 0 GetScaledHBITMAP: 0 ImageDispose: 0 PixelFormatStatus: 0 PixelFormat: 2498570 FromScan0: 0 GetRes_W: 0 GetRes_H: 0 Source DPI: 72.00899505615234 X 72.00899505615234 SetRes: 2 GdipGetImageGraphicsContext: 0 GdipSetSmoothingMode: 0 InterpolationModeBicubic: 2 DrawImage: 0 GetScaledHBITMAP: 0 ImageDispose: 0 PixelFormatStatus: 0 PixelFormat: 2498570 FromScan0: 0 GetRes_W: 0 GetRes_H: 0 Source DPI: 72.00899505615234 X 72.00899505615234 SetRes: 2 GdipGetImageGraphicsContext: 0 GdipSetSmoothingMode: 0 InterpolationModeBicubic: 2 DrawImage: 0 GetScaledHBITMAP: 0 ImageDispose: 0 WM_CTLCOLORSTATIC => 396638, -452907839 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_CTLCOLORSTATIC => 396314, 872491950 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_CTLCOLORSTATIC => 527222, 134294480 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_CTLCOLORSTATIC => 331074, 1258368180 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_CTLCOLORSTATIC => 396340, -452907839 RETURN VALUE DETECTED, _GenericMarshal.Variable WM_CTLCOLORSTATIC => 134522, 872491950 RETURN VALUE DETECTED, _GenericMarshal.Variable KVM Session Ending Tunnel Socket Finalized ```
Domkra commented 6 days ago

Another quick note:

I just tried something else: I stopped the Background Agent and downloaded the Interactive Only Agent. When I use this agent, connect to the server, and then try to establish a connection, the problem does not occur, and the User Consent appears on the target computer within a short time.

Could it possibly be related to the Background and Interactive Agents?