Open ericblade opened 4 years ago
roblourens
commented
4 years ago On the remote, if you open powershell, are you able to run this command? (Get-CimInstance Win32_OperatingSystem).Version It's saying PermissionDenied for that command, but I don't think you should need admin privileges for that one as far as I know.
ericblade
commented
4 years ago logged into the remote with remote desktop:
logged into the remote via ssh:
... neither were run with specifically requesting admin. perhaps something in my openssh configuration is wonky? i just added the server from Add/Remove Components, rebooted, and then made sure the service was running in taskmanager, then used it.
roblourens
commented
4 years ago Are you the same user in both? In the remote desktop case is that an Admin powershell window?
ericblade
commented
4 years ago same user.. i'm pretty sure it was not an admin powershell, but i will re-run it just to make sure
So, it looks like I have permission to run that command when connected via RDP to the machine, but not when connected via SSHD .. not sure how that works exactly, I'm no expert in Windows permissions. I'm probably not even a novice in Windows permissions :)
roblourens
commented
4 years ago Can you try running this snippet on both ends?
$SecurityPrinciple = New-Object -TypeName System.Security.Principal.WindowsPrincipal -ArgumentList ([System.Security.Principal.WindowsIdentity]::GetCurrent())
$RolesHash = @{}
[System.Enum]::GetNames(“System.Security.Principal.WindowsBuiltInRole”) | ForEach-Object {
$RolesHash[$_] = $SecurityPrinciple.IsInRole([System.Security.Principal.WindowsBuiltInRole]::$_)
}
$RolesHash
[System.Security.Principal.WindowsIdentity]::GetCurrent()From RDP
PS C:\WINDOWS\system32> $SecurityPrinciple = New-Object -TypeName System.Security.Principal.WindowsPrincipal -ArgumentList ([System.Security.Principal.WindowsIdentity]::GetCurrent()) PS C:\WINDOWS\system32> $RolesHash = @{} PS C:\WINDOWS\system32> [System.Enum]::GetNames("System.Security.Principal.WindowsBuiltInRole") | ForEach-Object {
>> $RolesHash[$_] = $SecurityPrinciple.IsInRole([System.Security.Principal.WindowsBuiltInRole]::$_)
>> } PS C:\WINDOWS\system32> PS C:\WINDOWS\system32> $RolesHash
Name Value
---- -----
Replicator False
PrintOperator False
PowerUser False
Guest False
AccountOperator False
SystemOperator False
BackupOperator False
Administrator False
User True
PS C:\WINDOWS\system32> PS C:\WINDOWS\system32> [System.Security.Principal.WindowsIdentity]::GetCurrent()
AuthenticationType : NTLM
ImpersonationLevel : None
IsAuthenticated : True
IsGuest : False
IsSystem : False
IsAnonymous : False
Name : ARCADE\dockeruser
Owner : S-1-5-21-3583042812-2210650346-111016193-1004
User : S-1-5-21-3583042812-2210650346-111016193-1004
Groups : {S-1-5-21-3583042812-2210650346-111016193-513, S-1-1-0, S-1-5-32-545, S-1-5-4...}
Token : 884
AccessToken : Microsoft.Win32.SafeHandles.SafeAccessTokenHandle
UserClaims : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: ARCADE\dockeruser,
http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid:
S-1-5-21-3583042812-2210650346-111016193-1004,
http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid:
S-1-5-21-3583042812-2210650346-111016193-513,
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid:
S-1-5-21-3583042812-2210650346-111016193-513...}
DeviceClaims : {}
Claims : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: ARCADE\dockeruser,
http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid:
S-1-5-21-3583042812-2210650346-111016193-1004,
http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid:
S-1-5-21-3583042812-2210650346-111016193-513,
http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid:
S-1-5-21-3583042812-2210650346-111016193-513...}
Actor :
BootstrapContext :
Label :
NameClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
RoleClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
PS C:\WINDOWS\system32>from sshd
PS C:\Users\dockeruser> $SecurityPrinciple = New-Object -TypeName System.Security.Principal.WindowsPrincipal -ArgumentList ([System.Security.Principal.WindowsIdentity]::GetCurrent())
PS C:\Users\dockeruser> $RolesHash = @{}
PS C:\Users\dockeruser> [System.Enum]::GetNames("System.Security.Principal.WindowsBuiltInRole") | ForEach-Object {
>> $RolesHash[$_] = $SecurityPrinciple.IsInRole([System.Security.Principal.WindowsBuiltInRole]::$_)
>> }
PS C:\Users\dockeruser>
PS C:\Users\dockeruser> $RolesHash
Name Value
---- -----
Replicator False
PrintOperator False
PowerUser False
Guest False
AccountOperator False
SystemOperator False
BackupOperator False
Administrator False
User True
PS C:\Users\dockeruser>
PS C:\Users\dockeruser> [System.Security.Principal.WindowsIdentity]::GetCurrent()
AuthenticationType : NTLM
ImpersonationLevel : None
IsAuthenticated : True
IsGuest : False
IsSystem : False
IsAnonymous : False
Name : ARCADE\dockeruser
Owner : S-1-5-21-3583042812-2210650346-111016193-1004
User : S-1-5-21-3583042812-2210650346-111016193-1004
Groups : {S-1-5-21-3583042812-2210650346-111016193-513, S-1-1-0, S-1-5-32-545, S-1-5-2...}
Token : 3052
AccessToken : Microsoft.Win32.SafeHandles.SafeAccessTokenHandle
UserClaims : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: ARCADE\dockeruser, http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid: S-1-5-21-3583042812-2210650346-111016193-1004,
http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid: S-1-5-21-3583042812-2210650346-111016193-513, http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid: S-1-5-21-3583042812-2210650346-111016193-513...}
DeviceClaims : {}
Claims : {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: ARCADE\dockeruser, http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid: S-1-5-21-3583042812-2210650346-111016193-1004,
http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid: S-1-5-21-3583042812-2210650346-111016193-513, http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid: S-1-5-21-3583042812-2210650346-111016193-513...}
Actor :
BootstrapContext :
Label :
NameClaimType : http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
RoleClaimType : http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid
PS C:\Users\dockeruser>Thanks for trying that. I have no clue what's going on, I'll have to experiment some more.
ericblade
commented
4 years ago If it helps at all, it's a pretty basic installation of Windows 10 Pro, it's got Docker for Windows installed, a Plex Media Server, and a bunch of Docker services that handle home automation tasks. That's really about it. I decided I wanted to try VSCode remote to it, now that it supports Windows. ssh wouldn't work with the default account which has no password on it, so i used the account that was setup for Docker volume sharing (since Docker also doesn't work with accounts that have no password) ... i don't know what else I could add that might help.
roblourens
commented
4 years ago I can repro. Basically get-ciminstance will work locally but not through an ssh session. I didn't realize that the permissions model works like that and had only tested it locally in a non-admin account.
jvihrial
commented
4 years ago yes, I can repro this easily, ssh to windows box, open powershell and execute the command: (Get-CimInstance Win32_OperatingSystem).Version, you get back: PS C:\Users\testuser> (Get-CimInstance Win32_OperatingSystem).Version
Get-CimInstance : Access denied
At line:1 char:2
+ (Get-CimInstance Win32_OperatingSystem).Version
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (root\cimv2:Win32_OperatingSystem:String) [Get-CimInstance], CimException
+ FullyQualifiedErrorId : HRESULT 0x80041003,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand
wpbrown
commented
4 years ago Connecting via SSH is a network logon vs interactive logon locally or via RDP. I think the credentials of the SSH session can't be forwarded to the local COM server to use CIM.
ericblade
commented
4 years ago Confirming that the destination account is a Local Standard account type.
wpbrown
commented
4 years ago I'm reproducing with a Local Standard account. Local Admin account works fine.
Conafmau
commented
4 years ago Grant permission to execute Get-CimInstance, but still dont work.
Grant permission: https://docs.bmc.com/docs/display/public/btco100/Setting+WMI+user+access+permissions+using+the+WMI+Control+Panel
New error: ... [19:22:45.843] Received install output: dce0ba885507##32## [19:22:45.845] Resolver error: The VS Code Server failed to start
phit
commented
4 years ago Is there any known workaround for this issue? Some patch I could try? Thanks.
ericblade
commented
4 years ago I don't know if anyone's found anything else out yet, but i made a second admin account on the machine. :|
wpbrown
commented
4 years ago There are 2 lines in the Powershell payload that should be replaced with non-WMI alternatives:
$parentPID = (Get-CimInstance win32_process | ? processid -eq $currentPID).parentprocessid$winVersion = (Get-CimInstance Win32_OperatingSystem).VersionI think getting this working is important because the sshd service is not UAC-aware. If you log in with an admin user via SSH you automatically have full admin rights on all your processes (i.e your vscode server and all of its children. Unlike an interactive desktop logon to admin user with UAC enabled where you still have to elevate via UAC to have full admin rights on that process tree.
One interesting possibility would be an option to have the vscode server drop privileges when it starts up for admin users.
wpbrown
commented
4 years ago I tried monkey patching out the WMI usage. Then it tries to launch the server. The server exits with exit code 15. I checked the server log, it just has the visual studio product family warning and doesnt get to print the IP address or any other messages.
burkenyo
commented
4 years ago What about getting the version directly from .Net: [System.Environment]::OSVersion.Version? Parent process is trickier, because I don't know how to do this with vanilla .Net/PS without WMI.
ByungjunKim
commented
4 years ago I'm reproducing with a Local Standard account. Local Admin account works fine.
Thank you for a temporary solution.
ghost
commented
4 years ago I fixed this for my setup (connecting to Win10 Pro) with the following steps:
net localgroup WinRMRemoteWMIUsers__ /add in a privileged command lineAdd-LocalGroupMember -Group WinRMRemoteWMIUsers__mmc as an administratorEt voilá, remote SSH connect works in VSCode with a non-administrator local account.
ericblade
commented
4 years ago That's great, finding a path there... now can we find a way to make that simpler / automatic ? :-D
bluepotatoes
commented
3 years ago I am having this exact same issue with CimInstance privileges. Haven't been able to find a workaround that works.
metablaster
commented
3 years ago Here is slightly different and shorter approach from what @faltrock-abone described: (+1 btw!)
compmgmt.msc as AdministratorWMI control node -> More actions -> propertiesWhat's the difference or why doing it this way?
WinRMRemoteWMIUsers__ group is added after you've setup WinRM (not everybody does), this way you skip that part:
https://docs.microsoft.com/en-us/windows/win32/winrm/authentication-for-remote-connections
Another difference is that you affect only single standard user account.
edit:
Another solution to affect multiple standard users would be to add specific users to Remote management users group, then add this group to WMI.
Why? this group has required permissions already set, you only add users to it, and add it to WMI security without additional steps that are needed for single user.
FulChou
commented
3 years ago hello, I get the same problem, I use vscode to connect my windows server in my MacPro by ssh. i can connect when the remote is Administrator, but no my own user account. but, I can use ssh login with my own username by terminal.
this is log, when I try to connect my own username:
[15:25:40.663] Log Level: 2 [15:25:40.665] remote-ssh@0.65.1 [15:25:40.665] darwin x64 [15:25:40.666] SSH Resolver called for "ssh-remote+7b22686f73744e616d65223a2257494e2d363539503935564a49564c227d", attempt 1 [15:25:40.666] "remote.SSH.useLocalServer": false [15:25:40.666] "remote.SSH.showLoginTerminal": false [15:25:40.667] "remote.SSH.remotePlatform": {"18862_ocr":"linux","raspberrypi":"linux","inpluslab":"linux","WIN-659P95VJIVL_admin":"windows"} [15:25:40.667] "remote.SSH.sshPath": undefined [15:25:40.667] "remote.SSH.sshConfigurationFile": undefined [15:25:40.667] "remote.SSH.useFlock": true [15:25:40.667] "remote.SSH.lockfilesInTmp": false [15:25:40.667] "remote.SSH.localServerDownload": auto [15:25:40.667] "remote.SSH.remoteServerListenOnSocket": false [15:25:40.668] "remote.SSH.showLoginTerminal": false [15:25:40.668] "remote.SSH.defaultExtensions": [] [15:25:40.668] SSH Resolver called for host: WIN-659P95VJIVL [15:25:40.668] Setting up SSH remote "WIN-659P95VJIVL" [15:25:40.677] Using commit id "c185983a683d14c396952dd432459097bc7f757f" and quality "stable" for server [15:25:40.681] Install and start server if needed [15:25:42.151] Checking ssh with "ssh -V" [15:25:42.158] > OpenSSH_8.1p1, LibreSSL 2.7.3
[15:25:42.161] Remote command length: 5986/8192 characters [15:25:42.161] Running script with connection command: ssh -T -D 57770 -o ConnectTimeout=15 'WIN-659P95VJIVL' powershell [15:25:42.923] > ZhouFu@172.18.166.44's password: [15:25:42.923] Got some output, clearing connection timeout [15:25:42.924] Showing password prompt [15:25:56.234] Got password response [15:25:56.234] "install" wrote data to terminal: "**" [15:25:56.247] > [15:25:59.027] > Windows PowerShell
��Ȩ���� (C) Microsoft Corporation����������Ȩ����
(base) PS C:\Users\ZhouFu> (base) PS C:\Users\ZhouFu> $uuid="c82d9a7e983f" (base) PS C:\Users\ZhouFu> "${uuid}: running" c82d9a7e983f: running (base) PS C:\Users\ZhouFu> "c82d9a7e983f: pauseLog" c82d9a7e983f: pauseLog [15:26:00.136] > m [15:26:00.142] > ain [15:26:05.111] > gcim : �ܾ����� ����λ�� ��:4 �ַ�: 6
- $u_=(gcim win32process | ? processid -eq $t).parentprocessid
+ CategoryInfo : PermissionDenied: (root\cimv2:win32_process:String) [Get-CimInstance], CimException + FullyQualifiedErrorId : HRESULT 0x80041003,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand[15:26:05.119] > no sshd parent proc [15:26:05.127] > [15:26:05.448] "install" terminal command done [15:26:05.448] Install terminal quit with output: no sshd parent proc [15:26:05.448] Received install output: no sshd parent proc [15:26:05.449] Stopped parsing output early. Remaining text: no sshd parent proc [15:26:05.449] Failed to parse remote port from server output [15:26:05.452] Resolver error: Error: at Function.Create (/Users/vincent/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.1/out/extension.js:1:64328) at Object.t.handleInstallOutput (/Users/vincent/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.1/out/extension.js:1:63022) at q (/Users/vincent/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.1/out/extension.js:1:296373) at processTicksAndRejections (internal/process/task_queues.js:97:5) at async /Users/vincent/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.1/out/extension.js:1:294221 at async Object.t.withShowDetailsEvent (/Users/vincent/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.1/out/extension.js:1:407055) at async Object.t.resolve (/Users/vincent/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.1/out/extension.js:1:297912) at async /Users/vincent/.vscode/extensions/ms-vscode-remote.remote-ssh-0.65.1/out/extension.js:127:110485 [15:26:05.476] ------
I can get success when using Administrator
thank you for your help !!!
bobwng
commented
3 years ago Met exactly same issue as @CSU-FulChou mentioned above. Administrator account is OK but other admin group users are not.
Tried the solution @metablaster provided above, the issue is still there.
Ebola-Chan-bot
commented
2 years ago Same issue. Still not fixed for 21 months???
Sidneys1
commented
2 years ago Steps that worked for me:
compmgmt.msc as an elevated user.sshd).
carlos-vl
commented
2 years ago I am having the same issue, the host is a computer from my company and I cannot do the suggested changes. Is there any progress on this?
Mickychen00
commented
2 years ago I have the same issue when I use non Administrator account. But Administrator account is ok.
grtwje
commented
2 years ago This issue makes me sad. Since it's "On Deck," I check every new release to see if it's fixed. And it is not.
My workaround is to ssh to bash under WSL2 on the Windows box. The user account does not need administrator for this access method. (Well, I guess you'll need it to install WSL2.)
burkenyo
commented
2 years ago Hi @grtwje, you can also try some of the above workarounds such as @metablaster’s to connect to the windows side. It does require some mucking around, so an OOB solution build into the extension would be ideal!
cutec-chris
commented
2 years ago I am having the same issue, the host is a computer from my company and I cannot do the suggested changes. Is there any progress on this?
same here, why this issue has so low priority ?
Ebola-Chan-bot
commented
2 years ago I am having the same issue, the host is a computer from my company and I cannot do the suggested changes. Is there any progress on this?
same here, why this issue has so low priority ?
Because they believe that very few people will choose Windows instead of Linux as the SSH server, and thus they somewhat don't care about Windows users. They betrayed Microsoft.
deisi
commented
2 years ago like +1 for this as a fix worthy issue. The workaround from @metablaster works, but changing user permissions might not be possible in a coporate environment, and thats also where windows servers with limited permissions are most likely to occur.
Anyway @roblourens is there any idear how to fix this? I could imagine this is a wontfix as the issue seems to be with how permissions are set within windows by default here.
tom-inetum-realdolmen
commented
2 years ago Just leaving a message for those coming after me Root cause is that by default WMI does not allow queries to be executed remotely, which is exactly what you do when you connect to a windows server via WinRM OR via OpenSSH.. To circumvent the issue, you need to grant your nonadmin users the privilege to remotely query wmi, (the root\cimv2 namespace in this scenario but you might also want to enable other namespaces).
Computer Management -> System Tools -> Local Users and GroupsRemote wmi enabled) and add any accounts in it that must be allowed to query wmi remotely.Services and ApplicationsWMI Control and select PropertiesSecurity tab and select the namespace you want to modify (again, root\cimv2 is the bare minimum needed for vscode to work but you might want to allow other namespaces)Remote Enable
DanielLaberge
commented
1 year ago Confirm that metablaster's approach worked for me.
While I understand vs-code cannot do this setup automatically, I believe that when this situation is detected during setup, it should direct users to a help article with official guidance on how to configure this properly with minimal permissions.
Here is slightly different and shorter approach from what @faltrock-abone described: (+1 btw!)
- Run
compmgmt.mscas Administrator- Select
WMI controlnode -> More actions -> properties- In the Security tab add only the standard user that you'll use for SSH
The rest is same, edit security property for this user:
- Enable Account and Remote Enable rights \ applies to this namesapce and subnamespaces
What's the difference or why doing it this way?
WinRMRemoteWMIUsers__group is added after you've setupWinRM(not everybody does), this way you skip that part: https://docs.microsoft.com/en-us/windows/win32/winrm/authentication-for-remote-connectionsAnother difference is that you affect only single standard user account.
edit: Another solution to affect multiple standard users would be to add specific users to
Remote management usersgroup, then add this group to WMI. Why? this group has required permissions already set, you only add users to it, and add it to WMI security without additional steps that are needed for single user.
chhex
commented
1 year ago @tom-inetum-realdolmen Thanks a lot for the detailed guide , which worked for as described, very helpful
davetapley
commented
1 year ago 
TUstudents
commented
12 months ago Not fixed in VSCode Version: 1.82.2
Niketin
commented
9 months ago I'm using VSCode 1.85.1 and I am also facing this problem.
alexchandel
commented
8 months ago #2648 (comment) visually 😁
I just wanted to say this is the best documentation I have ever seen.
However, it did not full fix the issue for me. It only changed the error from:
<Objs Version="1.1.0.1"
xmlns="http://schemas.microsoft.com/powershell/2004/04">
<S S="Error">gcim : Access denied _x000D__x000A_</S>
<S S="Error">At line:52 char:6_x000D__x000A_</S>
<S S="Error">+ $u_=(gcim win32_process | ? processid -eq $t_).parentprocessid_x000D__x000A_</S>
<S S="Error">+ ~~~~~~~~~~~~~~~~~~_x000D__x000A_</S>
<S S="Error"> + CategoryInfo : PermissionDenied: (root\cimv2:win32_process:String) [Get-CimInstance], CimException_x000D__x000A_</S>
<S S="Error"> + FullyQualifiedErrorId : HRESULT 0x80041003,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand_x000D__x000A_</S>
<S S="Error"> _x000D__x000A_</S>
</Objs>to:
<Objs Version="1.1.0.1"
xmlns="http://schemas.microsoft.com/powershell/2004/04">
<S S="Error">gcim : Invalid class _x000D__x000A_</S>
<S S="Error">At line:52 char:6_x000D__x000A_</S>
<S S="Error">+ $u_=(gcim win32_process | ? processid -eq $t_).parentprocessid_x000D__x000A_</S>
<S S="Error">+ ~~~~~~~~~~~~~~~~~~_x000D__x000A_</S>
<S S="Error"> + CategoryInfo : MetadataError: (root\cimv2:win32_process:String) [Get-CimInstance], CimException_x000D__x000A_</S>
<S S="Error"> + FullyQualifiedErrorId : HRESULT 0x80041010,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand_x000D__x000A_</S>
<S S="Error"> _x000D__x000A_</S>
</Objs>\x0D\x0A is CRLF and seems like a red herring, as this is the only reference I can find for _x000D_x000A and it's completely irrelevant, meaning this error message is just not decoded correctly.
Restarting sshddid not fix it.
EDIT: restarting the computer was required to finish the fix. Go figure.
maxbeer99
commented
1 month ago #2648 (comment) visually 😁
Least convoluted Windows solution, but thanks!
paramendula
commented
6 days ago Steps that worked for me:
1. Open `compmgmt.msc` as an elevated user. 2. Expand "Services and Applications", select "WMI Control", then right-click "WMI Control"→"Properties" 3. Select the "Security" tab and click the "Security" button. 4. In the "Security for Root" window that appears, click "Advanced". 5. Click "Add". Click "Select a principal". 6. Type "Remote Management Users" and click "Validate names". This will resolve the group name, then click OK. 7. Select "Applies to:"→"This namespace and subnamespaces". Check all permissions and click OK. 8. Click OK out through all of the remaining dialogs. 9. Add your user to the "Remote Management Users" group if you haven't already. 10. Restart the OpenSSH Server service (`sshd`).
Worked for me. VS Code version: 1.94.2 Has connected to Windows 11 Guest OS(virt-manager, OpenSSH) successfully
Steps to Reproduce:
Does this issue occur when you try this locally?: This is a connection specific issue Does this issue occur when you try this locally and all extensions are disabled?: This is a connection specific issue
Attempting to use VSC remote with a remote SSH server on Windows. I've installed the Windows 10 OpenSSH server using Add/Remove features. I can connect to it using my regular Linux host, my WSL host, and native windows ssh.
When I attempt to connect to this host with VSCode, first it asks me what OS i'm using, I enter Windows.
Then it asks for my password. It chugs along for a little while, with the following log output, and then stops with a modal "Could not establish connection to 'arcade.lan'."
Seems unrelated to #2198, I think?