Failed to connect due to SSO failure

[fschlager]

After a fresh boot today I attempted to connect to our ZeroTier network using the Desktop UI. It started freezing and after a while it displayed the message "Waiting for ZeroTier system service". Checking the service's logs I could see the following:

Apr 02 08:51:57 device systemd[1]: Started ZeroTier One.
Apr 02 08:51:57 device zerotier-one[1565]: Starting V6 Control Plane...
Apr 02 08:51:57 device zerotier-one[1565]: Starting Control Plane...
Apr 02 10:10:41 device zerotier-one[1565]: issuer: https://login.microsoftonline.com/TENANT_ID/v2.0, client_id: CLIENT_ID, auth_endpoint: https://my.zerotier.com/api/network/sso-auth, local_web_port: 9993
Apr 02 10:11:09 device zerotier-one[1565]: Error creating ZeroIDC instance: Request failed
Apr 02 10:11:09 device zerotier-one[1565]: idc is null
Apr 02 10:11:09 device zerotier-one[1565]: idc is null
Apr 02 10:11:09 device zerotier-one[1565]: idc is null
Apr 02 10:11:09 device zerotier-one[1565]: idc is null
Apr 02 10:11:09 device zerotier-one[1565]: idc is null
Apr 02 10:11:09 device zerotier-one[1565]: idc is null
Apr 02 10:11:09 device zerotier-one[1565]: idc is null
Apr 02 10:11:11 device zerotier-one[1565]: idc is null
Apr 02 10:11:13 device zerotier-one[1565]: idc is null
Apr 02 10:11:16 device zerotier-one[1565]: idc is null
Apr 02 10:11:18 device zerotier-one[1565]: idc is null
Apr 02 10:11:21 device zerotier-one[1565]: idc is null
Apr 02 10:11:23 device zerotier-one[1565]: idc is null
Apr 02 10:11:26 device zerotier-one[1565]: idc is null
Apr 02 10:11:28 device zerotier-one[1565]: idc is null
Apr 02 10:11:31 device zerotier-one[1565]: idc is null
Apr 02 10:11:33 device zerotier-one[1565]: idc is null
Apr 02 10:11:34 device zerotier-one[1565]: issuer: https://login.microsoftonline.com/TENANT_ID/v2.0, client_id: CLIENT_ID, auth_endpoint: https://my.zerotier.com/api/network/sso-auth, local_web_port: 9993
Apr 02 10:11:49 device zerotier-one[1565]: Error creating ZeroIDC instance: Request failed
Apr 02 10:11:49 device zerotier-one[1565]: idc is null
Apr 02 10:11:49 device zerotier-one[1565]: idc is null
Apr 02 10:11:49 device zerotier-one[1565]: idc is null
Apr 02 10:11:49 device zerotier-one[1565]: idc is null
Apr 02 10:11:49 device zerotier-one[1565]: idc is null
Apr 02 10:11:52 device zerotier-one[1565]: idc is null
Apr 02 10:11:54 device zerotier-one[1565]: issuer: https://login.microsoftonline.com/TENANT_ID/v2.0, client_id: CLIENT_ID, auth_endpoint: https://my.zerotier.com/api/network/sso-auth, local_web_port: 9993
Apr 02 10:12:09 device systemd[1]: Stopping ZeroTier One...
Apr 02 10:12:10 device zerotier-one[1565]: Error creating ZeroIDC instance: Request failed
Apr 02 10:12:10 device zerotier-one[1565]: idc is null
Apr 02 10:12:10 device zerotier-one[1565]: idc is null
Apr 02 10:12:10 device zerotier-one[1565]: idc is null
Apr 02 10:12:10 device zerotier-one[1565]: idc is null
Apr 02 10:12:10 device zerotier-one[1565]: idc is null
Apr 02 10:12:12 device zerotier-one[1565]: idc is null
Apr 02 10:12:15 device zerotier-one[1565]: idc is null
Apr 02 10:12:15 device systemd[1]: zerotier-one.service: Deactivated successfully.
Apr 02 10:12:15 device systemd[1]: Stopped ZeroTier One.

I have redacted our tenant and client id, both were correct. Restarting the service fixed the issue, the UI then requested me to reauthenticate and finally established connection.

Due to some holidays I haven't used ZeroTier for 3 days, so my OIDC token was definitely invalid.

You can also notice that it took about 6 seconds between the attempt to stop the service (by using systemctl restart zerotier-one.service) and the service actually stopping, so something might have gotten stuck.

[laduke]

Thanks for reporting. It might be an issue with zerotier starting at boot. If you happen to reboot and see the same thing let us know. Which distribution is this on?

[fschlager]

If you happen to reboot and see the same thing let us know.

I'll try once this happens again.

Which distribution is this on?

This is on Ubuntu 22.04.

[fschlager]

@someara Pinging you here :)