Forum / Wayk Now - Support

Connection could not be established

  • Create an Issue
  • Cancel

I get this message the majority of the time I try to connect to my machines. It can work for a particular machine, I can disconnect from it and 10 seconds later try and connect to the exact same machine and get the message. What can I do to fix this and make this software reliable? I am using a Samsung Tab S4 to try and connect to Windows Server 2012 computers running WaykNow that has been installed from the msi and is registered.

Clock3 mths

Hello


I'm sorry to hear about the connection issue. To help us give the proper advice, can you clarify whether you are running Remote Desktop Manager (using the embedded Wayk Now connection type), or the Wayk Now standalone client on your Samsung? The diagnostic and troubleshooting process will be different depending on the client used.

Thanks and kind regards,

Richard Markievicz

signaturesignature

Clock3 mths

The WaykNow client

Clock3 mths

Hello again

Thanks for the confirmation. I'll ask someone to move this thread into the Wayk Now topic, where it will get more visibility.

Can you confirm you're running the latest version of Wayk Now on both your Android device and the server-side? As of today, that's 2019.2.2. There were significant changes to peer-to-peer connectivity in the move to the 2019.2.x versions.

On Android, you can check the version from the main menu > About screen. On Windows, you can check the Help > About Wayk Now window.

I'm assuming that you're trying to connect over the internet using the 6 digit Wayk ID of the remote machine? Is your Android device on Wifi or a cellular connection?

On your Android device, you can try enabling the option "Prioritize relay servers for peer-to-peer communications" (this can be found from the main menu > Settings > Wayk Den).

If stability is not improved; please turn the logging level to "Debug" (this is in Settings > Logging), and then reboot your Android device. Now try to reproduce the issue, and afterwards you can navigate back to Settings > Logging > View Log. There is a "Share" icon in the top toolbar, and you can share the log file with us with via the forum or at support@devolutions.net.

It is also helpful in such a case if you can share the corresponding log file from the remote machine (in this case, it will be found in %programdata%\wayk\logs\nowservice.log).

Please don't hesitate to let me know if you have any questions on the above

Thanks and kind regards,

Richard Markievicz

signaturesignature

Clock3 mths

I'm just replying here to make sure you received the log files I sent. I thought the responses I made through email would show up here but they have not.

Clock3 mths

Hello again

I did receive the log file from your Android device. Did you also have one from the server side? You could sent that direct to me at (my username @devolutions.net) if you have it.

Did you try with the option I specified above ("Prioritize relay servers for peer-to-peer communications")?

I don't believe that replying to forum notification emails puts the reply on the forum, I'm afraid. You need to follow the link in the email and reply directly on the board.

Thanks and kind regards,

Richard Markievicz

signaturesignature

Clock3 mths

Ok, here is the log file from the computer.

I did turn on the option to Prioritize and it did the same thing. I am running the latest versions.

It does the same thing whether I'm on wifi or cellular on the android tablet and my phone and it also does the same thing from my windows computer.

I have successfully connected to each of the 4 machines at one point in time, but it's not reliable. I can't even connect to them when I'm in the same wifi network when I'm at the school.

So there's definitely a problem somewhere. Hopefully the logs will help you figure it out. If not, I may need a refund.

Thanks for your help.

NowService.log
Clock3 mths

I also uninstalled it from the 4 servers and installed it again this morning and it didn't help either.

Clock3 mths

Hi again

Thanks for the log file and the additional info. From an initial look, the issue seems to lie on the server (Windows) side. It will take a little time to fully diagnose the log file - thanks for your patience on that.

If possible, can you check for the following files (from the same machine you already sent me a log from), and if they are present, provide them as well?

%temp%\waykhost.log
%systemroot%\temp\nowsession.log

Thanks once again and kind regards,

Richard Markievicz

signaturesignature

Clock3 mths

Here are those files.

WaykHost.log
NowSession.log
Clock3 mths

Hello

Thanks for the follow up.

If you examine Task Manager on the machine you provided the log files from; do you see the process NowSession.exe running? If so, and you "End Task" that process, are you able to connect via Wayk Now?

Are you running any kind of third party anti-virus or security software? Can I know the details if so?

We appreciate your continued help diagnosing the issue.

Thanks and kind regards,

Richard Markievicz

signaturesignature

Clock3 mths

Ending the NowSession.exe did not help.

I run Sophos Endpoint on all of my machines for my anti-virus.

Clock3 mths

Hello again

Thanks for being patient with my questions while we investigated this.

I've identified a potential bug that I'm pretty sure is causing this. Basically, there exists a race condition in the communication between the Windows service component and the capture process (NowSession.exe). The service could attempt to start capturing the desktop before the session process is ready.

This is the first time we've seen this issue reported and I've been unable to replicate it on my side. Although that is the nature of a race condition; I wonder if there are particular circumstances in your environment that trigger the behaviour. I've seen anti-virus / security products cause similar timing issues in the past but I expect Sophos to be fine (we also use Sophos internally). Can I ask what the processor configuration is on your Windows machines?

Regardless, we are working on a fix for that now. I will reply back here later today with some more news on that.

Thanks again,

Richard Markievicz

signaturesignature

Clock3 mths

These are Hyper-V virtual machines that I'm trying to connect to. I have 4 virtual servers on 2 physical boxes (2 on each). The boxes are Dell PowerEdge T430 servers. What other info would you like to know about them?

I have not tried to use the software to connect to a "regular" desktop or laptop yet. I will try and set that up now and let you know the results of that.

Clock3 mths

Hello again

The nature of a race condition means that it might only be exposed with particular hardware setups. In this case, I was able to reproduce your issue by running the service inside a VMWare instance with only a single CPU core. This changed the timing of things enough to cause the bug to occur. In your environment - which sounds pretty standard - there must be some other reason. Regardless, the bug should not exist and we have implemented the fix for that.

I don't have a timeline for the next release of Wayk Now; except to say it is unlikely to be before the second half of January. In the meantime, there are a couple of options:

- You could downgrade to 2019.2.1 (still available for download - 32-bit and 64-bit) in the meantime.
- I could provide a beta 2019.2.3 installer including the fix, with the caveat that it hasn't been through a full QA pass (although I believe things should only be more robust). We should be able to provide that this week.

Let me know what you think,

Richard Markievicz

signaturesignature

Clock3 mths

I will try the beta first.

Clock3 mths

Hello again

I will reach out to you by email once that is available (it should be this week).

Thanks and kind regards,

Richard Markievicz

signaturesignature

Clock3 mths

Hello again

I have sent you an email with further details on this. Please let me know if you don't receive that.

Thanks and kind regards,

Richard Markievicz

signaturesignature

Clock3 mths

I did get your email, but even with the new version it still won't connect. I was able to get one or 2 of them to connect a time or two but nothing consistently. I did load it on a desktop and a laptop and I can connect to them everytime without an issue. So it's definitely something with the virtual servers. What do I need to do now?

Clock3 mths


Hello,

I would like to get a good understanding of the target environment, such that we could replicate it for future testing. From what you said earlier, I understand you have two Dell PowerEdge T430 physical servers running Windows Server 2012. Each of those physical servers runs two Hyper-V virtual machines. Wayk Now is installed in the virtual machines, but now the Hyper-V hosts.

Did you try installing Wayk Now on the Hyper-V host, and if so, do you have a different result? Can you tell us the exact versions of Windows for both the Hyper-V host and Hyper-V guests? Is is Windows Server 2012, or Windows Server 2012 R2? I would download the corresponding iso files and see if we can spin up a similar environment.

Best regards,

Marc-André Moreau

signaturesignature

Clock3 mths

The servers don't have the gui of Server 2012 R2. I can only RDP into them and don't think I can install the Wayk client on them. I'm not trying to connect to them directly anyway.

The virtual server guests are all running Server 2012 R2.

I have another question/issue now too with my "regular" machines. Is there a "whitelist" list somewhere? I installed the client on several machines this morning and the only way I can connect to them is if I put them in a policy in my firewall that basically opens the firewall wide open, the way I have these servers setup. So I can't do that for my other machines so I need to know what I can do so I can allow this software to work with my firewall.

It's looking more and more like this software is not going to to work. I really want it to. But, if we can't get it working, will I be able to get a refund?

I appreciate all of the help. If a remote session or phone call would help with this, you can reach me anytime at 409-673-3843.

Clock3 mths

Hello again

So it's definitely something with the virtual servers. What do I need to do now?


Can you please provide me with an updated log from the one of the machines you are failing to connect to? The path is %programdata%\wayk\logs\nowservice.log. You can attach it here, send by PM or send to my email.

There is a post here that discusses whitelisting. In summary, you need to whitelist three URLs for Wayk Den connectivity. Then, for peer-to-peer connections, you can enable the option to use a TCP relay and open TCP/8080 only.

if we can't get it working, will I be able to get a refund?


I'll let Marc confirm but I believe that's always an option, yes.

Thanks and kind regards,

Richard Markievicz

signaturesignature

Clock3 mths

Here is the latest log file you requested.

NowService.log
Clock3 mths

I've been working on allowing the port 8080 traffic and the only way I can get it to work is to allow my machines outbound access to everywhere over port 8080. If I try and limit it to just jet.wayk.net the connection fails. So is it safe for me to allow all of my machines outbound access to everywhere over port 8080? If so, how can I fix it to work?

Clock3 mths


Hello,

I confirm from your logs that you are correctly negotiating the latest version of our peer-to-peer protocol that attempts opening multiple network routes to select the best one that works. I see that you are trying to whitelist specific domain names rather than opening up ports, this may still be hard to do with the current deployment we have.

TCP ports 80, 443, and 8080 outgoing need to be allowed for optimal peer-to-peer connectivity. Wayk Now attempts opening a TCP connection on TCP/80 and TCP/8080, and it attempts opening a secure WebSocket connection over TCP/443, such that even if you have TLS traffic inspection in place, it should work.

The server produces a list of candidates like this:

{
"id": "febe088f-e95f-4720-abed-1a09f9dace03",
"role": "server",
"version": 2,
"candidates": [
{
"id": "fd2f360d-b3dd-5bad-51ea-4fdc24d2758c",
"url": "tcp://172.16.54.201:4489?ctype=host"
},
{
"id": "b87663e6-2f74-4f1d-8022-861464292a45",
"url": "tcp://devolutions-jet-0-9-0-prd-ncus-2.jet-relay.net:80?ctype=relay"
},
{
"id": "f735b9f3-a4f2-4581-bd98-7bdb076127fd",
"url": "tcp://devolutions-jet-0-9-0-prd-ncus-2.jet-relay.net:8080?ctype=relay"
},
{
"id": "f217528f-b4e0-46cf-aee0-1a9a944123c7",
"url": "wss://devolutions-jet-0-9-0-prd-ncus-2.jet-relay.net?ctype=relay"
}
]
}

Whitelisting by domain name may be difficult, because we use api.jet-relay.net as the entry point to several relay instances that are then referenced by their individual URL like devolutions-jet-0-9-0-prd-ncus-2.jet-relay.net. If you can use wildcards in your whitelisting, you can try adding *.jet-relay.net, it should work.

If you want direct connectivity (non-relay) to work, you will need to allow TCP/4489 inbound traffic. All other ports are for outbound traffic when the relay is used.

Marc-André Moreau

signaturesignature

Clock3 mths

Ok, are the things in your last post only dealing with my "regular" machines? I had sent a follow up that said if I open up access to port 8080 to anywhere on the internet I can connect to my "regular" machine. I still can't connect to any of my servers.

I don't see a way to whitelist port 8080 with wildcards so the only way I can get it to work is to allow all outbound traffic to port 8080. Is that safe or not for me to leave it like that? Am I opening up my network to something bad happening?

Clock3 mths

Hello,

The required ports are exactly the same regardless of the type of machine used, so I suspect the firewall configuration may have a different effect on the "regular" machines as opposed to the virtual machines. Maybe it has to do with multiple network interfaces, some networks being considered "private" or "public", etc. Please note that in order to make the connection, the Wayk Now client needs the same kind of firewall whitelisting as the server does.


Can you elaborate on what you mean by opening up access to 8080 to anywhere? I assume it is a firewall rule that means anything from a specific machine can do TCP/8080 outgoing, or can you restrict it to specific processes? Even if TCP/8080 is blocked, it should fallback to TCP/80 with a TCP protocol, or TCP/443 with a WebSocket-based protocol that should look like HTTPS/WSS traffic for a restrictive network environment. In fact, if all you have to TCP/443 outgoing allowed on both the client and server, it should still connect.

A log from the client in a case where it does not connect due to the firewall might help figuring out what gets blocked. The client gets a list of successful network route candidates from which it can try opening.


Best regards,

Marc-André Moreau

signaturesignature

Clock3 mths

I don't think this software is going to work for me. Why can't it work like Team Viewer? I don't have to open anything on my firewall for TeamViewer to work. I need something that is reliable so I know I will be able to connect from inside and outside my network and doesn't require all of this customization of my firewall.

Here is the log file from the client that I've been testing with all day. If I enable a rule in my firewall that says traffic from any-trusted to ANY over port 8080 the connection is successful. If I try and modify that rule to say from any-trusted to *.jet-realy.net or just jet-relay.net the connection fails. If we can't make this work, I will need a refund and try and find some other software that will work for me.

NowService.log
Clock3 mths


I suggest we just issue a refund now for your trouble, but you can keep the license. Wayk Now is supposed to work in your network environment, but there appears to be a problem with the firewall. We've designed the protocol to handle cases where the only thing that works is TCP/443 (HTTPS/WSS) outgoing traffic. Which firewall are you using, and what kind of traffic inspection does it perform? Is it configured to inspect encrypted TLS traffic?

Marc-André Moreau

signaturesignature

Clock3 mths

I use Watchguard for my firewall. It's probably just something I'm not understanding and configuring correctly.

Were you able to tell anything from the latest log file?

Clock3 mths