Connection could not be established

Hello


I'm sorry to hear about the connection issue. To help us give the proper advice, can you clarify whether you are running Remote Desktop Manager (using the embedded Wayk Now connection type), or the Wayk Now standalone client on your Samsung? The diagnostic and troubleshooting process will be different depending on the client used.

Thanks and kind regards,

The WaykNow client

Hello again

Thanks for the confirmation. I'll ask someone to move this thread into the Wayk Now topic, where it will get more visibility.

Can you confirm you're running the latest version of Wayk Now on both your Android device and the server-side? As of today, that's 2019.2.2. There were significant changes to peer-to-peer connectivity in the move to the 2019.2.x versions.

On Android, you can check the version from the main menu > About screen. On Windows, you can check the Help > About Wayk Now window.

I'm assuming that you're trying to connect over the internet using the 6 digit Wayk ID of the remote machine? Is your Android device on Wifi or a cellular connection?

On your Android device, you can try enabling the option "Prioritize relay servers for peer-to-peer communications" (this can be found from the main menu > Settings > Wayk Den).

If stability is not improved; please turn the logging level to "Debug" (this is in Settings > Logging), and then reboot your Android device. Now try to reproduce the issue, and afterwards you can navigate back to Settings > Logging > View Log. There is a "Share" icon in the top toolbar, and you can share the log file with us with via the forum or at support@devolutions.net.

It is also helpful in such a case if you can share the corresponding log file from the remote machine (in this case, it will be found in %programdata%\wayk\logs\nowservice.log).

Please don't hesitate to let me know if you have any questions on the above

Thanks and kind regards,

I'm just replying here to make sure you received the log files I sent. I thought the responses I made through email would show up here but they have not.

Hello again

I did receive the log file from your Android device. Did you also have one from the server side? You could sent that direct to me at (my username @devolutions.net) if you have it.

Did you try with the option I specified above ("Prioritize relay servers for peer-to-peer communications")?

I don't believe that replying to forum notification emails puts the reply on the forum, I'm afraid. You need to follow the link in the email and reply directly on the board.

Thanks and kind regards,

Ok, here is the log file from the computer.

I did turn on the option to Prioritize and it did the same thing. I am running the latest versions.

It does the same thing whether I'm on wifi or cellular on the android tablet and my phone and it also does the same thing from my windows computer.

I have successfully connected to each of the 4 machines at one point in time, but it's not reliable. I can't even connect to them when I'm in the same wifi network when I'm at the school.

So there's definitely a problem somewhere. Hopefully the logs will help you figure it out. If not, I may need a refund.

Thanks for your help.

I also uninstalled it from the 4 servers and installed it again this morning and it didn't help either.

Hi again

Thanks for the log file and the additional info. From an initial look, the issue seems to lie on the server (Windows) side. It will take a little time to fully diagnose the log file - thanks for your patience on that.

If possible, can you check for the following files (from the same machine you already sent me a log from), and if they are present, provide them as well?

%temp%\waykhost.log
%systemroot%\temp\nowsession.log

Thanks once again and kind regards,

Here are those files.

Hello

Thanks for the follow up.

If you examine Task Manager on the machine you provided the log files from; do you see the process NowSession.exe running? If so, and you "End Task" that process, are you able to connect via Wayk Now?

Are you running any kind of third party anti-virus or security software? Can I know the details if so?

We appreciate your continued help diagnosing the issue.

Thanks and kind regards,

Ending the NowSession.exe did not help.

I run Sophos Endpoint on all of my machines for my anti-virus.

Hello again

Thanks for being patient with my questions while we investigated this.

I've identified a potential bug that I'm pretty sure is causing this. Basically, there exists a race condition in the communication between the Windows service component and the capture process (NowSession.exe). The service could attempt to start capturing the desktop before the session process is ready.

This is the first time we've seen this issue reported and I've been unable to replicate it on my side. Although that is the nature of a race condition; I wonder if there are particular circumstances in your environment that trigger the behaviour. I've seen anti-virus / security products cause similar timing issues in the past but I expect Sophos to be fine (we also use Sophos internally). Can I ask what the processor configuration is on your Windows machines?

Regardless, we are working on a fix for that now. I will reply back here later today with some more news on that.

Thanks again,

These are Hyper-V virtual machines that I'm trying to connect to. I have 4 virtual servers on 2 physical boxes (2 on each). The boxes are Dell PowerEdge T430 servers. What other info would you like to know about them?

I have not tried to use the software to connect to a "regular" desktop or laptop yet. I will try and set that up now and let you know the results of that.

Hello again

The nature of a race condition means that it might only be exposed with particular hardware setups. In this case, I was able to reproduce your issue by running the service inside a VMWare instance with only a single CPU core. This changed the timing of things enough to cause the bug to occur. In your environment - which sounds pretty standard - there must be some other reason. Regardless, the bug should not exist and we have implemented the fix for that.

I don't have a timeline for the next release of Wayk Now; except to say it is unlikely to be before the second half of January. In the meantime, there are a couple of options:

- You could downgrade to 2019.2.1 (still available for download - 32-bit and 64-bit) in the meantime.
- I could provide a beta 2019.2.3 installer including the fix, with the caveat that it hasn't been through a full QA pass (although I believe things should only be more robust). We should be able to provide that this week.

Let me know what you think,

I will try the beta first.

Hello again

I will reach out to you by email once that is available (it should be this week).

Thanks and kind regards,

Hello again

I have sent you an email with further details on this. Please let me know if you don't receive that.

Thanks and kind regards,

I did get your email, but even with the new version it still won't connect. I was able to get one or 2 of them to connect a time or two but nothing consistently. I did load it on a desktop and a laptop and I can connect to them everytime without an issue. So it's definitely something with the virtual servers. What do I need to do now?

Hello,

I would like to get a good understanding of the target environment, such that we could replicate it for future testing. From what you said earlier, I understand you have two Dell PowerEdge T430 physical servers running Windows Server 2012. Each of those physical servers runs two Hyper-V virtual machines. Wayk Now is installed in the virtual machines, but now the Hyper-V hosts.

Did you try installing Wayk Now on the Hyper-V host, and if so, do you have a different result? Can you tell us the exact versions of Windows for both the Hyper-V host and Hyper-V guests? Is is Windows Server 2012, or Windows Server 2012 R2? I would download the corresponding iso files and see if we can spin up a similar environment.

Best regards,

The servers don't have the gui of Server 2012 R2. I can only RDP into them and don't think I can install the Wayk client on them. I'm not trying to connect to them directly anyway.

The virtual server guests are all running Server 2012 R2.

I have another question/issue now too with my "regular" machines. Is there a "whitelist" list somewhere? I installed the client on several machines this morning and the only way I can connect to them is if I put them in a policy in my firewall that basically opens the firewall wide open, the way I have these servers setup. So I can't do that for my other machines so I need to know what I can do so I can allow this software to work with my firewall.

It's looking more and more like this software is not going to to work. I really want it to. But, if we can't get it working, will I be able to get a refund?

I appreciate all of the help. If a remote session or phone call would help with this, you can reach me anytime at 409-673-3843.

Hello again

Can you please provide me with an updated log from the one of the machines you are failing to connect to? The path is %programdata%\wayk\logs\nowservice.log. You can attach it here, send by PM or send to my email.

There is a post here that discusses whitelisting. In summary, you need to whitelist three URLs for Wayk Den connectivity. Then, for peer-to-peer connections, you can enable the option to use a TCP relay and open TCP/8080 only.

I'll let Marc confirm but I believe that's always an option, yes.

Thanks and kind regards,

Here is the latest log file you requested.

I've been working on allowing the port 8080 traffic and the only way I can get it to work is to allow my machines outbound access to everywhere over port 8080. If I try and limit it to just jet.wayk.net the connection fails. So is it safe for me to allow all of my machines outbound access to everywhere over port 8080? If so, how can I fix it to work?

Hello,

I confirm from your logs that you are correctly negotiating the latest version of our peer-to-peer protocol that attempts opening multiple network routes to select the best one that works. I see that you are trying to whitelist specific domain names rather than opening up ports, this may still be hard to do with the current deployment we have.

TCP ports 80, 443, and 8080 outgoing need to be allowed for optimal peer-to-peer connectivity. Wayk Now attempts opening a TCP connection on TCP/80 and TCP/8080, and it attempts opening a secure WebSocket connection over TCP/443, such that even if you have TLS traffic inspection in place, it should work.

The server produces a list of candidates like this:

{
"id": "febe088f-e95f-4720-abed-1a09f9dace03",
"role": "server",
"version": 2,
"candidates": [
{
"id": "fd2f360d-b3dd-5bad-51ea-4fdc24d2758c",
"url": "tcp://172.16.54.201:4489?ctype=host"
},
{
"id": "b87663e6-2f74-4f1d-8022-861464292a45",
"url": "tcp://devolutions-jet-0-9-0-prd-ncus-2.jet-relay.net:80?ctype=relay"
},
{
"id": "f735b9f3-a4f2-4581-bd98-7bdb076127fd",
"url": "tcp://devolutions-jet-0-9-0-prd-ncus-2.jet-relay.net:8080?ctype=relay"
},
{
"id": "f217528f-b4e0-46cf-aee0-1a9a944123c7",
"url": "wss://devolutions-jet-0-9-0-prd-ncus-2.jet-relay.net?ctype=relay"
}
]
}

Whitelisting by domain name may be difficult, because we use api.jet-relay.net as the entry point to several relay instances that are then referenced by their individual URL like devolutions-jet-0-9-0-prd-ncus-2.jet-relay.net. If you can use wildcards in your whitelisting, you can try adding *.jet-relay.net, it should work.

If you want direct connectivity (non-relay) to work, you will need to allow TCP/4489 inbound traffic. All other ports are for outbound traffic when the relay is used.

Ok, are the things in your last post only dealing with my "regular" machines? I had sent a follow up that said if I open up access to port 8080 to anywhere on the internet I can connect to my "regular" machine. I still can't connect to any of my servers.

I don't see a way to whitelist port 8080 with wildcards so the only way I can get it to work is to allow all outbound traffic to port 8080. Is that safe or not for me to leave it like that? Am I opening up my network to something bad happening?

Hello,

The required ports are exactly the same regardless of the type of machine used, so I suspect the firewall configuration may have a different effect on the "regular" machines as opposed to the virtual machines. Maybe it has to do with multiple network interfaces, some networks being considered "private" or "public", etc. Please note that in order to make the connection, the Wayk Now client needs the same kind of firewall whitelisting as the server does.


Can you elaborate on what you mean by opening up access to 8080 to anywhere? I assume it is a firewall rule that means anything from a specific machine can do TCP/8080 outgoing, or can you restrict it to specific processes? Even if TCP/8080 is blocked, it should fallback to TCP/80 with a TCP protocol, or TCP/443 with a WebSocket-based protocol that should look like HTTPS/WSS traffic for a restrictive network environment. In fact, if all you have to TCP/443 outgoing allowed on both the client and server, it should still connect.

A log from the client in a case where it does not connect due to the firewall might help figuring out what gets blocked. The client gets a list of successful network route candidates from which it can try opening.


Best regards,

I don't think this software is going to work for me. Why can't it work like Team Viewer? I don't have to open anything on my firewall for TeamViewer to work. I need something that is reliable so I know I will be able to connect from inside and outside my network and doesn't require all of this customization of my firewall.

Here is the log file from the client that I've been testing with all day. If I enable a rule in my firewall that says traffic from any-trusted to ANY over port 8080 the connection is successful. If I try and modify that rule to say from any-trusted to *.jet-realy.net or just jet-relay.net the connection fails. If we can't make this work, I will need a refund and try and find some other software that will work for me.

I suggest we just issue a refund now for your trouble, but you can keep the license. Wayk Now is supposed to work in your network environment, but there appears to be a problem with the firewall. We've designed the protocol to handle cases where the only thing that works is TCP/443 (HTTPS/WSS) outgoing traffic. Which firewall are you using, and what kind of traffic inspection does it perform? Is it configured to inspect encrypted TLS traffic?

I use Watchguard for my firewall. It's probably just something I'm not understanding and configuring correctly.

Were you able to tell anything from the latest log file?

Hello,

I have issued a request for a refund, but feel free to keep using the license. We will still investigate the reported issues, but since you've been really helpful so far we don't want to waste more of your time.

Best regards,

I had purchased the 3 year license so you're saying you've refunded my $344.24 to my Visa and you're going to allow me to still use the software for 3 years? Will I still be able to get help on the forums? I really want this software to work. If you think we can get it to work, I want to still work on it if you want to.

Hello

With regard to the "connection could not be established" issue - I believe my earlier fix missed part of the problem. I will reach out to you one more time over email regarding that, hopefully later today.

With regard to the firewall issue, you wrote:

On the machine you are connecting *from*, I'm afraid the log file is different (since the architecture splits things across multiple processes, and the logging is not unified). So please perform the following steps (on the machine you are connecting from - assuming it's a desktop and not the Android client?):

- open the Wayk Now application and navigate to Options > Advanced > Logging Level, changing the level to "DEBUG"
- close the Wayk Now application and re-open it
- try your connection again, in a configuration where the firewall is blocking things
- then send us the file from %appdata%\wayk\logs\wayknow.log

That may give us a better idea of what's happening. If you have any questions on the above, please don't hesitate to comment back here

Thanks and kind regards,

Hello,

I understand your concern - we issued a refund for the simple reason that you have already spend a lot of your time helping us debug issues, but we do wish to go to the bottom of this and you will get the same level of support, even if you've bought a 3 year license. In other words, nothing changes, it's the same as before except you now have an Enterprise license for free :)


Best regards,

Thanks Marc!! You didn't have to do that. I know with software like this it may take some time to get it working. I am about to be on Christmas break until January 6th so I may not have much time to work on this during that time. When I can I will write on this post to continue the troubleshooting.

Hello again

I'm confident that our latest fixes will resolve the original issue on this thread. I understand that you will be on Christmas break until the new year so I won't rush to prepare a further pre-release build right now. If you let us know when you are ready to resume testing this, we will supply you with an updated release candidate. We can continue reviewing the firewall configuration at the same time.

Thanks again, and happy holidays

Thanks Richard!! I appreciate all of the help. What days will y'all be closed for the holidays?

Hello

The offices are closed from December 24th until January 2nd (inclusive); but the regular support queues are still monitored during this time for any critical issues.

Thanks again,

Ok, thanks! I will reach back out on the 2nd or 3rd. Do you do any kind of remote sessions/phone call support to help speed up the process of support?

Hello

Yes, certainly - touch base with me when you have time to address in the new year, either on the forum or via email.

Thanks again,

Thanks! I will just email you. Have a Merry Christmas and a Happy New Year!!

Hello

I did not hear back from you on this topic yet; but I'm providing a small update from our side.

Wayk Now 2020.1.0 is now generally available and I believe it will resolve the intermittent (but regular) connectivity issues you were experiencing.

I will be happy to know if that resolves the issue for you, or you still experience a problem.

Further, we are happy to assist with the proper firewall configuration and address any issues on our side that might be preventing that from working properly.

Thanks and kind regards,