Wayk Den install on Windows 2019, cannot Start-WaykDen

Hi Raymond,

Can you run the following command to extract the logs and send them to us?

docker logs den-server > den-server.txt

This should extract the logs of the container that failed to start. You can send the logs to wayk@devolutions.net or upload them here.

Also, I forgot to mention, but you can get the full docker command output by using Start-WaykDen -Verbose. This can help see the final "docker run" commands with all the parameters and environment variables injected in each container.

Hi Marc-André,

The den-server log:
2020-03-26T09:01:04.581557700+01:00 INFO den_server::router::router - Redis is not configured. Cache in memory will be used.
2020-03-26T09:01:04.598564300+01:00 WARN den_server::router::router - Keen client not configured.
2020-03-26T09:01:04.598564300+01:00 INFO den_server::router::router - Nats is not configured.
2020-03-26T09:01:04.599562300+01:00 INFO den_server::router::router - Starting listeners on ws://0.0.0.0:4491
2020-03-26T09:01:04.600560+01:00 DEBUG reqwest::connect - starting new connection: http://den-lucid:4242/
2020-03-26T09:01:05.799586200+01:00 ERROR den_server - Unable to initialize DenServer: "error sending request for url (http://den-lucid:4242/client): error trying to connect: dns error: No such host is known. (os error 11001)"

Because it showed dns error for den-lucid:4242/client, I've tried adding den-lucid to the hosts file with the local ip address, but that didn't do anything.

When I've tried to get the logs of den-lucid with docker logs den-lucid > den-lucid.txt (is that even usefull?) I've got:
[2020-03-26T08:09:22Z INFO lucid::server::server] Loading repositories
[2020-03-26T08:09:54Z ERROR r2d2] No servers available for the provided ReadPreference.

I also have the output of the Start-Waykden -verbose, but it shows a lot of sensitive info. I have emailed this to wayk@deolutions.net.


Kind regards,
Raymond

Hi Raymond,

Long story short, hostnames like "den-lucid" match their container names within a docker network created for the Wayk Den components. We have another issue who encountered a similar problem with a docker host that was using '127.0.0.1' as the configured DNS server: https://github.com/Devolutions/WaykDen-ps/issues/65#issuecomment-603934918

We also have a colleague who encountered the same issue this week when connected through a VPN to the office, but we didn't get a chance to investigate further. My guess is that the VPN software changed the default DNS server to 127.0.0.1 as well, but we'll know when we take a closer look.

By default, docker uses the DNS servers from the docker host for resolution, in addition to DNS entries it adds for containers within the docker network. However, 127.0.0.1 within a container means the localhost interface of the container, not the host, which is why it won't work. If the DNS server is an IP address on the host network, it should work.

First, check if this is your case (127.0.0.1 as your DNS server). We'll do some research and see how we could handle this better in the options we inject to the docker commands.

Best regards,

Hi Marc-André,

Indeed, 127.0.0.1 was used as the secondary DNS server. I removed this, rebooted the server, and the service would start.

However, when I go to localhost:4000 it throws a bunch of errors:
Uncaught (in promise): Error: Network Error 3Rfw/t.exports</e.JsonService</t.prototype.getJson/</a.onerror@http://localhost:4000/web/main.a49daa0cafa54590663c.js:1:130576 E@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:18568 r/</u</e.prototype.invokeTask@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:8183 onInvokeTask@http://localhost:4000/web/main.a49daa0cafa54590663c.js:1:1133322 r/</u</e.prototype.invokeTask@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:8104 r/</s</t.prototype.runTask@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:3262 r/</f</t.invokeTask@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:9315 p@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:22293 h@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:22527

T@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:13706
T@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:13244
S/<@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:14512
r/</u</e.prototype.invokeTask@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:8183
onInvokeTask@http://localhost:4000/web/main.a49daa0cafa54590663c.js:1:1133322
r/</u</e.prototype.invokeTask@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:8104
r/</s</t.prototype.runTask@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:3262
_@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:10499
r/</f</t.invokeTask@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:9344
p@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:22293
h@http://localhost:4000/web/polyfills.d0a00739bbfdd1782543.js:1:22527

Can't make much of this.

Is there anything that needs to be re-installed, and if yes, how?


Kind regards,
Raymond

Hi Raymond,

You are almost done, please see this other thread here:
https://forum.devolutions.net/topics/33433/den-server-errors#138395

You just need to access Wayk Den from the external url, not the listener URL.

Best regards,

Hi Marc-André,

If I set the url to Set-WaykDenConfig -ListenerUrl 'http://localhost:4000' -ExternalUrl 'http://localhost:4000', I get the login webpage from Den when I go to localhost:4000.

Externally will not work yet it's throwing a certificate error: SSL_ERROR_RX_RECORD_TOO_LONG. I'll try to reload the certificate again.

Do I need to setup ldap/active directory to login to the webinterface?

I'm struggeling a bit to find the correct help. Is there something help page dedicated for Den?



Thanks again,
Raymond

Hi Raymond,

You do not need to setup LDAP / Active Directory to be able to perform the initial login.

Did you do a Stop-WaykDen, Start-WaykDen to apply the configuration changes?

An SSL_ERROR_RX_RECORD_TOO_LONG error is normally the symptom observed when trying to access a website in HTTPS on an HTTP listener. Since you configured 'http://localhost:4000' as your listener and external URL, you should use http://localhost:4000 to access it, and not https://localhost:4000.

The correct way to configure the certificate is to import it with Import-WaykDenCertificate, and then set your listener URL with https (https://localhost:4000). You can then set the external URL through which the application will be access externally. This external URL should have the same hostname as the common name in the certificate.

As for a good portion of the Wayk Den help, see this section of the Azure VM getting started guide:
https://github.com/Devolutions/WaykDen-ps/blob/master/docs/getting-started-azure.adoc#step-3-launch-wayk-den

Best regards,

Hi Marc-André,

I did use the Import-WaykDenCertificate. It seems to have troubles with my pfx. I will try again with PEM format. After each change I have restarted Den with Restart-WaykDen.

It must be staring me in the face, but I can't find it, the default login for Den.

Sorry for all the stupid questions!


Kind regards,
Raymond

No worries about questions, they aren't stupid at all :) We're just hoping you can get it working.

With the pfx certificate, make sure to also include the -Password parameter. We don't support a password-protected .key file when using .pem. What Import-WaykDenCertificate is load the certificate in pfx or pem + key format, and re-export it correctly with the chain in the correct order in .pem + .key format. You can inspect the final imported certificate at the following location relative to the directory where you configure Wayk Den:

.\traefik\den-server.pem
.\traefik\den-server.key

den-server.pem should contain both the leaf and intermediate certificate
den-server.key should contain the private key in PEM format, without a password.

I should also mention that self-signed certificates are not supported. Custom CAs can be supported but not recommended as they require a lot of effort to correctly deploy everywhere for correct client-side validation. In the end, you need a setup that works within a browser with automatic validation, just like a regular website, for both the Wayk Den Web UI and the connection from Wayk Now to Wayk Den.

Hi Marc-André,

I'll send another email in a minute, with some certificate info in it.

Kind regards,
Raymond

With the help of Marc-André I did get the website up and running.

But, what's the default login for it?


Kind regards,
Raymond

Hi Raymond,

The default username and password for the initial login is wayk-admin // wayk-admin
https://github.com/Devolutions/WaykDen-ps/blob/master/docs/getting-started-argo.adoc#step-4-complete-initial-configuration-from-wayk-den-web-ui

Best regards,