-
Notifications
You must be signed in to change notification settings - Fork 14
Ziti Desktop Edge for Windows Troubleshooting
This page is useful for troubleshooting the various phases of using the Ziti Desktop Edge for Windows.
In general, the installation of the Ziti Desktop Edge for Windows goes smoothly. The only time when the installation will fail is when the service that provides the actual connectivity to a Ziti Network fails to start. Troubleshooting this is as easy as going into the log folder and looking at the ziti-tunnel.log. This log should indicate what the actual issue is.
- A bad download. At least one instance of a 'bad download' has affected the installation process. This was solved by re-downloading the install package.
If the service fails during startup the Ziti Network will not be available and the UI will display a message indicating: "Service Not Started". To diagnose this issue, you must review the ziti-tunnel.log. This log will contain the reason the service did not start properly.
There have been some users reporting that there are no logs in the normal location: %ProgramFiles(x86)%\NetFoundry, Inc\Ziti Desktop Edge\logs. If this is the case for you open the Windows Event Viewer and find all the events for the "Ziti Tunneler". One of these events will have information about where the log was written to. For example it will tell you the location: Ziti Tunneler starting. log file located at C:\Program Files (x86)\NetFoundry, Inc\Ziti Desktop Edge\logs\service\ziti-tunneler.log
Also make sure these common paths are set on your PATH environment variable:
- %WINDIR%
- %WINDIR%\System32
- %WINDIR%\system32\WindowsPowerShell\v1.0
During usage if a service is not accessible it's most often (but not always) because of network configuration as opposed to a bug in the client. Here's a list of actions to perform to to troubleshoot a client that doesn't seem to be working.
- verify you're running the latest version of the Ziti Desktop for Windows. Click on Main Menu and look to see if there is an update available. If there is go to https://github.com/openziti/desktop-edge-win/releases and download the latest version.
- Open the Ziti Desktop Edge for Windows UI and make sure an identity shows up.
- Looking at the identity and make sure the services count is greater than 0. If no services show up the overlay network configuration is incorrect and needs correction.
- Looking at the identity make sure the name of the identity is the one expected to see
- Looking at the identity - verify the toggle
- Click on the identity - the identity details card will pop up. Look at the services listed and make sure the service you expect to see is there
- Verify the service does not have a warning sign displayed. A warning sign will generally mean the network configuration is incorrect and more than one service will have the same intercept hostname and port specified. Update one or both services accordingly.
-
The most difficult error to troubleshoot is when the policies in place do not allow for the client to connect to any edge routers. This line will be shown:
[ 3715.881] ERROR ziti-sdk:deps/ziti-sdk-c/library/connect.c:230 connect_get_net_session_cb(): failed to load service[httpbin_preupdate_name_change]: NO_EDGE_ROUTERS_AVAILABLE(No edge routers are assigned and online to handle the requested connection)
This situation is entirely an overlay configuration issue. Grant the identity access to one or more Edge Routers
-
Look through the logs to see if there are any ERROR or WARNING messages that stand out - file an issue accordingly
-
Make sure the version of the controller is the same as the version of the router. Older routers with newer controllers or vice versa can sometimes contain incompatibilities. To rule these out it's best to ensure the versions are the same.
-
Verify the type of termination of the service in question. Is it router-terminated or hosted by an identity? Are the router/identity online? If hosted by an identity - is the identity connected? Can the router/identity dial the service? If not you will see an error such as:
lib/ziti_tunnel_cbs.c:25 on_ziti_connect(): ziti dial failed: Connection closed.
The logs can all be collected using the UI by going to Main Menu -> Feedback. An email will pop up containing a zip of the logs you've just collected. If you have no email client you'll be prompted to pick an email client. If you don't the logs will still be available for you at: %ProgramFiles(x86)%\NetFoundry, Inc\Ziti Desktop Edge\logs to collect manually. Collect the one with the timestamp that should be "seconds" away from when you pressed "Feedback". You can change the 'from' address in the email and then send the logs to whomever you like for support.
As another reminder, the log files from are always available at: %ProgramFiles(x86)%\NetFoundry, Inc\Ziti Desktop Edge\logs
Though clearly we aspire to never allow the service to crash we are still actively and heavily developing features. Sometimes this forward progress results in hard crashes in the ziti service. If this occurs and if you change networks so that the previous DNS server does not exist you may experience a situation where it appears that you have no network access whatsoever. If that occurs run this powershell snippet to reset your network interfaces:
Get-NetIPInterface | ForEach-Object { Set-DnsClientServerAddress -InterfaceIndex $_.ifIndex -ResetServerAddresses }
This is a known issue which should not happen but can and does infrequently happen. We are working on resolving this issue in future releases.