Admin Console not connecting to Edge Controller

I restarted the install when I first installed I got the following errors could this be causing my issue

It looks as if it is not trusting the CERT to do a TLS handshake

That’s the case when you land at the controller’s endpoint in a “non-mTLS” way. That’s not the issue here. Also those node related warnings, I get them too when running locally.

You’re still having a problem, right? It’s almost like we need to make a small node test app to figure out what’s happening for you. I really cannot reproduce still, sadly. :frowning:

I am still having the problem when I connect it says the controller is not online which is strange because it is online and able to be navigated to and the tutorial works

@jeremy.tellier - could we perhaps make a small branch from ZAC with additional debug lines to see if we can narrow down where / how this is failing for @cmbryner ?

This is a first, for sure, for this type of problem, @cmbryner. Unfortunately (thankfully?) you’re the only one to have this issue so far. If we added more debugging (as I mention above), could you pull a particular branch and try it out? We can provide instructions here how to clone/checkout a branch.

If you provided instructions I could do that and give a try.

Great. One more thing just came to my mind, if you open “developer tools” when ZAC is having this problem, is there anything helpful/useful logged in the console logger? Maybe it’s browser related somehow?

As you suggested, yuou could try a whole different VM too, just to see the thing work on a different VM… At least then you could feel better that it’s somehow RHEL related

The errors above are not the ZAC error log, can you run “node ./server.js debug” from the ZAC folder ziti-console where ls shows server.js and server.cjs?

I just made sure every ZAC node package was at the latest and a new image is processing now for 2.5.5 but I don’t see request being newer than what was there. From what I can tell with the log above it times out trying to connect.

@cmbryner - Just released version 2.5.6 of ZAC which exposes the detail around what the request errors with, try that and let us know what the console window says after trying with that please, that should help with this mystery. Thanks!

I never noticed this on the quickstart and went back to the original install and this message is consistent so it may be the controller install and not the admin console

I was making a big long post about recreating the problem, and it seems like I’m finally able to reproduce the problem exactly… I’ll see if I can debug more and will follow-up later.

The Tar wasn’t the problem after resolving the issue the same behavior occurs, the proxy messed with me

Definitely interested in what you find

Well… My problem was I had goofed up the port… :frowning:

Here’s a bunch of steps to try and an accompanying video I made demonstrating/narrating the steps

stop / kill any running processes

systemctl stop ziti-console
systemctl stop ziti-router
systemctl stop ziti-controller
for pid in $(pgrep ziti); do kill -9 $pid; done

cleanup old install by removing it all

rm -rf $HOME/.ziti

source the setup file but don’t run expressInstall just yet

source /dev/stdin <<< "$(wget -qO-"; 

run unsetZitiEnv

This is to make sure your shell is clean for the express install step. You don’t need
to do it this way if you start with a clean shell, but I’m demonstrating how you
clean up/start over this way and this is the safest way to do it


setup the password you want the controller to use

this step just makes it easier to setup the password you want to use first before
running expressInstall


Run expressInstall


source the .env file expressInstall creates

source $HOME/.ziti/quickstart/$(hostname -s)/$(hostname -s).env

start the controller:


verify the controller is running

look at the log and make sure you see something like:

[ 0.703] INFO xweb/v2.(*Server).Start: starting ApiConfig to listen and serve tls on for server client-management with APIs: [edge-management edge-client fabric]

tail -5 $ZITI_HOME/$(hostname -s).log

issue zitiLogin or ziti edge login to verify you can login


# you'll see something like this shown:
# Token: d93a89f3-0955-42e8-8457-fef514ae2980
# Saving identity 'default' to /root/.ziti/quickstart/localhost/ziti-cli.json

start the router


look at the last 25 router log lines to make sure it’s running and seems fine

make sure you don’t see any ERROR and that the last lines look something like:

[ 2.522] INFO edge/tunnel/intercept.SetDnsInterceptIpRange: dns intercept IP range: -

tail -25 $ZITI_HOME/$(hostname -s)-edge-router.log

install ZAC from source

git clone "${ZITI_HOME}/ziti-console"

verify npm 8+ and node 16+ using `npm version’

npm version
  npm: '8.19.2',
  node: '16.18.1',

cd to code and run npm install manually

cd "${ZITI_HOME}/ziti-console"
npm install

setup zac for TLS

ln -s "${ZITI_PKI}/${ZITI_EDGE_CONTROLLER_HOSTNAME}-intermediate/certs/${ZITI_EDGE_CONTROLLER_HOSTNAME}-server.chain.pem" "${ZITI_HOME}/ziti-console/server.chain.pem"
ln -s "${ZITI_PKI}/${ZITI_EDGE_CONTROLLER_HOSTNAME}-intermediate/keys/${ZITI_EDGE_CONTROLLER_HOSTNAME}-server.key" "${ZITI_HOME}/ziti-console/server.key"

manually start ZAC and confirm both http/https listening in debug mode:

run node server debug

node server debug
Initializing TLS
TLS initialized on port: 8443
Ziti Server running on port 1408
1 Like


and I know why there were 3 things that messed me up all self inflicted

  1. the NPM version was jacked up somehow the image the company provided me with had npm 18 on rhel 7.9 (hint rhel 7.9 is not compatible with it at least not in the way they want it to be)
  2. My compiler was misconfigured for the use of npm (that is on me, multiple projects and testing different things can do that)
  3. Permissions on the server certifications was incorrect somehow don’t know how but they were different when I compared my working install to the broken

Now comes the fun part of taking this software for a joyride to see if it works in offline environments


Thank you for all your help

HEY HEY! Glad that it helped and that you got it working! Great to hear! Can’t wait to see what you end up using it for, let us know! :slight_smile: