okay, so I’m having an issue with our in-house hosted apps and VDI’s. the Site sits at https://sample.sample.com/rdweb however with the appwan configured I can’t access it. I can access the root https://sample.sample.com but not the /rdweb or /webclient or anything after a / I can also access the server and VDI farm via mstsc any suggestions would be excellent. See below for appwan and service config
Hi @abuchman. Welcome to OpenZiti and to the community! I see what looks like a screen shot from CloudZiti, and another from ZAC. 
Are those for two different overlay networks? I don’t believe you can use ZAC with CloudZiti, which has me a little bit confused
Often an HTTP server will ‘redirect’ users. Is there any chance that’s happening for you? It’s a very common thing for devs/ops to do but will absolutely cause problems with the interception if the additional addresses are not specified. I can’t tell for sure, but that’s my hunch.
If you can use curl, or maybe dev tools, we might gain more insights
thanks @TheLumberjack so they are both from cloud ziti its an appwan and its associated services. there is a redirect for duo 2fa do I need to kill that?
Cool. If there’s a redirect, you probably need to stop that, yes. I can’t say for sure. I just don’t understand the app, what duo 2fa is “doing” for you etc. You could also intercept that address too though, I would think. Again, I don’t know for sure. This is a bit of a tricky situation since I am not an expert with your application.
What I can tell you for sure, is if the website redirects you, and the redirected site is not available, it’ll cause problems because that site won’t be available to the client.
I’m not sure if that’s exactly helpful or not, but it’s a tough one for me to be “sure” about a response.
So i have removed duo and the redirect and still no gas any other thoughts?
Can you fire up devtools (F12 or via the hamburger menu), try to access the site and show me what the network view looks like? You’ll be looking for any ‘red’ rows that would indicate some kind of failure.
Take salesforce for example. Back when I used them, I’d login to “salesforce.com” but they would then redirect me to “na1.salesforce.com”. If that sort of thing is happening to you, you would need to change the intercept accordingly.
Yeah. What’s that first “webclient” 301 redirecting you to?
Its not redirecting at all and interestingly I can access it if I turn the ziti client on my laptop off but the client on the server is still on
That very first row is an http response code 301. It’s telling your browser that the resource has moved permanently to a new location and you should ‘stop using’ this url… 301 Moved Permanently - HTTP | MDN
Can you click on that top webclient and click ‘copy link address’? Or inspect the headers/payload?
Still gonna need you to click on that very first row that says “webclient/” please. I’d like to see if that’s a 301 too. I suspect it is and it’s sending you to “remote.pyramidci.com”
And now would you do the same when the openziti client is on? Notice that’s a 304 not a 301. 304 means it’s not changed so just use whatever is in the cache. That other post showed a 301. Let’s look at that now
Unfortunately, we need to see those “response headers”. Specifically we need to see the ‘location’ header.
As an example this is an old url of ours: https://github.com/openziti-incubator/zssh It will 301 you to the NEW location of https://github.com/openziti-test-kitchen/zssh
Showing the 301:
Showing the response header - location:
so how do I get that?
