Tunnel Requires Internet To Install

For background in case it is relevant, the installer is signed by TWO different signers. One signer is from digicert (the top one) which is a legitimate 3rd party signing certificate, the other is from our internal PKI and it’s what we use for automatic updates:

Also - that reminds me - you’ll likely want to disable the ziti-monitor service’s checking for updates. Look at C:\Program Files (x86)\NetFoundry, Inc\Ziti Desktop Edge\ZitiUpdateService.exe.config.

I got it working, during the install a cab file is put onto the system I let the install fail and grab the cab file before it gets deleted and extract that to a folder on the C drive then I created a windows service. The software then opens and can be used as a windows service. Don’t know why I had to do it that way but hey it works

"C:\Program Files\*path to the edge.exe" -service install
"C:\Program Files\*path to the edge.exe" -service start            
1 Like

I don’t claim to understand all the ways of windows, for sure… I’m glad it worked for you!!!

1 Like

Honestly there is some dark magic that keeps windows running but I won’t question the magic. But can say Openziti works great Offline just some fun configuration games that have to be played

Do you have the certificates you guys use that I can pull and install manually

The extract and run as a service does open but does not connect to the data service when you try to do anything my belief is the install does more than just setup the service

specifically this folder crl/certs at main · openziti/crl · GitHub

I hate to ask this but could release another beta build I want to rule out my download from my install process. I have tried many different things but when I go to install from the provided executable I keep getting the cab file being corrupted or invalid signature. I know the cab file works as if you extract it manually you can open the UI but the UI will be buggy at best and I believe if I can get the exe working then I am finally done my testing and can move to full team evaluation

My belief is it is something with either the msi file or exe but it worked for you so I don’t quite understand why it wants to fight me

The strange behavior the tunnel is doing is not your code I think manual install is just not the way to go and it should be from the executable

Update: Gave up on the UI as it was not installing correctly just did the data service and that installed and I am able to get it running. I am having trouble adding the tunnel that was created to my ziti network below is a screen shot of what I am seeing

It is complaining about asyncmethod or end of file according to the service logs

Hi @cmbryner, been travelling and didn’t have time to reply…

There’s a new build that was made after the one I sent you. You should be able to see it as a ‘pre-release’ here: https://github.com/openziti/desktop-edge-win/releases/download/2.1.14/Ziti.Desktop.Edge.Client-2.1.14.exe

When you say you “gave up on the UI”, and you’re doing a ‘manual install’, I’m not exactly sure what or how you’re doing it so it does complicate matters a bit. It’ll be best to just try running the ziti-edge-tunnel manually for starters. That takes anything and everything out of the mix entirely. Is that what you’re doing now? I don’t think it’ll be easy for me to help troubleshoot why your installation doesn’t succeed, when it appears to work fine for me in my windows sandbox environment … :frowning:

When you write:

It is complaining about asyncmethod or end of file according to the service logs

Is that the tunneler complaining or “the UI” or something else? what is “it”?

No Problem, I am running the Ziti-Edge-tunnel exe manually from the command line and that seems to work just fine it starts up and configures itself when I go run the add command to the jwt file to enroll I get an error saying end of file error

The exact command I run is: ziti-edge-tunnel.exe add *path to the jwt file" this fails with end of file

I had one of our developers look at why it fails and from his quick look he believes it is failing because when you run the exe file it decompiles an msi and a cabinet file and there is no certificate file in the cabinet and it tries to go online and grab it( he was not sure but that was his best guess). His other theory is we use a lockdown version of windows so get approvals for a non locked version or move to linux

He also pointed out we are not on the latest patch release of windows 10 so that may be a hinderance as well

If you’re running ziti-edge-tunnel directly, there’s no MSI unpacking going on at all.

the CLI support for ziti-edge-tunnel on windows is pretty new and not super-well-tested fwiw… I think what you want to do is:

enroll the identity like this:

ziti-edge-tunnel.exe enroll -j c:\temp\client.jwt -i c:\some\idenity\path\client.json

the stop / start ziti-edge-tunnel. I’m not entirely sure what ‘add’ does without looking at it more closely

1 Like

This would have been better as a “top-level topic/question” too. If you need followup, would you mind making a new thread? thanks! :slight_smile: