I have Openziti configured in a single Debian VM.
I am using zac console to configure the identities, services and policies.
I have a Windows server as identity configured to host (bound) rdp service configured with port 3389.
Have all the required ports opened on firewall. Have 2 Windows Edge clients (one inside and one outside the network) configured to dial to the service.
I see all identities showing those services. RDP is not working with the systems. Weirdly, I am able to ping to the host both from inside and outside..
Have policies and services linking the host identity with Bind policy and others with Dial policy..
What could be wrong?
Please help urgently..
Regards,
Anto
Hi @antogeorge, welcome to the community and to OpenZiti!
Community-based assistance is always "as we can get to it" (from the maintainers) and at the whim of other community members. If you require urgent support, it's probably best to try to establish a network with NetFoundry which will come with 24x7 support.
As for the problem with RDP, you've not provided enough information for anyone to assist you. When a service isn't working, here's the checklist of things you should check:
- is the client side identity on?
- is the client side identity enabled?
- do you see the relevant service listed for the given identity on the client?
- is the server side identity on?
- is the server side identity enabled?
- do you see the relevant service listed for the given identity on the server?
- look at the client's data/tunneler/service logs (for windows it'll be at Main Menu -> Advanced Settings -> Service Logs). Do you see any "error" or "warn" messages that are useful to relay? Do they help explain the issue? Do you see the service you're trying to access being "dialed"?
- look at the logs in the controller, does the controller have any errors?
- change the server's log level to DEBUG and restart the ZDEW using the big green button to make sure you have a clean log
- look at the server's logs (same as above), make sure the service is 'binding', do you see something like this at "DEBUG" level? "start_binding() server1.4 requesting BIND on ch[OCI us-ashburn-1 Edge Router 1]"
in 99% of cases, the logs have something useful in them that helps point at the issue.
I would say it's usually like 80% of the time in the client logs are enough, 15% the controller and 4% are at the hosting tunneler side. So looking at the logs in the order I specified is usually the right move.
Look at your logs and if you can't figure it out from the logs let us know
i have no issue RDP and use it almost on daily basis.
Looking at your post you seem to
- Single Controller + ZitiRouter on single VM
- Windows Server hosting RDP on the network with this Controller+ZitiRouter?
- Trying to RDP from remote via Openziti
If you jmay, provide how you configure the Configurations?
-
Intercept : This can be any fqdn or the ipv4 of your windows server. , ensure service role being set to the role your service configured to. Port 3389
-
Host configuration: for simplicity , you might want to disable forward ,just set TCP , the ipv4 of your windows server , port 3389
Above ensure IPv4 /fqdn : 3389 will be intercepted and forward to your host configuration
-
Create a Service - attached intercept/host configuration to it and assign a attribute role to it. example: myrdp
-
finally are access policies
Ensure the following being configured
Bind Policy - Select Service Attributes ← myrdp (or the roles attribute you assigned)
Select Identity Attributes ←- This is not your user identity , ensure you set to the ziti router role attribute or alternatively use @yourziti-router for specific ziti router
Dial Policy - Select Service Attributes ←- myrdp (or the roles attribute you assigned)
Select Identity Attributes ← This is most confusing part for new comer 
, ensure this is either #role-attributes of your user identity or @user-identity
once above are being set, review service and you should see Proper associate entities being associated especially terminators , ensure terminator is the zitirouter that you configured
1 Like