Hi everyone,
I am a newbie in OpenZiti. I have a problem when adding a JWT token to a Windows app. I am getting the error: 'Unexpected error System.IO.IOException: Unexpected error when sending data to service. ipcWriter is null. The target appears to be offline.' Could you help me please ?
Hi @murat, welcome to the community and to OpenZiti!
You're the second person I've seen with this particular error but I haven't been able to reproduce the issue. Can you explain what steps you're following to trigger this? This appears to possible be a crash of the data service (ziti-edge-tunnel). Could you possibly provide a feedback zip file by going to main menu-> feedback and sending me the zip file to Clint at OpenZiti.org?
Thank you for reporting the problem, this is one we definitely want to figure out.
Here is the logs
[redacted by clint - i have the zip thanks]
Thanks, I updated the post and removed the download only because there's some mild PII in the zip file. I have it though and will have a look
Are you constantly shutting down the service or is something else external to the ZDEW shutting it down? You are the only person running the tunneler at this time right? I see a lot of start/stopping of the tunnel.
Do you have clear steps I could use to reproduce the problem? Or could you DM me (here on discourse) a .jwt I could use on my side to attempt to reproduce the problem?
I'll keep looking at your logs for any clues but so far, I'm not seeing many. 
Thank you your fast reply,
Where can I admin console management and configuration document ?
I find only admin console installation.
I'm sorry but I don't know what your last reply means. 
I am asking for the steps you use to reproduce the problem.
Looking through your logs, the logs are very strange. Are you possibly running some sort of endpoint detection software that is somehow stopping the services erroneously? These logs are very odd. Unlike any I've ever seen before.
Where can I find ziti admin console management and configuration documents ?
I find only ziti admin console installation.
There's no ZAC documentation really to speak of. Generally speaking, the ZAC follows along with the ziti CLI and with the objects the OpenZiti controller defines: services, policies, configs etc. There is no "configuration documents" to speak of when it comes to the ZAC. If you have a specific question about the ZAC or it's use. I'm not sure what sort of document you're looking for, but we don't have any "how to use the ZAC" type doc.
The docs site is at What is OpenZiti? | OpenZiti
Sorry I'am newbie on Ziti. Can any easy method without tunneller. I manage to access my server in local without firewall port forwarding. Coild you recemommend other and easy method?
I use the ZAC a lot now-a-days. I deploy my controller on the open internet then host ZAC on the controller. for example https://ctrl.zrok.clint.demo.openziti.org:8441/zac/dashboard
Here is the jwt token.
[redacted by clint]
do not share JWTs directly in the public forum. JWTs should be treated as secrets. The JWT you sent me, was this the one you enrolled or is it a new one? It appears to be invalid so either you (or some random stranger who pulled down this JWT) has enrolled this identity already.
Discourse has a PM/DM feature. If you want to send me a zip file or jwt please DM it to me.
error.txt (6.0 KB)
example installation.txt (2.9 KB)
Here is my installation steps and errors that I'am taken. In Installation steps there are only difference ip and names. Could you help me please about error ?
Ok. Thanks for sharing your install steps. I have a feeling that the problem is that one ore more ports are not addressable. I see you are using the quickstart. I can see port 8440 and 8441 are open on your server but two ports are not. 8442 is not open nor is 10080.
Some things to check. After starting the controller run the following
ziti ops verify network --controller-config-file /path/to/controller
For example I broke my network on purpose, you'll see an error
Then run this for the edge router
run this on both routers and make sure things are good.
ziti fabric list links
make sure you see one link
from both the controller and the second router run:
ziti ops verify traffic
Make sure you see the "traffic test successfully detected" message:
If these are all clean and have no errors, download the ziti binary to the windows computer and run ziti ops verify traffic from there
Start there. IF you see any errors, try to figure out what is wrong. Let's see what this shows us
ziti ops verify network --controller-config-file /root/.ziti/quickstart/denemedeneme/denemedeneme-edge-router.yaml
INFO Verifying controller config: /root/.ziti/quickstart/denemedeneme/denemedeneme-edge-router.yaml
FATAL map didn't contain key options
ziti ops verify traffic
WARNING no prefix and mode is not 'both'. default prefix of 2025-03-12-0523 will be used
Using controller url: https://ziti.gardiyan.com:8441/edge/management/v1 from identity 'default' in config file: /root/.config/ziti/ziti-cli.json
Using username: admin from identity 'default' in config file: /root/.config/ziti/ziti-cli.json
Enter password:
Token: 264e0ee1-f739-4f43-a150-8519791c03a2
Saving identity 'default' to /root/.config/ziti/ziti-cli.json
INFO generating P-384 EC key
INFO generating P-384 EC key
INFO waiting 10s for terminator for service: 2025-03-12-0523.traffic
INFO successfully bound service: 2025-03-12-0523.traffic.
INFO Server is listening for a connection and will exit when one is received.
INFO new service session session token=f64acda6-a90b-4afe-a5f9-1a60bea24045
FATAL terminator not found for service: 2025-03-12-0523.traffic
but there is no router.yaml on local edge-router
you passed the router config to the controller config comand. make sure you pay attention to those commands, they are easy to conflate.
ziti ops verify network --controller-config-file $HOME/.ziti/quickstart/$(hostname)/$(hostname).yaml
and
ziti ops verify network --router-config-file $HOME/.ziti/quickstart/$(hostname)/$(hostname)-edge-router.yaml
the verify trafic shows me you have a port blocked. make sure all the ports are open. review the four ports in your configs, watch this video for a walkthrough, and find the port that's blocked and run those commands until you have success
Thank you your answers but I dont understand 10080 port must be open on local edge router or public edge router ?
You need to find the port from your configurations that isn't open. The video shows you the ports, the config file has only a few places where ports are used. You need to check your config and those ports.
Thank you I have controlled all of the port is open. But I cant access. I'am taking only this error ERROR ziti-edge-tunnel:ziti-edge-tunnel.c:510 on_event() ztx[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.pc.json] failed to connect to controller due to ziti context is disabled