Ziti Edge Desktop enrollment error

Hey, I'm trying to enroll an identity on Ziti Edge Desktop on Windows (2.5.5.0).

I'm getting this error:

image371×300 17.7 KB

And an error appears on the logs :

[2025-03-04T22:19:36.562Z] ERROR	ZitiDesktopEdge.ServiceClient.DataClient	unexpected error in read: Soit l'objet IAsyncResult ne provient pas de la méthode async correspondante de ce type, soit EndRead a été appelé plusieurs fois avec le même IAsyncResult.	System.ArgumentException: Soit l'objet IAsyncResult ne provient pas de la méthode async correspondante de ce type, soit EndRead a été appelé plusieurs fois avec le même IAsyncResult.
   à System.IO.Stream.EndRead(IAsyncResult asyncResult)
   à System.Threading.Tasks.TaskFactory`1.FromAsyncTrimPromise`1.Complete(TInstance thisRef, Func`3 endMethod, IAsyncResult asyncResult, Boolean requiresSynchronization)
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
   à System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   à System.IO.StreamReader.<ReadBufferAsync>d__97.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
   à System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   à System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   à System.IO.StreamReader.<ReadLineAsyncInternal>d__60.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
   à System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   à ZitiDesktopEdge.ServiceClient.AbstractClient.<readMessageAsync>d__55.MoveNext()
[2025-03-04T22:19:36.617Z] ERROR	ZitiDesktopEdge.MainWindow	CODE: 10	
[2025-03-04T22:19:36.617Z]  INFO	ZitiDesktopEdge.MainWindow	Service is starting...	
[2025-03-04T22:19:36.633Z] ERROR	ZitiDesktopEdge.ServiceClient.DataClient	Unexpected error	System.IO.IOException: Unexpected error while reading data. Soit l'objet IAsyncResult ne provient pas de la méthode async correspondante de ce type, soit EndRead a été appelé plusieurs fois avec le même IAsyncResult.
   à ZitiDesktopEdge.ServiceClient.AbstractClient.<readAsync>d__54`1.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
   à System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   à System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   à ZitiDesktopEdge.ServiceClient.DataClient.<readDataClientAsync>d__52`1.MoveNext()
--- Fin de la trace de la pile à partir de l'emplacement précédent au niveau duquel l'exception a été levée ---
   à System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   à System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   à ZitiDesktopEdge.ServiceClient.DataClient.<AddIdentityAsync>d__54.MoveNext()

Tunnlet config:

image371×348 7.11 KB

Any idea of what might be the issue ?

Hi @brandi.

Can you reproduce this error every time? Would you be willing to email me a feeback.zip file by going to Main Menu->Feedback and emailing to clint at openziti.org?

If this is reproducible every time? That would be good to know. Can you provide any details as to exactly how you reproduce this problem?

Looking at what you shared, nothing is standing out to me. The logs will help.

Hi, yes it's reproductible.
But when I close/reopen the Ziti Edge Client, I can find my identity

image382×461 58.6 KB

But it detects 0 services while

[ziggy@31020337260f ~]$ ziti edge policy-advisor services --quiet "zac"
OKAY : brandi (1) -> zac (1) Common Routers: (1/1) Dial: Y Bind: Y

OKAY : openziti_edge_router (1) -> zac (1) Common Routers: (1/1) Dial: Y Bind: Y

I juste sent you an email with the Feedback zip file.

Before generating the zip file, I completely uninstalled Ziti Edge, removed all log file and all files under C:/Windows/System32/config/... So it's a fresh install.
I created a user from the ZAC named "brandi", downloaded the JWT, opened Ziti Edge Router, Clicked on Start Button, Imported the JWT and boom the error
I closed the Ziti Edge Router and then identity appeared but with 0 services

Thanks, I see you removed all previous logs, that's fine. Would you please try the 2.6.0.0 release I pushed to the beta stream just today? Also would you enable TRACE level logging? There's clear evidence of a crash here in your logs and I'd love to be able to track down why/how that is happening. My guess is that somehow this machine is not behaving due to the relatively recent keychain stuff we have done but I've not seen crashes like you're seeing.

Get the latest 2.6.0, if that's ok, remove the whole logs folder (like you probably did before) and let's see what happens. See this info and the animated gif Enrollment fails with keychain error · Issue #792 · openziti/desktop-edge-win · GitHub

Thanks so much for helping nail down this issue. EDIT: Also if you can, please "forget" the existing identity.

Just tried with 2.6.0. Same problem
I've sent you an email with logs.zip folder (it contains some binary file ziti-edge-tunnel.crash.dmp dunno if it's useful). Please make sure you remove the Feedback once you identify the problem I just noticed that it contains a bunch of info about my PC lol

Would you go to Main Menu->Advanced Settings -> Tunnel Config and change "use keychain" from true to false and then try enrolling again? If it succeeds, there's definitely some sort of problem with the keychain support for your instance.

The crash dumps sometimes are useful but unfortunately this one isn't.

It's clearly crashing, but I can't see where/how. Would you be willing to share an identity with me to see if I can catch the crash locally? It doesn't need access to any services, I just want to see if it will enroll. Is there anything special with respect to the windows installation that might be relevant you can think of?

Still crashing even with "use keychain" set to false.

Dm'ing you with a JWT

@brandi and I went back and forth a couple of times. There was definitely a crash occurring with controller 1.3.3 and the latest ZDEW. In my debugger I could see a request to: https://the.controller:port//.well-known/est/cacerts as part of a normal enrollment flow, however the doubled slashes // ended up with the controller returning the wrong content, and this caused the SDK to crash.

@brandi updated to 1.4.3 of the OpenZiti Controller and the problem no longer manifests. I just wanted to put a final message on this thread in case anyone finds it later on.