Can't get RemoteControlGateway (RCG) to work through NAT (SR #373739)

 
Author
Message
SysAider
2
 
Hello,

We have a Sysaid v8.0.05 Pro Edition–Test-License, and we have got a problem using the RemoteControlGateway(RCG)-function over NAT.
Take a look at the networkscenario plz.
The agents are deployed manual, using the *.msi-package.
The client-PC's are correctly listed under Assets.

When I try to establish a RCG-Session ([Assest Management]->[Workstation]->[RC]->[RCG]->[START]) from the „Helpdesk-PC“ to Workstation1 or 2, the same error always occurs:
After starting the RCG-Connection on the Helpdesk-PC to a Workstation-PC, on the Workstation-PC a request for a remote-Session pops up.
Then I click on „Accept Connection“.
Now on Helpdesk-PC in the Browser the message appears:"The remote computer confirmed the remote session.".

Thats it, this window is not changing anymore, nothing happens anymore, I dont see a RC-window.

Doesn't matter if I connect to Workstation1 or 2, I always get the same result.

The firewalls on all PCs are shutdown, same for the Server.
I tried different Browsers, (Chrome, Firefox).
In a local test-scenario (Sysaidserver, Helpdeskpc and Workstation on the same local network) it works fine.

Any ideas?
Is there anyone with the same networkscenario?

This message was edited 7 times. Last update was at Jun. 08, 2011 05:08 AM

SysAider
18
 
This behavior is fairly pervasive. It does not work consistently at all.
SysAider
20
 
hello there,

i have exacly the same scenario....

i've checked the logs and there´s maybe one thing...

logs/sysaid.log:2011-06-07 17:53:22,412 [Thread-3] INFO com.sysaid - SysAid RCG use the following address: hostname:443


maybe if i change that "hostname" by the FQDN of my server...but HOW DO I CHANGE THAT?

any ideas ??

regards

This message was edited 1 time. Last update was at Jun. 14, 2011 04:42 PM

SysAider
2
 
Hello Guys,

I fixed my problem by adding the following lines to my ...\SysAidServer\root\WEB-INF\conf\serverconf.xml on my Server:

<rcConf>
<rcBindIP>PUBLIC-IP-OF-MYSERVER</rcBindIP>
<rcServerHost>PUBLIC-DNS-DOMAIN-OF-MY-SERVER</rcServerHost>
<rcAgentPort>443</rcAgentPort>
</rcConf>

The Sysaidsupport have send me the following instructions:

RCG issue
Please go to ...\SysAidServer\root\WEB-INF\conf and edit the serverconf.xml file the following:
These lines should go above the closing </serverConf> tag.
<rcConf>
<rcBindIP></rcBindIP>
<rcServerHost></rcServerHost>
<rcAgentPort></rcAgentPort>
</rcConf>
rcBindIP: The IP address to listen on for remote control sessions. If not specified, it will bind on all available IP addresses.
rcServerHost: The hostname/IP address SysAid tells client computers to connect back. If not configured, SysAid will “guess” it (use the server IP/hostname).
rcAgentPort: The port number RCG is listening on. If not specified, it will try port 443. If port 443 isn’t available, it will try 8443. If both are not available, it will choose a random IP.

Now I can RCG to all Clients !

Thanx to the Sysaid-Support

This message was edited 3 times. Last update was at Jun. 15, 2011 04:07 AM

Elite SysAider
138
 
Hello All,


me to fix the problem look what i have done

<rcConf>
<rcBindIP>nothin here blank</rcBindIP>
<rcServerHost>PUBLIC IP</rcServerHost>
<rcAgentPort>8443</rcAgentPort>
</rcConf>

in my rooter open port 8443 to the Sysaid server
et voila

<rcConf>
<rcBindIP></rcBindIP>
<rcServerHost>69.70.178.22</rcServerHost>
<rcAgentPort>8443</rcAgentPort>
</rcConf>

thank you all for your time and nice work to bring me on the right track

This message was edited 1 time. Last update was at Jun. 15, 2011 09:47 PM

SysAider
38
 
Disregard. I tried again with this:



This is working for RC of computers inside our firewall (I'm using a split DNS scenario where the hostname in the above config resolves to internal IP for PCs inside the firewall and public IP outside the firewall. Doesn't appear any of our remote users with laptops on online right now so can't test RC of PC outside the firewall yet.
SysAid Product Manager
98
 
As already mentioned, new html5 remote control works with RCG service.
Inside the network it normally works well using default settings, but for external usage there are two aspects that you need to take into account: RCG hostname, and communication port being used by RCG.
Both settings are configurable through ...\SysAidServer\root\WEB-INF\conf\serverConf.xml file.
Put the following section above the </serverConf> closing tag:
<rcConf>
<rcServerHost>IP/Hostname</rcServerHost>
<rcAgentPort>PortNumber</rcAgentPort>
</rcConf>

rcServerHost:
The hostname/IP address which will direct client computers to the RCG server (normally SysAid server itself).
For server which is behind NAT, you should put its external address (e.g. FW), and define port forwarding.
If server holds real internet IP address than you can put it or its FQDN.
If nothing specified, the default value is server hostname.

rcAgentPort:
The port number RCG is listening on, waiting for client computers to connect.
If not specified, then server will check if 443 is available (not in use by RCG machine), if available it will use it, otherwise it will try 8443.
When both 443 and 8443 are not available, it will choose a random port number.
Please consider that, if you use a firewall on the server, then make sure to open the port you use for RCG.
For server which is behind NAT you need to make sure that IP forwarding is defined for the right port.
Since 443 is generic ssl port number, consider using it rather than others, since most networks don’t block it for outgoing.

Kind Regards,
Oleg Sin
Product Manager

This message was edited 1 time. Last update was at Jun. 26, 2011 11:11 AM

Elite SysAider
105
 
After we configure the serverConf.xml file - do we restart the Ssyaid server? are there other services to restart?
SysAider
3
 
Hello ,

I have a similar problem, done the changes suggested by support :
<rcConf>
<rcBindIP>mypublic IP</rcBindIP>
<rcServerHost>mydomaine name</rcServerHost>
<rcAgentPort>8443</rcAgentPort>
</rcConf>

I can see that remote computer is online and logged in as userx.
Tried to connect as RCG , on remote computer and I accepted the request to connect.
On my local machine I see the message : The remote computer confirmed the remote control session.

Nothing happens after this message, I do not see the remote desktop.
On my firewall I do not see any activity on port 8443.
I did the same to port 443 the situation is however the same.

I am using firefox (i get the message : your browser is detected HTML5 compliant) also tried with explorer.

Also tried with direct connect instead of RCG. Here I can see activity on the port 8443 but again I do not see the remote desktop.

Could someone help me fix this issue?
I am using v9.0.53 Free.

Thank you in advance.
SysAid Customer Relations
277
 
Hi Tedd ,

In the '<rcServerHost>' you wrote that you entered your Domain name.
If that is the case, please note that you should enter in that tag your SysAid server hostname or IP address.
Please enter your SysAid server hostname or IP address, and attempt to use the RCG once again on one of your workstations.

Thanks.

Ariel.
SysAider
3
 
Thank you Ariel,

In fact in order to make it work I had to define 2 parameters:

<rcBindIP>my server internal ip address</rcBindIP>>
<rcServerHost>this is my router/Firewall public IP</rcServerHost>

Also enabled port forwarding for 8443 and port http on my firewall

Thank you , now everything is working very fine.

This message was edited 1 time. Last update was at Jan. 31, 2013 10:51 PM

SysAider
2
 
Is there any way to completely disable RemoteControlGateway on the Sysaid server? I don't use this part of Sysaid and the fact that it is listening on any port is causing issues with security scans that I need to run on my network. Any thoughts?
SysAid Product Manager Community Manager
5276
 
Hi SOFL_Admin,

There is currently no such method, but the only ports the RCG needs are 443 and 8443.

A workaround would be to assign the RCG port to your existing SysAid Server port (such as 8080), this way RCG will run after SysAid has already taken this port and will not try additional ports.

In order to perform this configuration please add the following to your \SysAid Server\root\WEB-INF\conf\serverConf.xml, inside the <serverConf> tag. The port number should be whatever your SysAid Server already runs on. Afterwards, please restart the SysAid Server service.


Cheers,
Danny
SysAider
2
 
Thanks for the information Danny. I tried your suggestion of setting RemoveControlGateway to use the same port as the Sysaid server. It looks like RCG chooses a random high-end port if the configured port is already in use because now RCG is running on port 57525.

If I can't turn off RCG can I get it to use a valid SSL certificate? The problem is that RCG uses an invalid certificate so my security scan is throwing vulnerabilities when it detects the certificate. Thanks for the help.
SysAid Product Manager Community Manager
5276
 
Interesting. Could you send me the detailed log of this security report by a private message? We would like to investigate this further.

Thanks,
Danny