Hi,
I have this weird situation and I'm wonder if someone can point me in the right direction.
I upgraded our APPVOL Manager from 2.18 without a problem. We have 2 managers behind F5 load balancer. We have valid certificate that is on F5 issued thru our local CA.
Installing agent on provisioning machine or parent is failing with connection error. Unable to contact App Volume Manager.
I tried new install or upgrade still the same error. Old 2.18 agent works just fine.
Now if I turn off SSL Certificate Validation thru registry or point directly to each of the managers instead F5 all works fine.
Is there something else that I have to adjust on these machines to get SSL working again?
Thanks
We have the exact same issue.
We are able to install the agent on the GI but when we try to connect to the manager it throws a 500 error unable to connect to the Appvolumes Manager.
We are also using loadbalancer (no F5) but in our case we allready disbled certificate checking but are going towards the LB adres.
We see the following error in the svservice.log, do you se the same error?? Seems like an issue with Agent authentication towards the manager.
[2020-09-10 06:03:28.351 UTC] [svservice:P1456:T4128] HttpSendRequest: WinHttpQueryHeaders returned status code 401
[2020-09-10 06:03:28.356 UTC] [svservice:P1456:T4128] ReadHTTPResponseHeader: WinHttpQueryHeaders failed (WWW-Authenticate) header not found
Yes. I have the same error in my log file as well. I have this as well:
[2020-09-11 13:49:33.585 UTC] [svservice:P1276:T2272] HttpSendRequest: WinHttpQueryHeaders returned status code 401
[2020-09-11 13:49:33.585 UTC] [svservice:P1276:T2272] ReadHTTPResponseHeader: WinHttpQueryHeaders failed (WWW-Authenticate) header not found
[2020-09-11 13:49:33.585 UTC] [svservice:P1276:T2272] HttpSendRequest: WWW-Authenticate header could not be read
[2020-09-11 13:49:33.585 UTC] [svservice:P1276:T2272] User login over HTTP failed
[2020-09-11 13:49:33.585 UTC] [svservice:P1276:T2272] HttpUserLogin: failed (user login)
[2020-09-11 13:49:33.585 UTC] [svservice:P1276:T2272] OnLogon: succeeded
[2020-09-11 13:49:44.095 UTC] [svservice:P1276:T2272] OnStartShell called (Session ID 1, Handle 0000022EB9A06000, Params 000000E717FFEDD8, Context 0000000000000000)
[2020-09-11 13:49:44.095 UTC] [svservice:P1276:T2272] OnStartShell: xxxxxxxxxxxxxxxxxx (NameSamCompatible)
[2020-09-11 13:49:44.095 UTC] [svservice:P1276:T2272] ExpandEnvironmentVariable: ExpandEnvironmentVariable : %localappdata%
[2020-09-11 13:49:44.096 UTC] [svservice:P1276:T2272] ExpandEnvironmentVariable: ExpandEnvironmentVariable Returning : C:\Users\xxxxxxxxxxxx\AppData\Local
[2020-09-11 13:49:44.097 UTC] [svservice:P1276:T2272] OnStartShell<<< exit
[2020-09-11 13:49:44.097 UTC] [svservice:P1276:T1288] DeferredShellStart: Deferred Shell Start - [1].
[2020-09-11 13:49:44.098 UTC] [svservice:P1276:T1288] LaunchDesktopMonitoringProcess: launching deskmon process for sessionid 1
[2020-09-11 13:49:44.098 UTC] [svservice:P1276:T1288] RunExecutableAsUser: CommandLine C:\Program Files (x86)\CloudVolumes\Agent\svservice.exe deskmon 1
[2020-09-11 13:49:44.098 UTC] CreateProcessWithTokenAndEnvBlockW() standard user or UAC turned off, continue...
[2020-09-11 13:49:44.116 UTC] [svservice:P1276:T1288] CreateProcessCheckResult: Successfully launched: "C:\Program Files (x86)\CloudVolumes\Agent\svservice.exe deskmon 1". WaitMilliseconds 0 ms, pid=6832 tid=1588
[2020-09-11 13:49:44.116 UTC] [svservice:P1276:T1288] Message: "Connection Error (Manager "xxxxxxxxxxx"):
Unable to contact App Volumes Manager.
Virtualization is disabled." (hToken 00000000000006B8)
[2020-09-11 13:49:44.117 UTC] [svservice:P1276:T1288] RunExecutableAsUser: Path "C:\Program Files (x86)\CloudVolumes\Agent\svservice.exe"
[2020-09-11 13:49:44.117 UTC] [svservice:P1276:T1288] RunExecutableAsUser: CommandLine svservice.exe message "Connection Error (Manager "xxxxxxxxxxx"):
Unable to contact App Volumes Manager.
Let's hope that VMware will fix it. For workaround I disable the SSL as well thru registry.
Just so I get this straight, you also used this key
HKLM\SYSTEM\CurrentControlSet\Services\svservice\Parameters\EnforceSSLCertificateValidation=0?
Or did you add a different key into the registry?
Correct. That is the registry key. What I notice is that if you reboot a few time the GI machine I still got that error message. So I'm not sure what is going to happen if you implement in Instant Clone deployment. I will may use the other approach. Manually add managers in the same registry HKLM\SYSTEM\CurrentControlSet\Services\svservice\Parameters\
I'm not sure if that will do the load balancing, but at least they are going to be listed there.
I open SR with Vmware. Will keep you posted what they will suggest.
I also opened an SR at VMware, it is SR 20155267009.
Any news on your SR??
Nothing yet that it works. They suggested to have this.
The load balancer persistence value should be set to Source IP.
I have this setup in F5 but still the same. I send him the logs with (ERROR_WINHTTP_HEADER_NOT_FOUND) that is show up right after SSL Validation
[2020-09-15 17:03:49.801 UTC] [svservice:P1680:T2112] WinHttpSendRequestWithSSLCertValidation: WinHttpSendRequest succeeded.
[2020-09-15 17:03:49.801 UTC] [svservice:P1680:T2112] GetHttpHeaders: WinHttpQueryHeaders returned (ERROR_WINHTTP_HEADER_NOT_FOUND).
My SR is 20154969709
I got my issue resolved. It was related to NTLM authentication and cookie invalid session error.
1. make sure that you have in your LB the persistent profile to use Source IP.
2. In APPvol Manager in Configuration under Advanced Settings I turn on Disable Agent Session Cookies
3. Use this KB to disable NTLM on both managers
4. restart services
After that I can connect without any errors using the LB.
I hope that will help.