Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client.Timeout exceeded while awaiting headers - ntlm/test #8395

Open
vanderti opened this issue Nov 21, 2024 · 3 comments
Open

Client.Timeout exceeded while awaiting headers - ntlm/test #8395

vanderti opened this issue Nov 21, 2024 · 3 comments
Assignees

Comments

@vanderti
Copy link

When visiting the Active Directory Domains page, I receive the following error:

image

This only happens for two domains on a remote network via VPN.
One or both of the two domains randomly shows this error and the "Domain Joined" status is red while in reality it is joined.

The internal domain doesn't show this error.

Maybe a timeout is set too strict?

Steps to reproduce the behavior:

  1. Go to Active Directory Domains page
  2. See error

PacketFence ZEN Version 14.0

@stgmsa
Copy link
Contributor

stgmsa commented Nov 21, 2024

Hello @vanderti

could you please provide some details, including

  1. PF version (14.0) with commit id - this can be found by clicking the "?" at the top right of the admin UI.
  2. Does PacketFence have to establish a VPN connection to talk with the AD ? - If yes, the problem is probably due to the VPN, currently PacketFence directly talks to domain controller unless a VPN connection will "redirect" or "proxy" the traffic transparently.
  3. If the answer of question 2 is No. Does it take a longer time (RTT) to talk with the AD ? - currently the timeout is set to 2s.
  4. What are the ADs - the working ones and the not working ones - do they have multiple DCs to load balance the authentication requests ?

@stgmsa stgmsa self-assigned this Nov 21, 2024
@stgmsa
Copy link
Contributor

stgmsa commented Nov 21, 2024

Hi @vanderti
since the ZEN iso is built during the release, the content of the ios is solid after release.
you'll need to update (not to upgrade to a newer version) PacketFence to have the latest maintainance patches and bug fixes (and probably fix the issue you mentioned) unless there's some special networking conditions.

@vanderti
Copy link
Author

vanderti commented Nov 22, 2024

Hi @stgmsa

Here's the version and commit ID:

Packetfence Version
14.0.0
GIT Commit ID
c6b1fdb

PacketFence itself doesn't establish the connection, this is an always-on connection via a Palo Alto firewall.

The RTT to the remote AD's is around 9ms according to a ping from the PacketFence server.
The RTT to the local AD is around 0.8 ms.

Yes, there are multiple remote AD's serving the domain.
Would setting a sticky DC be the solution?

To my knowledge I'm on the latest PacketFence commit as I've updated the installation yesterday morning.

@satkunas satkunas added this to the +1 (patch release) milestone Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants