couldn't Connect to GRR Server

Question

couldn't Connect to GRR Server

sudoAche opened this issue 4 years ago · comments

After Successful installation of new release of grr 3.4.0.1 AT Ubuntu 18 using Virtual Box with a bridged network adapter. After the successful installation i am able to open the admin Ui interface successfully but at any time I restart the VM , I am no able to connect any more to my grr server.

Note: My Ip doesn't change during Restart . I also ensured the configuration for admin ui port as 8000 and forntend port as 8080 but they are still in-accessible after restarting.

Do you have any ideas ?

yassoudsec · Answer 1 · Fri Apr 17 2020 06:41:05 GMT+0800 (China Standard Time)

Hello I got the same problem with my server but till now I didn’t find a good result but I saw some document where they say to add the port with netstat but I tried it and it didn’t work

sudoAche · Answer 2 · Fri Apr 17 2020 08:18:29 GMT+0800 (China Standard Time)

Hello I got the same problem with my server but till now I didn’t find a good result but I saw some document where they say to add the port with netstat but I tried it and it didn’t work

I tried to install another app that uses almost same port(80) like apache2 and restarted the pc and it works correctly so I believe it is somehow issue in grr app while restarting the pc or reloading the services (grr-server,grr-server@adminui) at any time .

Waiting for other members that might support

mbushkov · Answer 3 · Fri Apr 17 2020 16:32:43 GMT+0800 (China Standard Time)

Hi! A few questions: 1. What is the output of "systemctl status grr-server"? 2. Are GRR processes running after the reboot (do you see them in "ps" output)? 3. Do you see anything suspicious in GRR logs? 4. Can you access the port from the server itself (i.e. "wget http://localhost:8080")? Cheers, Misha

…

On Fri, Apr 17, 2020 at 2:18 AM sudoAche ***@***.***> wrote: Hello I got the same problem with my server but till now I didn’t find a good result but I saw some document where they say to add the port with netstat but I tried it and it didn’t work I tried to install another app that uses almost same port(80) like apache2 and restarted the pc and it works correctly so I believe it is somehow issue in grr app while restarting the pc or reloading the services ***@***.***) at any time . Waiting for other members that might support — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#767 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG46FMV7HGYYIQ76SMG76DRM6N6LANCNFSM4MIF2VQA> .

sudoAche · Answer 4 · Fri Apr 17 2020 21:27:12 GMT+0800 (China Standard Time)

Hi! A few questions: 1. What is the output of "systemctl status grr-server"? 2. Are GRR processes running after the reboot (do you see them in "ps" output)? 3. Do you see anything suspicious in GRR logs? 4. Can you access the port from the server itself (i.e. "wget http://localhost:8080")? Cheers, Misha
…
On Fri, Apr 17, 2020 at 2:18 AM sudoAche @.> wrote: Hello I got the same problem with my server but till now I didn’t find a good result but I saw some document where they say to add the port with netstat but I tried it and it didn’t work I tried to install another app that uses almost same port(80) like apache2 and restarted the pc and it works correctly so I believe it is somehow issue in grr app while restarting the pc or reloading the services @.) at any time . Waiting for other members that might support — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#767 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG46FMV7HGYYIQ76SMG76DRM6N6LANCNFSM4MIF2VQA .

First Question:
● grr-server.service - GRR Service
Loaded: loaded (/lib/systemd/system/grr-server.service; enabled; vendor prese
Active: active (exited) since Fri 2020-04-17 12:54:33 UTC; 26min ago
Docs: https://github.com/google/grr
Main PID: 913 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 2318)
CGroup: /system.slice/grr-server.service

Apr 17 12:54:32 codebind systemd[1]: Starting GRR Service...
Apr 17 12:54:33 codebind systemd[1]: Started GRR Service.

Second Question: Yes, By Running (ps -ef |grep grr)
root 7161 1 0 13:23 ? 00:00:00 /bin/bash /usr/bin/grr_server --component worker --disallow_missing_config_definitions -p StatsStore.process_id=worker_3145b6d77f4a40488a2dd6ecebe4460c
root 7163 7161 27 13:23 ? 00:00:01 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component worker --disallow_missing_config_definitions -p StatsStore.process_id=worker_3145b6d77f4a40488a2dd6ecebe4460c
root 7168 1 0 13:23 ? 00:00:00 /bin/bash /usr/bin/grr_server --component frontend --disallow_missing_config_definitions -p StatsStore.process_id=frontend_3145b6d77f4a40488a2dd6ecebe4460c
root 7170 7168 24 13:23 ? 00:00:01 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component frontend --disallow_missing_config_definitions -p StatsStore.process_id=frontend_3145b6d77f4a40488a2dd6ecebe4460c
root 7174 1 0 13:23 ? 00:00:00 /bin/bash /usr/bin/grr_server --component admin_ui --disallow_missing_config_definitions -p StatsStore.process_id=admin_ui_3145b6d77f4a40488a2dd6ecebe4460c
root 7176 7174 25 13:23 ? 00:00:01 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component admin_ui --disallow_missing_config_definitions -p StatsStore.process_id=admin_ui_3145b6d77f4a40488a2dd6ecebe4460c
root 7180 1 0 13:23 ? 00:00:00 /bin/bash /usr/bin/grr_server --component worker2 --disallow_missing_config_definitions -p StatsStore.process_id=worker2_3145b6d77f4a40488a2dd6ecebe4460c
root 7182 7180 26 13:23 ? 00:00:01 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component worker2 --disallow_missing_config_definitions -p StatsStore.process_id=worker2_3145b6d77f4a40488a2dd6ecebe4460c
ache 7197 6478 0 13:23 pts/0 00:00:00 grep --color=auto grr

Third Question: No, but if you have specific file that you need me to view, let me know

Fourth Question: Connecting to Localhost:8080... failed: Connection refused.

mbushkov · Answer 5 · Fri Apr 17 2020 21:57:14 GMT+0800 (China Standard Time)

I'd look into /var/log/grr-ui.log and /var/log/grr-http-server.log and check them for errors/warnings or "Port ... in use, trying " messages. I'd also use "lsof" to check which process runs on ports 8000 and 8080 (if these are the ports you configured for AdminUI and Frontend). Something like "lsof -i tcp:8000". Cheers, Misha

…

On Fri, Apr 17, 2020 at 3:27 PM sudoAche ***@***.***> wrote: Hi! A few questions: 1. What is the output of "systemctl status grr-server"? 2. Are GRR processes running after the reboot (do you see them in "ps" output)? 3. Do you see anything suspicious in GRR logs? 4. Can you access the port from the server itself (i.e. "wget http://localhost:8080")? Cheers, Misha … <#m_3215048848308897210_> On Fri, Apr 17, 2020 at 2:18 AM sudoAche *@*.*> wrote: Hello I got the same problem with my server but till now I didn’t find a good result but I saw some document where they say to add the port with netstat but I tried it and it didn’t work I tried to install another app that uses almost same port(80) like apache2 and restarted the pc and it works correctly so I believe it is somehow issue in grr app while restarting the pc or reloading the services @.*) at any time . Waiting for other members that might support — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#767 (comment) <#767 (comment)>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAG46FMV7HGYYIQ76SMG76DRM6N6LANCNFSM4MIF2VQA . First Question: ● grr-server.service - GRR Service Loaded: loaded (/lib/systemd/system/grr-server.service; enabled; vendor prese Active: active (exited) since Fri 2020-04-17 12:54:33 UTC; 26min ago Docs: https://github.com/google/grr Main PID: 913 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 2318) CGroup: /system.slice/grr-server.service Apr 17 12:54:32 codebind systemd[1]: Starting GRR Service... Apr 17 12:54:33 codebind systemd[1]: Started GRR Service. Second Question: Yes, By Running (ps -ef |grep grr) root 7161 1 0 13:23 ? 00:00:00 /bin/bash /usr/bin/grr_server --component worker --disallow_missing_config_definitions -p StatsStore.process_id=worker_3145b6d77f4a40488a2dd6ecebe4460c root 7163 7161 27 13:23 ? 00:00:01 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component worker --disallow_missing_config_definitions -p StatsStore.process_id=worker_3145b6d77f4a40488a2dd6ecebe4460c root 7168 1 0 13:23 ? 00:00:00 /bin/bash /usr/bin/grr_server --component frontend --disallow_missing_config_definitions -p StatsStore.process_id=frontend_3145b6d77f4a40488a2dd6ecebe4460c root 7170 7168 24 13:23 ? 00:00:01 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component frontend --disallow_missing_config_definitions -p StatsStore.process_id=frontend_3145b6d77f4a40488a2dd6ecebe4460c root 7174 1 0 13:23 ? 00:00:00 /bin/bash /usr/bin/grr_server --component admin_ui --disallow_missing_config_definitions -p StatsStore.process_id=admin_ui_3145b6d77f4a40488a2dd6ecebe4460c root 7176 7174 25 13:23 ? 00:00:01 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component admin_ui --disallow_missing_config_definitions -p StatsStore.process_id=admin_ui_3145b6d77f4a40488a2dd6ecebe4460c root 7180 1 0 13:23 ? 00:00:00 /bin/bash /usr/bin/grr_server --component worker2 --disallow_missing_config_definitions -p StatsStore.process_id=worker2_3145b6d77f4a40488a2dd6ecebe4460c root 7182 7180 26 13:23 ? 00:00:01 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component worker2 --disallow_missing_config_definitions -p StatsStore.process_id=worker2_3145b6d77f4a40488a2dd6ecebe4460c ache 7197 6478 0 13:23 pts/0 00:00:00 grep --color=auto grr Third Question: No, but if you have specific file that you need me to view, let me know Fourth Question: Connecting to Localhost:8080... failed: Connection refused. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#767 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG46FJDB7MFFDSEPD67NKDRNBKMBANCNFSM4MIF2VQA> .

sudoAche · Answer 6 · Sat Apr 18 2020 05:29:14 GMT+0800 (China Standard Time)

Thanks all for giving a helping hand. I troubleshooted the issue again and now it is successfully solved. The issue was that during Mysql Configuration; I followed this step (SET GLOBAL max_allowed_packet=41943040;) however during the troubleshooting I found that it is not the number that I made it before (41943040) so I make it again and restarted mysql service again but unfortunately I found that the number goes back to its default. I search the config file of mysql and found a value of ( max_allowed_packet = 16M) so I edited its value to be 50 MB and then I saved and goes back to my sql to make his step again (SET GLOBAL max_allowed_packet=41943040;). then it is saved successfully.

After that I restarted my sql services and GRR adminUI and GRR-server services and now I am able to view the interface of grr server at anytime I want.

Thanks again . I will close the issue in order to be Opened for nothing.

yassoudsec · Answer 7 · Sat Apr 18 2020 05:50:40 GMT+0800 (China Standard Time)

Thank you so much for your post I solved my problem too. I just changed the default value of max_allowed_packet by 50M and restart the MySQL service’s and all is fine.

sudoAche · Answer 8 · Sat Apr 18 2020 06:55:40 GMT+0800 (China Standard Time)

Thank you so much for your post I solved my problem too. I just changed the default value of max_allowed_packet by 50M and restart the MySQL service’s and all is fine.

I am Glad to hear that. Good Luck

yassoudsec · Answer 9 · Thu May 07 2020 23:00:49 GMT+0800 (China Standard Time)

hello, i don't know if you met this problem i installed the agent on a windows 10 and ubuntu client, the agent is running but if i do the search, i couldn't see the machines on the GRR portal. thank you for your help Le ven. 17 avr. 2020 à 22:55, sudoAche <notifications@github.com> a écrit :

…

Thank you so much for your post I solved my problem too. I just changed the default value of max_allowed_packet by 50M and restart the MySQL service’s and all is fine. I am Glad to hear that. Good Luck — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#767 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ANGKUXLDVBKCV4XPGHVLQVLRNDM7RANCNFSM4MIF2VQA> .

-- Cordialement.

------------------------------------------------------------------------------------------------ *Iliassou DIALLO * *Ingénieur Sécurité Système d'Information & Monétique* Direction Réseau & Système d'Information (DRSI/DSRS) Division Sécurité des Réseaux et Services Orange Guinée. *Mobile :* +224 625 72 00 78 *@perso:* yassoukoin@gmail.com *@professionnel*: *iliassou.diallo2@orange-sonatel.com <iliassou.diallo2@orange-sonatel.com>*

mbushkov · Answer 10 · Thu May 07 2020 23:47:49 GMT+0800 (China Standard Time)

@yassoudsec , have you tried following the instructions at https://grr-doc.readthedocs.io/en/latest/deploying-grr-clients/troubleshooting.html?

yassoudsec · Answer 11 · Fri May 08 2020 00:22:32 GMT+0800 (China Standard Time)

yes i tried but till now it doesn't take. Le jeu. 7 mai 2020 à 15:48, mbushkov <notifications@github.com> a écrit :

…

@yassoudsec <https://github.com/yassoudsec> , have you tried following the instructions at https://grr-doc.readthedocs.io/en/latest/deploying-grr-clients/troubleshooting.html ? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#767 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ANGKUXOFQDWVCDO6BIKTRG3RQLJ3LANCNFSM4MIF2VQA> .

-- Cordialement.

------------------------------------------------------------------------------------------------ *Iliassou DIALLO * *Ingénieur Sécurité Système d'Information & Monétique* Direction Réseau & Système d'Information (DRSI/DSRS) Division Sécurité des Réseaux et Services Orange Guinée. *Mobile :* +224 625 72 00 78 *@perso:* yassoukoin@gmail.com *@professionnel*: *iliassou.diallo2@orange-sonatel.com <iliassou.diallo2@orange-sonatel.com>*

yassoudsec · Answer 12 · Sat May 09 2020 00:38:35 GMT+0800 (China Standard Time)

i installed a new server and now it's work i can see the clients. thank you Le jeu. 7 mai 2020 à 16:22, Diallo Iliassou <yassoukoin@gmail.com> a écrit :

…

yes i tried but till now it doesn't take. Le jeu. 7 mai 2020 à 15:48, mbushkov ***@***.***> a écrit : > @yassoudsec <https://github.com/yassoudsec> , have you tried following > the instructions at > https://grr-doc.readthedocs.io/en/latest/deploying-grr-clients/troubleshooting.html > ? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <#767 (comment)>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/ANGKUXOFQDWVCDO6BIKTRG3RQLJ3LANCNFSM4MIF2VQA> > . > -- Cordialement. ------------------------------------------------------------------------------------------------ *Iliassou DIALLO * *Ingénieur Sécurité Système d'Information & Monétique* Direction Réseau & Système d'Information (DRSI/DSRS) Division Sécurité des Réseaux et Services Orange Guinée. *Mobile :* +224 625 72 00 78 ***@***.***:* ***@***.*** ***@***.****: ***@***.*** ***@***.***>*

-- Cordialement.

------------------------------------------------------------------------------------------------ *Iliassou DIALLO * *Ingénieur Sécurité Système d'Information & Monétique* Direction Réseau & Système d'Information (DRSI/DSRS) Division Sécurité des Réseaux et Services Orange Guinée. *Mobile :* +224 625 72 00 78 *@perso:* yassoukoin@gmail.com *@professionnel*: *iliassou.diallo2@orange-sonatel.com <iliassou.diallo2@orange-sonatel.com>*

Liad Dekel · Answer 13 · Wed Jul 14 2021 05:12:59 GMT+0800 (China Standard Time)

Hey @mbushkov i'm facing similar problem and would glad for some help.

The Admin page is working at port 8000 but I cannot connect to the frontend component at port 8080.
The output of systemctl status is the following:

     Loaded: loaded (/lib/systemd/system/grr-server.service; enabled; vendor preset: enabled)
     Active: active (exited) since Wed 2021-07-14 00:07:32 IDT; 3min 59s ago
       Docs: https://github.com/google/grr
    Process: 4725 ExecStart=/bin/systemctl --no-block start grr-server@admin_ui.service grr-server@frontend.service grr-server@worker.service grr-server@worker2.service fleetspeak-server.service (code=exited, s>
   Main PID: 4725 (code=exited, status=0/SUCCESS)

Jul 14 00:07:32 eljefe systemd[1]: Starting GRR Service...
Jul 14 00:07:32 eljefe systemd[1]: Finished GRR Service.

I do see many processes when calling ps aux | grep grr:

root        1203  0.0  0.0   2724   636 ?        S    00:03   0:00 /usr/lib/grr/grr_3.4.3.1_amd64/grrd --config=/usr/lib/grr/grr_3.4.3.1_amd64/grrd.yaml
root        1209  0.5  0.4 715144 66768 ?        Sl   00:03   0:02 /usr/lib/grr/grr_3.4.3.1_amd64/grrd --config=/usr/lib/grr/grr_3.4.3.1_amd64/grrd.yaml
root        4728  0.0  0.0   9580  3496 ?        Ss   00:07   0:00 /bin/bash /usr/bin/grr_server --component admin_ui -p StatsStore.process_id=admin_ui_660b0efe491642c3a8dc8a205fa013dc
root        4729  0.0  0.0   9580  3436 ?        Ss   00:07   0:00 /bin/bash /usr/bin/grr_server --component frontend -p StatsStore.process_id=frontend_660b0efe491642c3a8dc8a205fa013dc
root        4731  1.1  0.6 666044 102236 ?       Sl   00:07   0:03 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component admin_ui -p StatsStore.process_id=admin_ui_660b0efe491642c3a8dc8a205fa013dc
root        4734  1.0  0.6 296764 99648 ?        Sl   00:07   0:02 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component frontend -p StatsStore.process_id=frontend_660b0efe491642c3a8dc8a205fa013dc
root        4736  0.0  0.0   9580  3284 ?        Ss   00:07   0:00 /bin/bash /usr/bin/grr_server --component worker -p StatsStore.process_id=worker_660b0efe491642c3a8dc8a205fa013dc
root        4738  0.0  0.0   9580  3420 ?        Ss   00:07   0:00 /bin/bash /usr/bin/grr_server --component worker2 -p StatsStore.process_id=worker2_660b0efe491642c3a8dc8a205fa013dc
root        4739  1.2  0.6 887104 101076 ?       Sl   00:07   0:03 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component worker -p StatsStore.process_id=worker_660b0efe491642c3a8dc8a205fa013dc
root        4742  1.2  0.6 887160 101072 ?       Sl   00:07   0:03 /usr/share/grr-server/bin/python /usr/share/grr-server/bin/grr_server --context Global Install Context --component worker2 -p StatsStore.process_id=worker2_660b0efe491642c3a8dc8a205fa013dc

When calling lsof for port 8080 I get the following:

:~$ sudo lsof -i:8080
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
grr_serve 4734 root    5u  IPv6  75961      0t0  TCP *:http-alt (LISTEN)

Also tried the suggested mysql config change, but it didn't help.
When I'm trying to run client manually I'm getting the following error:

sudo /usr/lib/grr/grr_3.4.3.1_amd64/grrd --config=/usr/lib/grr/grr_3.4.3.1_amd64/grrd.yaml
I0714 17:58:22.403018 140198791939904 client_logging.py:116] Writing log file to /var/log/GRRlog.txt
INFO:2021-07-14 17:58:22,403 client_logging:116] Writing log file to /var/log/GRRlog.txt
Traceback (most recent call last):
  File "site-packages/grr_response_client/client.py", line 142, in <module>
  File "site-packages/absl/app.py", line 299, in run
  File "site-packages/absl/app.py", line 250, in _run_main
  File "site-packages/grr_response_client/client.py", line 115, in main
  File "site-packages/grr_response_client/fleetspeak_client.py", line 65, in __init__
  File "site-packages/fleetspeak/client_connector/connector.py", line 108, in __init__
  File "site-packages/fleetspeak/client_connector/connector.py", line 63, in _EnvOpen
ValueError: FLEETSPEAK_COMMS_CHANNEL_INFD is not set
[36213] Failed to execute script client

Unfortantley i wasn't able to find any helpful log file. Thanks!