Unknown error when checking user credentials in GUI config after successful server connection test

[TwoWholeWorms]

I've installed Plastic SCM on a Debian box and configured it in UPWorkingMode. When I start up the GUI client config and put in my server and port and click "Connect", this bit works and I get back the "Connected OK (UPWorkingMode)" response. However, when I now type in my username and password and click "Check" I get the error "Unknown response message from server: domain.com:8088", and this lot appears in plastic's log file:

 

2014-11-24 16:53:17,279 WARN  Channel - Keep alive cannot be set because it's not supported. Error:The requested feature is not implemented.   at Codice.Channels.ReusableTcpClient.KeepAlive () [0x00000] in <filename unknown>:0

2014-11-24 16:53:17,279 DEBUG Channel - Create connection to plastic://domain.com:8088 took 13 ms

2014-11-24 16:53:17,299 ERROR plastic - Error when checking credentials: Unknown response message from server: doain.com:8088

2014-11-24 16:53:17,299 DEBUG plastic - Stack trace:   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke (System.Runtime.Remoting.Proxies.RealProxy rp, IMessage msg, System.Exception& exc, System.Object[]& out_args) [0x00000] in <filename unknown>:0\

 

The server itself logs this message at the same time, every time:

 

2014-11-24 16:53:17,291 (null) root at (null) INFO  Channel - conn   12. The authentication or decryption has failed.

 

I'm not exactly sure what's going on here, as there doesn't seem to be any configuration option for KeepAlive anywhere in the documentation (that I've found, that is—I may have missed it).

 

Anyone got any ideas?

[manu]

I think you are trying to use the wrong port. The 8088 is the SSL one and you need to configure the client with the 8087.

[TwoWholeWorms]

8087 is unencrypted, isn't it? I'd prefer to use the SSL port if possible.

 

As an aside, I have noticed that it doesn't seem possible to configure the server to use LDAP-over-SSL (eg, ldaps://foo.bar.com:636) as the server just won't connect to the LDAP server if it's expecting an SSL connection, but that's a different problem entirely.

[manu]

ok, in that case, can you check in your "client.conf" file (at the C:\Users\your:user\AppData\Local\plastic4) if the "<WorkspaceServer>" tag is having a "ssl://" preffix?

 

For example:

 

  <WorkspaceServer>ssl://localhost:8088</WorkspaceServer>

[TwoWholeWorms]

There is no client.conf yet—I haven't got that far. I've installed the client on my machine and am going through the first-run configuration process.

 

I've entered domain.com:8088 into the server box (step 1), and ticked "Use encryption (SSL)". When I click "Connect", this part works and I get the message Connected OK (UPWorkingMode).

 

However, when I now enter my username and password into the credentials box and click check, I get the Unknown response message from server: domain.com:8088 error in the configuration dialog and the logged errors listed in the original post above.

 

Edit:

Oh, I think I can see what it's doing. The logged errors have plastic://domain.com:8088 but you've mentioned that it should be ssl://domain.com:8088 in client.conf.

 

My guess would be that the credentials check code is ignoring the "Use encryption (SSL)" tickbox and trying to execute the connection over an unencrypted connection, which quite rightly should not work.

 

Also, I thought I'd put this in my original post, but I'm using the Mac OS X client on 10.10. Sorry for missing that out earlier!

 

If I check the credentials using an unencrypted connection, everything works OK. I guess I'll configure it to use the unencrypted connection, and then update the config file afterwards.

[manu]

Edit:

Oh, I think I can see what it's doing. The logged errors have plastic://domain.com:8088 but you've mentioned that it should be ssl://domain.com:8088 in client.conf.

 

My guess would be that the credentials check code is ignoring the "Use encryption (SSL)" tickbox and trying to execute the connection over an unencrypted connection, which quite rightly should not work.

 

Also, I thought I'd put this in my original post, but I'm using the Mac OS X client on 10.10. Sorry for missing that out earlier!

 

If I check the credentials using an unencrypted connection, everything works OK. I guess I'll configure it to use the unencrypted connection, and then update the config file afterwards.

 

Hi! No problem.

 

Please check if manually editing the "client.conf" file works. You can just execute a "cm lrep" command after editing it to check if the secure communication is possible. 

[PaulForest]

I can also confirm that the "Check" button on the Client Configuration Wizard doesn't work most of the time, even when the client is correctly configured and the server is running.  

 

We're using SSL on a non-standard port.

 

Yes we can telnet from the client to the server.  On Windows, the command:

telnet OUR_REPO_SERVER 22022

connects to the server and we can send / receive characters.

 

 

It seems the check button itself is doing something different from the regular client to figure out the fully qualified address URL.

 

From C:\Users\WINDOWS_USERNAME\AppData\Local\plastic4:

...
<WorkspaceServer>ssl://OUR_REPO_SERVER:22022</WorkspaceServer>
...

The "Connect" button works correctly with result: "Connected OK (UPWorkingMode)

 

The "Check" button gives this text in red, note the lack of ssl:// in the url:

Tcp transport error.  Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.: OUR_REPO_SERVER:22022. Unable to read data

Workaround: don't use the check button, it gives false negatives.  You may still be able to connect correctly.  

[manu]

Thank you Paul,

 

as you said it seems the wizard has problems trying to validate the user when the SSL port is used.

 

We'll try to fix it ASAP and we'll post here the new release link.