Forum Replies Created
-
AuthorPosts
-
KurtParticipant
Just mentioning that I received that email, installed the software, collected the logs and emailed them back yesterday.
KurtParticipantThanks for the update.
KurtParticipantThanks. If you can help me clarify, where do you need the logs from because the terminology is always confusing. When Mth says ‘server’, is that the cloud server/linux box, is that the enterprise desktop client/lab iMac, which still gets called server even though it is not a ‘server’, or my desktop client/home iMac, I am trying to connect from? I’m assuming it is the Enterprise Desktop client I am trying to connect to where you need these logs to be collected?
With that said, making the changes to these files:
1.3. Server on Mac
Step 1 – Set debug level in server.cfg
Edit /Applications/NoMachine.app/Contents/Frameworks/etc/server.cfg, uncomment and set the following:
SessionLogLevel 7Step 2 – Set debug level in node.cfg
Edit /Applications/NoMachine.app/Contents/Frameworks/etc/node.cfg, uncomment and set the following:
SessionLogLevel 7
and:SessionLogClean 0
Fixes the connection issue temporarily. I am able to log in successfully. But, if I choose log out and close out NoMachine, all seems ok. But if I choose the option to restart the computer, I get the No available sessions on this server error again.
In addition to that error, I also got another error I had not seen before which said:
The session negotiation failed.
Error: Cannot connect to the remote server as user ‘myActiveDirectoryaccountnamehere’
This happened on one of the machines, but when I used another AD account I have available for testing, that worked fine. But I hope my actual one starts working again.
I am going to collect those logs and send them. As always, I appreciate the help.
KurtParticipantNot sure they match exactly what you are looking for, but they are the only two crash reports I could find that deal with nxnode.bin
I still need help with my No available sessions on this server error. Any suggestions?
Thanks.
KurtParticipantAudio is working(!!) on a third lab iMac that I set up since I can no longer connect to the other two. Now I just need help sorting out that No available sessions on this server error.
KurtParticipantI have an update. I was able to find your Team Identifier using the code sign command. For anyone else trying to do this, here is the identifier to authorize via MDM:
493C5JZAGR
Unfortunately, after enabling the kext and restarting my test computers I am no longer able to connect to either of them with that No available sessions on this server error. I also restarted the Cloud Server service and also rebooted the server itself.
So I am unable to see if that fixed the audio issue.
KurtParticipantKext library architecture set to x86_64.
Defaulting to kernel file ‘/System/Library/Kernels/kernel’
Kext library recording diagnostics for: validation authentication dependencies warnings.
Reading loaded kext info from kernel.
Kext rejected due to system policy: <OSKext 0x7ff277512650 [0x7fffa78808e0]> { URL = “file:///Library/StagedExtensions/Applications/NoMachine.app/Contents/Frameworks/bin/drivers/nxaudio.kext/”, ID = “com.nomachine.driver.nxau” }
Kext rejected due to system policy: <OSKext 0x7ff277512650 [0x7fffa78808e0]> { URL = “file:///Library/StagedExtensions/Applications/NoMachine.app/Contents/Frameworks/bin/drivers/nxaudio.kext/”, ID = “com.nomachine.driver.nxau” }
Diagnostics for /Applications/NoMachine.app/Contents/Frameworks/bin/drivers/nxaudio.kext:
The above is the output after running the commands you mentioned. My reply under your 26946 post mentions needing to whitelist your company Team Identifier. Can you provide that? It is a public identifier, so would help with whitelisting for our MDM and maybe would address the issue? As a side note, in that link you posted, nothing comes up in the Security & Privacy extension under General when I look to ‘Allow’ anything either.
Also, another issue just popped up where it says that there are No Available Sessions on this Server after restarting the iMac in the lab twice and also trying: /etc/NX/nxserver –restart
Still get the error. Not sure what to do about that now as I can’t continue my testing with that client until it is working again.
Again, I appreciate all the help you have given so far to help me get this working for us!
KurtParticipantI ran this command:
cat /var/log/system.log | grep -e nxnode -e nxau >> nxsystem.log
Which said:
nxnode.bin[8648]: BUG in libdispatch client: mach_recv, monitored resource vanished before the source cancel handler was invoked { 0x10b916980[source], ident: 134147 / 0x20c03, handler: 0x7fff6797db47 }
I did not run that kextstat | grep nx command earlier, but running it now doesn’t show anything.
KurtParticipantYes! I had to use a slightly different variation
--serveredit
instead of--serveradd
but that worked! (I only did it for the nx option as I’m not utilizing ssh for this setup)I still did not hear any sound from the client machine. Do you have any suggestions on what I can do to get that working?
KurtParticipantThanks, I made that change to the UserNXDirectoryPath, but can you tell me how I can configure the Cloud Server so when I try and connect from my home it tunnels the connection through the Cloud Server instead of trying to make a direct connection with the client/lab iMac? We only want the Cloud Server open through our firewall, not all the lab computers.
KurtParticipantThe kextstat | grep nx command showed nothing. We approve our kexts via our MDM and if you know the Team Identifier, I can put that in and whitelist the company. We do that for quite a few other vendors Kernel Extensions and now System Extensions.
As for the /var/empty/.nx, each user account is not created until they actually log into the GUI, so NoMachine trying to resolve before that login happens doesn’t work unless it is using a local account, which we don’t want to use if we can actually get this working. For these lab machines the accounts are created on log in and removed on log out. After they are created they will have a /Users/accountname path.
But right now I’m struggling getting this connection to work off campus. Using a local account works on campus, but as soon as I go home to test that same local account connection off campus, NoMachine connects to our Linux Box/Cloud server and then seems to forward that connection to the child server/enterprise desktop client/lab iMac, but then says it can’t connect on port 4000. I would think it would keep all traffic routed through the cloud server/linux box, but that doesn’t appear to be what is happening? For testing purposes I have turned off the Firewall on the iMac, but that doesn’t seem to resolve the issue.
I’m assuming I don’t have something configured properly for this issue to appear.
Here are the sanitized logs: (attachment)
Attachments:
KurtParticipantThanks for your help. That got me on the right path and in a few minutes I had some new errors :-).
To back up a little (and on a good note!), I have a connection working and can remote in when I have a local user account set up on the cloud server that matches a local account also on the lab machine/child servers. For our initial testing to see if this connection will provide a fast enough fps for this lab, this should suffice (although audio doesn’t seem to be working – which is a key thing to sort out. Do I need Pulse Audio installed on the Cloud Server?
But I do get an error when I don’t use that local account. I would like to authenticate using our Active Directory credentials and I’ve been looking at this page: https://www.nomachine.com/DT10O00150 for help. Right now, the cloud server is not bound to AD, but I figured the username/password would be passed through and use the iMac/child server to sort this out, but maybe not? My account on the cloud server is tied to AD (I’ve got a question into another sysadmin who set up the linux box. I’m not sure how my account is on there and tied to AD, but it doesn’t recognize the realm command – so I’ll be waiting until next Monday to get that answer). When I use my AD account in the username and password field when I try and connect, it properly shows the iMac/child server I have added, but then immediately errors out by saying:
The session negotiation failed.
Error: Cannot create session directory: /var/empty/.nx
Error is: Operation not permittedAs an aside, the permissions on the cloud server for /var/empty were 755. For kicks I changed them to 777 and I still get the error. I’m not sure if this error is from the cloud server or the child server/iMac. The /var folder on the iMac is protected due to SIP.
This error seems similar to this thread: https://forums.nomachine.com/topic/cannot-create-session-directory-2#post-23053 but not quite the same.When I try and use any other Active Directory account it just asks for the username and password again, so like I said I need to sort that out on our end.
Thanks for the all the help so far, I am finally making some progress!
KurtParticipantThanks. That is what I was thinking as well, but when I called to originally discuss this with a NoMachine rep. I explained exactly what I was wanting to do and was thinking Cloud too, as looking at the website this seemed to be the option, but he said we could use the Enterprise product with our own Linux server to do this.
Yes, following the https://www.nomachine.com/AR04R01082 guide on that page, I had tried to add a client on the command line and it said it would not work. I think their terminology of using the word server in some of the documentation, for what I would describe as a client, was confusing me.
I’ll run the uninstaller and then try and install the cloud server option and see how it goes.
Much appreciated!
KurtParticipantFirst, thanks for replying and trying to help me sort this out!
The server is RHEL 8. I only have ssh access to the machine, so will need to stick to the command line for any setup. Are you telling me that this won’t work unless I have access to the Desktop Environment on the linux box? I would think I could just use command-lines to set up the connection with the iMacs I want to use in the lab as long as they have the enterprise client on them. Maybe this is not the case?
The Desktops are lab machines. No individual owners. I just want the users to be connected to some kind of visual where they can choose one of 10 iMacs available to connect to and then a visual of the iMac desktop login window where the user can authenticate with their AD credentials like they normally would if sitting in front of it. If I need to create some kind of NoMachine account to get to that login screen I can create a local account on each lab machine for that purpose, but I’m not sure why that would be necessary.
Furthermore, if we can at least get this working, we want to add Duo as an MFA for the authentication process. But right now, I just want one of the professors to be able to log in and test the connection out to see if the lag is just too much to even attempt having the students do this.
When I mean I don’t want to create a session where I view the server, I mean the server is just the gateway, as I understand it, for the off campus users to reach the lab computers.
-
AuthorPosts