Univention Bugzilla – Bug 33587
noVNC: Server disconnected (code: 1006) in Firefox
Last modified: 2014-01-29 11:17:11 CET
For me noVNC does not work in Firefox, I get the error message: Server disconnected (code: 1006) Reloading of the VNC-page doesn't help. In chromium everything is fine.
At least in our internal KVM environment, VNC does neither work with FF nor with Chromium.
(In reply to Alexander Kläser from comment #1) > At least in our internal KVM environment, VNC does neither work with FF nor > with Chromium. Hm, I lied, now it works in both browsers.
From Firefoxs error console: > [08:27:27.232] Firefox kann keine Verbindung zu dem Server unter ws://localhost:17523/ aufbauen. @ http://laiva/univention-novnc/include/websock.js:285 Looks like a problem in noVNC to detect WS support: <https://github.com/Medical-Insight/noVNC/commit/ec34af8f6133f5b5603f47b0c3f91bde60e6d9b5> A quick test shows that this work-around fixes the issue with Firefox 22.0.
Blocker in the UCS technical training. Work-around: Use http:// instead of https://
It worked for all users still using Firefox 17 ESR and breaks when using ESR24 (as released as an errata update)
(In reply to Moritz Muehlenhoff from comment #5) > It worked for all users still using Firefox 17 ESR and breaks when using > ESR24 (as released as an errata update) Another regression in Firefox 24 compared to 17; it's no longer possible to enter a "\" (as needed for a Windows 7 domain administrator login). Apparently a problem with parsing "Alt GR"?
(In reply to Moritz Muehlenhoff from comment #6) > (In reply to Moritz Muehlenhoff from comment #5) > > It worked for all users still using Firefox 17 ESR and breaks when using > > ESR24 (as released as an errata update) > > Another regression in Firefox 24 compared to 17; it's no longer possible to > enter a "\" (as needed for a Windows 7 domain administrator login). > Apparently a problem with parsing "Alt GR"? See Bug #30540 comment 5
(In reply to Philipp Hahn from comment #4) > Blocker in the UCS technical training. Happened again in technical training.
(In reply to Sönke Schwardt-Krummrich from comment #8) > (In reply to Philipp Hahn from comment #4) > > Blocker in the UCS technical training. > > Happened again in technical training. To be more precise: the "http vs https" problem happend again.
r47293 | Bug #33587: Test for secured WebSocket port univention-novnc_0.4+0+20131014+git142aa45-2.3.201401211307 r47297 | Bug #33587: Test for secured WebSocket port (YAML)
REOPEN: When accessing the UMC with https://[IP-ADDRESS]/umc instead of the hostname and adding a certificate exception, the novnc connection is still not possible (Server disconnected, Error 1006). In the firefox browser console the certificate is blamed: GET https://10.200.29.120:6080/ [0ms] 14:12:38.790 10.200.29.120:6080 uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. The certificate is only valid for ucsmaster.ucs.local (Error code: sec_error_untrusted_issuer) 14:12:38.791 Firefox can't establish a connection to the server at wss://10.200.29.120:6080/?token=a078281f-9fe4-7327-adc5-b4b56c4addf4.
(In reply to Erik Damrose from comment #11) > REOPEN: > > When accessing the UMC with https://[IP-ADDRESS]/umc instead of the hostname > and adding a certificate exception, the novnc connection is still not > possible (Server disconnected, Error 1006). In the firefox browser console > the certificate is blamed: > > GET https://10.200.29.120:6080/ [0ms] > 14:12:38.790 10.200.29.120:6080 uses an invalid security certificate. > > The certificate is not trusted because the issuer certificate is not trusted. > The certificate is only valid for ucsmaster.ucs.local > > (Error code: sec_error_untrusted_issuer) > > 14:12:38.791 Firefox can't establish a connection to the server at > wss://10.200.29.120:6080/?token=a078281f-9fe4-7327-adc5-b4b56c4addf4. Firefox stores the SSL exceptions on a (host+port) basis, that is a second exception must be added for https://10.200.29.120:6080/. As this port is only accessed through wss://, Firefox does not not the well-known dialog to add a security exception. Explicitly going to https:// currently does not work either, as the websockify daemon listening on port 6080 does only handle the WebSocket protocol, but not HTTP. But it has the --web= option to enable serving a directory through HTTP. This can be used to serve /usr/share/novnc/ through websockify let UVMMd point there. When Firefox first goes there, it will ask for an exception for https://:6080/, then get the vnc_auto.html, which can then also open a connection using wss://:6080/. r47330 | Bug #33587: noVNC: work-around Firefox security excetion univention-novnc_0.4+0+20131014+git142aa45-3.4.201401212016 r47331 | Bug #33587: noVNC: work-around Firefox security exception (YAML) Testes successfully with (Firefox, Chromium) × (http://, https://) × (IP-Address, Name). See <https://github.com/kanaka/websockify/wiki/Feature_Matrix> for alternatived to the Python-websockify. For reference: I get this exception from websockify, when Firefox connects without the prior security exception: 2: 192.168.0.191: SSL/TLS (wss://) WebSocket connection 2: handler exception: [Errno 1] _ssl.c:1331: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 2: Traceback (most recent call last): File "/usr/share/novnc/utils/websocket.py", line 783, in top_new_client self.client = self.do_handshake(startsock, address) File "/usr/share/novnc/utils/websocket.py", line 714, in do_handshake wsh = WSRequestHandler(retsock, address, not self.web) File "/usr/share/novnc/utils/websocket.py", line 955, in __init__ SimpleHTTPRequestHandler.__init__(self, req, addr, object()) File "/usr/lib/python2.6/SocketServer.py", line 617, in __init__ self.handle() File "/usr/lib/python2.6/BaseHTTPServer.py", line 329, in handle self.handle_one_request() File "/usr/lib/python2.6/BaseHTTPServer.py", line 312, in handle_one_request self.raw_requestline = self.rfile.readline() File "/usr/lib/python2.6/socket.py", line 444, in readline data = self._sock.recv(self._rbufsize) File "/usr/lib/python2.6/ssl.py", line 215, in recv return self.read(buflen) File "/usr/lib/python2.6/ssl.py", line 136, in read return self._sslobj.read(len) SSLError: [Errno 1] _ssl.c:1331: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Also works with IE9 in Win7 using https://IP-Address/ and http://IP-Address/. FYI: Long-term it would help to get WebSocket support into Apache on port 80, so the second SSL Exception would no longer be needed, but: 1. mod_proxy from Apache-2.2 does not support WebSocket, only >= 2.4. 2. alternatively mod_python to embed websockify into Apache See <http://serverfault.com/questions/290121/configuring-apache2-to-proxy-websocket> for more information. Both options I consider rather heavy-weight changes, which I don't consider appropriate for an erratum update. Accepting one more exception once is IMHO acceptable.
Tests with http, https, each with ip-address and hostname WinXP: Firefox 10, 26: OK Chrome 32: OK Internet Explorer 8 (latest available for XP): fail -> But we recommend at least iexplorer version 9 in our release notes -> OK, nothing we can do for XP w/ iexplorer Win7: Firefox 10, 26: OK Chrome 32: OK Internet Explorer 10: OK Internet Explorer 11: Fail -> Bug #33968 Internet Explorer 9: shows certificate error, upon proceeding novnc complains that "WebSocket or Adobe Flash is required". Upon installing Adobe Flash, i receive a connect timeout via http and https. Documentation shows that websocket support is only available for iexplorer version >=10 Ubuntu 12.04: Firefox 26: OK Chromium 21: OK ->Verified
http://errata.univention.de/ucs/3.2/31.html