Aspera Connect Install Confirmation Looping in Ci: How to Troubleshoot

Under specific circumstances, a user might be experiencing an endless circle of Ci UI requesting to update Aspera Connect version, even though the user already has the most recent version installed:

Screen_Shot_2019-12-09_at_12.11.47_PM.png

Figure 1: Install the latest version of Aspera Connect modal

If this is the case, we would recommend reading this article: 

If a user does not feel confident enough to perform the changes by him/herself, we would suggest requesting assistance from their IT team/department.

1. For Windows users:

Verify that DNS settings resolve local.connectme.us to 127.0.0.1:

> ping local.connectme.us

Pinging local.connectme.us [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

(Ping stops after four transfers. To stop earlier, press Ctrl-C.)
If ping fails, it indicates there is a network issue. Even if the web app is on the same local network and the DNS is properly set, this can happen if the user's system is not connected to the internet, or it's on a closed network.

For clients on closed networks, users can take the following steps to allow hosts to resolve local.connectme.us:

  1. As Administrator, open the following file with a plain-text editor:
    C:\Windows\System32\drivers\etc\hosts

  2. Add the following entry to the file, and save it:

    Added the following for Aspera Connect access (today's date):
    127.0.0.1 local.connectme.us

  3. Another possible source of network issues is an HTTP proxy that's too restrictive. In particular, if the browser reports ERR_TUNNEL_CONNECTION_FAILED, then an HTTP proxy is probably being used to get the local connection.
    If a proxy.pac file is used, add the following lines to it to remove proxy restrictions for local.connectme.us:

if (dnsDomainIs(host,"local.connectme.us"))
return "DIRECT";
if ("127.0.0.1" === dnsResolve(host))
return "DIRECT";

If the problem persists, take any or all of the following actions, as necessary:

• Turn off virus protection (just temporarily), and try the test again. If it works, adjust your firewall settings to prevent interference.
• Make sure your firewall is not too restrictive.
• Update your SSL certificate (see below).

1.1 Updating SSL certificate

Does the client have the proper CA certificate?
To determine whether a certificate is valid, enter the following URL in a browser address bar:

https://local.connectme.us:43003/v5/connect/info/version

If a valid certificate is found, the browser should show a closed-lock icon, as in the following example. (It should also display the version number of the installed Connect.)

Screen_Shot_2019-12-09_at_4.43.06_PM.png

If the lock icon is broken, it means the system is not providing the proper root certificate authority (CA). The certificate must indicate the following certificate authority:

COMODO RSA Domain Validation Secure Server CA

The certificate must also be current (unexpired). To check if this is the case, follow these steps:

1. Launch the Microsoft Management Console (MMC) by running mmc.exe from the Command Prompt. This opens the MMC Console window.
2. From the File menu, select Add/Remove Snap-in.
3. In the Add or Remove Snap-ins dialog box, select Certificates and click Add.
4. In the Certificates Snap-in dialog box, select My user account and click Finish. (Alternatively, to do an entire machine, you can select Computer account. Note that this option requires administrator authority.)
5. In the Add or Remove Snap-ins dialog box, click OK.
6. Now, in the Console window, you'll see an entry for Certificates. Expand it: Certificates - Current User > Trusted Root Certification Authorities > Certificates.
7. Under the "Issued To" list of root authority certificates that appears, locate "COMODO RSA Domain Validation Secure Server CA" and check the date under "Expiration Date".

If the certificate is present and has not expired, it should be valid.

If the certificate is missing or expired, you can obtain a current, valid certificate from the following location:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/970

Or, by direct download from here:
https://support.comodo.com/index.php?/Knowledgebase/Article/GetAttachment/970/821027

You can add the new certificate by running the following command:

> certutil -addstore -f "ROOT" comodo_certificate.crt

You can also remove an old certificate by running the following:

> certutil -delstore "ROOT" serial_number_hex

 

2. For macOS users: 

Verify that DNS settings resolve local.connectme.us to 127.0.0.1:

$ ping local.connectme.us
PING local.connectme.us (127.0.0.1): 56(84) bytes of data.

(To stop the output, press Ctrl-C.)

If the ping fails, it indicates a network issue. Even if the web app is on the same local network and the DNS is properly set, this can happen if the user's system is not connected to the internet, or it's on a closed network.
For clients on closed networks, users can take the following steps to allow hosts to resolve local.connectme.us:

1. As root or superuser, open the following file with a plain-text editor:

/private/etc/hosts

2. Add the following entry to the file, and save it:

// Added the following for Aspera Connect access (date): 
127.0.0.1 local.connectme.us

Another possible source of network issues is an HTTP proxy that's too restrictive. In particular, if the browser reports ERR_TUNNEL_CONNECTION_FAILED, then an HTTP proxy is probably being used to get the local connection. If a proxy.pac file is used, add the following lines to it to ensure the proxy is not restrictive for local.connectme.us:

if (dnsDomainIs(host,"local.connectme.us"))
return "DIRECT";
if ("127.0.0.1" === dnsResolve(host))
return "DIRECT";

If the problem persists, take any or all of the following actions, as necessary:

  • Turn off virus protection (just temporarily), and try the test again. If it works, adjust your firewall settings to prevent interference.

  • Make sure your firewall is not too restrictive.

  • Update your SSL certificate. See below.

2.1 Updating SSL certificate

To determine whether you have a valid certificate, enter the following URL in your browser:

https://local.connectme.us:43003/v5/connect/info/version

If a valid certificate is found, the above test of the URL from a browser should show a closed-lock icon, as in the following example. (It should also display the version number of the installed Connect).

If the lock icon is broken, it means your system is not providing the proper root certificate authority (CA).

Screen_Shot_2019-12-09_at_4.43.06_PM.png

To display the contents of the local certificate, run the following command:

$ openssl x509 -in ~/Applications/Aspera\ Connect.app/Contents/Resources/localhost.crt -noout -text

The certificate must indicate the following certificate authority:

COMODO RSA Domain Validation Secure Server CA

Check the certificate "Validity". Ensure that the "Not After" date shows that the certificate has not expired.
If the certificate is missing, you can obtain a current, valid certificate from the following location:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/970

... or, download it directly from here:
https://support.comodo.com/index.php?/Knowledgebase/Article/GetAttachment/970/821027

You can add the new certificate by running the following:

$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Desktop/comodo_certificate.crt

You can also remove an old certificate by running the following:

$ sudo security delete-certificate -c "name_of_old_cert"

For any additional questions, please reach out to the Ci Customer Success Team by submitting a request here in the Help Center.

Have more questions? Submit a request