Hello Andy, I patched the Windows.pm module with the modifications that you wrote to me. These modification solve this issue. Thanks for the quick reply! Br, Aaron Toth VCL System Administrator BUTE-MIT
-----Andy Kurth <[email protected]> ezt írta: ----- Címzett: [email protected] Feladó: Andy Kurth <[email protected]> Dátum: 2014/01/27 06:37du. Tárgy: Re: Windows 7 imaging resevation Hi Aaron, You've found a bug. I've created this issue: https://issues.apache.org/jira /browse/VCL-745 During the period when a reservation is in the reserved state, the check_connection_on_port subroutine in Windows.pm detects when a connection is made on the port corresponding to the connection method (3389 in this case). When a connection is detected, check_connection_on_port also checks if the connection is from the same IP address which was captured by the website when the user clicked Connect. The IP addresses normally match but in some cases such as when a VPN is used they may be different. When different, an additional step is performed to call the user_logged_in subroutine in Windows.pm to retrieve the names of the users logged in to the reservation computer. This is necessary because the firewall is open to any address during this period. Someone doing a port scan may connect to the computer. We need to verify that the connection is from the actual user by checking if a user matching the reservation username is logged in. If the reservation user is logged in, it is assumed that the the VPNsituation occurred and the IP address the user connected from is assumed to be correct and the firewall is configured properly. As you know, for imaging requests the "Administrator" user is used to loginto the reservation instead of the normal username. The user_logged_in subroutine uses the normal username if no argument is supplied. It does not check if this is an imaging requests or not. As a result, for imaging requests it never detects that Administrator is logged in. After the loop times out, the firewall is locked down to the IP address retrieved from the website. You can make a change to the Windows.pm module to correct this problem. Find the user_logged_in subroutine. Change this: >>>>>>>>>> # Check if username argument was passed if (!$username) { $username = $self->data->get_user_login_id(); } <<<<<<<<<< To this: >>>>>>>>>> # Check if username argument was passed if (!$username) { if ($self->data->get_request_forimaging()) { $username = 'Administrator'; } else { $username = $self->data->get_user_login_id(); } } <<<<<<<<<< Hope this helps, Andy On Fri, Jan 24, 2014 at 10:09 AM, <[email protected]> wrote: > Hello, > > I have a problem with windows imaging reservation, because the vcl gives > administrator user for reservation account, but the vcl daemon checks for > admin user connection (see the log part below). > After the timeout elapsed, the state changes to "in use", and vcl daemon > sets a wrong firewall rule with my public ip, but we're using vpn to > connect to vms, so it closes me out. > I workaround this issue by modifying reservation remoteIP in the database, > but it is dirty hack. > My questons are: > Is it a konwn issue and how can I fix this. Is there any patch that can > solve this issue? > > 2014-01-24 > 15:37:28|21671|34:40|reserved|OS.pm:is_user_connected(2723)|admin has not > connected to vm-large-25 (216/684 seconds elapsed/remaining), sleeping for > 15 seconds > 2014-01-24 > 15:37:43|21671|34:40|reserved|OS.pm:is_user_connected(2676)|checking for > connection by admin on vm-large-25 > 2014-01-24 > 15:37:43|21671|34:40|reserved|DataStructure.pm:get_reservation_remote_ip(1165)|retrieved > remote IP for reservation 40: X.X.X.X > 2014-01-24 > 15:37:44|21671|34:40|reserved|Windows.pm:check_connection_on_port(11001)|checking > connections on node vm-large-25 on port 3389 > 2014-01-24 > 15:37:44|21671|34:40|reserved|Windows.pm:user_logged_in(8980)|checking if > admin is logged in to vm-large-25 > 2014-01-24 > 15:37:44|21671|34:40|reserved|utils.pm:run_ssh_command(4902)|executing > SSH command on vm-large-25: > |21671|34:40|reserved| /usr/bin/ssh -i /etc/vcl/vcl.key -o > StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o > ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x vm-large-25 > 'C:/Windows/Sysnative/qwinsta.exe' 2>&1 > 2014-01-24 15:37:44|21671|34:40|reserved|utils.pm:(eval)(4917)|waiting up > to 60 seconds for SSH process to finish > 2014-01-24 > 15:37:45|21671|34:40|reserved|Windows.pm:user_logged_in(9003)|admin does > NOT appear to be logged in on vm-large-25 > 2014-01-24 > 15:37:45|21671|34:40|reserved|Windows.pm:check_connection_on_port(11025)|Detected > ESTABLISHED is connected. user is not logged in yet. Returning no connection > 2014-01-24 > 15:37:45|21671|34:40|reserved|OS.pm:is_user_connected(2723)|admin has not > connected to vm-large-25 (233/667 seconds elapsed/remaining), sleeping for > 15 seconds > > Br, > > Aaron Toth > VCL System Administrator > BUTE-MIT
