Able to access Embassy control panel, unable to access services

I’m able to access my Embassy Pro’s control panel and start services, but the UI page does not load when I try to access a service.

I had no issues connecting to my Embassy during setup, and I can access the control panel using the https address and the .onion address without problems. I’m trying to start with File Browser and VaultWarden to make sure they run before I try additional services. When I click Launch UI for either of these, I get a long https .local address (I believe this is correct). When my browser tries to visit the address, it immediately fails (no loading delay). I have Firefox enabled to visit Tor sites, Brave browser, and Tor browser, and I see the same issue in each one. (I’ve been primarily testing with Tor because I assume it’s most likely to work.)

The error messages are similar between all browsers, the type you see when it is unable to connect to a site. Tor says the site could be busy and to try again in a minute, or a firewall could be blocking my laptop from accessing the site. I tried accessing firewall settings on my laptop to allow Tor browser through and restarted the browser, but nothing has changed. I also tried accessing my router’s settings to see if there’s anything that might be blocking access from there (nothing obvious to my amateur eye).

When I check the kernel logs on my Embassy, I see the error “device-mapper: thin: Deletion of thin device 172 failed.” repeating every 30 seconds. The OS log is also repeating a set of messages every few seconds:

WARN embassy::net::dns: Non A-Record requested for filebrowser.embassy.: AAAA
WARN embassy::net::dns: Non A-Record requested for vaultwarden.embassy.: AAAA
DEBUG run_main:check{id=PackageId(Id(“vaultwarden”)) should_commit=true}: embassy::manager::health: Checking health of vaultwarden
DEBUG run_main:check{id=PackageId(Id(“filebrowser”)) should_commit=true}: embassy::manager::health: Checking health of filebrowser
DEBUG run_main:check{id=PackageId(Id(“vaultwarden”)) should_commit=true}: embassy::manager::health: Got receipts vaultwarden
DEBUG run_main:check{id=PackageId(Id(“filebrowser”)) should_commit=true}: embassy::manager::health: Got receipts filebrowser

I did try restarting my Embassy to see if it was something as simple as that. It changed the number of the thin device in the kernel message.

I feel like I’m a single troubleshooting fix from having my machine working, but I’m not quite familiar enough to figure out what that fix is. Has anyone seen this kind of issue before? Any suggestions for what I can try to get this working?

You need to follow the guides for both your OS and browser (if required) in order to trust your Embassy’s LAN certificate. The logs you posted are ‘normal’ - we will likely suppress those messages as they are irrelevant. Let us know if you have trouble

Thanks for the reply! This got me looking in the right direction, and it looks like my issue is just Windows being uncooperative.

I thought I had Windows set up to use the certificate, but MMC always starts blank when I open it. I can save settings, but I have to reload them every time I open it, and I’m not sure if there’s anyway to tell it to keep those settings. It doesn’t seem to be actually working with the settings I use, just saving a copy of them.

Just to confirm, I tried setting up my Raspberry Pi with the certificates, and that has no problem accessing the UI. I am long overdue to install Linux on this computer anyway, and I suspect that process is simpler than getting Windows to work with it.

If you or anyone else knows a magic fix for Windows to work with the certificate after setting it up, that would still be nice to have. But otherwise, thanks for pointing me in the right direction!

2 Likes

Unfortunately, Windows certificate issues are almost always related to Bonjour. At the top of the guide we have a method for removing and re-installing Bonjour due to its unreliability. I have seen a user have to uninstall 3 times in order to get it to work. Very frustrating… Feel free to reach out in one of our instant chat channels if you need faster support.