Headless Win10 client won't connect

Hi, I followed the instructions on how to install and deploy a headless client including the needed json file. The install does work once one runs the install command in an administrative command line but the tunnel itself never gets online.

Twingate gets installed, the needed directories (i.e. logfile and the path the headless.conf resides in) are deployed, the service does start but nothing more.

I do see a twingate interface in “ipconfig” but it is down and has no ip address. The windows 10 pro PC does have internet access and does work great in general.

The log isn’t really helpful either (even if set to debug mode in headless.conf):

[2023-07-09T12:09:32.921032+02:00] [INFO] [client] Environment Information:
Current User: SYSTEM
Machine name: DESKTOP-N5UCBPE
OS version: Microsoft Windows NT 10.0.19045.0
OS Is64Bit: True [EnvironmentInfo.LogEnvironmentReport] 
[2023-07-09T12:09:33.631265+02:00] [INFO] [client] Service posture data collected. {"IsHardDriveEncryptionEnabled":false,"FirewallStatus":{"Name":"Windows-Firewall","IsEnabled":true},"AntivirusStatus":{"Name":"Microsoft Defender Antivirus","IsEnabled":true},"CrowdstrikeData":null,"CrowdstrikeAgentId":null} [DeviceInfoProvider.OnServicePostureDataUpdated] 
[2023-07-09T12:09:33.659079+02:00] [INFO] [client] Starting host on endpoint net.pipe://localhost/twingate/service-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx [Service.StartServiceHost] 
[2023-07-09T12:09:33.712719+02:00] [INFO] [client] Static device info collected. {"FriendlyName":"DESKTOP-N5UCBPE","Hostname":"DESKTOP-N5UCBPE","DeviceType":1,"Manufacturer":"Intel(R) Client Systems","Model":"NUC7PJYH","SerialNumber":"G6JY94300SLU","Username":null,"OsName":"Windows","OsVersion":"10.0.19045.0","Meta":{"system_family":"Intel NUC"}} [DeviceInfoProvider.GenerateStaticDeviceData] 
[2023-07-09T12:09:33.712719+02:00] [INFO] [client] Saving Service as key net.pipe://localhost/twingate/service-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx [Service.SaveEndpointToRegistry] 

log-level in headless.conf is set to “debug” but that seems not to change a thing.

Install was done by:

TwingateWindowsInstaller.msi service_secret=C:\headless_client.json /qn

(i’ve renamed the file to the name shown in the command)

Installation does run smoothly and without errors… even if I start without /qn switch…

Any ideas here? I’m stuck …

hi @konfu,

Can you check the list of Windows Services (services.msc) and share the status of the service called “Twingate Service”? if it is offline, can you start it? does it stay active or does it immediately go offline?

Hi,

yes, the service does start and is not failing in any way (stays up):

sc query twingate.service

SERVICE_NAME: twingate.service
        TYPE               : 10  WIN32_OWN_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

The logfile shows a check being run every 5 minutes:

[2023-07-10T17:11:15.695563+02:00] [INFO] [client] Service posture data collected. {"IsHardDriveEncryptionEnabled":false,"FirewallStatus":{"Name":"Windows-Firewall","IsEnabled":true},"AntivirusStatus":{"Name":"Microsoft Defender Antivirus","IsEnabled":true},"CrowdstrikeData":null,"CrowdstrikeAgentId":null} [DeviceInfoProvider.OnServicePostureDataUpdated] 

The twingate interface is down as well:

ipconfig

Windows IP Configuration

Unknown adapter Twingate:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

So something does run but not the tunnel

Hi Konfu,

Can you try the following:

1. Uninstall Twingate (through Add/Remove Programs)
2. Ensure that C:\Program Files (x86)\Twingate is well and truly gone/deleted.
3. Reinstall using the same command and such you showed above.
4. Once the install is complete, check the log file to see if you get something along the lines of the following:

[2023-07-10T10:02:56.868745-06:00] [INFO] [client] Environment Information:
Current User: SYSTEM
Machine name: XXXXXX
OS version: Microsoft Windows NT 10.0.19045.0
OS Is64Bit: True [EnvironmentInfo.LogEnvironmentReport] 
[2023-07-10T10:02:57.188745-06:00] [INFO] [client] Service posture data collected. {"IsHardDriveEncryptionEnabled":false,"FirewallStatus":{"Name":"Windows Firewall","IsEnabled":true},"AntivirusStatus":{"Name":"Microsoft Defender Antivirus","IsEnabled":true},"CrowdstrikeData":null,"CrowdstrikeAgentId":null} [DeviceInfoProvider.OnServicePostureDataUpdated] 
[2023-07-10T10:02:57.218745-06:00] [INFO] [client] Static device info collected. {Bunch of Details}} [DeviceInfoProvider.GenerateStaticDeviceData] 
[2023-07-10T10:02:57.246744-06:00] [INFO] [client] Service key for XXXXXX network is applied. [HeadlessModeConfiguration.SaveServiceSecret] 
[2023-07-10T10:02:57.246744-06:00] [INFO] [client] Service configuration is applied [Service.OnStart] 

If you don’t see something along those lines:

1. Go into services.msc and STOP the Twingate rc service,
2. Edit C:\Program Files (x86)\Twingate\headless.conf and change log-level=info to log-level=debug

3. Start the Twingate rc service
4. If it is still not working - email the (hopefully) now detailed logs to arthur (at) twingate.com and I can take a look!

Thanks!

-arthur

Have you double checked the firewall requirements on the Windows machine itself? I think Windows Defender occasionally prevents the client from authenticating.

(see here: Endpoint Requirements | Docs)

Hi. Removing and re-installing the twingate headless client did indeed work.
I’ve reset the VM to the initial install snapshot and repeated the process:

1. Install Twingate: C:\Users\Testuser\Downloads>TwingateWindowsInstaller.msi service_secret="C:\Users\Testuser\Downloads\test.json" /qn
2. Started the service: no luck, no VPN
3. Removed the app completely via the Add/Remove settings menu
4. Install the client again
5. just freakin’ works …

what the heck?

I’ll try to provide more logs on that behaviour.

Interesting.

In your initial VM image - is Twingate installed AT ALL? Like even non-headless?

Nope. Just a fresh Win10 Pro with latest updates. Nothing else.

Computers are really very stupid, aren’t they?

And when you uninstall/reinstall, you’re using exactly the same MSI/json file as the first time?

When you install the first time, are you seeing the headless.conf file get created in C:\Program Files (x86)\Twingate\ ?

Are you/have you rebooted the VM at all after first install?

All right. I’ve verified the install multiple times now. I can’t explain why but it just works now.

I’ve reset the VM multiple times to base install (without any traces of Twingate stuff). I had the issue one more time but removing it then via the windows onboard app menu and then reinstall it with the exact same command did work again.

So it’s weird all together but anyway - if it works and there is a workaround, I’m fine with it.

The only wish I’d have is: On the documentation about headless clients - there is no hint that one would need to run the install command at an command line with admin privileges. Could you maybe add this to the documentation?

great idea @konfu, we have made a request to add the requirement for local Admin permissions to the documentation more explicitly.

Correct me if I’m wrong but could the issue here be that the interactive installer for Twingate also installs .net runtime v6 if it doesn’t see it installed already? My reasoning is as follows:

If you remove the unsuccessful unattended headless version, install the normal client (which silently installs .net6?), uninstall the normal client (which DOESN’T remove .net6) and reinstall the unattended headless client that (now) works, surely its because .net 6 now being installed is what has made this work?

I’ve had similar problems with getting the .msi installers to work so I will try.

great point @jono90909,

I’ll follow up with Twingate’s Engineering on this topic. You might be on to something there.