▎ Environment: UCS@school 5.2. App ucsschool-veyon-proxy version 4.9.1.12-ucs1 (Docker, running fine). Windows client veyon-4.9.1.0 (the one shipped in /usr/share/ucs-school-veyon-windows/) installed on the PCs.
▎
▎ Symptom: In the Computer Room module, all PCs in the room show up as “powered off/misconfigured” (grey circle, no thumbnail), even though they are powered on and in use by students.
▎
▎ Log (/var/log/univention/management-console-module-computerroom.log):
▎ WARNING Veyon error on LAB-X: Authentication method not offered by server
▎
▎ What I have already checked / tried without success:
▎ - The client’s public key (imported as teacher/public) matches (md5) the proxy’s private key (/etc/ucsschool-veyon/key.pem).
▎ - Key permissions on the client: BUILTIN\Users have read access.
▎ - On the client I set Authentication/Method to key file ({0c69b301-81b4-42d6-8fae-128cdd113314}) under HKLM\SOFTWARE\Veyon Solutions\Veyon; also tried logon authentication. I restarted the service, killed veyon-server, and fully rebooted the PC.
▎ - On the proxy, its config.json has no Authentication section (so it stays at the default Method). I added Authentication/Method = key file and restarted the container.
▎ - With both proxy and client set to key file authentication, the error still persists.
▎
▎ Question: How should authentication between the ucsschool-veyon-proxy (WebAPI) and the Veyon clients be configured for the Computer Room to work? Does the headless proxy require a specific Authentication/Method setting, or should the client be configured differently than just importing the public key? Is there a known incompatibility between proxy 4.9.1.12-ucs1 and client 4.9.1.0?
▎
▎ Extra details that may help: the integration join script is 37ucs-school-veyon-windows.inst; the proxy config is at /etc/ucsschool-veyon/config.json and the key at /etc/ucsschool-veyon/key.pem. Thanks
Hello @pfiscella
The whole configuration for Veyon Client for the Windows Clients is descriped here:
https://docs.software-univention.de/ucsschool-manual/latest/de/windows.html#veyon-installation-auf-windows-clients-von-schulern
An important step is, that the Windows clients have configured the correct ip address in the LDAP. You can do that in the Modul you will find in the UMC/Computer/<choose-client>/General/IP address or in the Schools Module School administration/Computers/<choose-client>/IP address.
After that the Veyon Client should conntect to the Veyon Server (Veyon Proxy) via the IP addresses from the clients.
Best regards,
MiracErde
▎ Hi MiracErde, thanks for your reply.
▎
▎ I followed your suggestion and checked the IP addresses in the Computers module (UMC / School administration → Computers → IP address): all PCs in the room have the correct IP in LDAP (it matches each machine’s real IP; I found one with an empty field and filled it in). The problem still persists.
▎
▎ Symptom: the Computer Room shows the list of computers but no screen thumbnails. In /var/log/univention/management-console-module-computerroom.log, on every poll and for EVERY computer in the room:
▎ WARNING Veyon error on LAB-A-XX: Authentication method not offered by server
▎ WARNING LAB-A-XX: Updating information was not successful.
▎
▎ Environment: UCS 5.2 + UCS@school. Proxy ucsschool-veyon-proxy:4.9.1.12-ucs1. Windows clients running Veyon 4.9.1.0 (the build shipped in /usr/share/ucs-school-veyon-windows/).
▎
▎ Verified on the client (all correct):
▎ - VeyonService running; veyon-server/worker running in the user session.
▎ - Listening on TCP 11100 (reachable via TCP from the UCS server).
▎ - Firewall: “Veyon Server”/“Veyon Worker” Inbound = Allow, enabled.
▎ - Authentication/Method = {0c69b301-81b4-42d6-8fae-128cdd113314} (keyfile).
▎ - Public key imported as teacher (readable by SYSTEM); veyon-cli authkeys list → teacher/public.
▎ - Certificate matches: md5 of /etc/ucsschool-veyon/cert.pem == the netlogon copy.
▎ - Correct IP in LDAP (as above).
▎
▎ Tried, with no change to the error:
▎ 1. Restarting the client’s veyon-server (to reload config).
▎ 2. Authentication/Method both with and without braces {}.
▎ 3. docker restart of the proxy container.
▎ 4. Enabling domain user groups on the client.
▎
▎ Client-side VeyonServer.log during the proxy’s connection attempts:
▎ [WARN] ComputerControlServer: Authentication failed for “::ffff:” “”
▎ [ERR] PersistentLogonCredentials: Empty data
▎ (The server appears to handle empty logon-type credentials, even thoughMethod=keyfile.)
▎
▎ Questions:
▎ 1. Why does the proxy 4.9.1.12-ucs1 report “Authentication method not offered by server” when the client 4.9.1.0 is configured for keyfile and the plugin is loaded (authkeys list shows the teacher key)?
▎ 2. Is there a version incompatibility between the proxy 4.9.1.12-ucs1 and the client 4.9.1.0? Which client version matches that proxy?
▎ 3. How can I raise the proxy/WebAPI verbosity to see which authentication methods the veyon-server advertises during the handshake?
▎
▎ Thanks!
Hi @pfiscella,
Thank you for your response on that.
Because you get an authentication failure, did you check the configuration from the clients like described here?
https://docs.software-univention.de/ucsschool-manual/latest/de/windows.html#veyon-konfiguration-fur-die-ucsuas-web-oberflache
Best regards,
MiracErde