2FA - Randomly Disabled?

KVM
1

Went to log into my KVM today and found that the 2FA prompt was gone.

I attempted to re-enable it, and kept getting errors that the code was not correct, from my authenticator program.

I also sent a command to reboot the KVM, and got a notice “Reboot command sent failed”

3

connected to the network? A lost or unstable connection could explain both the 2FA prompt disappearance and the failed reboot command.

If possible, could you also try restarting the device through the GLKVM App and let us know if that resolves the issue?

image
image380×250 64.5 KB

image
image737×202 15.2 KB

4

maybe you can export log to us.

5

I attempted to restart the device via the web interface controls and it would not respond – I don’t use the application, only web portals.

6

MFA tends to be very dependent on a traceable clock source. Any chance NTP is failing?

7

Nope, run a dedicated NTP server on my network for some other equipment; NTP is happy. Earlier today, the issue cropped up where the IP KVM was prompting me to set a admin password, like first boot. Rebooting via power cycle, and it was back to normal.

had chatgpt look through the log files; seems the KVM is looking for WPAD.mydomain.com quite often…. and there is no WPAD for it to reference.

I reviewed the exported logs. I do not see kernel panic, OOM, Ethernet link-down events, or reboot loops.

What I do see is:

1. Connman repeatedly failing online checks because eth0 is set to use a PAC/WPAD proxy:
    * Proxy URL: http://wpad.mydomain.com/wpad.dat
    * Repeated log messages: “No valid proxy” / online check failed
2. Repeated HDMI/capture pipeline faults:
    * lt6911c status changes
    * MIPI_CSI2 CRC errors
    * stream off/on cycles
    * encoder destroy/recreate cycles
3. Repeated streamer “Requesting key frame” messages, suggesting the video pipeline is not recovering cleanly.
4. Janus/TURN-related errors:
    * missing /tmp/turnserver.json
    * invalid TURN response / missing username
    * failed remote candidates

the HDMI notes could be because I’ve been playing with my EDID settings to see if I could get the stream to stabilize.

of an interesting note, when I try to use WebRTC(FEC) at any of the %’s – the display will not render. Either HDMI disconnect message or a black screen.

not sure what this firmware changed, but I don’t recall that behavior in the previous version.

8

Could you please check whether Direct mode works normally? Also, we recommend using the Chrome browser.

image
image453×447 23.8 KB

If possible, could you please export the logs to us?

10

Sure thing – where would you like me to send the logs?

I’ll try direct mode for a bit to see how that works, as well. I’ve been keeping an eye on chrome://webrtc-internals too for some additional insight. Let’s just say “it isn’t happy” when I try FEC mode (5%-20%)… oddly though, FEC works fine on one office network, but not at all on another office network with the same laptop.

11

not sure if this helps at all, but I'll drop it here just in case: (DNS Logs for KVM)

4/22
09:42:29 wpad.mydomain.com Processed GLiKVM.mydomain.com (local.IP..23)
09:42:29 wpad.mydomain.com Processed GLiKVM.mydomain.com (local.IP..23)
09:42:27 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
09:42:27 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
08:29:27 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
08:29:27 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
08:29:27 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
08:29:27 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
08:29:27 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
06:55:52 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
06:55:52 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
06:55:52 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
06:55:52 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)

4/21
14:28:47 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
14:28:47 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
14:28:47 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
14:28:47 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
14:28:47 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
14:28:47 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
13:34:09 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
13:34:09 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
13:34:09 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
13:34:09 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
13:04:27 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
13:04:27 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
13:04:27 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
13:04:27 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
11:52:50 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
11:52:50 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
11:52:50 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
11:52:50 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
11:52:50 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
11:52:50 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
09:36:59 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
09:36:59 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
09:36:59 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
09:36:59 fw.gl-inet.com Processed GLiKVM.mydomain.com (local.IP..23)
08:29:02 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
08:29:02 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
08:29:02 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
08:29:02 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
06:51:13 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
06:51:13 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
06:51:13 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)
06:51:13 stun.l.google.com Processed GLiKVM.mydomain.com (local.IP..23)

4/20
21:23:10 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
21:23:10 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
21:23:10 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
21:23:10 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
18:20:02 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
18:20:02 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
18:20:02 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
18:20:02 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
15:05:37 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
15:05:37 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
15:05:37 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
15:05:37 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
13:00:15 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
13:00:15 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
13:00:15 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
13:00:15 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
10:15:43 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
10:15:43 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)
10:15:43 log.tailscale.com Processed GLiKVM.mydomain.com (local.IP..23)

12

As luck would have it - the ipKVM just locked up again… forcing a manual power cycle (cycled POE power, using the GL-iNET POE splitter for this unit). When this happened, I was unable to select DIRECT instead of WebRTC/WebRTC(FEC) – @flora72 - sending you the logs

13

Hi @RemotelyInsane could you share the log with me via private message? We will take another look