Chrome Enterprise Kiosk (M-59, Tiger): Cpanel does not detect heartbeat from device, and cannot push changed policies to it |
||||||||||||||||||||
Issue descriptionChromeOS M59-Dev channel, build 9460.8.0, chrome 59.0.3071.21 Device: Veyron-Tiger What steps will reproduce the problem? (1) Install the above build, enterprise-enroll the device, and assign it to an Org. Unit which has the following Device Settings: Kiosk: A Chrome app is part of the managed kiosk apps list, and is designated as the auto-launched app. Enable device health monitoring: Enabled Enable device system log upload: Enabled User and device reporting: Device state reporting: Enabled (example: crosprqa4.com domain, org. unit Operations > Factilities.) (2) Reboot the device and let the kiosk app auto-launch. (In this example it will be a set of speeches made by Ronald Reagan). (3) Navigate to the "System Activity and Troubleshooting" page for the device. After five minutes refresh the page. What is the expected result? Several pieces of information about the device should be visible: (1) The Device Status should be a green circle (device is online). (2) The Kiosk App Info should show the app title and version. (3) A system log should be uploaded soon after the reboot was done. What happens instead? The Device status remains gray (online/offline status unknown) The Kiosk App Info is correct, and A system log was uploaded ok. Also, attempts to push a policy change was unsuccessful. For example, I went back to the Device Settings for the OU and changed the screen orientation to 270 degrees. Normally this will happen with two minutes, but any time the heartbeat is gray the policy change is either not being sent, or not being received by the device. After a reboot the device app reloaded policies from cpanel and rotated the screen. This problem was repeatable three times on the Tiger, but I have not seen it on three other devices with recent M-59 Dev builds: Veyron-Fievel, Rikku and Guado. I have attached the system logs from the Tiger at the point where the heartbeat is gray and a policy change to set the screen orientation back to zero degrees had been requested, but not acted on.
,
Apr 25 2017
+jin/ivan Ivan, do you see any errors in the log for establishing a GCM channel? In general, it sounds like maybe GCM channel isn't working, so we're getting neither server-side pushes nor heartbeats sent up. Jin, anyone on the GCM team you think we should loop in on this? Why is this R-V-G?
,
Apr 25 2017
[930:930:0425/064816.359648:ERROR:gcm_channel_status_request.cc(127)] GCM channel request failed. Good guess Drew.
,
Apr 25 2017
,
Apr 25 2017
+zea, the channel request uses a sync endpoint +pozlen FYI mlight@, could you create a screenshot of your chrome://gcm-internals page? By default the channel status will be tested through a request to [Beta/Stable] https://clients4.google.com/chrome-sync/experimentstatus [Canary/Dev] https://clients4.google.com/chrome-sync/dev/experimentstatus Is looks like the request fails. (Canceled or failed.)
,
Apr 25 2017
,
Apr 25 2017
I have the chrome://gcm-internals page as a pdf file (attached).
,
Apr 25 2017
re #2, I think beverloo@ owns the GCM chrome client (according to fgorski@). I thought client has logic to re-establish GCM connections if it failed initially? Do we have proof to see that subsequent connection attempts all failed? +zhanlu@ who now owns the Kiosk stuff on the server-side.
,
Apr 25 2017
I'm beverloo@. The heartbeat logic uses the GCM Driver that's scoped to the BrowserProcessImpl, so chrome://gcm-internals/ doesn't display anything of use. That's really not helpful in this case, I filed Issue 715190 to track that. (The attachment in #7 is therefore not relevant.) zea@ may be aware of changes on the server side that could've caused this.
,
Apr 25 2017
There haven't been any changes on our side w.r.t. the channel endpoint AFAIK (+yiinho to confirm) Is it possible to get a chrome://net-internals dump for the BrowserProcessImpl? I wonder if perhaps there's some connection problem or firewall/proxy issue here. Peter, the gcm-internals dump from #7 should theoretically show a connection though right, even if it's not the same connection used by Cpanel? The fact that it doesn't is suspicious. Perhaps a chrome://net-internals dump from the main profile would be useful too (you might need to configure chrome://net-internals to start at startup to capture any request attempts before backoff becomes too large)
,
Apr 25 2017
Oops, didn't mean to drop Drew from the cc list.
,
Apr 26 2017
I think we have the wrong owner here - who can diagnose GCM connection errors? The problems with kiosk heartbeats are just a symptom of a general GCM failure so isandrk@ is the wrong owner.
,
Apr 26 2017
#10 - No, because there's a separate GCM Driver for system-level features on Chrome OS. chrome://gcm-internals is only populated with the data of the Profile-bound GCM driver, the BrowserProcessImpl::gcm_driver() one is ignored. See Issue 715190, we can probably add a checkbox or something to switch between the two. #12 - The log message indicates a failure in a request to an endpoint that's periodically checked to see if we should connect to GCM at all. That defaults to Yes so it shouldn't be the only cause, but it's still very suspicious that the request fails. I do echo what zea@ says: having an export of chrome://net-internals/ would be super helpful in figuring out what's going on.
,
Apr 26 2017
Mike, can you please get chrome://net-internals/ dump from any of the affected units?
,
Apr 26 2017
Right, gcm-internals is the profile-bound GCM driver. My point is that the the dump there implies the profile-bound GCM driver isn't connecting, when it definitely should be (this is CrOS after all, so the user has to be syncing). So if the profile-bound GCM driver isn't connecting, I wonder if both GCM drivers are hitting the same issue.
,
Apr 26 2017
re: #14 Is there some way to collect net internals in VT2? While in kiosk mode (necessary for the heartbeat to be sent) I don't have access to a chrome browser.
,
Apr 26 2017
re: #16: sent config details for capturing netlogs to @mlight
,
Apr 26 2017
Thank you! Added some flags to /etc/chrome_dev.conf, rebooted, went back to the System Activity and Troubleshooting page for the device, and... Green heartbeat. I'll let it run for an hour and see if it goes gray at any point.
,
Apr 27 2017
Tried three more times to reproduce the problem, but everything is behaving as it should. If I ever bump into this again I'll know how to collect the net-internals log. For now, closing this as "WontFix" (not reproducible).
,
Apr 27 2017
@Mike, which flags did you add exactly to /etc/chrome_dev.conf?
,
Apr 27 2017
The flags I added to /etc/chrome_dev.conf were: --enable-logging --v=1 --log-net-log=/tmp/netlog --net-log-level=0 |
||||||||||||||||||||
►
Sign in to add a comment |
||||||||||||||||||||
Comment 1 by sduraisamy@chromium.org
, Apr 25 2017Owner: ----
Status: Untriaged (was: Assigned)