starred/tacticalrmm
1
0
Fork 0
mirror of https://github.com/amidaware/tacticalrmm.git synced 2026-04-26 15:05:57 +03:00
Code Issues 919 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #978] Cannot connect to MeshCentral: iframe is simply white (incorrect gotonode?) #593

New issue
Closed
opened 2026-03-02 02:17:30 +03:00 by kerem · 4 comments
kerem commented 2026-03-02 02:17:30 +03:00
Owner
Copy link

Originally created by @fts-tmassey on GitHub (Feb 18, 2022).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/978

Tactical RMM (TRMM) Server:
Ubuntu 20.04
Browser: Firefox 97.0
TRMM Version 0.11.3
Installation: Standard

External MeshCentral (MC) Server:
Ubuntu 20.04
MC Version 0.9.83

Agent Info:
Version: 1.8.0
MeshCentral Agent: 0.2.1.3 (as shown in MeshAgent.exe Properties)
Agent OS: Windows 10 Pro, 64 bit v21H2

Describe the bug
When I click on either Take Control or Actions/Remote Background, the iframe for the MeshCentral component is simply a white (empty) box.

To Reproduce
Log into TRMM
Select an agent
Click on Take Control
Get a new tab that contains the thin Agent Status header, but the MC iframe below is completely white. Same happens with Remote Background.

Expected behavior
I should get the MC remote control content in the iframe.

Screenshots
I will add if needed, but it's a white box... :)

Additional context
In digging into this, I looked at the URL for the iframe. The information is sanitized and reproduced here:

https://mc.example.com/?login=&gotonode=95BC0609AE7C1D04347BB4FBDF6618A03A16B5BB71BDCDD3C8E051242B07E9E1826739AFE7F8919843EFF54E9A4924B50&viewmode=11&hide=31

However, when I log into MC as the same user and open the page for that agent, here is the URL:

https://mc.example.com/?viewmode=10&gotonode=lbwGCa58HQQ0e7T732YYoDoWtbtxvc3TyOBRJCsH6eGCZzmv5$iRmEPv9U6aSSS1

I notice that the gotonode parameters are completely different. it seems that the TRMM URL might use a different form of encoding than the direct-from-MC example, so I'm not certain if they decode to the same thing or not; however, if I cut and paste the MC gotonode into the TRMM URL, it works correctly.

Is it possible that the TRMM agent is not using the correct ID for MC?

To attempt to diagnose this further, I have done the following, none of which changed anything:

= Searched for "MeshAgent.exe" on the entire client computer: the only one found was in "C:\Program Files\Mesh Agent"
= Uninstalled the TRMM agent from the client (using Add/Remove Programs)
= Confirmed that "C:\Program Files\TacticalAgent" and "C:\Program Files\Mesh Agent" were removed.
= Reinstalled the TRMM agent
= Attempted to use the "Take Control" function: no change.
= Repeated all of the above steps but using the "Remove Agent" action instead of manual uninstall.
= Used Actions/Agent Recovery/Mesh Agent
= Rebooted TRMM server
= Rebooted MC server

This is a new setup this week. Earlier in the week, the "Take Control" button worked fine, but sometime over the last few days it stopped. I do not recall making any configuration changes.

The MeshCentral User ID and Login token seem to be correct. If I were to browse "https://mc.example.com" directly, the MC dashboard opens, logged in as the MC user I put into TRMM. If I then log out from MC there and use TRRM to Take Control, I still get the white box, but if I browse "https://mc.example.com" again, I'm taken to the MC main dashboard no problem. So it seems to be logging in successfully.

(That leads to an unrelated concern: does this mean that my users will be able to bypass the user permissions controls in TRMM simply by connecting to a client they can connect to, then open MC directly to get access to everything that TRMM can manage?)

Please let me know what additional information or testing I can provide to you. Thank you very much!

Originally created by @fts-tmassey on GitHub (Feb 18, 2022). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/978 Tactical RMM (TRMM) Server: Ubuntu 20.04 Browser: Firefox 97.0 TRMM Version 0.11.3 Installation: Standard External MeshCentral (MC) Server: Ubuntu 20.04 MC Version 0.9.83 Agent Info: Version: 1.8.0 MeshCentral Agent: 0.2.1.3 (as shown in MeshAgent.exe Properties) Agent OS: Windows 10 Pro, 64 bit v21H2 **Describe the bug** When I click on either Take Control or Actions/Remote Background, the iframe for the MeshCentral component is simply a white (empty) box. **To Reproduce** Log into TRMM Select an agent Click on Take Control Get a new tab that contains the thin Agent Status header, but the MC iframe below is completely white. Same happens with Remote Background. **Expected behavior** I should get the MC remote control content in the iframe. **Screenshots** I will add if needed, but it's a white box... :) **Additional context** In digging into this, I looked at the URL for the iframe. The information is sanitized and reproduced here: https://mc.example.com/?login=<removed>&gotonode=95BC0609AE7C1D04347BB4FBDF6618A03A16B5BB71BDCDD3C8E051242B07E9E1826739AFE7F8919843EFF54E9A4924B50&viewmode=11&hide=31 However, when I log into MC as the same user and open the page for that agent, here is the URL: https://mc.example.com/?viewmode=10&gotonode=lbwGCa58HQQ0e7T732YYoDoWtbtxvc3TyOBRJCsH6eGCZzmv5$iRmEPv9U6aSSS1 I notice that the gotonode parameters are completely different. it seems that the TRMM URL might use a different form of encoding than the direct-from-MC example, so I'm not certain if they decode to the same thing or not; however, if I cut and paste the MC gotonode into the TRMM URL, it works correctly. Is it possible that the TRMM agent is not using the correct ID for MC? To attempt to diagnose this further, I have done the following, none of which changed anything: = Searched for "MeshAgent.exe" on the entire client computer: the only one found was in "C:\Program Files\Mesh Agent" = Uninstalled the TRMM agent from the client (using Add/Remove Programs) = Confirmed that "C:\Program Files\TacticalAgent" and "C:\Program Files\Mesh Agent" were removed. = Reinstalled the TRMM agent = Attempted to use the "Take Control" function: no change. = Repeated all of the above steps but using the "Remove Agent" action instead of manual uninstall. = Used Actions/Agent Recovery/Mesh Agent = Rebooted TRMM server = Rebooted MC server This is a new setup this week. Earlier in the week, the "Take Control" button worked fine, but sometime over the last few days it stopped. I do not recall making any configuration changes. The MeshCentral User ID and Login token seem to be correct. If I were to browse "https://mc.example.com" directly, the MC dashboard opens, logged in as the MC user I put into TRMM. If I then log out from MC there and use TRRM to Take Control, I still get the white box, but if I browse "https://mc.example.com" again, I'm taken to the MC main dashboard no problem. So it seems to be logging in successfully. (That leads to an unrelated concern: does this mean that my users will be able to bypass the user permissions controls in TRMM simply by connecting to a client they *can* connect to, then open MC directly to get access to *everything* that TRMM can manage?) Please let me know what additional information or testing I can provide to you. Thank you very much!
kerem closed this issue 2026-03-02 02:17:30 +03:00
kerem commented 2026-03-02 02:17:30 +03:00
Author
Owner
Copy link

@dinger1986 commented on GitHub (Feb 18, 2022):

So the agent is available in mesh and you can connect directly to it? Is this a standard install nothing fancy with proxy's etc?

Also yes it does mean you can get round the user controls in tactical using mesh

<!-- gh-comment-id:1045073674 --> @dinger1986 commented on GitHub (Feb 18, 2022): So the agent is available in mesh and you can connect directly to it? Is this a standard install nothing fancy with proxy's etc? Also yes it does mean you can get round the user controls in tactical using mesh
kerem commented 2026-03-02 02:17:31 +03:00
Author
Owner
Copy link

@fts-tmassey commented on GitHub (Feb 18, 2022):

That is correct: the agent is available in Mesh, I can remote control, get a file list, etc. Everything is working 100% correctly in Mesh. Everything that is provided by the TRMM agent seems to be working 100% correctly as well: when I use the Remote Background action, I can use the Services tab and see services just fine; but the Terminal and File Browser tabs simply have a white iframe.

The agent PC is a completely standard Windows 10 PC. Because this is a test environment, I only have the agent on two PC's right now, and the problem happens with both. There are no proxy servers ,etc. involved. The servers are cloud-based VM's and the PC's are behind a Ubiquiti EdgeRouter X NAT firewall, with no outbound restrictions, etc.

ETA: I re-read your message about user controls: I originally read it as a question, and it seems you meant it as a statement. To rephrase what I think you are saying: it is a known issue that any TRMM user will have 100% total access to 100% of the PC's that the TRMM user in MC has access to, simply by browsing the MC URL. Assuming that this is the case, I will look and see if there is a security issue for that: that's not cool at all... :) The below text is kept for reference, but you don't need it:

As for the getting around controls part: I haven't investigated that yet, so I may be missing something, and I don't want to derail this issue. I was just really surprised that while trying to debug the iframe issue I browsed my bare MC URL and it took me directly into the MC dashboard as the unique Full Admin user I used for TRMM without me entering a user ID or password. To make sure there wasn't anything stale, I logged out of MC and reloaded the URL: I got the login prompt again. But once I used TRMM to try to connect to a client, if I go to the bare MC URL, I go right back into the dashboard as the TRMM user, with Full Admin rights.

If I can do that, can't anyone else who has access to TRMM, even if they've been limited within TRMM to only a single PC? And if so, can't they then control any PC that that Full Admin user has in MC? That would very much not be my intention: some of my TRMM users only have access to certain clients. But like I said, I have not fully investigated this. If you know that I'm missing something and can tell me in a sentence, great, I won't waste your time with a second issue. But if not, I will happily create a separate issue if I find out that I can use that to gain control over a PC that a given TRMM user should not be able to.

<!-- gh-comment-id:1045104407 --> @fts-tmassey commented on GitHub (Feb 18, 2022): That is correct: the agent is available in Mesh, I can remote control, get a file list, etc. Everything is working 100% correctly in Mesh. Everything that is provided by the TRMM agent seems to be working 100% correctly as well: when I use the Remote Background action, I can use the Services tab and see services just fine; but the Terminal and File Browser tabs simply have a white iframe. The agent PC is a completely standard Windows 10 PC. Because this is a test environment, I only have the agent on two PC's right now, and the problem happens with both. There are no proxy servers ,etc. involved. The servers are cloud-based VM's and the PC's are behind a Ubiquiti EdgeRouter X NAT firewall, with no outbound restrictions, etc. ----- ETA: I re-read your message about user controls: I originally read it as a question, and it seems you meant it as a statement. To rephrase what I think you are saying: it is a known issue that any TRMM user will have 100% total access to 100% of the PC's that the TRMM user in MC has access to, simply by browsing the MC URL. Assuming that this is the case, I will look and see if there is a security issue for that: that's not cool at all... :) The below text is kept for reference, but you don't need it: As for the getting around controls part: I haven't investigated that yet, so I may be missing something, and I don't want to derail this issue. I was just *really* surprised that while trying to debug the iframe issue I browsed my bare MC URL and it took me directly into the MC dashboard as the unique Full Admin user I used for TRMM without me entering a user ID or password. To make sure there wasn't anything stale, I logged out of MC and reloaded the URL: I got the login prompt again. But once I used TRMM to try to connect to a client, if I go to the bare MC URL, I go right back into the dashboard as the TRMM user, with Full Admin rights. If I can do that, can't anyone else who has access to TRMM, even if they've been limited within TRMM to only a single PC? And if so, can't they then control any PC that that Full Admin user has in MC? That would very much *not* be my intention: some of my TRMM users only have access to certain clients. But like I said, I have not fully investigated this. If you know that I'm missing something and can tell me in a sentence, great, I won't waste your time with a second issue. But if not, I will happily create a separate issue if I find out that I can use that to gain control over a PC that a given TRMM user should not be able to.
kerem commented 2026-03-02 02:17:31 +03:00
Author
Owner
Copy link

@dinger1986 commented on GitHub (Feb 18, 2022):

Did this used to work?

This has always been the case as mesh is used only for remote. You can use another remote viewer or give users direct access to a machine with mesh

<!-- gh-comment-id:1045130506 --> @dinger1986 commented on GitHub (Feb 18, 2022): Did this used to work? ------ This has always been the case as mesh is used only for remote. You can use another remote viewer or give users direct access to a machine with mesh
kerem commented 2026-03-02 02:17:31 +03:00
Author
Owner
Copy link

@fts-tmassey commented on GitHub (Feb 18, 2022):

It worked initially, yes. And then something changed, and it does not now work. To my knowledge, I made no changes, either to the agent PC's (the problem happens with multiple PC's), nor to either the TRMM server nor the MC server. I barely looked at the thing in the last couple of days, and like I said it's a new, test install so I'm the only one with access to it.

<!-- gh-comment-id:1045191344 --> @fts-tmassey commented on GitHub (Feb 18, 2022): It worked initially, yes. And then something changed, and it does not now work. To my knowledge, I made no changes, either to the agent PC's (the problem happens with multiple PC's), nor to either the TRMM server nor the MC server. I barely looked at the thing in the last couple of days, and like I said it's a new, test install so I'm the only one with access to it.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
1.0.0
v1.4.0
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.0
v0.20.1
v0.20.0
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.2
v0.18.1
v0.18.0
v0.17.5
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.5
v0.16.4
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.12
v0.15.11
v0.15.10
v0.15.9
v0.15.8
v0.15.7
v0.15.6
v0.15.5
v0.15.4
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.8
v0.14.7
v0.14.6
v0.14.5
v0.14.4
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.15
v0.6.14
v0.6.13
v0.6.12
v0.6.11
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.32
v0.4.31
v0.4.30
v0.4.29
v0.4.28
v0.4.27
v0.4.26
v0.4.25
v0.4.24
v0.4.23
v0.4.22
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
In Process

   
bug

   
bug

   
dev-triage

   
documentation

   
duplicate

   
enhancement

   
fixed

   
good first issue

   
help wanted

   
integration

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
requires agent update

   
security

   
ui tweak

   
wontfix
No labels
In Process
bug
bug
dev-triage
documentation
duplicate
enhancement
fixed
good first issue
help wanted
integration
invalid
pull-request
question
requires agent update
security
ui tweak
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tacticalrmm#593
No description provided.