Some errors and feedback on access

I might have come across some issues using the Cloudflare dash teams.

  1. Seems like I can’t force any device posture rule on groups.


    If the box loads, the permission is registered as an unknown type.

  2. The WARP client errors when I try to see which device postures are enabled.
    image

  3. The error message when the input is not valid seems a bit unclear.

I’d say that something like “The entered value has an invalid format” would be much more intuitive.

  1. Is this an expected behavior in the Group Require requirements?
    image

  2. Adding a device posture to a group and later removing the posture doesn’t seem to update the permissions of the groups affected by the removal
    image

  1. Was eventually fixed, might have been a momentary shortage.

  2. I’m currently using the BETA and the issue is no more as well.

  3. Still have questions about this, as soon as I add a requirement of WARP or GATEWAY, no client is able to connect to any of our applications despite being connected to teams. I tried adding the require rule both in the application and the group, none seemed to work, we get a forbidden page.

Hi Jnperamo,

Sorry about the initial issue. I know we put out a beta release this week so it could have definitely been related.

For issue 3, could you try hitting: .com/cdn-cgi/trace and see if the fields Warp and Gateway are showing as “off” or “WARP/On”? That will help us rule out where the issue is occurring. I would also make sure you only have WARP or Gateway set as the Require since Require functions like a logical AND.

1 Like

Hello,

Thank you for your reply!
I get some extra errors now :sweat_smile:



This happens every time I try to make add any requirement to our default group

If I ignore the message, I can’t choose any of the options:

Note, the selecting errors only occur in WARP and GATEWAY Require rules.

  • I tried removing and adding back the device posture, I still was not able to select any of the options.
  • I also tried signing out and signing back in, the issue persisted even if step 1) was repeated.
  • Finally, I also tried cleaning cache and cookies and signing back in, no luck.
  • I can add neither WARP nor Gateway device postures to any permission rule (tried to add the requirement to applications and groups with no luck).

The application eventually glitched as well, modifying the switch had no impact at all (The issues are most likely unrelated, but it might be worth noting considering that the BETA is going live soon).

Regarding the trace:
image

There have been some changes to the seats, unsure if it’s just my account but the count of users is 0 for me even though there are currently two seats occupied.
image

Maybe you can check whether wlansvc service is running.

1 Like

Exiting the application and starting it up again fixed the issue, I’m not sure how it happened. I wish I could recreate it but it was something that I noticed randomly when looking at the app.

1 Like

The Gateway/WARP selection issue is known and should hopefully be fixed tomorrow, thank you for flagging.

That interesting that exiting WARP fixed the issue. I will have the team investigate a bit more. Thank you for the patience here!

1 Like

No problem at all, we have also been facing an issue with VNC connections, established connections are left hanging until they eventually disconnect (browser rendering). I wonder if that is also a known issue?

I don’t have any known VNC issues we’re tracking at the moment. Would you be able to share the VNC config you’re running? Are you getting any errors from your cloudflared tunnel?

Also, have you been able to render the VNC instance with another VNC viewer? Just to rule out something in the VNC config itself, they can be a bit fragile in my experience.

I made a support request with all the debug information on it.
https://support.cloudflare.com/hc/en-us/requests/2244601
Regarding the VNC viewer, I have used Proxmox and remote desktop from windows, unsure if any of those count as valid for you.

If needed I can provide access to the application as well as the remote machine, it is a fresh windows install with nothing installed on it other than cloudflared.

Seems like I can’t connect to teams anymore (this occurred while visiting the Groups page).

User shows active both in access and gateway
image
image

Upon trying to login into teams this error shows up:
image

However, the user can access to subdomain.cloudflareaccess.com just fine.

There is a defined rule for launching teams.

Overall I have lost access to every single app except to the app launcher (when visited via browser), however, the access rules for all applications (including the app launcher) are identical.

Update:
Removing the require rules fixed the issue, which is odd. Initially it was:
emails ending in: @ourdomain.com
AND
Country: the countries from our employees.

Currently, I’m just including emails that terminate in our domain, once the VNC ticket is assisted I will get back to fighting with more strict access rules.