Connect (No-Plugin Version) Does Not Start or Respond

Sometimes, depending on the environment, Aspera Connect may not launch or respond.  This article explores ways to troubleshoot such issues.

Starting with version 3.6.5, the web interface for the Connect application is serviced by either of the following two technologies, depending on the OS, the browser, and the version of Connect:

(1) The traditional browser plugin technology, using ActiveX (Windows IE only), or the NPAPI protocol:  With this approach, the web interface is serviced by a plugin.

(2) A newer technology that does not use plugins:  With this approach, the web interface is serviced by the Connect application directly.

Before proceeding, find your platform, browser, and Connect version in the table below. If the box says No Plugin, then your connection to the web interface is serviced by the Connect application itself (2), and you are reading the correct KB article. For table items that say ActiveX or NPAPI, see the KB article Connect (Plugin Version) Does Not Start or Respond.

 

Overview

The Connect installation process performs the following tasks:

  • installs the Connect application on a local hard disk
  • installs a protocol handler for the fasp protocol
  • performs various desktop UI integrations (icons, etc.)

Before going through the troubleshooting steps below, make sure the Connect installation meets the requirements specified in the user documentation and release notes, particularly with regard to the supported versions of operating systems, browsers, and (if Linux) OpenSSL.

In all cases, the first step is to run Aspera's web-based Connect Diagnostic Tool to get a preliminary assessment of your Connect installation. The tool shows your Connect version, reports whether it's outdated, checks whether it's installed and running, checks whether your version is compatible with your browser, tests your ports, and attempts to perform a test transfer. It also generates a summary report that can be copied and shared with Aspera Support, if necessary.

To troubleshoot, the general approach is to check your installation by going through the following steps (a summary) in the order shown:

  1. After installing, did you run Aspera's web-based Connect Diagnostic Tool?
  2. Is the Connect application installed and can it be started?
  3. Is the fasp protocol registered?
  4. Does the local.connectme.us fully qualified domain name (FQDN) resolve to 127.0.0.1?
  5. Is a valid CA certificate present?

This article is divided into three sections. Use the section that matches your client OS:

Windows           blue titles
Mac                    red titles
Linux                  black titles

 

Troubleshooting: Windows

1.  After installing, did you run Aspera's web-based Connect Diagnostic Tool?

If you haven't done so already, run the diagnostic tool for a general assessment of your Connect installation. To launch the tool, open the following link:  

https://test-connect.asperasoft.com/

A pop-up may appear asking you to allow, launch, or trust the Connect application. Answer in the affirmative.

The steps below provide details, additional things to check, and possible solutions to problems that may be found.

2.  Is the Connect application installed and can it be started?

If the Connect Diagnostic Tool reported, "Your version of Connect is compatible with your browser," you can skip this step.

You can check that the application is installed by confirming the presence of asperaconnect.exe in the following location:

C:\Users\username\AppData\Local\Programs\Aspera\Aspera Connect\bin\

You can start Connect either by running asperaconnect.exe or by launching it from the Windows Start menu by clicking the "C" icon: 

To verify that the Connect application launched, confirm the presence of the "C" icon in the Windows system tray (lower right of the Windows screen):

 

3.  Is the fasp protocol registered?

Before proceeding with this step, quit Connect if it's running. If the fasp protocol is properly registered, Connect can be started by opening the following URL in the address bar:

fasp://initialize

If Connect launches, this confirms the fasp protocol is registered. To check whether Connect has launched, check whether the Connect icon is visible in the system tray, or open the Task Manager and check whether asperaconnect.exe is listed under Processes.

Possible courses of action if the fasp protocol is not registered:

  • Uninstall and then re-install Connect (the fasp protocol is registered at installation time).
  • Check with your IT group to ensure your system isn't locked down.
  • If the issue is still unresolved, contact Aspera Support.

 

4.  Do your DNS settings correctly resolve local.connectme.us?

Verify that your DNS settings resolve local.connectme.us to 127.0.0.1:

> ping local.connectme.us
Pinging local.connectme.us [127.0.0.1] with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
...

(Ping stops after four transfers. To stop earlier, press Ctrl-C.)

If ping fails, it indicates you have a network issue. Even if the web app is on the same local network and the DNS is properly set, this can happen if the user's system is not connected to the internet, or it's on a closed network.

For clients on closed networks, users can take the following steps to allow hosts to resolve local.connectme.us:

  1. As Administrator, open the following file with a plain-text editor: 

      C:\Windows\System32\drivers\etc\hosts 

  2. Add the following entry to the file, and save it:

      # Added the following for Aspera Connect access (today's date): 
      127.0.0.1 local.connectme.us

Another possible source of network issues is an HTTP proxy that's too restrictive. In particular, if the browser reports ERR_TUNNEL_CONNECTION_FAILED, then an HTTP proxy is probably being used to get the local connection.

If a proxy.pac file is used, add the following lines to it to remove proxy restrictions for local.connectme.us:

if (dnsDomainIs(host,"local.connectme.us"))
    return "DIRECT";
if ("127.0.0.1" === dnsResolve(host))
return "DIRECT";

If the problem persists, take any or all of the following actions, as necessary:

  • Turn off virus protection (just temporarily), and try the test again. If it works, adjust your firewall settings to prevent interference.
  • Make sure your firewall is not too restrictive.
  • Update your SSL certificate. See 5. below. 

  

5. Does the client have the proper CA certificate?

To determine whether you have a valid certificate, enter the following URL in your browser:

https://local.connectme.us:43003/v5/connect/info/version

If a valid certificate is found, the browser should show a closed-lock icon (), as in the following example.  (It should also display the version number of the installed Connect.)

 

If the lock icon is broken, it means your system is not providing the proper root certificate authority (CA).  The certificate must indicate the following certificate authority:

COMODO RSA Domain Validation Secure Server CA

The certificate must also be current (unexpired). 

You can check this as follows:

  1. Launch the Microsoft Management Console (MMC) by running mmc.exe from the Command Prompt.  This opens the MMC Console window. 
  2. From the File menu, select Add/Remove Snap-in
  3. In the Add or Remove Snap-ins dialog box, select Certificates and click Add.
  4. In the Certificates Snap-in dialog box, select My user account and click Finish. (Alternatively, to do an entire machine, you can select Computer account. Note that this option requires administrator authority.)
  5. In the Add or Remove Snap-ins dialog box, click OK.
  6. Now, in the Console window, you'll see an entry for Certificates. Expand it: Certificates - Current User > Trusted Root Certification Authorities > Certificates.
  7. Under the "Issued To" list of root authority certificates that appears, locate "COMODO RSA Domain Validation Secure Server CA" and check the date under "Expiration Date".

If the certificate is present and has not expired, it should be valid.

If the certificate is missing or expired, you can obtain a current, valid certificate from the following location:

https://support.comodo.com/index.php?/Knowledgebase/Article/View/970

Or, by direct download from here:

https://support.comodo.com/index.php?/Knowledgebase/Article/GetAttachment/970/821027

You can add the new certificate by running the following command:

> certutil -addstore -f "ROOT" comodo_certificate.crt

You can also remove an old certificate by running the following:

> certutil -delstore "ROOT" serial_number_hex

 

 

 

Troubleshooting: Mac OS X

1.  After installing, did you run Aspera's web-based Connect Diagnostic Tool?

If you haven't done so already, run the diagnostic tool for a general assessment of your Connect installation. To launch the tool, open the following link:  

https://test-connect.asperasoft.com/

A pop-up may appear asking you to allow, launch, or trust the Connect application. Answer in the affirmative.

The steps that follow provide details, additional things to check, and possible solutions to problems that may be found.

2.  Is the Connect application installed and can it be started?

If the Connect Diagnostic Tool reported, "Your version of Connect is compatible with your browser," you can skip this step.

You can check that the application is installed by confirming that asperaconnect is present in the following location:

~/Applications/Aspera Connect.app/Contents/MacOS/asperaconnect

You can also confirm it's installed by making sure the Connect application icon is visible in Launchpad:

You can start the Connect application in either of two ways: by clicking the icon in Launchpad, or by running asperaconnect from Terminal as follows:

$ ~/Applications/Aspera\ Connect.app/Contents/MacOS/asperaconnect

To see if Connect is running, verify the Connect icon is now visible in the Dock. Or, run a ps command in Terminal and look for an asperaconnect entry like the following:

$ ps -efc | grep asperaconnect
  501 46233       0 Tue05PM ??         0:00.58 asperaconnect

 

3.  Is the fasp protocol registered?   

Before proceeding with this step, quit Connect if it's running. Then open the following URL in your browser's address bar:

fasp://initialize

If Connect launches, this confirms the fasp protocol is properly registered. If the fasp protocol is not registered, the following are possible courses of action:

  • Uninstall and then re-install Connect (the fasp protocol is registered at installation time).
  • Check with your IT group to ensure your system isn't locked down.
  • If the issue is still unresolved, contact Aspera Support.

 

4.  Do your DNS settings correctly resolve local.connectme.us?

Verify that your DNS settings resolve local.connectme.us to 127.0.0.1:

$ ping local.connectme.us
PING local.connectme.us (127.0.0.1): 56(84) bytes of data.

(To stop the ouput, press Ctrl-C.) 

If the ping fails. it indicates you have a network issue. Even if the web app is on the same local network and the DNS is properly set, this can happen if the user's system is not connected to the internet, or it's on a closed network.

For clients on closed networks, users can take the following steps to allow hosts to resolve local.connectme.us:

  1. As root or superuser, open the following file with a plain-text editor: 

        /private/etc/hosts   

  2. Add the following entry to the file, and save it:

        # Added the following for Aspera Connect access (date): 
        127.0.0.1 local.connectme.us

Another possible source of network issues is an HTTP proxy that's too restrictive. In particular, if the browser reports ERR_TUNNEL_CONNECTION_FAILED, then an HTTP proxy is probably being used to get the local connection. If a proxy.pac file is used, add the following lines to it to ensure the proxy is not restrictive for local.connectme.us:

if (dnsDomainIs(host,"local.connectme.us"))
    return "DIRECT";
if ("127.0.0.1" === dnsResolve(host))
return "DIRECT";

If the problem persists, take any or all of the following actions, as necessary:

  • Turn off virus protection (just temporarily), and try the test again. If it works, adjust your firewall settings to prevent interference.
  • Make sure your firewall is not too restrictive.
  • Update your SSL certificate. See 5. below. 

 

5.  Does the client have the proper CA certificate? 

To determine whether you have a valid certificate, enter the following URL in your browser:

https://local.connectme.us:43003/v5/connect/info/version

If a valid certificate is found, the above test of the URL from a browser should show a closed-lock icon (), as in the following example.  (It should also display the version number of the installed Connect.)

If the lock icon is broken, it means your system is not providing the proper root certificate authority (CA).   

To display the contents of the local certificate, run the following command:

$ openssl x509 -in ~/Applications/Aspera\ Connect.app/Contents/Resources/localhost.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:ce:7f:a6:a2:ef:ac:b2:23:e0:89:84:e0:fd:4a:f9
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
        Validity 
            Not Before: Sep 23 00:00:00 2015 GMT
            Not After : Sep 22 23:59:59 2018 GMT
    ...

The certificate must indicate the following certificate authority:

COMODO RSA Domain Validation Secure Server CA

Check the certificate "Validity".  Ensure that the "Not After" date shows that the certificate has not expired. 

If the certificate is missing, you can obtain a current, valid certificate from the following location:

https://support.comodo.com/index.php?/Knowledgebase/Article/View/970

... or, download it directly from here:

https://support.comodo.com/index.php?/Knowledgebase/Article/GetAttachment/970/821027 

You can add the new certificate by running the following:

$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/Desktop/comodo_certificate.crt

You can also remove an old certificate by running the following:

$ sudo security delete-certificate -c "name_of_old_cert"

 

 

Troubleshooting: Linux  

For troubleshooting purposes it's useful to understand what occurs in the Connect install process:

(1) The user extracts a shellscript from the archive and runs it.

(2) The script extracts the folder and then runs the post-installation script, which does the following:

  • Kills any existing Connect processes that are running.
  • Creates the following files:
        ~/.aspera/connect/bin/asperaconnect
        ~/.aspera/connect/etc/asperaconnect.path
        ~/.local/share/applications/aspera-connect.desktop
        ~/.mozilla/plugins/libnpasperaweb*.so
        

(3) Registers the MIME x-scheme-handler.

NOTE: On Linux, the version of OpenSSL installed on your system is critical.  The version of Linux you install may not come with a current enough version of OpenSSL.  To determine the minimum version of OpenSSL your version of Connect requires, check the Connect release notes or user guide. For the latest version of Connect (3.7.4) at the time of this writing (3.7.4), the minimum requirement is OpenSSL 1.0.2g. To see which version is installed on your system, run:

$ openssl version 

1.  After installing, did you run Aspera's web-based Connect Diagnostic Tool?

If you haven't done so already, run the diagnostic tool for a general assessment of your Connect installation. To launch the tool, open the following link:  

https://test-connect.asperasoft.com/

A pop-up may appear asking you to allow, launch, or trust the Connect application. Answer in the affirmative.

The steps below provide details, additional things to check, and possible solutions to any problems that may be found.

2.  Is the Connect application properly installed and can it be started?

If the Connect Diagnostic Tool reported, "Your version of Connect is compatible with your browser," you can skip this step.

You can check whether the application is installed by confirming the presence of asperaconnect in the following location:

~/.aspera/connect/bin/asperaconnect 

You can start the Connect application either by running asperaconnect or by launching it from the Applications menu (in Gome: Applications > Internet > Aspera Connect).

To verify that the application launched, confirm the presence of the Aspera Connect "C" icon in the main menu bar (top panel in Gnome): 

  

3.  Is the fasp protocol registered?

Before proceeding with this step, quit Connect if it's running. If the fasp protocol is properly registered, you'll be able to start Connect by opening the following URL in the address bar:

fasp://initialize

... or, by running the following from the shell:

$ xdg-open fasp://initialize

In either case, if Connect launches, this confirms the fasp protocol is registered.

You can also check whether the protocol handler is correctly registered by running the following:

$ xdg-mime query default x-scheme-handler/fasp
aspera-connect.desktop

The response "aspera-connect.desktop" confirms the protocol is properly registered.

Possible courses of action if the fasp protocol is not registered:

  • Uninstall and then re-install Connect (the fasp protocol is registered at installation time).
  • Check with your IT group to ensure your system isn't locked down.
  • If the issue is still unresolved, contact Aspera Support.

 

4.  Do your DNS settings correctly resolve to local.connectme.us?

Verify that your DNS settings resolve local.connectme.us to 127.0.0.1:

$ ping local.connectme.us
PING local.connectme.us (127.0.0.1): 56(84) bytes of data.

(To stop the ouput, press Ctrl-C.) 

If the ping fails. it indicates you have a network issue. Even if the web app is on the same local network and the DNS is properly set, this can happen if the user's system is not connected to the internet, or it's on a closed network.

For clients on closed networks, users can take the following steps to allow hosts to resolve local.connectme.us:

  1. As root or superuser, open the following file with a plain-text editor: 

        /etc/hosts  

  2. Add the following entry to the file, and save it:

        # Added the following for Aspera Connect access (date): 
       127.0.0.1 local.connectme.us

Another possible source of network issues is an HTTP proxy that's too restrictive. In particular, if the browser reports ERR_TUNNEL_CONNECTION_FAILED, then an HTTP proxy is probably being used to get the local connection. If a proxy.pac file is used, add the following lines to it to ensure the proxy is not restrictive for local.connectme.us:

if (dnsDomainIs(host,"local.connectme.us"))
    return "DIRECT";
if ("127.0.0.1" === dnsResolve(host))
return "DIRECT";

If the problem persists, take any or all of the following actions, as necessary:

  • Turn off virus protection (just temporarily), and try the test again. If it works, adjust your firewall settings to prevent interference.
  • Make sure your firewall is not too restrictive.
  • Update your SSL certificate. See 5. below. 

  

5.  Does the client have the proper CA certificate?

To determine whether you have a valid certificate, enter the following URL in your browser:

https://local.connectme.us:43003/v5/connect/info/version

If a valid certificate is found, the above test of the URL from a browser should show a closed-lock icon (), as in the following screenshot.  (It should also display the version number of the installed Connect.)

 

If the lock icon is broken, it means your system is not providing the proper root certificate authority (CA).   

To display the contents of the local certificate, run the following command:

$ openssl x509 -in $HOME/.aspera/connect/etc/localhost.crt -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:ce:7f:a6:a2:ef:ac:b2:23:e0:89:84:e0:fd:4a:f9
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
        Validity 
  Not Before: Sep 23 00:00:00 2015 GMT
  Not After : Sep 22 23:59:59 2018 GMT
...

The certificate must indicate the following certificate authority:

COMODO RSA Domain Validation Secure Server CA

Check the certificate "Validity".  Ensure that the "Not After" date shows that the certificate has not expired.

Obtaining a New Certificate 

If a certificate is missing or invalid, you can obtain a current, valid certificate from the following location:

https://support.comodo.com/index.php?/Knowledgebase/Article/View/970

... or, download it directly from here:

https://support.comodo.com/index.php?/Knowledgebase/Article/GetAttachment/970/821027

You can also combine downloading with setting it up for installation, like the following, as root (Firefox example):

# curl -s https://support.comodo.com/index.php?/Knowledgebase/Article/GetAttachment/970/821027 > /usr/share/ca-certificates/mozilla/Comodo_RSA_Domain_Validation_Secure_Server_CA.crt

If your system does not have curl, the wget command can be used for the same result. 

Installing a New Certificate (Ubuntu, Debian)

As root, run the following to install the new certificate:

# update-ca-certificates 

To remove a certificate, remove its .crt file, and run the following: 

# update-ca-certificates --fresh

  

Installing a New Certificate (CentOS 6+, RedHat)

As root, run the following to install the new certificate:

# yum install ca-certificates
# update-ca-trust force-enable
#
cp new_comodo_cert.crt /etc/pki/ca-trust/source/anchors/
# update-ca-trust

 

0 Comments

Article is closed for comments.
Powered by Zendesk