Inconsistent unable to reach server messages during save/update via 1Password X

sdfwillsdfwill
edited July 2019 in 1Password X

Hi, as the title notes, I've been receiving inconsistent unable to reach server messages via save/update in 1Password X. I'm able to access 1Password.com as well as my vault to add/update, but I'm not able to do so via the modal dialog when adding or updating a password from a field on a webpage. I should note that sometimes it works, most of the time it doesn't. Sometimes I'm able to 'kick' it back to life by locking/unlocking 1Password X, but 9/10 times it doesn't want to work. Our enterprise recently introduced ZScaler, so I'm assuming there's some SSL trickery going on, but can anyone provide me some information to provide to our operations team to get this to work reliably?

Here's the entry I'm seeing in the debug console in Chrome:

Refused to connect to 'https://gateway.zscalerthree.net/auD?origurl=https://[redacted].1passw…3%[redacted]&_ordtok=[redacted]' because it violates the following Content Security Policy directive: "connect-src https://*.1password.com wss://b5n.1password.com wss://b5n.ent.1password.com https://*.b5test.com wss://b5n.b5test.com https://*.b5dev.com wss://b5n.b5dev.com https://*.b5local.com:3000 wss://b5local.com:3001 https://*.1password.ca wss://b5n.1password.ca https://*.1password.eu wss://b5n.1password.eu https://api.pwnedpasswords.com https://f.1passwordusercontent.com https://f.1passwordentusercontent.com https://f.1passwordusercontent.eu https://f.1passwordusercontent.ca".


1Password Version: Not Provided
Extension Version: 1.15.6
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • kaitlynkaitlyn

    Team Member

    Hey @sdfwill! Thanks for getting in touch. I’ve seen this happen before when an account is changed in any way (enable/disable 2FA, update email, change Secret Key/Master Password, etc.). To solve it, you’ll have to re-authenticate your account in 1Password X. That being said, you should be receiving notifications from 1Password X letting you know that’s what you need to do. Do you by chance have your browser notifications set to off or Do Not Disturb mode on?

    Just to make sure this is resolved, please visit the 1Password X settings page (click the 1Password X icon in your browser toolbar > gear icon > Settings) and scroll down until you see your account listed. There will be a Remove button next to is – click on that to remove your account. Then, click Add account and visit your 1Password sign-in domain to sign back into your account (with your new credentials if they’ve changed). That should fix the connection with 1Password X, but let me know if that doesn’t seem to do the trick!

  • @kaitlyn Thanks for the reply. Regarding notifications, I don't have anything changed from the default on this system. Unfortunately, your recommendation to remove my account from the extension didn't solve the problem. I removed the account, added it, and attempted to add a site and received the same error.

  • kaitlynkaitlyn

    Team Member

    @sdfwill – Interesting. Thanks for giving that a try for me. Next, I’d like you to send a copy of your logs so we can take a closer look. We’ve got a handy guide on how to gather your logs here. Go ahead and post them here as long as you're comfortable with it, and we'll take a look and see what we find.

  • @kaitlin Log below.

    08:52:31.003 background.js:31 Initializing 1Password X...
    08:52:31.121 background.js:31 Finished initializing stable 1Password X 1.15.6 in chrome (20078)
    08:52:31.139 background.js:1 crypto tests: 22.989013671875ms
    08:52:31.142 background.js:31 🧠 Initializing filling data from cache.
    08:52:33.234 _generated_background_page.html:1 Refused to connect to 'https://gateway.zscalerthree.net/auD?origurl=https://watchtower.1password.com/api/v1/compromised-sites&wexps=1&_ordtok=k3Z3WVF63kbqNs2nk26DbsD0JQ' because it violates the following Content Security Policy directive: "connect-src https://*.1password.com wss://b5n.1password.com wss://b5n.ent.1password.com https://*.b5test.com wss://b5n.b5test.com https://*.b5dev.com wss://b5n.b5dev.com https://*.b5local.com:3000 wss://b5local.com:3001 https://*.1password.ca wss://b5n.1password.ca https://*.1password.eu wss://b5n.1password.eu https://api.pwnedpasswords.com https://f.1passwordusercontent.com https://f.1passwordentusercontent.com https://f.1passwordusercontent.eu https://f.1passwordusercontent.ca".

    08:52:33.235 _generated_background_page.html:1 Refused to connect to 'https://gateway.zscalerthree.net/auD?origurl=https://watchtower.1password.com/api/v1/2fa-sites&wexps=1&_ordtok=P3k3WVF2m2VWJ3VL256jBnM62r' because it violates the following Content Security Policy directive: "connect-src https://*.1password.com wss://b5n.1password.com wss://b5n.ent.1password.com https://*.b5test.com wss://b5n.b5test.com https://*.b5dev.com wss://b5n.b5dev.com https://*.b5local.com:3000 wss://b5local.com:3001 https://*.1password.ca wss://b5n.1password.ca https://*.1password.eu wss://b5n.1password.eu https://api.pwnedpasswords.com https://f.1passwordusercontent.com https://f.1passwordentusercontent.com https://f.1passwordusercontent.eu https://f.1passwordusercontent.ca".

    08:52:33.243 background.js:1 loadWatchtowerData failed: Error: Connection aborted
    at XMLHttpRequest.E (background.js:24)
    (anonymous) @ background.js:1
    08:52:33.244 background.js:1 [action/text#loadTwoFactorSitesList] Error: Connection aborted
    at XMLHttpRequest.E (background.js:24)
    (anonymous) @ background.js:1
    08:52:33.244 background.js:24 Uncaught (in promise) Error: Connection aborted
    at XMLHttpRequest.E (background.js:24)
    08:52:33.245 background.js:24 Uncaught (in promise) Error: Connection aborted
    at XMLHttpRequest.E (background.js:24)
    08:52:38.115 _generated_background_page.html:1 Unchecked runtime.lastError: No frame with id 7 in tab 2.
    08:52:38.115 _generated_background_page.html:1 Unchecked runtime.lastError: No frame with id 7 in tab 2.
    09:19:09.091 _generated_background_page.html:1 Unchecked runtime.lastError: The frame was removed.
    09:19:09.091 _generated_background_page.html:1 Unchecked runtime.lastError: No frame with id 140 in tab 250.
    10:26:10.218 _generated_background_page.html:1 Unchecked runtime.lastError: The frame was removed.
    10:26:10.221 _generated_background_page.html:1 Unchecked runtime.lastError: No frame with id 159 in tab 269.
    10:29:38.385 background.js:8 PBES2g-HS256(100000): 60.77783203125ms
    10:29:38.670 background.js:31 [LM] Started (minutes=20, lock on sleep=true).
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:59.418 Unchecked runtime.lastError: The message port closed before a response was received.
    10:29:38.729 _generated_background_page.html:1 Unchecked runtime.lastError: Could not establish connection. Receiving end does not exist.
    10:29:39.158 _generated_background_page.html:1 Refused to connect to 'https://gateway.zscalerthree.net/auD?origurl=https://REDACTED.1password.com/api/v2/auth/REDACTED%40gmail.com/A3/Z799YE/a2jaxshop7trbfqd2dlvyyiaca&_ordtok=rj43WVZrNQDKsWRRnj5n5m7vjj' because it violates the following Content Security Policy directive: "connect-src https://*.1password.com wss://b5n.1password.com wss://b5n.ent.1password.com https://*.b5test.com wss://b5n.b5test.com https://*.b5dev.com wss://b5n.b5dev.com https://*.b5local.com:3000 wss://b5local.com:3001 https://*.1password.ca wss://b5n.1password.ca https://*.1password.eu wss://b5n.1password.eu https://api.pwnedpasswords.com https://f.1passwordusercontent.com https://f.1passwordentusercontent.com https://f.1passwordusercontent.eu https://f.1passwordusercontent.ca".

    10:29:39.160 background.js:1 [_request] Request "/api/v2/auth/REDACTED%40gmail.com/A3/Z799YE/a2jaxshop7trbfqd2dlvyyiaca" failed: ClientError: Request timed out. This probably means that you’re not connected to the Internet or our servers are down.
    at new t (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:1:5996)
    at _handleQwestError (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:1:296651)
    at Array.f (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:691836)
    at chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:691525
    at chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551579
    at p (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551689)
    at s (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551052)
    (anonymous) @ background.js:1

  • 10:29:39.161 background.js:1 [action/Session#_getAuth] ClientError: Request timed out. This probably means that you’re not connected to the Internet or our servers are down.
    at new t (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:1:5996)
    at _handleQwestError (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:1:296651)
    at Array.f (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:691836)
    at chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:691525
    at chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551579
    at p (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551689)
    at s (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551052)
    (anonymous) @ background.js:1
    10:29:39.161 background.js:1 [action/auth#signInWithMpAndSk] ClientError: Request timed out. This probably means that you’re not connected to the Internet or our servers are down.
    at new t (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:1:5996)
    at _handleQwestError (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:1:296651)
    at Array.f (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:691836)
    at chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:691525
    at chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551579
    at p (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551689)
    at s (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551052)
    (anonymous) @ background.js:1
    10:29:39.161 background.js:1 [action/auth#signIn] ClientError: Request timed out. This probably means that you’re not connected to the Internet or our servers are down.
    at new t (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:1:5996)
    at _handleQwestError (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:1:296651)
    at Array.f (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:691836)
    at chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:691525
    at chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551579
    at p (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551689)
    at s (chrome-extension://aeblfdkhhhdcdjpifhhbdiojplfjncoa/background/background.js:24:551052)
    (anonymous) @ background.js:1
    10:29:39.162 background.js:31 Sync error 105
    handleSyncError @ background.js:31
    10:29:39.162 background.js:31 Ensuring device keys are available for 1 accounts now that we are unlocked.
    10:29:41.930 background.js:31 Uncaught (in promise) TypeError: Cannot read property 'saveItem' of undefined
    at ze.saveItem (background.js:31)
    at async Cn (background.js:31)
    10:29:44.807 background.js:31 Failed to save login.
    save-login-response @ background.js:31

  • kaitlynkaitlyn

    Team Member

    @sdfwill – You mentioned you're able to access 1Password.com previously; can you please remove your account from 1Password X one more time? After that, type your sign-in domain into your URL bar and attempt to sign in there. You should receive a popup asking if you'd like to add the account to 1Password X – click yes. I've researched a bit about ZScaler, and I've found that users tend to have better luck going that direction instead, so I'm wondering if it might help you out as well. Please let me know how it turns out!

  • @kaitlyn Thanks for the response. I removed the account, visited my sign-in domain, signed in, and added to 1Password X. When I went to add a new login item, it added successfully. I then closed and reopened the browser, signed into 1Password X, and attempted to add an account via the modal dialog and got the unable to reach server error.

  • brentybrenty

    Team Member

    I think we're maybe skating past the real issue here: 1Password.com isn't going to accept a connection from some 3rd party site on your behalf; we enforce end-to-end secure connections for the protection of all 1Password users. That seems to be the issue you're running into here, and I don't that there is -- or should be -- a "solution" that works around a person-in-the-middle. Security measures using CSP and TLS exist expressly to prevent that.

  • I understand and can appreciate that, but why would I be able to access my vault directly all day long without fail but run into intermittent problems when doing so from the modal dialog?

  • brentybrenty

    Team Member

    Sorry. The intermittent issue is what I'm referring to. It makes sense that you'd have problems when interacting with 1Password X running within the web page, given that CSP applies there to prevent tampering, when the request is attempted to be routed through another server. I'm not sure how the precise cause could be determined here given that all of that is happening outside of 1Password, and outside of the browser even -- which is where 1Password X is running. Your company would likely be the only entity in a position to know exactly what's being done, when, and why it seems to vary. 1Password, after all, isn't doing this to itself. Very confounding. Can they not whitelist 1Password.com? It seems like that would be the obvious solution. As curious as I am to understand what they're doing, the reality is that we're not going to be able to open the door for 3rd parties to intercept 1Password traffic, as that would be incredibly negligent and have an impact on everyone.

This discussion has been closed.