Proxy Support

Options
2ยป

Comments

  • MikeT
    MikeT
    edited April 2022
    Options

    Hi @HangieMO,

    Can you try the latest nightly (1Password 8.7.0-35 or later) update and see if it helps? We've just added basic proxy support for the macOS version of 1Password now.

  • HangieMO
    HangieMO
    Community Member
    Options

    Hi @MikeT.
    I can't see nightly builds - are they available for betas, or only the fixed beta releases? If the later, then we haven't gotten access to this version yet.
    Also, the about dialog doesn't seem to mention the release number - just 8.7.0

  • Ben
    Ben
    Options

    Hi @HangieMO,

    To switch release channels, open and unlock 1Password then choose 1Password > Preferences, then select Advanced > Release Channel and select "NIGHTLY". After changing to the nightly channel, select About in Preferences, then Check for Updates to install the latest nightly build.

    Ben

  • HangieMO
    HangieMO
    Community Member
    Options

    @MikeT, I switched to the nightly builds. On 38 (80700038, on NIGHTLY channel) and still no luck with proxy.
    Are there logs I can access (where?) and send through to provide insights into what is different about our proxy config?

  • HangieMO
    HangieMO
    Community Member
    Options

    We have authenticated proxy, but we also have Alpaca distributed to our Mac's, so can point to a local Alpaca instance which deals with the authentication, however this would require the ability to override the proxy configuration for 1Password (to point it at Alpaca - we don't have this set as the machine wide proxy config).

  • HangieMO
    HangieMO
    Community Member
    Options

    OK. I ran a test and changed my machine proxy settings to use Alpaca and restarted 1Password. 1Password is able to use Alpaca (and hence bypass the proxy authentication) and connect successfully. My guess - it is the authenticated proxy that 1Password can't currently handle.

    Is there a way to start 1Password with an override to the Proxy config from the command line?

  • MikeT
    MikeT
    Options

    Hi @HangieMO,

    I am not familiar with Alpaca, could you direct us to their site, so we can take a look at them. I did a quick search but didn't find a clear one.

    Are there logs I can access (where?) and send through to provide insights into what is different about our proxy config?

    You can access the logs via 1Password's Help Menu > Troubleshooting > Open Logs Folder. However, the detailed errors are redacted by default to protect against any potential leaks such as the proxy server address.

    Could you email us first along with your 1Password diagnostics report, so we can look into it, and help you get the unredacted logs that might help explain why 1Password can't connect to the proxy.

    To generate the diagnostics report, go to the 1Password menu > Preferences, select the Advanced tab and then click Send Diagnostics.

    Click Reveal to find the report, please attach the report to an email addressed to support+forum@1password.com. In your email, also include:

    Let us know here when you sent the report, so we can quickly find it and work with you on this.

  • HangieMO
    HangieMO
    Community Member
    Options

    Hi @MikeT,

    I've sent through the details to the email above.

    FYI:

  • MikeT
    MikeT
    Options

    Hi @HangieMO, we got the report and thanks for the links. We'll take a look and reply as soon as we can.

  • HangieMO
    HangieMO
    Community Member
    Options

    @MikeT, my workaround requiring Alpaca as the global proxy setting is no longer an option. Any chance of rolling out a proxy override option soon for the app? For example, Chrome allows you to provide "--proxy-server=..." to override the proxies. This is better than nothing.

  • Smithjw
    Smithjw
    Community Member
    Options

    Hey @MikeT / @Ben , I'm an engineer at the same company as @HangieMO and responsible for the macOS SOE we run (including deploying the network/proxy settings). We actually run many proxies here (don't get me started ๐Ÿ˜…) but all internet facing traffic is now sent out through Zscaler. In general, all traffic is inspected with the SSL cert being replaced with Zscaler's Root CA. If you're able to give me a list of all the hostnames that the 1Password 8 beta would contact for sync, I could look at getting them exempted from this SSL inspection to determine if this partially resolves the issue.

    1Password isn't a business-deployed tool, but many of our users utilise it personally so I'd like to get this resolved if we can ๐Ÿ˜ƒ. Happy to submit some logs also and dig in further.

  • PeterG_1P
    PeterG_1P
    edited April 2022
    Options

    Hi @smithjw: does this list of our ports and domains help?

    Thanks for letting us know about some of the elements involved here, as well. If you and @hangiemo continue to run into proxy-related issues, feel free to send us a brief message at support+windows@1Password.com, and our Windows team will be happy to dig in in-depth. We'd love to know more about what isn't working out at the moment, and determine how to improve the state of affairs!

  • Smithjw
    Smithjw
    Community Member
    Options

    Thanks @PeterG_1P , I had our proxy team exempt the following domains from SSL inspection which enables the app on macOS to now sync items, create vaults, etc

    • *.1password.com
    • *.1passwordservices.com
    • *.1passwordusercontent.com
    • *.agilebits.com

    The one thing we still can't do is sign into a new account in the Mac app. If we're already signed in, it works, but if we aren't the app will state that we are offline. Are there any undocumented URLs specifically used only during sign-in?

    And for reference, while on the corp network (even without the SSL inspection bypass) we can sign in to 1P accounts via a browser.

  • ag_Christian
    ag_Christian
    Options

    Hey there, @Smithjw

    If you don't mind, I'd like to make sure everyone's on the same page with regard to what 1Password for Mac supports(ed).

    but all internet facing traffic is now sent out through Zscaler. In general, all traffic is inspected with the SSL cert being replaced with Zscaler's Root CA. If you're able to give me a list of all the hostnames that the 1Password 8 beta would contact for sync, I could look at getting them exempted from this SSL inspection to determine if this partially resolves the issue.

    As far as I'm aware, all semi-recent beta and nightly versions of 1Password for Mac should support your TLS interception solution correctly on macOS. We haven't yet had any reports suggesting otherwise (but that's not to say there couldn't be a bug). So, because of that, I don't believe the TLS interception is the root of the problem.

    The area that becomes shakier is proxy support. Up until a month ago, 1Password for Mac had no system proxy support at all. We improved this, as you've been, with rudimentary support for manually configured HTTP and SOCKS proxies. Pending one bug (which is fixed in the nightly channel, soon to reach beta) causing a protocol mix up there, we believe it to be working correctly.

    Finally, up until earlier this week the app had no support for autoconfigured proxies which relied on PAC scripts (a very popular solution in enterprise setups). With this now implemented, we've heard a small amount of positive feedback that it has fixed connection problems in setups. This support is only available in the latest builds of the nightly channel.

    With all of that said, I would like to see if we could rule out autoconfigured proxies being the issue. If you're willing, could you to install 1Password for Mac on the nightly channel and make sure your build number is at least 80800010. You can check this by clicking 1Password in the menu bar and then clicking About 1Password. This version is guaranteed to have the best proxy support available. After that, please try signing in and seeing if that fares any better.

    Please note that if there are outstanding networking problems, the built-in updater may not be able to download a new version for you.

    Finally, if not too inconvenient, would it be possible to disable the SSL inspection exceptions for a finer grained test? This would help narrow down any problems that still persist.

    Thanks for your time.

  • Smithjw
    Smithjw
    Community Member
    Options

    @ag_Christian After some testing, can confirm that we don't need the SSL Bypass for New Vaults and Syncing items in the 1Password 8 Nightly versions. We do utilise a PAC file for our devices.

    The one thing we still can't do in the Nightly version is login to a new account where we receive an error that we are not connected. Anything else to test here?

  • mdemierre
    mdemierre
    Community Member
    edited May 2022
    Options

    Hello @ag_Christian I am trying the now officially released 1password 8 in a very similar environment (TLS-intercepting proxy, authenticated with NTLM, auto-configured with PAC in system settings).

    I installed using the official installer, which upgraded from 1password 7.

    Version info:
    1Password for Mac 8.7.0, 80700098, on PRODUCTION channel

    I encountered the same problem as @Smithjw, where I'm unable to sign in to my account. Here are some logs which clearly show an "unsupported" error in the proxy support:

    INFO 2022-05-09T08:16:01.666 ThreadId(12) [1P:op-settings/src/store/json_store.rs:49] Settings file "/Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/settings/settings.json" missing, using defaults.
    INFO 2022-05-09T08:16:01.669 ThreadId(12) [client:typescript] Client starting.
    ERROR 2022-05-09T08:16:01.786 ThreadId(12) [1P:ffi/core-node/src/lib.rs:750] Failed to load crash reports from disk: Os { code: 2, kind: NotFound, message: "No such file or directory" }
    INFO 2022-05-09T08:16:01.820 ThreadId(12) [1P:native-messaging/op-native-core-integration/src/lib.rs:448] Enabling BrowserHelper with bundle id: 2BUA8C4S2C.com.1password.browser-helper
    INFO 2022-05-09T08:16:01.859 tokio-runtime-worker(ThreadId(9)) [1P:native-messaging/op-native-core-integration/src/lib.rs:281] Starting IPC listener on 2BUA8C4S2C.com.1password.browser-helper
    INFO 2022-05-09T08:16:01.859 tokio-runtime-worker(ThreadId(9)) [1P:op-ipc/src/ipc/xpc.rs:173] XPC starting connection
    INFO 2022-05-09T08:16:01.860 ThreadId(12) [1P:op-localization/src/lib.rs:230] system locale detected as 'en-US'
    INFO 2022-05-09T08:16:01.860 ThreadId(12) [1P:op-localization/src/lib.rs:256] selected translations for EN_US based on detected locale en-US
    INFO 2022-05-09T08:16:01.860 ThreadId(12) [status:op-app/src/app.rs:325] App::new(1Password for Mac/80700098 (EN_US), /Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/1password.sqlite)
    INFO 2022-05-09T08:16:01.861 ThreadId(12) [1P:op-db/src/db.rs:120] Starting DB at version: 0
    INFO 2022-05-09T08:16:01.861 ThreadId(12) [1P:op-db/src/db.rs:128] Database is being created at '/Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/1password.sqlite' (sqlite: 3035004)
    INFO 2022-05-09T08:16:01.863 ThreadId(12) [1P:op-db/src/db.rs:382] Updated DB Schema to version 001
    INFO 2022-05-09T08:16:01.864 ThreadId(12) [1P:op-db/src/db.rs:403] Updated DB Schema to version 002
    INFO 2022-05-09T08:16:01.866 ThreadId(12) [1P:op-db/src/db.rs:414] Updated DB Schema to version 003
    INFO 2022-05-09T08:16:01.867 ThreadId(12) [1P:op-db/src/db.rs:429] Updated DB Schema to version 005
    INFO 2022-05-09T08:16:01.868 ThreadId(12) [1P:op-db/src/db.rs:444] Updated DB Schema to version 006
    INFO 2022-05-09T08:16:01.869 ThreadId(12) [1P:op-db/src/db.rs:457] Updated DB Schema to version 007
    INFO 2022-05-09T08:16:01.870 ThreadId(12) [1P:op-db/src/db.rs:470] Updated DB Schema to version 008
    INFO 2022-05-09T08:16:01.870 ThreadId(12) [1P:op-db/src/db.rs:483] Updated DB Schema to version 009
    INFO 2022-05-09T08:16:01.871 ThreadId(12) [1P:op-db/src/db.rs:496] Updated DB Schema to version 011
    INFO 2022-05-09T08:16:01.871 ThreadId(12) [1P:op-db/src/db.rs:510] Updated DB Schema to version 012
    INFO 2022-05-09T08:16:01.872 ThreadId(12) [1P:op-db/src/db.rs:523] Updated DB Schema to version 013
    INFO 2022-05-09T08:16:01.873 ThreadId(12) [1P:op-db/src/db.rs:536] Updated DB Schema to version 014
    INFO 2022-05-09T08:16:01.874 ThreadId(12) [1P:op-db/src/db.rs:549] Updated DB Schema to version 015
    INFO 2022-05-09T08:16:01.876 ThreadId(12) [1P:op-db/src/db.rs:562] Updated DB Schema to version 016
    INFO 2022-05-09T08:16:01.878 ThreadId(12) [1P:op-db/src/db.rs:575] Updated DB Schema to version 017
    INFO 2022-05-09T08:16:01.879 ThreadId(12) [1P:op-db/src/db.rs:588] Updated DB Schema to version 018
    INFO 2022-05-09T08:16:01.880 ThreadId(12) [1P:op-db/src/db.rs:601] Updated DB Schema to version 019
    INFO 2022-05-09T08:16:01.882 ThreadId(12) [1P:op-db/src/db.rs:713] Updated DB Schema to version 021
    INFO 2022-05-09T08:16:01.883 ThreadId(12) [1P:op-db/src/db.rs:726] Updated DB Schema to version 022
    INFO 2022-05-09T08:16:01.885 ThreadId(12) [1P:op-db/src/db.rs:739] Updated DB Schema to version 023
    INFO 2022-05-09T08:16:01.891 ThreadId(12) [1P:ssh/op-ssh-config/src/lib.rs:231] agent not configured
    ERROR 2022-05-09T08:16:01.891 ThreadId(12) [1P:ffi/core-node/src/lib.rs:64] Attempted to notify uninitialized App
    INFO 2022-05-09T08:16:01.892 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.892 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Google/Chrome Beta/NativeMessagingHosts
    INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Beta/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Google/Chrome Canary/NativeMessagingHosts
    INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Canary/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Google/Chrome Dev/NativeMessagingHosts
    INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Dev/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.893 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Microsoft Edge/NativeMessagingHosts
    INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Microsoft Edge Beta/NativeMessagingHosts
    INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Beta/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Microsoft Edge Canary/NativeMessagingHosts
    INFO 2022-05-09T08:16:01.894 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Canary/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.895 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Microsoft Edge Dev/NativeMessagingHosts
    INFO 2022-05-09T08:16:01.895 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Dev/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.895 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:48] Creating manifest directory for Chromium at /Users/$USER/Library/Application Support/Vivaldi/NativeMessagingHosts
    INFO 2022-05-09T08:16:01.895 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Vivaldi/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.896 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Mozilla/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-09T08:16:01.896 op_executor:invocation_loop(ThreadId(17)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:83] Successfully installed all native messaging manifests.
    INFO 2022-05-09T08:16:01.924 tokio-runtime-worker(ThreadId(10)) [1P:op-settings/src/store/json_store.rs:49] Settings file "/Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/settings/settings.json" missing, using defaults.
    INFO 2022-05-09T08:16:02.192 tokio-runtime-worker(ThreadId(3)) [1P:op-ipc/src/ipc/xpc.rs:229] XPC connected to 2BUA8C4S2C.com.1password.browser-helper
    INFO 2022-05-09T08:16:02.192 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging/op-native-core-integration/src/lib.rs:293] Active native core integration is awaiting messages
    INFO 2022-05-09T08:16:02.192 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging/op-native-core-integration/src/lib.rs:305] Extension connecting.
    INFO 2022-05-09T08:16:02.192 tokio-runtime-worker(ThreadId(3)) [1P:native-messaging/op-native-core-integration/src/lib.rs:307] Extension connection accepted.
    INFO 2022-05-09T08:16:02.362 tokio-runtime-worker(ThreadId(3)) [1P:op-op7-migration/src/lib.rs:290] OP7 Credentials were found, storing for future sign in.
    WARN 2022-05-09T08:16:10.100 tokio-runtime-worker(ThreadId(4)) [1P:foundation/op-proxy/src/apple.rs:91] proxy requires autoconfiguration, this is currently unsupported!
    ERROR 2022-05-09T08:16:10.100 tokio-runtime-worker(ThreadId(4)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/foundation/op-proxy/src/lib.rs:141] NotImplemented
    ERROR 2022-05-09T08:16:31.927 tokio-runtime-worker(ThreadId(4)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-app/src/app/backend/watchtower.rs:266] RequestError(IoError(IoError(timed out)))
    ERROR 2022-05-09T08:16:34.092 tokio-runtime-worker(ThreadId(5)) [1P:op-app/src/app/backend/updater.rs:176] AppUpdates(Http(IoError(IoError(connect error))))
    ERROR 2022-05-09T08:16:40.104 tokio-runtime-worker(ThreadId(5)) [1P:op-app/src/app/backend/signin.rs:397] error signing in from data layer: UnableToCreateClient(HttpError(/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-b5-client/src/internal/server_connection.rs:78, IoError(IoError(timed out))))
    ERROR 2022-05-09T08:16:40.104 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-signin/src/lib.rs:444] error signing in from data layer: other error
    ERROR 2022-05-09T08:16:40.104 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ui/op-signin-ui/src/handlers.rs:387] Error signing in: other error
    WARN 2022-05-09T08:16:48.030 tokio-runtime-worker(ThreadId(5)) [1P:foundation/op-proxy/src/apple.rs:91] proxy requires autoconfiguration, this is currently unsupported!
    ERROR 2022-05-09T08:16:48.031 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/foundation/op-proxy/src/lib.rs:141] NotImplemented
    ERROR 2022-05-09T08:17:01.931 tokio-runtime-worker(ThreadId(10)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-app/src/app/backend/watchtower.rs:267] RequestError(IoError(IoError(timed out)))
    ERROR 2022-05-09T08:17:18.035 tokio-runtime-worker(ThreadId(10)) [1P:op-app/src/app/backend/signin.rs:397] error signing in from data layer: UnableToCreateClient(HttpError(/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-b5-client/src/internal/server_connection.rs:78, IoError(IoError(timed out))))
    ERROR 2022-05-09T08:17:18.035 tokio-runtime-worker(ThreadId(10)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-signin/src/lib.rs:444] error signing in from data layer: other error
    ERROR 2022-05-09T08:17:18.035 tokio-runtime-worker(ThreadId(10)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ui/op-signin-ui/src/handlers.rs:387] Error signing in: other error
    WARN 2022-05-09T08:17:40.014 tokio-runtime-worker(ThreadId(10)) [1P:foundation/op-proxy/src/apple.rs:91] proxy requires autoconfiguration, this is currently unsupported!
    ERROR 2022-05-09T08:17:40.014 tokio-runtime-worker(ThreadId(10)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/foundation/op-proxy/src/lib.rs:141] NotImplemented
    ERROR 2022-05-09T08:18:10.017 tokio-runtime-worker(ThreadId(5)) [1P:op-app/src/app/backend/signin.rs:397] error signing in from data layer: UnableToCreateClient(HttpError(/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-b5-client/src/internal/server_connection.rs:78, IoError(IoError(timed out))))
    ERROR 2022-05-09T08:18:10.017 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-signin/src/lib.rs:444] error signing in from data layer: other error
    ERROR 2022-05-09T08:18:10.017 tokio-runtime-worker(ThreadId(5)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ui/op-signin-ui/src/handlers.rs:387] Error signing in: other error
    INFO 2022-05-09T08:19:24.762 tokio-runtime-worker(ThreadId(5)) [1P:op-app/src/app/backend/signin.rs:478] cancelling a sign in session
    INFO 2022-05-09T08:19:25.672 op_executor:invocation_loop(ThreadId(17)) [1P:op-app/src/app/backend/frontend.rs:24] Front end event: window closed

  • Dayton_ag
    Dayton_ag
    Options

    @Smithjw

    Thanks for your reply! We'd like to grab some finer-grained diagnostics information from one of the attempts to add a new account - could you write in to support+mac@1password.com, and include your username and a link to this Forum thread? Once we receive it, we can help with gathering some deeper diagnostics information for the Development team to dig into.

    After you email in, you should receive a Conversation ID that looks like this: [#ABC-12345-678]. Please paste that here, and I'll use it to track your email down from my end. Thanks again!

    @mdemierre

    Could you update to the Nightly version of 1Password, and let me know if you have success adding your account? The version of 1Password you're running does not contain the support for PAC configurations, but the most-recent Nightly does. Here's how to swap over to the Nightly release channel:
    1. Open the 1Password app.
    2. In the menu bar, click 1Password, then Preferences.
    3. Swap to the Advanced tab, and change Release Channel to Nightly.
    4. Select the About tab, and check for updates.
    5. Apply the update when it is ready.

    After performing those actions and updating, could you try signing in and let me know if you're able to do so successfully? Thanks, I look forward to hearing back!

  • mdemierre
    mdemierre
    Community Member
    edited May 2022
    Options

    Hello @Dayton_ag

    I should have read more carefully, I thought the released version was more recent than the ones discussed so far.

    I am now on 80800022, on NIGHTLY channel

    Unfortunately, still no luck. One thing I forgot to mention which could be important now that I see this error is that I am on a Cisco AnyConnect VPN, which connects me to the network with the proxy described in my previous post.

    The error is different this time. It seems to interpret the PAC and try to connect. There's not much details so hard to say where the problem lies.

    I'm using the proxy with all other apps and it's reachable and working.

    Here's the log:

    INFO 2022-05-11T08:39:51.937 ThreadId(12) [client:typescript] Client starting.
    INFO 2022-05-11T08:39:52.070 ThreadId(12) [1P:native-messaging/op-native-core-integration/src/lib.rs:448] Enabling BrowserHelper with bundle id: 2BUA8C4S2C.com.1password.browser-helper
    INFO 2022-05-11T08:39:52.091 tokio-runtime-worker(ThreadId(1)) [1P:native-messaging/op-native-core-integration/src/lib.rs:281] Starting IPC listener on 2BUA8C4S2C.com.1password.browser-helper
    INFO 2022-05-11T08:39:52.091 tokio-runtime-worker(ThreadId(1)) [1P:op-ipc/src/ipc/xpc.rs:76] XPC starting connection
    INFO 2022-05-11T08:39:52.098 tokio-runtime-worker(ThreadId(1)) [1P:op-ipc/src/ipc/xpc.rs:124] XPC connected to 2BUA8C4S2C.com.1password.browser-helper
    INFO 2022-05-11T08:39:52.098 tokio-runtime-worker(ThreadId(1)) [1P:native-messaging/op-native-core-integration/src/lib.rs:293] Active native core integration is awaiting messages
    INFO 2022-05-11T08:39:52.098 tokio-runtime-worker(ThreadId(1)) [1P:native-messaging/op-native-core-integration/src/lib.rs:305] Extension connecting.
    INFO 2022-05-11T08:39:52.098 tokio-runtime-worker(ThreadId(1)) [1P:native-messaging/op-native-core-integration/src/lib.rs:307] Extension connection accepted.
    INFO 2022-05-11T08:39:52.101 ThreadId(12) [1P:op-localization/src/lib.rs:228] system locale detected as 'en-US'
    INFO 2022-05-11T08:39:52.101 ThreadId(12) [1P:op-localization/src/lib.rs:254] selected translations for EN_US based on detected locale en-US
    INFO 2022-05-11T08:39:52.101 ThreadId(12) [status:op-app/src/app.rs:325] App::new(1Password for Mac/80800022 (EN_US), /Users/$USER/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data/1password.sqlite)
    INFO 2022-05-11T08:39:52.103 ThreadId(12) [1P:op-db/src/db.rs:120] Starting DB at version: 24
    INFO 2022-05-11T08:39:52.105 ThreadId(12) [1P:ssh/op-ssh-config/src/lib.rs:231] agent not configured
    ERROR 2022-05-11T08:39:52.105 ThreadId(12) [1P:ffi/core-node/src/lib.rs:65] Attempted to notify uninitialized App
    INFO 2022-05-11T08:39:52.107 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.107 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Beta/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.108 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Canary/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.108 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Google/Chrome Dev/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.109 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.110 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Beta/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.112 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Canary/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.113 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Microsoft Edge Dev/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.114 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Vivaldi/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.114 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Sidekick/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.114 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Arc/User Data/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.115 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/WaveboxApp/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.115 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:68] Created NMH manifest at /Users/$USER/Library/Application Support/Mozilla/NativeMessagingHosts/com.1password.1password.json
    INFO 2022-05-11T08:39:52.115 op_executor:invocation_loop(ThreadId(18)) [1P:native-messaging/op-nm-installer/src/nix_utils.rs:83] Successfully installed all native messaging manifests.
    ERROR 2022-05-11T08:40:07.758 tokio-runtime-worker(ThreadId(8)) [1P:foundation/op-proxy/src/lib.rs:245] proxy test network connection failed: timed out
    INFO 2022-05-11T08:40:07.759 tokio-runtime-worker(ThreadId(8)) [1P:foundation/op-proxy/src/apple.rs:305] skipping proxy returned by PAC since we couldn't connect to it: Network(Network(timed out))
    ERROR 2022-05-11T08:40:24.364 tokio-runtime-worker(ThreadId(8)) [1P:op-app/src/app/backend/updater.rs:175] AppUpdates(Http(IoError(IoError(connect error))))
    ERROR 2022-05-11T08:40:37.762 tokio-runtime-worker(ThreadId(4)) [1P:op-app/src/app/backend/signin.rs:397] error signing in from data layer: UnableToCreateClient(HttpError(/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-b5-client/src/internal/server_connection.rs:95, IoError(IoError(timed out))))
    ERROR 2022-05-11T08:40:37.763 tokio-runtime-worker(ThreadId(4)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-signin/src/lib.rs:442] error signing in from data layer: other error
    ERROR 2022-05-11T08:40:37.763 tokio-runtime-worker(ThreadId(4)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/ui/op-signin-ui/src/handlers.rs:386] Error signing in: other error

  • Dayton_ag
    Dayton_ag
    Options

    Hey there @mdemierre I'm so sorry for the delay here!

    Could you try downloading and installing our newest nightly, using the steps in my message above? It has some further changes to our proxy handling.

    Once you've downloaded and installed that Nightly, could you confirm if you're still running into connection issues? If you are, let's continue this conversation over email so I can grab some more in-depth diagnostics information. Could you send me an email at support+mac@1password.com, with my username, your username, and a link to this forum thread?

    After you email in, you should receive a Conversation ID that looks like this: [#ABC-12345-678]. Please paste that here, and I'll use it to track your email down from my end.

    Thanks, I'm looking forward to getting this sorted for you! ๐Ÿ˜Š

  • Pariah_Zero
    Pariah_Zero
    Community Member
    edited May 2022
    Options

    I literally ran into this exact issue today - I've tried what you suggest, but I have an issue:

    • I set the release to the Nightly, then tried to update to nightly, and ... nothing.
    • 1Password won't switch away from the production channel - so I'm stuck at 80700098.
    • I suspect it's because I can't log into my 1Password account in the 1Password app (Browser works fine, as does 1Pass7)
    • I can't log into my 1Password account in the app because... no access without a proxy.
    • So which came first? The ๐Ÿ“ or the ๐Ÿฅš?
  • Jack.P_1P
    Jack.P_1P
    Options

    Hey @Pariah_Zero:

    Thanks for sharing that you're running into trouble. Here's a direct link to the nightly installer for both 1Password 8 for Mac and Windows:

    Mac: https://downloads.1password.com/mac/1Password Nightly.zip
    Windows: https://downloads.1password.com/win/1PasswordSetup-latest.NIGHTLY.exe

    Let me know if that helps!

    Jack

  • Pariah_Zero
    Pariah_Zero
    Community Member
    edited May 2022
    Options

    Well, that's a bummer: After using the link and moving to 80800110 (Mac), I've still got no ability to login with 1password 8. I'll try to follow up via email as well with further details.

    I doubt the proxy is that exotic - just a normal http/https proxy (where https is just passed through unmodified), and has content filtering to block 'unauthorized' sites.

  • mdemierre
    mdemierre
    Community Member
    edited May 2022
    Options

    Hello @Dayton_ag

    I sent an email today but didn't get an ID back. The subject is "1password 8 NIGHTLY: Cannot login when under VPN + corporate proxy" from the email of this account.

    I upgraded to the 80800114 but I still see the same logs.

  • Smithjw
    Smithjw
    Community Member
    Options

    I'm also seeing issues again with 1Password thinking it's offline when connected to the corp network :(

  • Pariah_Zero
    Pariah_Zero
    Community Member
    edited May 2022
    Options

    I've been in contact with support via email: [#NGI-26927-645]. I'll see if I can send debugging information, but I can't promise anything... such is life when my corporate overlords are pretty strict about "what happens in the firewall stays in the firewall." I mean, that's why there's a proxy to begin with...

  • Dayton_ag
    Dayton_ag
    Options

    @mdemierre Thanks so much - I tracked down your email from my end and I'll be reaching out to you shortly!
    ref: WCW-38359-192

    @Smithjw Sorry you're running into issues still! Could you shoot us an email at support+mac@1password.com, and include:

    • Your Forum username
    • My Forum username
    • A link to this article.

    Let me know what Conversation ID you get in an automated reply to your email and I'll track down your email on my end. If you don't receive a Conversation ID, let me know and I'll see if I can dig up your email from my end.

    @Pariah_Zero Thanks so much for writing in! I'll follow up with you in the email you mentioned, as we're looking for some specific logs and we can work together on finding what we need without causing any issues with IT. ๐Ÿ˜Š
    ref: NGI-26927-645

  • jacmorel
    jacmorel
    Community Member
    edited September 2022
    Options

    Hi, I am in a similar situation at work where access to the internet is monitored via an authenticating proxy.
    The 1password chrome extension connects to the backend no problem but the 1password standalone app does not which means I have on the same machine inconsistent state. Let me know what I can do to help here. This is a major issue for me.

    1Password for Mac 8.9.4 - 80904044, on PRODUCTION channel
    Macbook Pro 16 M1 Max
    MacOS Monterey 12.5.1

  • kingtong
    kingtong
    Community Member
    Options

    Hello

    Same thing here, behind a corporate VPN / Proxy combo.

    Sync is not working:

    ERROR 2022-09-19T11:17:44.917 tokio-runtime-worker(ThreadId(14)) [1P:foundation/op-tls/src/verification/apple.rs:214] failed to verify TLS certificate: invalid peer certificate contents: โ€œ<redacted_corp_url>โ€ certificate is not trusted (-67843)
ERROR 2022-09-19T11:17:44.919 tokio-runtime-worker(ThreadId(12)) [1P:foundation/op-tls/src/verification/apple.rs:214] failed to verify TLS certificate: invalid peer certificate contents: โ€œ<redacted_corp_url>โ€ certificate is not trusted (-67843)
ERROR 2022-09-19T11:17:44.920 tokio-runtime-worker(ThreadId(14)) [1P:foundation/op-tls/src/verification/apple.rs:214] failed to verify TLS certificate: invalid peer certificate contents: โ€œ<redacted_corp_url>โ€ certificate is not trusted (-67843)

    It's working fine from browsers extensions and command line.

    1Password for Mac 8.9.6 - 80906011, on BETA channel
    macOS Monterey 12.6

  • chiefgeek157
    chiefgeek157
    Community Member
    Options

    MacOS Monterey 12.6.1 (corporate control)
    1Password for Mac 8.9.13 (80913026) (NIGHTLY channel)
    Proxy: Bluecoat with authentication

    Apologies for the "me, too", but I believe the problem, for me at least, is a failure to properly authenticate to a proxy. Here are some telltales from the logs:

    ERROR 2023-01-03T13:26:11.398 tokio-runtime-worker(ThreadId(10)) [1P:foundation/op-proxy/src/lib.rs:255] proxy test network connection failed: error sending request for url (<redacted URL>): error trying to connect: Connection reset by peer (os error 54)
INFO  2023-01-03T13:26:11.398 tokio-runtime-worker(ThreadId(10)) [1P:foundation/op-proxy/src/apple.rs:348] skipping proxy returned by PAC since we couldn't connect to it: Network(Network(error sending request for url (<redacted URL>): error trying to connect: Connection reset by peer (os error 54)))

ERROR 2023-01-03T13:26:11.613 tokio-runtime-worker(ThreadId(6)) [1P:/Users/builder/builds/BhfSvM9x/0/dev/core/core/op-app/src/app/backend/unlock.rs:77] unable to get client

ERROR 2023-01-03T13:26:37.025 tokio-runtime-worker(ThreadId(4)) [1P:op-app/src/app/backend/updater.rs:209] AppUpdates(Http(IoError(IoError(error sending request for url (<redacted URL>): error trying to connect: Connection reset by peer (os error 54)))))

    I believe this shows that the correct proxy config (PAC) was retrieved, but access via the proxy failed anyway. I am not savvy enough to understand how an app on a Mac can use the pre-authenticated proxy connection (or keystore password) to authenticate to the proxy.

    As a workaround...

    As an erstwhile developer I have several tools that are in a similar situation. Some have configuration options to set the proxy and password, but then I have a bunch of places I have to go update the password, and inevitably that leads to an account lockout as those tools use an old password.

    I use a local proxy (happens to be SquidMan) that asks for my current credentials on start up and provides an unauthenticated local proxy for tools to connect to. However, the tool MUST support configuration of the proxy, and 1Password 8 does not. So not an option.

    Happy to help however I can.

  • Xipper
    Xipper
    Community Member
    Options

    How is this still not fixed? The only way 1P will work on my corporate network is if I use Proxifier to redirect the 1P access to *.agilebits.com to use the corporate proxy. Every other app on MacOS reads the system proxy settings, which in my case uses a wpad.dat script to manage proxy selection rules. It is obvious that 1P doesn't attempt to follow system proxy settings at all.

    When we could have our 1P vault replicated with Dropbox or whatever else we never had a problem, as Dropbox itself supported proxies just fine...however your business model forced this change and you failed to adopt supporting proxy servers which is a common requirement in corporate networks, it can also be a requirement in some geo-regions (e.g. PRC).

This discussion has been closed.