Syncthing as a local user on Windows Server


(Eroji) #1

I had Syncthing configured on 2 Windows Servers syncing a volume as Local System previously, but to take care of the warning of running as privileged user, I tried creating a local user with access to the Syncthing installation directory and the volume, but now I am unable to launch the application and access the web GUI. It’s outputting the following into terminal logging.

wsasend: An existing connection was forcibly closed by the remote host.
wsarecv: An existing connection was forcibly closed by the remote host.

Googling this didn’t yield with anything useful to track down what the cause is. Any ideas? Or perhaps there is some sort of guide for best practice on how to limit Syncthing on Windows to run as a regular user?


(Audrius Butkevicius) #2

This is either not syncthing log, or you’ve tinkered with it making it hard to understand where it’s coming from. Please provide the messages you see in syncthings log with all the prefixes, etc.


(Jakob Borg) #3

I have an epic “just post the fucking log exactly like we wrote it; it looks like that for a reason” rant coming any day now. Not pointed at you @eroji, just at the universe in general and since the point came up… :expressionless:


(Eroji) #4

I don’t mean to make your life difficult, but I had some hesitation on if the device IDs are safe to post. Anyways, I censored the actual hostname and device IDs.

[monitor] 12:51:13 INFO: Log output saved to file "C:\Users\syncthing\AppData\Local\Syncthing\syncthing.log"
[monitor] 12:51:13 INFO: Starting syncthing
[LXSF4] 12:51:13 INFO: syncthing v0.14.40 "Dysprosium Dragonfly" (go1.9.2 windows-amd64) teamcity@build.syncthing.net 2017-10-28 19:15:32 UTC
[LXSF4] 12:51:13 INFO: My ID: <Device ID 1>
[LXSF4] 12:51:14 INFO: Single thread SHA256 performance is 228 MB/s using minio/sha256-simd (177 MB/s using crypto/sha256).
[LXSF4] 12:51:15 INFO: Hashing performance with weak hash is 184.19 MB/s
[LXSF4] 12:51:15 INFO: Hashing performance without weak hash is 213.31 MB/s
[LXSF4] 12:51:15 INFO: Weak hash enabled, as it has an acceptable performance impact.
[LXSF4] 12:51:15 INFO: Ready to synchronize Borrowermobile (readwrite)
[LXSF4] 12:51:15 INFO: Send rate is unlimited, receive rate is unlimited
[LXSF4] 12:51:15 INFO: Rate limits do not apply to LAN connections
[LXSF4] 12:51:15 INFO: Using discovery server https://discovery-v4-2.syncthing.net/v2/?id=DVU36WY-H3LVZHW-E6LLFRE-YAFN5EL-HILWRYP-OC2M47J-Z4PE62Y-ADIBDQC
[LXSF4] 12:51:15 INFO: TCP listener ([::]:22000) starting
[LXSF4] 12:51:15 INFO: Using discovery server https://discovery-v4-3.syncthing.net/v2/?id=VK6HNJ3-VVMM66S-HRVWSCR-IXEHL2H-U4AQ4MW-UCPQBWX-J2L2UBK-NVZRDQZ
[LXSF4] 12:51:15 INFO: Using discovery server https://discovery-v4-4.syncthing.net/v2/?id=LYXKCHX-VI3NYZR-ALCJBHF-WMZYSPK-QG6QJA3-MPFYMSO-U56GTUK-NA2MIAW
[LXSF4] 12:51:15 INFO: Using discovery server https://discovery-v6-2.syncthing.net/v2/?id=DVU36WY-H3LVZHW-E6LLFRE-YAFN5EL-HILWRYP-OC2M47J-Z4PE62Y-ADIBDQC
[LXSF4] 12:51:15 INFO: Using discovery server https://discovery-v6-3.syncthing.net/v2/?id=VK6HNJ3-VVMM66S-HRVWSCR-IXEHL2H-U4AQ4MW-UCPQBWX-J2L2UBK-NVZRDQZ
[LXSF4] 12:51:15 INFO: Using discovery server https://discovery-v6-4.syncthing.net/v2/?id=LYXKCHX-VI3NYZR-ALCJBHF-WMZYSPK-QG6QJA3-MPFYMSO-U56GTUK-NA2MIAW
[LXSF4] 12:51:15 INFO: KCP listener ([::]:22020) starting
[LXSF4] 12:51:15 INFO: GUI and API listening on 10.1.130.93:8384
[LXSF4] 12:51:15 INFO: Access the GUI via the following URL: https://host1.domain.com:8384/
[LXSF4] 12:51:15 INFO: Device <Device ID 2> is "host2" at [tcp://host2.domain.com:22000]
[LXSF4] 12:51:15 INFO: Established secure connection to <Device ID 2> at 10.1.130.93:56442-10.2.130.93:22000 (tcp-client) (TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
[LXSF4] 12:51:15 INFO: Device <Device ID 2> client is "syncthing v0.14.40" named ""
[LXSF4] 12:51:15 INFO: Connection to <Device ID 2> closed: writing message: write tcp 10.1.130.93:56442->10.2.130.93:22000: wsasend: An existing connection was forcibly closed by the remote host.
[LXSF4] 12:51:16 INFO: Established secure connection to <Device ID 2> at 10.1.130.93:56447-10.2.130.93:22000 (tcp-client) (TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
[LXSF4] 12:51:16 INFO: Device <Device ID 2> client is "syncthing v0.14.40" named ""
[LXSF4] 12:51:16 INFO: Connection to <Device ID 2> closed: writing message: write tcp 10.1.130.93:56447->10.2.130.93:22000: wsasend: An existing connection was forcibly closed by the remote host.
2017/11/13 12:51:18 http: TLS handshake error from 10.1.130.93:56450: EOF
[LXSF4] 12:51:19 INFO: Established secure connection to <Device ID 2> at 10.1.130.93:56451-10.2.130.93:22000 (
tcp-client) (TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
[LXSF4] 12:51:19 INFO: Device <Device ID 2> client is "syncthing v0.14.40" named ""
[LXSF4] 12:51:19 INFO: Connection to <Device ID 2> closed: writing message: write tcp 10.1.130.93:56451->10.2.130.93:22000: wsasend: An existing connection was forcibly closed by the remote host.
[LXSF4] 12:51:23 INFO: Established secure connection to <Device ID 2> at 10.1.130.93:56452-10.2.130.93:22000 (tcp-client) (TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
[LXSF4] 12:51:23 INFO: Device <Device ID 2> client is "syncthing v0.14.40" named ""
[LXSF4] 12:51:23 INFO: Connection to RI62H66-WRBIJDN-7JK3RQI-5AGSNTO-GXIQANN-N3W
ZKLB-EJNJXMQ-32ZKYAN closed: writing message: write tcp 10.1.130.93:56452->10.2.130.93:22000: wsasend: An existing connection was forcibly closed by the remote host.
[LXSF4] 12:51:25 INFO: Detected 0 NAT devices
[LXSF4] 12:51:31 INFO: Established secure connection to <Device ID 2> at 10.1.130.93:56453-10.2.130.93:22000 (tcp-client) (TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)
[LXSF4] 12:51:31 INFO: Device <Device ID 2> client is "syncthing v0.14.40" named ""
[LXSF4] 12:51:31 INFO: Connection to <Device ID 2> closed: writing message: write tcp 10.1.130.93:56453->10.2.130.93:22000: wsasend: An existing connection was forcibly closed by the remote host.

(Eroji) #5

Just to add, this is the exact same configuration file unchanged. If running as Local System, it works fine.


(Audrius Butkevicius) #6

Check the log on the other side, or (more likely) the firewall


(Eroji) #7

Firewall is disabled for Domain Network and I can ping the other endpoint just fine. Looking at the logs on other end, it seems like the connection was rejected with reason “unknown device”. I assume by changing the user it changed the signature of the endpoint somehow?


(Jakob Borg) #8

Yes, the configuration and certificate (that makes up the device ID) is stored in the user’s home directory. If you change user you get a new config, certificate, and device ID. You can copy the relevant files though.


(Eroji) #9

I’ll try that, but shouldn’t the web GUI come up at least? Doesn’t quite make sense that the application launches the browser where you end up staring at a blank page that won’t load.


(system) #10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.