+4
Completed

Need advanced notice before changing ip address/server holding our instance in the cloud

joefohner 3 years ago updated by anonymous 2 years ago 9

Our URL filter will not allow screenconnect to work unless I exempt the ip address of the server holding our instance. We never know when this ip address is going to change. The only way to tell is when Screen Connect stops working and is unable to connect. Then I have to call support and find out which IP the server is using. Since you don't use DNS records for these servers, we can't exempt a domain in the URL filter. The URL filter is an Edgewave iPrism. I've talked with Edgewave at length. The only way I can prevent this is to exempt a domain. Any help is appreciated. Thanks!

Available in Version:

Answer

Answer
Completed

A notification setting was added to the profile page on the cloud account portal, and if enabled you will receive an email if your server IP changes. 


https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Cloud_management_portal/Profile_page

I'm on the same boat. In order for my LDAP to work. We have to white list the IP to our firewall. Today it stopped working and no one could login.

Happened to me to. I've opened another ticket with screen connect. Waiting on their reply. In the meantime I opened wireshark packet sniffer and determined the ip address to add to the exceptions. I compare that ip address to the list of all servers for the command nslookup servers.screenconnect.com. I verified the match, made the exception and it's working now. I don't understand why they can't give us a heads up when they change ip's for our instances. An e-mail would do it.

Roadmapped

Just FYI in the interim - your relay/session URL does not change. If you're able to whitelist a specific URL, you can find out what the address is by opening up your installed ScreenConnect client and looking at the Relay Server field. If the IP does change, you can do an nslookup for that URL to get the new IP.

I'm afraid we have having a nightmare with this in the education sector over in the UK where we have no control over the firewalls. We have tried everything and I now fear ill have to move away and find an alternative solution which is a shame. Screen connect could make a lot of money here in the UK but wont go far unless they change the way the IP's work a static address or a pool of address's would suffice

Michael,

Ok, our instance is shown as relay server “relay://instance-xat0wr-“. So my guess is instance-xat0wr-relay.screenconnect.com is the right url . I tried whitelisting the URL instance-xat0wr-relay.screenconnect.com but it didn’t work. I had to whitelist the ip again. Nslookup shows the ip as 54.85.232.136 . Wire Shark shows the server as server-aws0e1f5ba4-relay.screenconnect.com which goes to the same ip address, 54.85.232.136 . It looks like the server is hosted on Amazon. Appreciate you helping me to figure this out. It will be a lot quicker to find the right ip the next time it changes. Hope this helps someone else.


I'd still like to see a good fix for this. When it happens our Helpdesk stops until they run me down and I can change the ip.

Thanks, Joe

Hi Joe,


You're welcome, and yes - the address instance-xat0wr-relay.screenconnect.com is the right address. If you're ever load balanced onto a different server in our cloud, the second URL you posted should change (most of the servers are in Amazon's cloud but we have some in other networks as well). You could potentially whitelist all of our server IPs, but there are around 50 of them, and the list is growing - so it's probably not going to be scalable or easily maintained in your router. If you want to see the full, up to date list, the command is:


nslookup servers.screenconnect.com screenconnect.trafficmanager.net


-Michael

Make that the second IP address, sorry about that - just re-read this and noted there might be some confusion. The URL won't change when load balanced.

Answer
Completed

A notification setting was added to the profile page on the cloud account portal, and if enabled you will receive an email if your server IP changes. 


https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Cloud_management_portal/Profile_page