Windows Firewall error when trying to run Chrome Remote Debugger

macabeus · January 24, 2023, 4:10pm

I’m trying to start Chrome Remote Debugger on an electron application. It uses some ports, such as 9222 and 9229, and everything works fine locally.
But when I tried to run it on CircleCI’s Windows job, the debugger couldn’t be connected.

After starting a remote connection to the job, I noticed that whenever I start it, there is this warning message:

And when clicking on “yes” or “x” the debugger works!

It seems that there is something wrong with Windows Firewall from CircleCI’s Windows job, and I can’t figure out how to work around it.

Does someone know how to solve it?

rit1010 · January 24, 2023, 5:26pm

It sounds like the Windows image is just fully enabling the firewall, which makes sense as the image by default is published to the internet without all the normal corporate security infrastructure a company is likely to have in place or even a nat-based gateway.

You can set rules in the firewall via the command line, so try opening the ports, a basic allow port example can be found here

macabeus · January 24, 2023, 5:42pm

Thanks for the reply.
I already tried enabling the ports, and also even disabling the whole Windows Firewall, but it didn’t solve the issue.

I tried using

- run:
    command: |
        netsh advfirewall set allprofiles state off

- run:
    command: |
        netsh advfirewall show all

I can see from the output that the Windows Firewall was disabled, but I still can’t connect to the debugger.

I also tried enabling only some ports:

- run: 
    command: |
        New-NetFirewallRule -DisplayName "WHITELIST TCP" -Direction inbound -Profile Any -Action Allow -LocalPort 9229 -Protocol TCP
        New-NetFirewallRule -DisplayName "WHITELIST TCP" -Direction inbound -Profile Any -Action Allow -LocalPort 9222 -Protocol TCP

but it didn’t solve the issue as well.

As a wild guess, I think that these commands are running too late since at this moment we already have a warning from IncrediBuild Agent.

Also, I need to connect only with localhost:9222. Why is a firewall blocking localhost connection?

This warning “Windows Firewall is misconfigured” on IncrediBuild raised my attention btw

rit1010 · January 24, 2023, 7:06pm

I’ve never used Incredibuild but the docs here indicate a lot of ports needing to be open for it to work.

https://docs.incredibuild.com/win/latest/windows/system_requirements.html

Beyond that I will not be able to help with any container configuration questions as I’m not a CircleCI staff member, so you will have to raise a support ticket.

macabeus · January 24, 2023, 11:13pm

Now it’s working - and I have absolutely no idea why.
Even running the same workflow and doing the exact steps I did before.

In addition to that, I noticed that the following firewall rules are disabled and are enabled when clicking on “yes”:

IncrediBuild Agent Service
IncrediBuild Helper #1
IncrediBuild Helper #2
IncrediBuild Helper #3
IncrediBuild Helper #4

If it’s expected that these rules are kept disabled, it would be good not to show the warning message. It’s misleading. I think that there is an option not to show it.