#jlcbada-terminal-reader

What exactly is the nature of the failure>

it has worked before in this location, or not?

Is the reader able to get online?

If you can get to the network status screen and its on the same network, the POS needs to be able to reach the device

Two checks you can do from the POS:
1/ nslookup 10-0-0-80.123abc.device.stripe-terminal-local-reader.net replacing the 10-0-0-80 with the dash-separated IP address of your reader
2/ ping 10-0-0-80.123abc.device.stripe-terminal-local-reader.net same IP address replacement

if the first fails, you might have an issue block DNS rebinding on your network

if the first works, but the second fails, your netowkr might be prevent connections between devices

Hi @celest perch
the error im getting is like this

• ping the ip works
• ping the hostname works
• nslookup hostname : - im not sure whats an error response here. it gives me a Non-authoritative answer - i guess thats a positive response?

if i copy over the POST HTTP request and do it in postman, its 200 OK

but in the webpage it goes net::ERR_FAILED

Please advise @celest perch

can you share a clearer screenshot of that?
also can you share your terminal window logs for this (like your macOS terminal) for 1/ and 2/

hi @autumn granite i DM you a loom video of how our IT guy trouble shoot. please check. let me know if that helps. it covers all your request and maybe more

@celest perch trying to send to you but seems i wasnt permitted? Let me know pls how i can send over a loom

looking one sec

oh that is a 15 min video

I also cannot copy/paste IDs or dig into anything from the video

would it be possible for them to the full text of what they got in their laptop terminal window for the three things

• ping the ip works
• ping the hostname works
• nslookup hostname : - im not sure whats an error response here. it gives me a Non-authoritative answer - i guess thats a positive response?

sure
Hang on
so first, the error message in the screenshot
stated as this:

POST https://192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net:4443/protojsonservice/JackRabbitService net::ERR_FAILED

the warning message is

(index):1 Could not communicate with the Reader. Please make sure your reader is online and on the same network as your device, and that the host `https://192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net` is resolvable by your DNS provider. See https://support.stripe.com/questions/terminal-connectivity-issues for more details.

• Ping the IP Works

C:\WINDOWS\system32>ping 192.168.1.223

Pinging 192.168.1.223 with 32 bytes of data:
Reply from 192.168.1.223: bytes=32 time=264ms TTL=64
Reply from 192.168.1.223: bytes=32 time=501ms TTL=64
Reply from 192.168.1.223: bytes=32 time=744ms TTL=64
Reply from 192.168.1.223: bytes=32 time=986ms TTL=64

Ping statistics for 192.168.1.223:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 264ms, Maximum = 986ms, Average = 623ms

• Ping the hostname works

C:\WINDOWS\system32>ping 192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net

Pinging 192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net [192.168.1.223] with 32 bytes of data:
Reply from 192.168.1.223: bytes=32 time=223ms TTL=64
Reply from 192.168.1.223: bytes=32 time=450ms TTL=64
Reply from 192.168.1.223: bytes=32 time=691ms TTL=64
Reply from 192.168.1.223: bytes=32 time=960ms TTL=64

Ping statistics for 192.168.1.223:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 223ms, Maximum = 960ms, Average = 581ms

C:\WINDOWS\system32>ping 192-168-1-223.device.stripe-terminal-local-reader.net

Pinging 192-168-1-223.device.stripe-terminal-local-reader.net [192.168.1.223] with 32 bytes of data:
Reply from 192.168.1.223: bytes=32 time=300ms TTL=64
Reply from 192.168.1.223: bytes=32 time=543ms TTL=64
Reply from 192.168.1.223: bytes=32 time=782ms TTL=64
Reply from 192.168.1.223: bytes=32 time=1020ms TTL=64

Ping statistics for 192.168.1.223:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 300ms, Maximum = 1020ms, Average = 661ms

• Nslookup hostname

C:\WINDOWS\system32>nslookup 192-168-1-223.device.stripe-terminal-local-reader.net
Server:  Fios_Quantum_Gateway.fios-router.home
Address:  192.168.1.1

Non-authoritative answer:
Name:    192-168-1-223.device.stripe-terminal-local-reader.net
Address:  192.168.1.223

pls help me @autumn granite @celest perch me know if you need anything else

Hi @unique ridge if you have time, can you please into this as well? thanks!

@static anvil I'll do my best but please be patient, the channel is extremely busy right now so it will take a while

@static anvil okay I'm pairing with someone on my team. They confirmed that the commands you ran indicate everything should be working. They asked that you confirm with your developer that those commands were ran directly from the device that is connecting to the reader, and not from another unrelated computer. Can you have them confirm this?

yes that is correct. @unique ridge
the computer where i ran the commands and the terminal are connected both on the same network. same subnet
we are highly on a desparate situation. if paid support is necessary to resolve the issue asap. we are highly interested to it

@static anvil I understand the desperation but you'd have to talk to support about that https://support.stripe.com/contact

i did @unique ridge I chatted with them, but they said they dont have paid support at the moment so i was hoping i could find it here.

This is a public Discord server, this is definitely not a place to get "paid support"

Reading this carefully it seems you misunderstood my question. You said "yes" but you clearly say it's the "same network" but not the same device

You need to run those exact commands on the device that connects to the reader. Not on another unrelated computer

@unique ridge ok let me rephrase

@unique ridge
the device(computer), where i got the aforementioned logs, is the one used to connect to the reader.
that same device(computer) and the terminal are connected both on the same network. same subnet.
hopefully that made it all clear?

yes

awesome! (crossing fingers we be able to resolve this)

@static anvil can you share the Terminal reader id the tmr_123?

ofcourse!tmr_D4PdjwZ85FbqDa @unique ridge

Thanks, we're looking. I want to be honest, I have no clue if we'll find anything relevant and you might have to go through support anyway.

cross fingers! 🙏

@static anvil and this has never worked in that store/it's a new store with a different network and devices right?

it worked before! then suddenly not.. for some unknown reason.. we not able to figure out @unique ridge

try nslookup 192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net

when did it stop working? was it the same device/reader?

yes. same device

no pictures please

C:\WINDOWS\system32>nslookup 192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net
Server:  Fios_Quantum_Gateway.fios-router.home
Address:  192.168.1.1

Non-authoritative answer:
Name:    192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net
Address:  192.168.1.223

@unique ridge

roger that

(sorry, back and forth internally in parallel with my team and other engineers on the Terminal product)

@unique ridge i completely understand! 🙏

do you have other computers on that network? Are you wired or wifi? Also can you try other devices/readers?

@static anvil can you quickly start your app and try to connect again, we want to see if we can find logs for that attempt

they are both in wifi
yes there are other devices(computers, tablets, smartphones, etc) connected to the network

i have another terminal

tmr_EW2XZwPemnCndF

does tmr_EW2XZwPemnCndF work fine?

same issue @unique ridge
we brought the other device to troubleshoot. but same issue

but in our main branch, our POS and reader works smoothly

im gonna try to reconnect again (buy in POS)

done.. were you able to catch any logs @unique ridge

So right now you have one computer that has an app with JS SDK, it's connected in WI-FI to your network, and 2 P400 readers are on WI-FI too, same network and none of them work?

@unique ridge web app yes.
before it worked.

if i replicate the HTTP POST request via postman it goes 200 OK though. which is reeeally weird.

what happens if you open https://10-0-0-1.abc.device.stripe-terminal-local-reader.net:4443 in the browser?

What browser are you using exactly? Exact OS version and browser version. Does it work in incognito?

this is what i get if i access the reader hostname in browser
https://192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net:4443

Error 404: Not Found
Not Found

I am using Windows 10 OS.
Chrome latest version v95

Im doing all requests and actions in incognito @unique ridge

@static anvil do you have another browser on that computer?

microsoft edge?

yeah, can you try loading the same URL in edge? Trying to rule out an issue with Chrome

you mean loading this.. https://192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net:4443/
in microsoft edge browser?

yes

same response

Error 404: Not Found
Not Found

is that unexpected?

well clearly your computer can talk to the reader, ping it, post to it via postman, but for some reason Chrome and Edge can't

https://192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net:443/ try that one in both (443 and not 4443)

for microsoft edge

Hmmm… can't reach this page192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net took too long to respond

for chrome

This site can’t be reached192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net took too long to respond.

Try clearing chrome's DNS cache: Navigate to chrome://net-internals/#dns and press the "Clear host cache" button.

clicked the button multiple times (i dont see any reaction though) 4443 in chrome is 404; 443 is unreachable

thx

Can your app work in Edge instead of Chrome? Like if you try to connect/pay in Edge does the same issue happen?

im gonna do that. hang on

same error @unique ridge

POST https://192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net:4443/protojsonservice/JackRabbitService net::ERR_FAILED

@static anvil do you have wireshark on that computer? To try and narrow down where the HTTPS requests are being blocked

first time heard of it. give me 5min ill try to download that

do you want me to send the logs here? @unique ridge ?

No, that will have sensitive info. I'm not sure who I am speaking to and whether you're a dev but hopefully you would read them and find interesting tidbits

im a dev. but this is the first time ive used this.. and im not really good at networking. I couple of reds though

can you share some info in DM with me?

Can you also try to move to Cloudflare's DNS temporarily on your computer? https://developers.cloudflare.com/1.1.1.1/setup-1.1.1.1/windows might help

Also for Wireshark, can you filter out only traffic to the reader? (guide: https://networkproguide.com/wireshark-filter-by-ip/) and set the IP to the reader IP

not sure how to paste the filter result..
can i screenshot? @unique ridge ?

sure

whereas 225 is the computer's IP

now im gonna do that again with cloudfare DNS in my computer

if you do cloudflare, re-purge the DNS in Chrome (and restart all of Chrome to be safe)

ok doing that

here it is
with cmd nslookup for proof of dns change

@unique ridge

yep sorry, we're looking. Doesn't make sense to us just yet 😦

Did anything change on your end before this broke, like upgrading the reader, upgrading your router, etc.?

im gonna ask my tech guys @unique ridge

but seems no

@static anvil can you inspect the packet labeled "Encrypted Alert", looks suspicious to us and we're thinking there might be more details on that one

the one 2 lines above the red line

ok right click to that.. then? what option in the menu should i choose.. (sorry not really familiar with wireshark.. i dont see anything related to "inspect though")

@static anvil can you try clicking on the "Encrypted Alert" packet, there should be a "Transport layer security" section, expand that

@autumn granite

Frame 1414: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) on interface \Device\NPF_{91340893-288D-4098-922F-66673ED50A9E}, id 0
Ethernet II, Src: MurataMa_5d:9e:6d (d4:53:83:5d:9e:6d), Dst: IntelCor_c0:0a:1c (04:33:c2:c0:0a:1c)
Internet Protocol Version 4, Src: 192.168.1.223, Dst: 192.168.1.225
Transmission Control Protocol, Src Port: 4443, Dst Port: 64642, Seq: 4856, Ack: 760, Len: 31
Transport Layer Security
    TLSv1.2 Record Layer: Encrypted Alert
        Content Type: Alert (21)
        Version: TLS 1.2 (0x0303)
        Length: 26
        Alert Message: Encrypted Alert

thanks, one more thing

Open your browser dev tools e.g. Chrome dev tools, go to the Network tab, and click on the failing request and tell us what you're seeing (there should be sub tabs for Preview and Response IIRC)

please forgive me doing screenshots on this
its hard to put it in text let me know if you have anything your interested so i copy paste the texts

this is the whole associated headers into the failing request @autumn granite

can you share the Response tab view as well? screenshot is fine

no value.. its a net::ERR_FAILED

POST https://192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net:4443/protojsonservice/JackRabbitService net::ERR_FAILED

it will just give something like this

based on what @unique ridge and I have gone so far.. we come up with this:
well clearly your computer can talk to the reader, ping it, post to it via postman, but for some reason Chrome and Edge can't

not sure why my browsers cant talk to the reader. @autumn granite

yep that is the understanding from the internal teams too, it might be something browser specific

a couple more things

1/ can you try Firefox?

sure ill download it!

2/ do you have any extensions running on Chrome in incognito mode?
can you try a Guest session in Chrome too?

ok im gonna do those two.

3/ for your screenshot in
https://cdn.discordapp.com/attachments/901133078154575872/901193541571715082/unknown.png
can you click the "X" next to "Headers" tab, so it shows the info behind that, and share that screenshot?
Thanks

@autumn granite here is for 3

it freakin WORK FOR FIREFOX!!!!

im gonna try to pay

@autumn granite

did collecting PM and processPayment() work too?

im currently very far into the location.. someone is going there right now with a card. once there i will initiate swipe

@autumn granite

maybe in less than 30min

our guys not yet in the location..
but i also managed to pull it of in CHROME!

@autumn granite

i disabled these in chrome://flags

and these request were 200 OK

now im waiting for my guy if we can actually use it

@autumn granite is this because of chrome update? stripe sdk needs update? or ?

oh wow

Just to confirm, you didnt need to change anything for this to work in firefox, correct?

😍 🤞 till we get PM

you are right @celest perch

We're hoping you can help us take a look at the certificate use by chrome

Might take a few steps, so just bear with me

@celest perch just give me the steps.. you want me to enable those flags before doing anything prior?

If you go to: https://192-168-1-223.jfnziev3gipl3zbko4sl.device.stripe-terminal-local-reader.net:4443/ you'll hopefully see the "not secure" ui in chrome

i did not.

actually that is a 404 not found text only

i reported that to @unique ridge

even with the 404, it should show the not secure ui

uhmm.. lets see. hang on. i will revert the flags and load that page in chrome

like this

mine is 201 because thats my reader IP

sorry mine is different?

that might be due to the flag, but either way can you open that "connection is secure" view and try to navigate to the certificate

actually i have already reverted my changes on the flag.. and i have the issue back in connecting to the reader

may i know your chrome version? @celest perch

Version 95.0.4638.54 (Official Build) (x86_64)

same as mine. thats weird

if you open that certificate UI, can you expand the details of the certificate?

this?

yea, thank you

and the details tab?

it has a long vertical scroll bar

this is good for now, thanks!

@autumn granite PAYMENT CAPTURE SUCCESSFUL IN FIREFOX!!!!
now gonna try chrome with flags updates aforementioned

PAYMENT CAPTURE SUCCESSFUL as well in Chrome (with flags update)

Nice, thats great to see -- now we're trying to iron out whats going on with the certificate issue you were hitting

we'd appreciate if you were able to stick with us while we try to chase this down, so we can make sure you don't hit this elsewhere

sure @celest perch i wont be able to resolve this guys without all of you

though in your statement its me having certificate issue? isnt it i have just sent you ss that the reader hostname works well in ssl in my computer (being used to communicate to the reader)

Yea it looks like you certificate matches there, but its unclear why chrome/edge blocked it before as insecure. ie, why did you changing those flags help.

hmm.. i am not sure the reason why chrome/edge blocked it because of insecure.. i think they blocked it because of... net::ERR_FAILED and in the request header there is a warning about Header provisions are shown. I think net ERR_FAILED means it failed to load resources.. i dont have any idea why.
in my opinion though its 80% unrelated to certificates.

about the flags.
i read it from here https://stackoverflow.com/questions/57410051/chrome-not-showing-options-requests-in-network-tab
apparently the mentioned flag there doesnt exist anymore, so what i did is to search the 'cors' in the flags and disabled the result of it

@celest perch

i was able to get to that stackoverflow link by googling terms around chrome preflight post not working

@celest perch i will just get some sleep.. ill be back online maybe in 4-6 hours or so. i havent slept for 2 days straight now because of this. haha
please post your questions, i will do my best to help to assist if needed. i will respond back the soon as im up.

Thanks again everyone! @unique ridge @autumn granite @celest perch !!!! 🙇‍♂️

Hello! Yeah, get some rest! We are pretty confident this is a certificate issue, but we're not certain what's causing it. When you get back can you let us know when and how often your integration discovers your Terminal readers?

For context, we think the Terminal reader is getting assigned a new URL (and matching certificate) that your integration isn't picking up for some reason. Usually you get the URL during the discover readers process, but it sounds like this isn't happening as expected.

Are you maybe discovering and then caching or storing the Terminal's URL somewhere? Anything along those lines?

No rush on the answers here, just queuing them up for when you return. 🙂

Update: We found the issue, which is a security change in the way Chrome (and Chromium, which is why Edge was also impacted) works. Here are the details: https://developer.chrome.com/blog/private-network-access-update/

Basically Chrome/Chromium prevents access to local resources (like the Terminal reader on your local network) on insecure pages. Your Terminal integration is running on an insecure website (no HTTPS) so that's why local network access was blocked until you disabled the flag.

If you enabled HTTPS on your web app it would work normally.