locked
LiveMesh client shows offline while LiveDesktop allows to connect RRS feed

  • General discussion

  • Hi,

    If I look at status of remote computer inside LiveMesh client in taskbar it shows my remote computer as "offline", and yet if I go to www.mesh.com it shows as online and I can connect to it using LiveMesh remote desktop.
    What gives?



    P.S. I was able to "bring" remote computer online only by exiting Mesh first and then loggin in. Going "offline" and back "online" did not fix it.
    Monday, July 21, 2008 4:39 PM

All replies

  • Hey Lorry,

    What your seeing is when the Live Mesh client is not running but the Live Mesh Remote service is running or the Live Mesh Client signed in with a different account then what you were signed in on the other device. 

    The way to fix that is, sign out/in with the other account, or start the client if it wasn't running.

    -Ken
    Monday, July 21, 2008 9:54 PM
  • I've noticed the same thing. I set up an account for someone else and signed in on my system to test. It was basically impossible to sign out such that that network was not able to access my remote desktop.

    I think this is a serious issue. The mesh client viewer should give an accurate account of what is connected. It either shouldn't be possible to be connected to more than one mesh network at the same time, or the mesh client needs to be able to show us which networks are connected and REALLY sign out of them (not just say they're signed out but really be connected on the other end). Also, working offline doesn't appear to disconnect from the other end.

    Maybe this all makes sense to the mesh engineers, but from a user perspective, it's at best very confusing. I hope the user interface to acive connections is improved as a priority.
    Wednesday, July 23, 2008 3:36 PM
  • In order to access a remote computer from Live Mesh client or from Live Mesh Desktop, you must:

    1) Install Live Mesh client on this computer/device, sign in with your password on it, add this device to your device ring on sign in (or "claim" it) and let Live Mesh client installation (via UI checkbox) to install remote access service on this computer (this service runs in the background after that)

    2) Sign in with your user name + password on another computer (in Live Mesh client) or in Live Mesh Online Desktop. Click on the device that you added to your device ring in step #1 to access it remotely.

     

    So, the remote access to other devices IS password protected, since you must be signed in in order to access your devices.

     

    Although, there are 2 things to keep in mind:
    1) You may choose to "auto-sign in" to Live Mesh client in which case you don't have to enter your password every time you start Windows and Mesh client. In this case, you can just click on a device in your Mesh client and remotely access it. This may give a wrong impression that there are no security checks involved. This is not true, since your Mesh client knows who you are in this case and both sides (remote side and your Mesh client) check if you really have access to a remote device.

    2) If someone steals you computer and your Windows session is not locked and Live Mesh client is running with your account signed in, then they can remotely access your other devices until you discover that they stole it and "unclaim" the stolen device in your device ring (remove it from your device ring in Live Desktop). Once this device is removed from the device ring, people cannot use it to access your other devices. Also, the Live Mesh client on the stolen computer stops synchronization and signs you out completely from Mesh, so your Mesh is not accessible from it anymore.

    If you feel like you need extra protection when accessing your remote devices, we can certainly implement extra password check when you try remoting to other devices. Please suggest this in the "suggestion thread" and we'll keep this in mind also.

    More technical description:

    When a user signs in to a Mesh client or Mesh Online Desktop with user name + password, Mesh cloud services issue a security ticket for this user. This ticket is used to authenticate this user in all remote access sessions (tickets also expire in time). Live Mesh client or Live Mesh desktop provide this ticket to remote access services running on other device in order to get remote access to them. Remote access services check if this ticket is valid (correctly signed) and if this user (from this ticket) owns remote devices (if these devices are in the user's device ring). If these checks fail then remote acces is denied.

    I hope this helps. Thanks. Nikolai

    Wednesday, July 23, 2008 7:38 PM
  • The problem is, on the host machine (for a say a remote desktop connection), even if you cancel the signin dialog when you boot Vista and you appear to be offline, a remote client can still access your machine through remote desktop. Even though folder sync appears to be inactive (the blue folders turn yellow, but I'm not sure if it really is or isn't syncing) the remote desktop is still active.

    As you said, there are several security measures in place so that only authorized users should be able to gain access. However, the fact that you appear to be "offline" when you are still connected to the mesh is fundamentally wrong. You can imagine a scenario, for instance, where a user shares a mesh network so another user can gain access, but wants to do this only in a controlled manner. Based on the user interface, you would think that it's possible to connect and disconnect from the network on demand, when in fact this is not the case. It's dangerous to assume that all users will take the necessary security precautions. And as you noted, should an unsecured laptop get "lost" it could provide complete access to multiple networks until this is discovered.

    I think it's very crucial that the UI indicate exactly what is going on and that there should be a way to terminate the connection on demand without having to go to the trouble of finding and terminating the service.

    Also, it's completely unclear to me what the purpose of "work offline" and "signout" are for since they don't appear to actually disconnect you from the network as you would imagine. Do these control folder syncing?

    Thanks.
    Tuesday, July 29, 2008 5:20 PM
  • Yes, you are right that Mesh client UI on the tray bar does not control RAS settings - when you switch to offline mode there you only control data synchronization. As implemented now - Remote access service is running as a separate background service and even when Live Mesh client is inactive, you can still access your computer remotely via RAS. I think we should take this suggestion and change UI so it is easier for people to understand what settings can be changed or add settings that control RAS and sync separately. I'll follow with the right people. Thanks.
    Tuesday, July 29, 2008 6:53 PM
  • Thanks, that's much appreciated!
    Tuesday, August 5, 2008 5:20 PM