F5 APM (failed to initialize local tunnel server)

RK, have you got a solution to your issue?

I am facing the same issue. Most of the clients are working fine with Windows XP/7/ and Win 8.1. But some users get the "failed to initialize local tunnel server". removing the add-ons or edge client and reinstalling doesn't help.

Bump, I have one user who started getting "Failed to initialize local Tunnel Server" along with the "Disconnect" error message this week when he tries to use a Network Access resource. Windows 10 updates were installed two days ago and it worked BEFORE this, so I think maybe some Win10 updates are to blame. It's a private Win10 computer with no corporate policies and he uses IE11 and not Edge. He has uninstalled components with F5WinInfo.exe and reinstalled them with BIGIPComponentsInstaller prior to connection.

Connection with BIGIP Edge Client still works, but the user needs more functionality than the Edge Client offers (specifying another Network Profile is troublesome)

BIG-IP APM version: BIG-IP 11.5.3 Build 1.47.167 Engineering Hotfix HF1

The APM log on the BIGIP does NOT show the usual messages from when a user starts a Network Access connection. (the Assigned PPP" etc), this is probably normal since there isn't any tunnel.

• When the user tries to click Show Details, Show Logfile, Export, he gets this error message when trying to save the log file: "C:\Users\Morten\Documents\EdgeClientLog.txt You do not have access to save the file in this location. Contact your administrator for permission. Do you want to save the file in the Documents folder instead"? (my translation from another language) When he tries to save it in Documents or in a newly created C:\temp folder, he gets the exact same message. I had to get screenshots of logterminal.txt, they can be seen in this RTF document. http://carlberner.moonlit.no/temp/feil-apm.rtf (URL corrected)

I think the relevant log messages are:

\HostCtrl.cpp(800), CHostCtrl::InstallComplete, Installation Complete (error: 0, CLSID:..etc

Starting local TunnelServer

\HostCtrl.h(811), CHostCtrl::onStartTunnelServer, enter

\HostCtrl.h(922), CHostCtrl::OnStartTunnelServer(), EXCEPTION - isReady() COM call failed, -214..etc

\HostCtrl.h(932), EXCEPTION caught

I've come across this issue in various disguises and had different ways of resolving it. It's a very random issue that seems to only affect certain people for no reason.

Here are the few ways we've come across that work (bearing in mind we're on a corporate network with multiple GPOs or restrictions in place)

1. Rebuild laptop ..... drastic measure but for some installs the laptop work better on a clean laptop than trying to use the debug tool to do a full removal of the plugins.
2. Change tunnelserver.exe to run in windows 7 compatibility mode (unhide the directory in windows 8 first).
3. Remove Malwarebytes or other security software except anti-virus. Mayware bytes prevents the tunnel being established.
4. Full admin uninstall / reinstall by someone with Administrator rights (randomly works !!!).
5. Making sure any network proxies are allowing both .exe and .cab files through to your browser
6. Making sure no WAN Accelerators are manipulating the traffic when trying to setup a tunnel (DTLS especially)

Then after all this ... there's still the odd person we just simply couldn't help :)

I've a theory that the cause of this is that F5 is not permitted to create the TunnelServer.exe file in the Windows\Downloaded Program Files folder. I had a user on the phone that wasn't able to create even a text file here. This theory would only make sense if creating a tunnel NEVER worked on a specific workstation, so it might not be valid for David.

I'm running 11.5.3 HF1, and I see there are a lot of Win10 bugfixes in HF2. Will try to install this and see if it helps.

Run a Command Prompt as Administrator and type the following.

attrib "c:\Windows\Downloaded Program Files" -S

Voila ... all files visible 🙂

I have seen this issue many times now and in my experience, I have almost always narrowed down the issue to be one of these 4 things blocking the connection:

1. Proxy Server
2. Network Firewall
3. Software Firewall
4. Corrupted Add-ons

Proxy Server: To check this, Disable any proxy and connect to Internet Directly and then connect to VPN. If the connection works after connecting to Internet directly, then allow the VPN IPs in the proxy server or allow it without requiring any authentication.

Network Firewall: Get the IT team to check if any network firewall is blocking the VPN connection. Firewall logs should show if the VPN connection was blocked. If this is found to be the reason, then add a firewall rule for the VPN IPs

Software Firewall: Windows Firewall or any other Software firewall can also block the VPN. many of the modern Antivirus softwares have inbuilt firewall. Some other software which intercept the network traffic like McAfee Intrusion Prevention can also block the VPN connection. To check this, disable all the software firewalls or any other software which intercepts and affects network traffic and then try. If this turns out to be the issue, then allow your VPN IPs through the software firewall.

Corrupted Add-ons: Sometimes, removing all the F5 components from the machine and then reinstalling them from fresh works. To do this, use the CTU (can be downloaded from APM welcome page). Remove all the components and then install them again.

Hope this helps.

Wow. Deepak, I almost love you.

Both the computers (with a contractor) with this issue had the problem simply disappear when they removed the checkbox for proxy autoconfig script in IE11 on Win10, so it's all joy here now.

I expect forcing traffic to our APM server to do DIRECT will also solve the problem.

Thank you.

you're welcome moonlit. Nice to know it was helpful for you. And yes, direct connection to Internet will also solve this issue. In our case, some users couldn't access Internet without going through proxy due to their corporate policies, so had to get them to add our VPN IPs to their allow them without any authentication requirements.