After asking Grok about which VPS providers support exit nodes, I selected Contabo, They use Proxmox, and Qemu, and on RHEL. I set this relay up to provide services to people in Iran during their democratic (or perhaps monarchical) revolution, as censorship in that country is strong, and the consequences severe.
I know Windows like the back of my hand, and wanted to setup Tor as a limited user. Generally with software, as in this case I strip the new account from the ‘Users’ group, and create a new, empty group as well, so no Access Control List entries exist for the entity.
The Problem is that Tor got stuck at 5%. There is nothing else running on the VPS instance that should be interfering, the circuit is rated at 200mbps.
Here is where the relevant event log seems to stop:
Jan 05 08:15:23.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
It is running fine as the Local Admin account. I have it setup via task scheduler with saved credentials
What can I do to get this running as a non-admin user? So far the only security permission I gave the user account was ‘log on as a batch job’ (via Group Policy), and Discretionary Access Control List (DACL) on the C:\Tor folder, which is sufficient for other software, Filezilla FTP Server, for example
Thank you for your help.
I tried running it as LocalSystem, also promoting the worker account to a Local Administrator, I also installed it as a Service, all options it is still stuck at 5% (can’t connect to a relay).
I tried starting it from the command-line thinking that maybe there are profile specific settings that woiuld be created that way, no dice.
I set the Log to debug, it’s output is 700k characters (from the worker account), started at the command-line
The Scheduled Task works fine with builtin (Local) Administrator account, but I don’t want to run it that way for security (To Prevent Breach):
I can post the file from my Google drive if you think that would help. I am not sure what to sanitize out of it.
This may be the relevant line:
06:04:44.000 [info] 5 connections died in state connect()ing with SSL state (No SSL object)
Hello there, Try adjusting file permissons on the security tab of the Tor folder to give your specified account the modificatiom privalefge which won’t be covered by the user group on the list
right click folder > properties>security tab go ahead add the chosen account and add modify privelage for the folder
Thank you, I kept inheritable permissions, and added the user account with Full Control rights
I tried disabling the firewall entirely. I tried using ‘runas’ with, and without the ‘/noprofile’ switch
Both didn’t work
I ran Process Monitor, but nothing stood out; e.g. ‘Access Denied’ messages
I noticed tor.exe spawns a child process: conhost.exe (basically the command shell cmd.exe, just renamed, on windows). Does anyone know what Tor uses this process for?
I can run Wireshark, but I don’t feel like that would help, on Windows the builtin (local, not domain) Administrators group has an RID (Relative (Security) Identifier) of 500, it’s the only difference I can think of. In the Windows world I have before fixed problems with software not running correctly by running it as local system. It doesn’t seem to be a Profile Issue, It doesn’t seem to be a permissions issue.
I tried elevating the limited user account to local Admin (added him to the security group) it still was stuck at 5% loading.
I would appreciate if one of the developers would respond; I’m willing to do whatever it takes to make this work; it could really open up the Tor world to be able to run an Exit Relay on Windows, given market penetration of the Platform.
Thank you,
[warn] tor_bug_occurred_: Bug: selftest.c:260: router_do_orport_reachability_checks: Non-fatal assertion !(!ap) failed. (on Tor 0.4.8.21 add2400e16d88534)
Kept appearing in the log, every few minutes running as Local Admin (which is how I have Tor running for now)
Running Tor as the limited user account with Powershell, and it only generated that log entry 3 times; not continually, the following:
Start-Process -Credential:\ -ArgumentList:“-f C:\Tor\data\torrc” tor.exe
As an aside I’ve noticed up to a megabit bandwidth on this Relay, even after running overnight. If anyone has any ideas about that I’d appreciate it; there is 200mbps available on the VPS.
I fixed it! C:\Users\Administrator\AppData\Roaming\Tor folder overwriting:
C:\Users\\AppData\Roaming\Tor
Allowed it to come up normally
I first ran Tor as Local Admin via an RDP session, and it ran fine.
Perhaps if I would have run it first, as a limited user account it would have worked.
For Information:
The Tor folder in the Roaming User’s Profile of the Limited User only has:
fingerprint
fingerprint
lock
state
The Tor\keys folder only has:
_master_id_public_key
_master_id_secret_key
_signing_cert
_signing_secret_key
secret_id_key
secret_onion_key
secret_onion_key_ntor
My Windows Walkthrough is here:
I could build a Windows installer via Orca for you guys, if that’d help.
Forgot to mention the Tor folder in the Roaming User’s Profile for the Local Administrator’s account contains the following files:
cached-certs
cached-consensus
cached-descriptors
cached-descriptors.new
cached-microdesc-consensus
cached-microdescs
cached-microdescs.new
control_auth_cookie
diff-cache
fingerprint
fingerprint-ed25519
keys
lock
state
stats
unverified-microdesc-consensus
I stood up a different server, and copied over the C:\Tor, and %AppData%\tor folders, and ran it
Still stuck at 5% bootstrappingd
The way I fixed it was to move the ‘torrc’ file (my configuration), and replace it with ‘torrc-default’ for it’s first run
You can mark this thread, as closed, Thanks