[Bug]: Herd does not work within a Windows domain controlled environment

[aran112000]

Platform

Windows

Operating system version

Windows 11 Pro - 23H2, Build 22631.3374

System architecture

Windows

Herd Version

1.0.1

PHP Version

No response

Bug description

We purchased a Herd Pro Teams licence to try and migrate more of our team to using local development, however, our users have found many major issues in trying to run Herd in our Windows environment. The most likely cause given there doesn't appear to be open issues reporting any of our issues is that all our users are non-administrator users which are managed inside a Windows domain-managed (syncing with our local domain controller).

Even when running the Herd installer and application with elevated Admin permissions we still get many problems, I'll list what we've discovered so far below but this isn't exhaustive as so much isn't working:

• App isn't set to be run as administrator by default - you have to remember to right click and launch as admin each time
• None of the binaries are added to the Windows path, meaning php, herd, composer ... commands don't work
• Unable to add a site, UI shows, but when you add it says successful, but no files get created
• When trying to load the Sites UI after attempting to add a site, it just infinitely loads/spins
• Annoyance: Each power shell command you run, we have to type in admin credentials to escalate. Most tasks (adding services, securing sites (we manually got this working eventually)....) run many separate commands meaning we have to type in admin credentials over and over (just getting Heard installed with MySQL and Redis took > 10 privilege escalations, securing a single Site took 6!).

Steps to reproduce

Install on a Windows user (non-admin) account within a Windows domain-managed environment

Relevant log output

No response

[sschlein]

Hi @aran112000 - looks like you are the first one running it in such an environment and while we tried to mitigate the difficulties, some still seem to be there, so let's work through them step by step:

1. The installer should automatically run as admin and install a Windows Service called HerdHelper that is responsible for changing the hosts file when there is a new site. Can you please verify that the service is there and that it is running? You can do that by running sc.exe query HerdHelper in a powershell (doesn't need to be admin) or in your services list

2. The installer usually adds the Herd bin path to the PATH variable, can you please check if it there and that it is at the beginning? I wonder if something in your environment is preventing the installer to add it to the path

3. Without php and herd being available, the UI doesn't work because it uses them to run commands

4. All services normally run without admin priviledges and should start and run without credentials – installting the service might trigger them once because they need (internal) network access so that your apps actually can connect to the database, etc. Securing the first site should take 4 escalations because we also genrate local root certificates, after that, it should be good with 2 when securing a new site (and there's nothing we can do about it, it also happens on non domain controlled environments or on macOS)

[aran112000]

Hi @sschlein,

Thanks for the quick reply!

1. Yes, I can confirm that the HerdHelper service is present and running.

2. I can see what's happened here. The herd path has been added to the elevated local admin account's "User variables", and the path references the elevated user's local home directory (which the domain-user won't have access to). If it was added to the "System variables" path, this would be globally available, but the path added would need to be for the local user, not the local admin's profile (photo below to help illustrate)

3. That makes sense - hopefully the above information helps resolve that

4. Understood. I'm assuming it's unfortunately not possible to chain the commands together to reduce the number of escalations?

TIA

[sschlein]

@aran112000 Is it possible to move the path from the admin user to the user who uses the machine or the system path to see if this resolves the issue?

We tried chaining them but unfortunately it didn't work that way – so luckily you don't need TLS for most local connections and even if you do, it's one time setup per site.

[aran112000]

@sschlein Moving the path across does help, but it only works as an elevated user else you don't have access to the local admin account's home dir where everything got installed and the path is referencing.

When I launch Herd and run it as a local elevated admin, I have to reinstall all of the services and they they cause conflicts because they're also installed on the local domain user's profile.

[sschlein]

Ah that makes sense – we'll look into this next week to see how we can install everything into the user account and add everything at the correct place in the first place

[aran112000]

From our side (running in a domain-controlled environment), it would make way more sense to install the services and keep their binaries outside of a user's profile directory, which hopefully makes this easier too.

The rationale, is by default, all files in a user's home dir get synced back to the DC which can make things VERY slow when there are large amounts stored in there, so anything like this, we'd want outside of a user's profile. This would also remove these problems too between different users having different paths on the same system.

Would that work for Herd in other environments too?

[davidwbsc]

I think I am having a similar issue. I'm having an issue anyway!

I've installed Herd on Windows 10.
Changed global PHP version to 7.4 in Herd

Here's what I get from my terminal:

php -v
8.3.3

nvm -v
1.1.11

node -v
bash: node: command not found

npm -v
bash: npm: command not found

My env variables are as follows:
myuser:
Path contains: C:\Users\myuser\.config\herd\bin

System:

Path contains: C:\Users\myuser\.config\herd\bin\nvm
NVM_HOME: C:\Users\myuser\.config\herd\bin\nvm

Let me know if there is anymore info I can add.

Thanks

[davidwbsc]

OK, I think my issues may have been caused from using Git Bash instead of Powershell... Could that be the case? Is there a way to be able to use Git Bash in Windows or is Powershell required?

[aran112000]

@sschlein Just checking in to see if you had any luck with this last week, we've held off deploying Herd Pro across our teams until this is resolved

[aran112000]

Hi @sschlein, can we get an update on this please. We've paid for Heard Pro Teams licences to be able to deploy this and haven't been able to get a single day's use from them given these issues.

At the start of April you said you'd be looking into this next week, what happened with this? I can't spot any references in the changelog for the releases that've followed since.

[sschlein]

Hey,

Can you try this version (#727 (comment)) on one of your machines so that we can gather more data?

If we get this to work, we can prorate the time that you haven't been able to use it. If we don't get it working or you don't want to wait, we can do a refund.

[aran112000]

Hey @sschlein,

I've installed, enabled debug, restarted and get basic logs written, but there's nothing to do with any of the issues in there sadly.

The logs below were during a time I was staring services again, trying to add a new site which just instantly says success and doesn't do anything at all (as reported in the other Issue too).

2024-05-31 16:43:21.741 +01:00 [DBG] Hosting starting
2024-05-31 16:43:21.831 +01:00 [INF] Config path: C:\ProgramData\Herd\service.json.
2024-05-31 16:43:21.846 +01:00 [INF] Application started. Hosting environment: Production; Content root path: C:\Users\admin\.config\herd\bin\
2024-05-31 16:43:21.847 +01:00 [DBG] Hosting started
2024-05-31 16:43:21.869 +01:00 [INF] Config file with port exists, using port: 5000.
2024-05-31 16:43:21.887 +01:00 [INF] HTTP Server started on http://localhost:5000/.
2024-05-31 16:43:36.844 +01:00 [INF] Starting to read the hosts file.
2024-05-31 16:43:36.845 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 16:43:36.847 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 16:43:36.863 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 16:43:36.863 +01:00 [INF] Hosts file updated with received content.
2024-05-31 16:46:48.546 +01:00 [INF] Starting to read the hosts file.
2024-05-31 16:46:48.548 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 16:46:48.549 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 16:46:48.560 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 16:46:48.560 +01:00 [INF] Hosts file updated with received content.
2024-05-31 16:47:00.344 +01:00 [INF] Starting to read the hosts file.
2024-05-31 16:47:00.345 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 16:47:00.345 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 16:47:00.357 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 16:47:00.357 +01:00 [INF] Hosts file updated with received content.
2024-05-31 16:48:17.327 +01:00 [INF] Starting to read the hosts file.
2024-05-31 16:48:17.327 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 16:48:17.327 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 16:48:17.329 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 16:48:17.329 +01:00 [INF] Hosts file updated with received content.
2024-05-31 16:48:17.342 +01:00 [INF] Starting to read the hosts file.
2024-05-31 16:48:17.513 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 16:48:17.514 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 16:48:17.514 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 16:48:17.514 +01:00 [INF] Hosts file updated with received content.
2024-05-31 16:48:18.129 +01:00 [INF] Starting to read the hosts file.
2024-05-31 16:48:18.137 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 16:48:18.137 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 16:48:18.147 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 16:48:18.147 +01:00 [INF] Hosts file updated with received content.
2024-05-31 16:48:18.149 +01:00 [INF] Starting to read the hosts file.
2024-05-31 16:48:18.172 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 16:48:18.172 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 16:48:18.189 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 16:48:18.189 +01:00 [INF] Hosts file updated with received content.
2024-05-31 16:48:18.209 +01:00 [INF] Starting to read the hosts file.
2024-05-31 16:48:18.210 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 16:48:18.210 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 16:48:18.211 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 16:48:18.211 +01:00 [INF] Hosts file updated with received content.
2024-05-31 16:53:13.110 +01:00 [INF] Starting to read the hosts file.
2024-05-31 16:53:13.119 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 16:53:13.119 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 16:53:13.119 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 16:53:13.119 +01:00 [INF] Hosts file updated with received content.
2024-05-31 17:14:12.339 +01:00 [INF] Application is shutting down...
2024-05-31 17:14:12.340 +01:00 [DBG] Hosting stopping
2024-05-31 17:14:12.348 +01:00 [INF] HTTP Server stopped.
2024-05-31 17:14:12.352 +01:00 [DBG] Hosting stopped
2024-05-31 17:14:56.643 +01:00 [DBG] Hosting starting
2024-05-31 17:14:56.712 +01:00 [INF] Config path: C:\ProgramData\Herd\service.json.
2024-05-31 17:14:56.714 +01:00 [INF] Config file with port exists, using port: 5000.
2024-05-31 17:14:56.717 +01:00 [INF] Application started. Hosting environment: Production; Content root path: C:\Users\admin\.config\herd\bin\
2024-05-31 17:14:56.718 +01:00 [DBG] Hosting started
2024-05-31 17:14:56.734 +01:00 [INF] HTTP Server started on http://localhost:5000/.
2024-05-31 17:15:00.679 +01:00 [INF] Request to /status endpoint.
2024-05-31 17:15:09.724 +01:00 [INF] Request to /status endpoint.
2024-05-31 17:15:14.729 +01:00 [INF] Request to /status endpoint.
2024-05-31 17:15:19.737 +01:00 [INF] Request to /status endpoint.
2024-05-31 17:15:37.039 +01:00 [INF] Starting to read the hosts file.
2024-05-31 17:15:37.040 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 17:15:37.043 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 17:15:37.051 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 17:15:37.051 +01:00 [INF] Hosts file updated with received content.
2024-05-31 17:15:44.024 +01:00 [INF] Starting to read the hosts file.
2024-05-31 17:15:44.026 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 17:15:44.027 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 17:15:44.029 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 17:15:44.030 +01:00 [INF] Hosts file updated with received content.
2024-05-31 17:17:25.332 +01:00 [INF] Starting to read the hosts file.
2024-05-31 17:17:25.333 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 17:17:25.333 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 17:17:25.343 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 17:17:25.343 +01:00 [INF] Hosts file updated with received content.
2024-05-31 17:18:06.403 +01:00 [INF] Request to /status endpoint.
2024-05-31 17:18:11.423 +01:00 [INF] Request to /status endpoint.
2024-05-31 17:18:13.253 +01:00 [INF] Starting to read the hosts file.
2024-05-31 17:18:13.254 +01:00 [INF] 127.0.0.1 aran.test
2024-05-31 17:18:13.254 +01:00 [INF] ::1 aran.test
2024-05-31 17:18:13.254 +01:00 [INF] 127.0.0.1 search.test
2024-05-31 17:18:13.254 +01:00 [INF] ::1 search.test
2024-05-31 17:18:13.254 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 17:18:13.254 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 17:18:13.256 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 17:18:13.256 +01:00 [INF] Hosts file updated with received content.
2024-05-31 17:18:14.675 +01:00 [INF] Starting to read the hosts file.
2024-05-31 17:18:14.676 +01:00 [INF] 127.0.0.1 aran.test
2024-05-31 17:18:14.676 +01:00 [INF] ::1 aran.test
2024-05-31 17:18:14.676 +01:00 [INF] 127.0.0.1 search.test
2024-05-31 17:18:14.676 +01:00 [INF] ::1 search.test
2024-05-31 17:18:14.676 +01:00 [INF] Herd-specific sections found. Beginning update.
2024-05-31 17:18:14.676 +01:00 [INF] Writing updated contents to the hosts file.
2024-05-31 17:18:14.677 +01:00 [INF] The hosts file was successfully updated.
2024-05-31 17:18:14.677 +01:00 [INF] Hosts file updated with received content.

The same goes for the main.log:

[2024-05-31 17:17:27.648] [info]  log-pid.bf3436b4-044c-4459-9e9f-56202f3fc1db
[2024-05-31 17:17:27.648] [info]  log-pid.bf3436b4-044c-4459-9e9f-56202f3fc1db
[2024-05-31 17:17:27.649] [info]  log-pid.bf3436b4-044c-4459-9e9f-56202f3fc1db
[2024-05-31 17:17:27.649] [info]  log-pid.bf3436b4-044c-4459-9e9f-56202f3fc1db
[2024-05-31 17:17:27.649] [info]  log-pid.bf3436b4-044c-4459-9e9f-56202f3fc1db
[2024-05-31 17:17:27.650] [info]  log-pid.bf3436b4-044c-4459-9e9f-56202f3fc1db
[2024-05-31 17:17:27.650] [info]  log-pid.bf3436b4-044c-4459-9e9f-56202f3fc1db
[2024-05-31 17:17:27.650] [info]  log-pid.bf3436b4-044c-4459-9e9f-56202f3fc1db
[2024-05-31 17:17:27.651] [info]  log-pid.bf3436b4-044c-4459-9e9f-56202f3fc1db
[2024-05-31 17:17:27.660] [info]  MySQL exited
[2024-05-31 17:17:27.661] [info]  Deleted PID file C:\Users\areeks\.config\herd\.pid\bf3436b4-044c-4459-9e9f-56202f3fc1db.pid
[2024-05-31 17:17:27.662] [info]  Notifying windows of service update: MySQL - inactive
[2024-05-31 17:17:27.662] [info]  MySQL exited with code 1 - PID: 35368
[2024-05-31 17:17:27.663] [info]  Notifying windows of service update: MySQL - inactive
[2024-05-31 17:18:13.242] [info]  Watching paths:  [ 'C:\\Users\\areeks\\Herd', 'C:\\herd' ]
[2024-05-31 17:18:13.248] [info]  Hosts watcher ready
[2024-05-31 17:18:13.250] [info]  Updating hosts file via HerdHelper Windows Service
[2024-05-31 17:18:13.256] [info]  Server says: Hosts file updated.
[2024-05-31 17:18:14.668] [info]  Watching paths:  [ 'C:\\herd' ]
[2024-05-31 17:18:14.671] [info]  Hosts watcher ready
[2024-05-31 17:18:14.672] [info]  Updating hosts file via HerdHelper Windows Service
[2024-05-31 17:18:14.677] [info]  Server says: Hosts file updated.
[2024-05-31 17:18:25.980] [info]  log-pid.d9849168-d8ea-4033-8173-86f06f03ebfa
[2024-05-31 17:18:25.981] [info]  Reverb - STDOUT:   Pruning Stale Connections ..........................................................................................  

[2024-05-31 17:18:25.982] [info]  log-pid.d9849168-d8ea-4033-8173-86f06f03ebfa
[2024-05-31 17:18:25.982] [info]  Reverb - STDOUT:   Pinging Inactive Connections .......................................................................................  

[sschlein]

I am actually not sure what we're going to do here in the short term. This setup is different from the one that most current users have and messing up all their existing setups to support a different group of users seems wrong to me. I'll have to do some research how other tools handle this situation to find a solution that works for both.

There are also multiple levels of problems here: We do have a path and permission problem that we could solve in several ways but mainly move stuff to the users directory and it'll work. This would also keep all existing installs intact – but this still leads to your syncing issue or multi-user machines where the services work against each other.

We could probably resolve this step by step and get a working setup by properly installing everything for the user but I'll have to discuss this with the team to make sure we don't break anything for thousands of users who rely on this every day.

[giovanegurgel]

Hello,

I am having exactly the same situation. Trying to install in a school lab where all the students have your own user managed by a Windows domain. The local folders of users are inside D: partition. In my case, seems like the student can start services but can not access "project.test" local domains. In some machines, got the 5000 port issue so we changed this port after SEVERAL attempts inserting some administrator credential. Is there a way to overcome this?

Thank you.

Best regards.

[tusharjoshi]

I was having issue of npm not found after installing Herd and the following commands worked for me

nvm use 22.5.1 (use any version shown by nvm list)

After this command my npm started working

[studiotwo68]

Just as an addition to the above (and probably related to the way the "paths" and "services" are configured). I ran into trouble when using a computer that was shared with another Herd user. The installations interfere with each other, and at first sight, this scenario doesn't look as though it can be supported. It's not a biggie, but just thought it was worth pointing out.

[marcusrox]

Same problem here.
I also noticed that the find-usable-php.php script doesn't work when my home directory is defined by AD as a Windows share target (U:\mylogin). The script is taking this path to try to find PHP