Grunts dying a few seconds after launching. "Not Found" response from listener during certain stage.

[Exci]

Hi, we set up a covenant test instance and are having trouble getting the grunts to stay up. We've tried powershell and binary with virtually all combinations of parameters in various Windows versions (Windows Server 2012, Windows 10 mostly) but they all behave the same: they show up in the Grunts page for about 10 seconds as Active, then as Lost. We monitored what happens with wireshark and this is what we see after the first few messages.

POST /en-us/docs.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Host: 18.0.0.30:443
Cookie: ASPSESSIONID=a2f1e559f7; SESSIONID=1552332971750
Content-Length: 768
Expect: 100-continue

HTTP/1.1 100 Continue

i=a19ea23062db990386a3a478cb89d52e&data=eyJHVUlEIjoiYTJmMWU1NTlmNyIsIlR5cGUiOjAsIk1ldGEiOiIiLCJJViI6InVqeFdkdy81T3l3S05QempyaHdmV2c9PSIsIkVuY3J5cHRlZE1lc3NhZ2UiOiJ5enowUzE4d1R2U2JEemhENk1xektVT2xhM1NlTitqclhjMkowL2ZYU052bXhWZENCejJoZEpwdElBcDg5dlN5UlkrZmFUMGxCb3NYNGFnYUZqRCsyV1k5NGRuY2l5QnVacXJ3cjFXUEFEUXNjcmdIRHZRL0kvZkdEVU5WWlZmOUpiOC92NThiNSt3QkhxOW03YlVtY2R4cHc3eDVpVTlvTy9VYURhdVFucjNhem1CWklyZWJQY0lpT1czS25kKzlvenExYWlsbm5zZW91VGZhUnNzNWhhMDllVVNVMzNub25hWS9HMUlKSlhTZFNYSjNEQXhQdkJSYU4rUUlaR0k0NUw5RXZWTDM2dHZDSjgwdVNWZk1LYkVrTzMreWlwRjJjOW40VmJMTmlmYXd0WnB6WThBais2c2NNQ04zaDVveDhSTzhuTWZjV3NraWlHOWFnejN6V2ZXNjZQeEM4NmtqOGM0T1ZlS3Z6OUU9IiwiSE1BQyI6InJPR2E0Y0ZvaXBSSnFjR0d5SnRET3ZXcDlzU1luS3JVTkc1MnFxNFBYOEk9In0=&session=75db-99b1-25fe4e9afbe58696-320bea73HTTP/1.1 200 OK
Date: Thu, 13 Jul 2023 15:32:48 GMT
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
Transfer-Encoding: chunked

1ed
<html>
    <head>
        <title>Hello World!</title>
    </head>
    <body>
        <p>Hello World!</p>
        // Hello World! eyJHVUlEIjoiYTJmMWU1NTlmNyIsIlR5cGUiOjEsIk1ldGEiOiIiLCJJViI6IjRlUzQ1Zk9tOW9CRHREQnBBYmx1ekE9PSIsIkVuY3J5cHRlZE1lc3NhZ2UiOiJMbjkzdDUxN0N2WHI0d1IrK21BdVExQUdYUnJCNUFTTm5hd2tCOXNERkl3M29LSGJ0Ymg2NTB5czQ2Y0pxQ1dhdEJsdFVXL2Nsd1MyL2V0RENmSEdrdzZHdVFvNGRCYnZablBlQlA0enVGYz0iLCJITUFDIjoiS2kyTjJQbWYwYVVGbzRvVXdOdDhVbHlGeW5qZm5rSHoxOW5pUDlIcDBhbz0ifQ==
    </body>
</html>
0

POST /en-us/index.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Host: 18.0.0.30:443
Cookie: ASPSESSIONID=a2f1e559f7; SESSIONID=1552332971750
Content-Length: 316
Expect: 100-continue

HTTP/1.1 100 Continue

i=a19ea23062db990386a3a478cb89d52e&data=eyJHVUlEIjoiYTJmMWU1NTlmNyIsIlR5cGUiOjAsIk1ldGEiOiIiLCJJViI6ImlFbUhzN0I1Vnh4Z1orRWR5S2FVTmc9PSIsIkVuY3J5cHRlZE1lc3NhZ2UiOiJSU2hWVVBKeXhmY01obWlaSGs5Rkp3PT0iLCJITUFDIjoiWlA5SlZaUmszUm56MHZqWHl5ZkNHd1BzQ3pxTy9EZmlrbURPRVp6Um1XYz0ifQ==&session=75db-99b1-25fe4e9afbe58696-320bea73HTTP/1.1 404 Not Found
Date: Thu, 13 Jul 2023 15:32:48 GMT
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
Transfer-Encoding: chunked

95
<html>
    <head>
        <title>Hello World!</title>
    </head>
    <body>
        <p>Hello World!</p>
        // Hello World! 
    </body>
</html>
0

GET /en-us/index.html HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
Host: 18.0.0.30:443
Cookie: ASPSESSIONID=a2f1e559f7; SESSIONID=1552332971750

HTTP/1.1 200 OK
Date: Thu, 13 Jul 2023 15:32:54 GMT
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
Transfer-Encoding: chunked

95
<html>
    <head>
        <title>Hello World!</title>
    </head>
    <body>
        <p>Hello World!</p>
        // Hello World! 
    </body>
</html>
0

I'm not really sure if this "not found" response is responsible for the grunt shutting down, but is this expected behaviour?

[jannlemm0913]

I don't see any "Not Found" in your Wireshark output. When and at what stage is that answer returned?
Grunts dying quickly could have several reasons, the one I've seen most recently in another person's installation is that the launcher does not have a valid kill date (see this issue: #379) even though it was set new in the GUI. Another reason could be that the current listener is not the one that the launcher was created for.
Or, simply, the AV triggers and kills the Grunt process, but that would not lead to a "Not Found" answer in my opinion.
I'd say repeat the steps to create a listener, launcher and a Grunt and see if the issue remains. Also, check out the dev branch for additional capabilities and bug fixes.

[Exci]

Kill date is set, so that shouldn't be an issue. I'm not sure how to format code with wraparound, so here is the "not found" message from above:

i=a19ea23062db990386a3a478cb89d52e&data=eyJHVUlEIjoiYTJmMWU1NTlmNyIsIlR5cGUiOjAsIk1ldGEiOiIiLCJJViI6ImlFbUhzN0I1Vnh4Z1orRWR5S2FVTmc9PSIsIkVuY3J5cHRlZE1lc3NhZ2UiOiJSU2hWVVBKeXhmY01obWlaSGs5Rkp3PT0iLCJITUFDIjoiWlA5SlZaUmszUm56MHZqWHl5ZkNHd1BzQ3pxTy9EZmlrbURPRVp6Um1XYz0ifQ==&session=75db-99b1-25fe4e9afbe58696-320bea73HTTP/1.1 404 Not Found
Date: Thu, 13 Jul 2023 15:32:48 GMT
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
Transfer-Encoding: chunked

I have tried way too many combinations of launchers for it to be a mismatch with the listener. Firewalls are shut down in the Windows 10 client. I will give the dev branch a go.

[Exci]

I can confirm the issue is fixed in the dev branch. Everything works properly now.