Description
Netbird client was working well for a few months, it even survived an update to newest Ubuntu LTS on our VHoster. Suddenly yesterday the connection (it was monitored) was gone and when i tried to reconnect it did not work.
To Reproduce
Steps to reproduce the behavior:
- First i tried to do netbird status but got the error
Error: status failed: failed while getting Management Service public key: failed while getting Management Service public key - Next i stopped service via sudo systemctl stop netbird and moved config.json file to config.json.old and restarted service.
- now when i do netbird status -d i get
Daemon status: NeedsLogin
Run UP command to log in with SSO (interactive login):
netbird up
If you are running a self-hosted version and no SSO provider has been configured in your Management Server,
you can use a setup-key:
netbird up --management-url <YOUR_MANAGEMENT_URL> --setup-key <YOUR_SETUP_KEY>
More info: https://docs.netbird.io/how-to/register-machines-using-setup-keys
-
when i want to establish the connection via netbird up --setup-key it always says
2025-05-21T19:10:12Z WARN client/cmd/root.go:260: retrying Login to the Management service in 1.357225517s due to error rpc error: code = Unknown desc = failed while getting Management Service public key
about 6 times and then finally i get the message
Error: login backoff cycle failed: rpc error: code = Unknown desc = failed while getting Management Service public key -
i tried to connect via curl to api.netbird.io and i get the following error
curl -v https://api.netbird.io
* Host api.netbird.io:443 was resolved.
* IPv6: 2600:1901:0:adb3::
* IPv4: 35.186.199.111
* Trying [2600:1901:0:adb3::]:443...
* Connected to api.netbird.io (2600:1901:0:adb3::) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: CN=api.netbird.io
* start date: May 5 19:20:39 2025 GMT
* expire date: Aug 3 19:20:38 2025 GMT
* subjectAltName: host "api.netbird.io" matched cert's "api.netbird.io"
* issuer: C=US; O=Let's Encrypt; CN=R10
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://api.netbird.io/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: api.netbird.io]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: api.netbird.io
> User-Agent: curl/8.5.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 403
< content-type: text/html; charset=UTF-8
< referrer-policy: no-referrer
< content-length: 295
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>403 Forbidden</title>
</head>
<body text=#000000 bgcolor=#ffffff>
<h1>Error: Forbidden</h1>
<h2>Your client does not have permission to get URL <code>/</code> from this server.</h2>
<h2></h2>
</body></html>
* Connection #0 to host api.netbird.io left intact
Iam using netbird cloud and i tried 0.43.3 and also 0.45.0
There is no any other vpn installed.
netbird status -dA always says LoginFailed but all other clients are working well.
Daemon status: LoginFailed
Run UP command to log in with SSO (interactive login):
netbird up
If you are running a self-hosted version and no SSO provider has been configured in your Management Server,
you can use a setup-key:
netbird up --management-url <YOUR_MANAGEMENT_URL> --setup-key <YOUR_SETUP_KEY>
More info: https://docs.netbird.io/how-to/register-machines-using-setup-keys
Have you tried these troubleshooting steps?
- Reviewed client troubleshooting (if applicable)
- Checked for newer NetBird versions
- Searched for similar issues on GitHub (including closed ones)
- Restarted the NetBird client
- Disabled other VPN software
- Checked firewall settings and did not change it for some months or so