MISC-39: Zoom does not work on my machine



Issue Information

Issue Type: Bug
 
Priority: Major
Status: Open

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: Miscellaneous (MISC)
Resolution: Unresolved
Environment: chromium-browser 81.0.4044.138-0ubuntu0.16.04.1
google-chrome-stable 83.0.4103.97-1
firefox 77.0.1+build1-0ubuntu0.16.04.1

Created: 2020-06-08 09:01:08
Time Spent Working


Description
The video conferencing tool Zoom - zoom.us - is now in pretty widespread use.

Although I swear it used to, it currently will not work on my machine.

If joining from browser it simply says
Your browser is preventing access to your microphone. Learn how to grant access to your microphone


Where the learn link points here - https://zoom.us/wc/support/mic

Zoom is, very definitely, set to allow (see https://projectsstatic.bentasker.co.uk/MISC/MISC39/zoom_audio_allowed.png)

I've done some initial investigation in a Twitter thread - https://twitter.com/bentasker/status/1269897361486229510

You can't use Incognito mode, or Developer Tools when trying to join the call: Zoom detect it and change the experience. It is possible to open Developer Tools once in the call though.

I've tried in:

- Chromium
- Chrome
- Firefox

Same end result. All have been updated to the latest in the repos


Toggle State Changes

Activity


btasker changed Project from 'STAGING' to 'Miscellaneous'
btasker changed Key from 'STGNG-13' to 'MISC-39'
Not directly related to this, but worth noting.

On Friday I needed Zoom so figured I'd just install their software in a Ubuntu VM as a quick fix. No luck, the deb got to 100% install and then just failed silently - guess there's some post-flight script that fails.

That's almost certainly unrelated to these browser woes though, and given the choice I'd rather not have their software on my machine at all.
When I got Dev Tools open earlier, there was one warning
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page


With a link to here provided - https://developers.google.com/web/updates/2017/09/autoplay-policy-changes#webaudio

So, I went into the site settings and set "Sound" to Allow

No luck


Looking in Chrome quickly, Developer Tools shows a SSL error (common name invalid) for https://rwcprod.zoom.us/wc/ping/95064902608?ts=1591603907166&auth=NEMmLcxFWSTLjE-2pIQBG0QTttOlD59euNPNgLkbhpw&rwcToken=sE1AZiqG9ikUxmn4AAbKfkwR8KXcpBN1568HxlBkDxE&dmz=1

(When joining their test meeting).

I mean, it is right, they're serving up a cert not valid for that name
ben@milleniumfalcon:~$ echo | openssl s_client -connect rwcprod.zoom.us:443 -servername rwcprod.zoom.us 2>/dev/null | openssl x509 -noout -text | egrep -e "CN = |DNS:"
        Issuer: C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
        Subject: C = US, ST = California, L = San Jose, O = "Zoom Video Communications, Inc.", CN = *.sc.zoom.us
                DNS:*.sc.zoom.us


I think that's just a screwup in their test meeting (https://zoom.us/test) though - I don't see it when joining others. Accepting the cert in another tab doesn't make any difference (at all) when then refreshing the meeting - I still get no audio
So, running Chrome from the command line and entering a call gives us some breadcrumbs
ben@milleniumfalcon:~$ google-chrome-stable 
[19464:19474:0608/091857.517791:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -200
[19914:29:0608/091900.405397:ERROR:dtls_transport.cc(129)] DtlsTransport in connected state has incomplete TLS information
[19914:29:0608/091900.405850:ERROR:dtls_srtp_transport.cc(216)] No DTLS-SRTP selected crypto suite
[19914:29:0608/091900.442792:ERROR:dtls_transport.cc(129)] DtlsTransport in connected state has incomplete TLS information
[19914:29:0608/091900.442954:ERROR:dtls_srtp_transport.cc(216)] No DTLS-SRTP selected crypto suite
[19914:28:0608/091903.889242:ERROR:audio_rtp_receiver.cc(89)] AudioRtpReceiver::OnSetVolume: No audio channel exists.

For completeness, instead of a "Join Audio" button, Firefox dumps out
Your browser does not support using the computer¬'s Audio device. To use Zoom, install the latest version of a standard browser, such as Chrome, Firefox and Chromium Edge.


Hmmm, but, if I launch it with --no-remote (so that it doesn't fork and prints messages to console) it works.

I've a feeling there are some dodgy, dodgy hacks lying within Zoom's codebase. I guess the other possibility is they're doing some kind of A/B testing and don't have anything in place to go "Oh, I fucked it".
At the bottom of this - https://bugs.chromium.org/p/chromium/issues/detail?id=223639 - there's an interesting note
Marking this as fixed. There is no plan to implement audio capture support for OSX or Linux.


They seem to be referring to loopback audio rather than audio input - but I wonder if perhaps Zoom is trying to capture that?
Right, at the risk of fucking my entire desktop over, lets update pulseaudio and see if that changes anything
root@milleniumfalcon:~# apt-get install pulseaudio
Nope, no dice.

You know, looking back at that Chrome output, and when it appears, I suspect the issue might actually relate to
[25630:29:0608/094520.094240:ERROR:dtls_transport.cc(129)] DtlsTransport in connected state has incomplete TLS information
[25630:29:0608/094520.094531:ERROR:dtls_srtp_transport.cc(216)] No DTLS-SRTP selected crypto suite
[25630:29:0608/094520.096392:ERROR:dtls_transport.cc(129)] DtlsTransport in connected state has incomplete TLS information
[25630:29:0608/094520.096524:ERROR:dtls_srtp_transport.cc(216)] No DTLS-SRTP selected crypto suite


That seems to get printed out a split-second before the "Join audio by computer" button appears.

Zoom is specifically called out for those loglines here - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245505

Ran Chrome with logging to a file
ben@milleniumfalcon:~$ google-chrome-stable --enable-logging=stderr --v=1 'https://zoom.us/test' > /tmp/chrome.log 2>&1 


It generates a lot of lines, but we don't really gain much from what I can see
[26578:26589:0608/095030.440590:VERBOSE1:network_delegate.cc(32)] NetworkDelegate::NotifyBeforeURLRequest: https://d24cgw3uvb9a9h.cloudfront.net/web_client/uslgwk/js/av-sdk/js_audio_worklet.min.js
[26597:1:0608/095030.444259:VERBOSE1:webaudio_media_stream_source.cc(68)] Starting WebAudio media stream source.
[26597:1:0608/095030.444400:VERBOSE1:webaudio_media_stream_source.cc(35)] WebAudio media stream source changed format to: channels=2, sample_rate=16000
[26597:29:0608/095030.445110:INFO:rtc_event_log_impl.cc(43)] Creating legacy encoder for RTC event log.
[26597:29:0608/095030.445212:INFO:peer_connection_factory.cc(391)] Using default network controller factory
[26597:29:0608/095030.445279:INFO:bitrate_prober.cc(69)] Bandwidth probing enabled, set to inactive
[26597:29:0608/095030.445376:VERBOSE1:pacing_controller.cc(213)] bwe:pacer_updated pacing_kbps=300 padding_budget_kbps=0
[26597:29:0608/095030.445423:INFO:paced_sender.cc(176)] ProcessThreadAttached 0x0x13c4bacec8c0
[26597:29:0608/095030.445517:INFO:aimd_rate_control.cc(113)] Using aimd rate control with back off factor 0.85
[26597:29:0608/095030.445561:INFO:remote_bitrate_estimator_single_stream.cc(72)] RemoteBitrateEstimatorSingleStream: Instantiating.
[26597:29:0608/095030.445601:INFO:remote_estimator_proxy.cc(50)] Maximum interval between transport feedback RTCP messages (ms): 250
[26597:29:0608/095030.445695:VERBOSE1:filtering_network_manager.cc(114)] FilteringNetworkManager checking permission status.
[26597:28:0608/095030.446137:VERBOSE1:webrtc_session_description_factory.cc(179)] DTLS-SRTP enabled; sending DTLS identity request (key type: 1).
[26597:29:0608/095030.446210:INFO:openssl_identity.cc(43)] Making key pair
[26597:29:0608/095030.446419:INFO:openssl_identity.cc(91)] Returning key pair
[26597:29:0608/095030.446475:INFO:openssl_certificate.cc(59)] Making certificate for WebRTC
[26597:29:0608/095030.446796:INFO:openssl_certificate.cc(109)] Returning certificate
[26597:29:0608/095030.446872:INFO:rtc_event_log_impl.cc(43)] Creating legacy encoder for RTC event log.
[26597:29:0608/095030.446942:INFO:peer_connection_factory.cc(391)] Using default network controller factory
[26597:29:0608/095030.447014:INFO:bitrate_prober.cc(69)] Bandwidth probing enabled, set to inactive
[26597:29:0608/095030.447057:VERBOSE1:pacing_controller.cc(213)] bwe:pacer_updated pacing_kbps=300 padding_budget_kbps=0
[26597:29:0608/095030.447091:INFO:paced_sender.cc(176)] ProcessThreadAttached 0x0x13c4bacec620
[26597:29:0608/095030.447169:INFO:aimd_rate_control.cc(113)] Using aimd rate control with back off factor 0.85
[26597:29:0608/095030.447208:INFO:remote_bitrate_estimator_single_stream.cc(72)] RemoteBitrateEstimatorSingleStream: Instantiating.
[26597:29:0608/095030.447243:INFO:remote_estimator_proxy.cc(50)] Maximum interval between transport feedback RTCP messages (ms): 250
[26597:29:0608/095030.447316:VERBOSE1:filtering_network_manager.cc(114)] FilteringNetworkManager checking permission status.
[26597:28:0608/095030.447652:VERBOSE1:webrtc_session_description_factory.cc(179)] DTLS-SRTP enabled; sending DTLS identity request (key type: 1).
[26597:29:0608/095030.447721:INFO:openssl_identity.cc(43)] Making key pair
[26597:28:0608/095030.447726:VERBOSE1:webrtc_session_description_factory.cc(481)] Setting new certificate.
[26597:29:0608/095030.447915:INFO:openssl_identity.cc(91)] Returning key pair
[26597:29:0608/095030.447962:INFO:openssl_certificate.cc(59)] Making certificate for WebRTC
[26597:29:0608/095030.448264:INFO:openssl_certificate.cc(109)] Returning certificate
[26597:28:0608/095030.448347:INFO:peer_connection.cc(1609)] Adding audio transceiver in response to a call to AddTrack.
[26597:28:0608/095030.448475:ERROR:audio_rtp_receiver.cc(89)] AudioRtpReceiver::OnSetVolume: No audio channel exists.
[26597:28:0608/095030.448549:VERBOSE1:webrtc_session_description_factory.cc(481)] Setting new certificate.
[26597:28:0608/095030.448847:INFO:peer_connection.cc(2319)] Changing audio transceiver (MID=<not set>) from kSendRecv to kSendOnly since CreateOffer specified offer_to_receive=0
[26597:28:0608/095030.448967:WARNING:used_ids.h(55)] Duplicate id found. Reassigning from 104 to 127


If we just look for errors in the file (and exclude the Paint finishes)
root@milleniumfalcon:~# grep ERROR /tmp/chrome.log | grep -v "PaintController::FinishCycle() completed"
[26578:26589:0608/095021.695101:ERROR:ssl_client_socket_impl.cc(959)] handshake failed; returned -1, SSL error code 1, net_error -200
[26597:29:0608/095024.337551:ERROR:dtls_transport.cc(129)] DtlsTransport in connected state has incomplete TLS information
[26597:29:0608/095024.337851:ERROR:dtls_srtp_transport.cc(216)] No DTLS-SRTP selected crypto suite
[26597:29:0608/095024.357959:ERROR:dtls_transport.cc(129)] DtlsTransport in connected state has incomplete TLS information
[26597:29:0608/095024.358154:ERROR:dtls_srtp_transport.cc(216)] No DTLS-SRTP selected crypto suite
[26597:28:0608/095030.448475:ERROR:audio_rtp_receiver.cc(89)] AudioRtpReceiver::OnSetVolume: No audio channel exists.


We don't really get much more.
https://test.webrtc.org/ doesn't work either, though I don't get any errors printed to console by default.

https://browserleaks.com/webrtc reports WebRTC is active, but similarly reports that audio isn't doable.

I've already tried running Chrome with sandboxes disabled with no effect, but I'm definitely leaning more towards this being some kind of sandboxing issue
Firefox in a VM can use audio - though it takes a lot of fast clicking to get to that stage (when the xdg-open fails, they redirect you to the download page - you have to be very, very quick to click on Join from browser).

Perhaps I'm getting old and cynical, but the fact they're so damn keen to get you to install the fat client makes me all the more suspicious of it.
Zoom contacted me on Twitter asking me to raise a ticket - https://mobile.twitter.com/zoom_us/status/1269918461897191424

So I did. And almost immediately got a notification saying they'd closed it, because I've not got a Pro account and they've very busy because of COVID-19

I assume the initial contact was probably a bot they've not turned off.