September 25, 2018 at 08:09 #19714ifyffeParticipant
I’m trying to configure RSA key ID between two Windows 10 hosts.
I performed 2 fresh installs, and confirmed I can connect using the usual Windows account password auth.
Then I followed this guide for setting up RSA key access.
To generate the RSA keys, I used ssh-keygen on Linux, and copied the files to the Windows computers.
When I try to connect, I’m getting “the session negotiation failed. Error: Cannot accept public key”.
Here’s what I see on the server-side:
2018-09-24 10:38:46 739.562 4120 NXSERVER Starting WS 6.2.4 and services.
2018-09-24 10:38:46 803.137 4120 NXSERVER System information: Windows 10, standalone.
2018-09-24 10:46:35 231.614 10780 NXSERVER WARNING! NXRunCommand: Timeout while waiting for command ‘C:\Program Files (x86)\NoMachine\\bin\\nxexec C:\Program Files (x86)\NoMachine\\bin\\nxexec –cat –user enviro2 –path config/authorized.crt’ response.
2018-09-24 10:46:35 333.756 10780 NXSERVER WARNING! Process ‘C:\Program Files (x86)\NoMachine\\bin\\nxexec –cat –user enviro2 –path config/authorized.crt’ with pid ‘3396/932’ finished with exit code 4 after 30,134 seconds.
4120 6440 10:38:56 511.289 ServerNetworkInfoHandler: WARNING! Obtaining network data failed.
Info: Server process running with pid 3956.
Info: Handler started with pid 10780 on Mon Sep 24 10:46:03 2018.
Info: Handling connection from 10.1.2.28 port 50221 on Mon Sep 24 10:46:03 2018.
Error: Cannot send request to NXLSA package.
Error code is : 0.
Package’s response is : 0xc0000001.
Error: Cannot cat file ‘config/authorized.crt’ from user ‘enviro2’.
10780 12168 10:46:35 231.614 Monitor/FileReadMonitor: WARNING! Canceling busy thread 11172 for FD#7.
Info: Connection from 10.1.2.28 port 50221 closed on Mon Sep 24 10:46:35 2018.
Info: Handler with pid 10780 terminated on Mon Sep 24 10:46:35 2018.
It seems like the issue is that the daemon can’t read the authorized keys file, but I’m able to print it as both administrator and the user in question. So I’m not sure how to continue troubleshooting.
Thanks for any adviceSeptember 26, 2018 at 12:06 #19727CatoContributor
Please, check if lsass.exe process is running in protected mode.
To do so:
1. Download and install Process Explorer using this link:
2. Start Process Explorer as Administrator.
3. Double click on lsass.exe process and check the value of ‘Protected’ in ‘Security’ tab.September 27, 2018 at 08:07 #19737ifyffeParticipant
Thanks for the reply.
lsass.exe security tab says
Protected: noOctober 2, 2018 at 08:48 #19780GuroContributor
Currently we are unable to reproduce this issue in our test environment.
To take more detailed information of lsass to the NoMachine service, we need to prepare a debug package. Would it be possible for you to install this NoMachine package and then and send us the logs to us for further analysis?October 12, 2018 at 11:14 #19948tylerXMDParticipant
I had this same issue. I even used the process explorer and saw that lsass.exe was not running in protected mode. I resolved my issue and it does appear to be an issue on NoMachine’s side. My versions are Windows 6.3.6 server and Debian 6.3.6 client.
The issue I had was that the key was in the new format (i.e. I used ‘-o’ when creating the key).
The workaround was that I created a new key pair (without the ‘-o’ flag), appended the new public key to the server authorized.crt, and now it is working.
The solution would be for NoMachine to support the new key formats.
Hope this helps in the meantime!November 7, 2018 at 08:59 #20378