Unable to –nodeadd NX protocol

Forums / NoMachine Cloud Server Products / Unable to –nodeadd NX protocol

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #3535
    Avataresarmien
    Participant

    Hi,

    I am able to –nodeadd nodes from a Cloud Server using the SSH protocol, but, when I –nodeadd using the NX protocol I receive the following error on the Cloud Server:

    14785 14793 11:46:51 782.445 Encryptor/Encryptable: ERROR! Failed to authorize the server certificate.

    Error: Failed to authorize the server certificate.

    This is the command I ran

    /usr/NX/bin/nxserver –nodeadd rce6-1.priv.hmdc.harvard.edu –protocol NX –load-balancing yes

    and I received

    NX> 596 ERROR: Cannot authenticate to the requested node.

    NX> 999 Bye.

    I attempted to use openssl to request the cert running on rce6-1.priv.hmdc.harvard.edu:4000

    openssl s_client -showcerts -connect rce6-1.priv.hmdc.harvard.edu:4000 -debug

    and I got

    CONNECTED(00000003)

    write to 0x18b0d70 [0x18d1600] (263 bytes => 263 (0x107))

    0000 – 16 03 01 01 02 01 00 00-fe 03 03 53 70 fd cd 61 ………..Sp..a

    0010 – 17 0e 77 83 b3 fa 75 0e-53 a5 2f 55 ee 0c 4a fc ..w…u.S./U..J.

    0020 – 87 8b 51 e4 b6 6e a6 5c-e3 35 b0 00 00 94 c0 30 ..Q..n.\.5…..0

    0030 – c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$………k

    0040 – 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a .j.9.8…..2…*

    0050 – c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 12 .&…….=.5….

    0060 – c0 08 00 16 00 13 c0 0d-c0 03 00 0a c0 2f c0 2b …………./.+

    0070 – c0 27 c0 23 c0 13 c0 09-00 a2 00 9e 00 67 00 40 .’.#………g.@

    0080 – 00 33 00 32 00 9a 00 99-00 45 00 44 c0 31 c0 2d .3.2…..E.D.1.-

    0090 – c0 29 c0 25 c0 0e c0 04-00 9c 00 3c 00 2f 00 96 .).%…….<./..

    00a0 – 00 41 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04 .A…………..

    00b0 – 00 15 00 12 00 09 00 14-00 11 00 08 00 06 00 03 …………….

    00c0 – 00 ff 01 00 00 41 00 0b-00 04 03 00 01 02 00 0a …..A……….

    00d0 – 00 06 00 04 00 18 00 17-00 23 00 00 00 0d 00 22 ………#…..”

    00e0 – 00 20 06 01 06 02 06 03-05 01 05 02 05 03 04 01 . …………..

    00f0 – 04 02 04 03 03 01 03 02-03 03 02 01 02 02 02 03 …………….

    0100 – 01 01 00 0f 00 01 01 …….

    read from 0x18b0d70 [0x18d6b60] (7 bytes => 0 (0x0))

    140583177619272:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:

    no peer certificate available

    No client certificate CA names sent

    SSL handshake has read 0 bytes and written 263 bytes

    New, (NONE), Cipher is (NONE)

    Secure Renegotiation IS NOT supported

    Compression: NONE

    Expansion: NONE

    This is what I see in the log on the host rce6-1.priv

    Info: Handling connection from 140.247.115.105 port 50007 on Mon May 12 12:57:30 2014.

    Info: Connection from 140.247.115.105 port 50007 closed on Mon May 12 12:57:31 2014.

    Info: Handler with pid 12004 terminated on Mon May 12 12:57:31 2014.

    Info: Handler started with pid 12106 on Mon May 12 12:58:53 2014.

    Info: Handling connection from 10.0.0.48 port 46036 on Mon May 12 12:58:53 2014.

    12106 12114 12:58:53 939.394 DaemonGreeter/DaemonGreeter: ERROR! Invalid client identification ”.

    Error: Invalid client identification ”.

    Warning: Connection from 10.0.0.48 port 46036 failed on Mon May 12 12:58:53 2014.

    Warning: Connection error is 22, ‘Invalid argument’.

    I am using the certs that come with the NoMachine RPM

    Best,

    Evan

    #3571
    AvatarHaven
    Contributor

    From what you have written, we can see that a connection to the remote node with protocol NX is created, but it is then lost. The host certificate on the client side cannot be read, and the server cannot see the client version.

    Please check your firewall setting if connection on 4000 port is somehow being filtered or blocked.

    #3576
    Avataresarmien
    Participant

    Haven,

    Actually, from what I have written it is clear that port 4000 is not blocked. Check this out:

    esarmien@rce6-portal-1.hmdc.harvard.edu

    └─[~]> telnet rce6-1.priv 4000

    Trying 10.0.0.98…

    Connected to rce6-1.priv.

    Escape character is ‘^]’.

    ^]q

    telnet> q

    Connection closed.

    I can see here that rce6-1.priv:4000 (NX) is accepting connections, now I try to use openssl req to grab the cert

    ┌─[esarmien@rce6-portal-1.hmdc.harvard.edu]

    └─[~]>openssl s_client -connect rce6-1.priv.hmdc.harvard.edu:4000

    CONNECTED(00000003)

    140383579920200:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:

    no peer certificate available

    No client certificate CA names sent

    SSL handshake has read 0 bytes and written 263 bytes

    New, (NONE), Cipher is (NONE)

    Secure Renegotiation IS NOT supported

    Compression: NONE

    Expansion: NONE

    This is the weird part. Apparently it has no certificate?

    I can actually use NXClient and connect directly to rce6-1.priv:4000 and achieve a session, but I am not able to –nodeadd.

    Best,

    Evan

    #3587
    AvatarHaven
    Contributor

    To investigate it further we will require the full set of logs:

    https://www.nomachine.com/AR07K00677

    from both servers: main and remote node.

Viewing 4 posts - 1 through 4 (of 4 total)

Closed because the user did not provide further feedback. Please notify us if you confirm that it is resolved or open a new topic if you have the same problem.