Opened 11 years ago
Last modified 7 years ago
#12969 reopened defect
SSL authentication failed
Reported by: | Rmplstltskn | Owned by: | |
Component: | other | Version: | VirtualBox 4.3.10 |
Keywords: | SSL authentication failed | Cc: | |
Guest type: | other | Host type: | other |
- Launch new installed VirtualBox.
- Check for updates - everything ОК.
- In Windows Explorer find the image *.vbox from old HDD, which already in folder "VirtualBox VMs" and add it to the list in application (two clicks).
- Check for updates - SSL authentication failed
- Deleting recently added vritual machine from list.
- Restart of application.
- Checking update - everything ОК.
Attachments (5)
Change History (50)
by , 11 years ago
Attachment: | VBoxSVC.log added |
follow-up: 2 comment:1 by , 10 years ago
Resolution: | → fixed |
Status: | new → closed |
comment:2 by , 10 years ago
Replying to frank:
Should be fixed a while ago (4.3.12 or 4.3.14).
Bug still not fixed (new installed 4.3.16)
comment:3 by , 10 years ago
Resolution: | fixed |
Status: | closed → reopened |
follow-up: 5 comment:4 by , 10 years ago
I cannot reproduce this problem, even after registering a new VM by clicking on a .vbox file.
follow-up: 6 comment:5 by , 10 years ago
Replying to frank:
I cannot reproduce this problem, even after registering a new VM by clicking on a .vbox file.
If I can give information about the system, it will help the cause? But what information?
by , 10 years ago
Attachment: | VBoxSVC.2.log added |
by , 10 years ago
Attachment: | VirtualBox.xml added |
follow-up: 7 comment:6 by , 10 years ago
Replying to Rmplstltskn:
Replying to frank:
I cannot reproduce this problem, even after registering a new VM by clicking on a .vbox file.
If I can give information about the system, it will help the cause? But what information?
I have the same issue. To be honest, I didn't double click the vbox files, it just happened by it's own a few versions ago. Using WIndows 7 SP1 x86 and latest version of VirtualBox. COMODO Internet Security installed. Disabling it's defenses didn't help.
I've attached some logs that might be of some help.
comment:7 by , 10 years ago
Replying to ItielMaN:
I have the same issue. To be honest, I didn't double click the vbox files, it just happened by it's own a few versions ago. Using WIndows 7 SP1 x86 and latest version of VirtualBox. COMODO Internet Security installed. Disabling it's defenses didn't help.
I've attached some logs that might be of some help.
Double click is not required it's just example. When I added one, or more VM's, in list of VM's i've got this error.
comment:8 by , 10 years ago
Some more info:
- Tried removing VirtualBox (without deleting the VMs) totally and re-installed.
- After upgrading to newer VB version and clicking the update feature (that as I mentioned- failed), it automatically detects the VirtualBox Extension Pack update and installs it successfully, which mean it can get to the server or something.
Are there any more logs I can supply that may help locating the issue?
comment:9 by , 10 years ago
I have the same issue, when Check for updates, cannot connect, SSL authentication failed. Windows 8.1 x64, Java 8 Update 25 x64, VirtualBox 4.3.18 r96516. No firewall except windows (and tried with it disabled). What more can I give to help on this?
comment:10 by , 10 years ago
I also see this issue (check for update - SSL failure) in both 4.3.16 and 4.3.18. Running on Windows 7 Pro (SP1) 64 bit. I manually downloaded the 4.3.18 update and installed. Interesting thing though.. After upgrade VB prompts to update extension pack (expected behavior). I approved and installed directly without any issues. Wonder why no SSL error with this action.
comment:11 by , 10 years ago
I have exactly same issue after just downloaded and installed newest version today. My laptop is Windows 7 Professional SP 1. Not sure what information I can provide. The errors showed in log file is basically same as already attached file.
comment:13 by , 10 years ago
follow-up: 15 comment:14 by , 10 years ago
If you remove the file vbox-ssl-cacertificate.crt in your .VirtualBox directory ($HOME/.VirtualBox on Linux, c:\users\USER\.VirtualBox on Windows) and do the test again, does this change anything?
comment:15 by , 10 years ago
Replying to frank:
If you remove the file vbox-ssl-cacertificate.crt in your .VirtualBox directory ($HOME/.VirtualBox on Linux, c:\users\USER\.VirtualBox on Windows) and do the test again, does this change anything?
Nope. After starting VB and trying again- same error. And the file vbox-ssl-cacertificate.crt is being recreated afterwards.
comment:16 by , 10 years ago
I can reproduce the issue with the PUEL version, running the VirtualBox Manager inside a Windows 7 x64 (clean install + updates) VM. I can't reproduce the SSL failure using the OSE build (inside the VM) and it doesn't occur on my host (Windows 8.1 x64).
I'm not sure if this is related to the SSL authentification failure, but, most of the times, both the OSE and the PUEL version, try to access the vbox-ssl-cacertificate.crt in the current folder (which is the installation folder) and in C:\etc\, but not in the user's home folder. When it happens, two first chance 800401f0 exceptions occur during the COMGETTER(HomeFolder) call (see one call stack below, 4.3.20 sources). The "." path is returned and converted to a full path.
The Manager accesses the .crt file in the user home folder if I check for updates in the first 2 seconds after it has started. After this time interval, all attempts, to check for an update, fail.
When the SSL authentification fails, the VirtualBox Manager sends to the TLS server an alert message: Level 0x2 (fatal), description - 0x30 (Unknown CA).
KERNELBASE!RaiseException+0x39 RPCRT4!RpcpRaiseException+0x33 ole32!NdrExtpProxyGetBuffer+0x35c0 RPCRT4!NdrpProxyGetBuffer+0x1b RPCRT4!NdrpClientCall2+0x9d1 ole32!ObjectStublessClient+0x1ad [d:\w7rtm\com\rpc\ndrole\amd64\stblsclt.cxx @ 620] ole32!ObjectStubless+0x42 [d:\w7rtm\com\rpc\ndrole\amd64\stubless.asm @ 117] VirtualBox!CVirtualBox::GetHomeFolder+0xeb [c:\work_x64\vbox\out\win.amd64\debug\obj\virtualbox\include\comwrappers.cpp @ 940] VirtualBox!UINetworkReplyPrivateThread::fullCertificateFileName+0x8c [c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp @ 203] VirtualBox!UINetworkReplyPrivateThread::applyHttpsCertificates+0x31 [c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp @ 129] VirtualBox!UINetworkReplyPrivateThread::run+0xc2 [c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp @ 182] QtCore4!QThreadPrivate::start+0x1a7 [c:\work_x64\qt\src\corelib\thread\qthread_win.cpp @ 357] MSVCR100!_callthreadstartex+0x17 MSVCR100!_threadstartex+0x7f kernel32!BaseThreadInitThunk+0xd ntdll!RtlUserThreadStart+0x1d
comment:17 by , 10 years ago
Interesting information. GetHomeFolder() should always return the folder where the VirtualBox.xml file is resided in but never c:
etc or something like that...
comment:18 by , 10 years ago
It returns "." along that exception, which gets translated to the current folder (the installation folder) by one of the methods called by fullCertificateFileName(). The C:\etc\ path is accessed at some other point in the execution of the program, see below the call stack (as Process Monitor shows it):
0 fltmgr.sys FltAcquirePushLockShared + 0x907 0xfffff8800112d067 C:\Windows\system32\drivers\fltmgr.sys 1 fltmgr.sys FltIsCallbackDataDirty + 0x20ba 0xfffff8800112f9aa C:\Windows\system32\drivers\fltmgr.sys 2 fltmgr.sys FltReadFile + 0x10363 0xfffff8800114d2a3 C:\Windows\system32\drivers\fltmgr.sys 3 ntoskrnl.exe MmCreateSection + 0x279c 0xfffff80002993efc C:\Windows\system32\ntoskrnl.exe 4 ntoskrnl.exe SeQueryInformationToken + 0xc48 0xfffff8000298f878 C:\Windows\system32\ntoskrnl.exe 5 ntoskrnl.exe ObOpenObjectByName + 0x306 0xfffff80002990a96 C:\Windows\system32\ntoskrnl.exe 6 ntoskrnl.exe PsTerminateSystemThread + 0x244 0xfffff80002924b34 C:\Windows\system32\ntoskrnl.exe 7 ntoskrnl.exe KeSynchronizeExecution + 0x3a23 0xfffff80002692e53 C:\Windows\system32\ntoskrnl.exe 8 ntdll.dll ZwQueryFullAttributesFile + 0xa 0x76d1241a C:\Windows\SYSTEM32\ntdll.dll 9 KERNELBASE.dll GetFileAttributesExW + 0x9d 0x7fefcd57e3d C:\Windows\system32\KERNELBASE.dll 10 VBoxRT.dll RTPathQueryInfoEx + 0x17c, c:\work_x64\vbox\src\vbox\runtime\r3\win\path-win.cpp(253) 0x7feefd9807c C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll 11 VBoxRT.dll RTFileExists + 0x3c, c:\work_x64\vbox\src\vbox\runtime\generic\rtfileexists-generic.cpp(41) 0x7feefd87b2c C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll 12 VBoxRT.dll rtHttpGet + 0xe8, c:\work_x64\vbox\src\vbox\runtime\common\misc\http.cpp(466) 0x7feefd857b8 C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll 13 VBoxRT.dll RTHttpGetBinary + 0x31, c:\work_x64\vbox\src\vbox\runtime\common\misc\http.cpp(515) 0x7feefd85e31 C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll 14 VirtualBox.exe UINetworkReplyPrivateThread::performGetRequestForBinary + 0x134, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(292) 0x13fc5ca64 C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe 15 VirtualBox.exe UINetworkReplyPrivateThread::downloadCertificates + 0xeb, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(385) 0x13fc5d14b C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe 16 VirtualBox.exe UINetworkReplyPrivateThread::applyHttpsCertificates + 0x9d, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(139) 0x13fc5bcbd C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe 17 VirtualBox.exe UINetworkReplyPrivateThread::run + 0xc2, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(181) 0x13fc5bf02 C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe 18 QtCore4.dll QThreadPrivate::start + 0x1a7, c:\work_x64\qt\src\corelib\thread\qthread_win.cpp(355) 0x73c1f587 C:\work_x64\vbox\out\win.amd64\debug\bin\QtCore4.dll 19 MSVCR100.dll endthreadex + 0x43 0x740b1d9f C:\Windows\system32\MSVCR100.dll 20 MSVCR100.dll endthreadex + 0xdf 0x740b1e3b C:\Windows\system32\MSVCR100.dll 21 kernel32.dll BaseThreadInitThunk + 0xd 0x76ab59ed C:\Windows\system32\kernel32.dll 22 ntdll.dll RtlUserThreadStart + 0x21 0x76cec541 C:\Windows\SYSTEM32\ntdll.dll
The actual path is C:\etc\ssl\certs\ca-certificates.crt
comment:19 by , 10 years ago
With the PUEL version, the usual installation folder access rights/user access rights/UAC prohibits the creation of the crt file inside C:\Program Files\Oracle\VirtualBox\
comment:20 by , 10 years ago
Now I'm confused. How comes the installation folder into play? Again, GetHomeFolder() should deliver the position of VirtualBox.xml. If it returns '.' then that's a bug.
comment:21 by , 10 years ago
So far unable to reproduce. GetHomeFolder() always returns the correct home folder, therefore the .crt file is always found.
comment:22 by , 10 years ago
Have you tried with a fresh install of Windows 7? Also, let the Manager wait for 10 seconds then check for updates.
I was wrong, GetHomeFolder() doesn't return ".", it returns "". I think it just fails, because mRC is set to 800401f0 and aHomeFolder doesn't seem to be modified after the COMGETTER(HomeFolder) call (it's set to "" by the class constructor). The "." gets set in by one of the multitude of methods and constructors called by fullCertificateFileName(). I will try with the unoptimized Qt libraries. When it's about to fail the SSL authentification, the Manager process also decides to download the file from When it's about to succeed (like in the first 2 seconds of the process lifetime), for some reason it doesn't download the file.
comment:23 by , 10 years ago
The "." originates from the Qt library, see Qt\src\corelib\io\qdir.cpp line 100 (Qt 4.8.6).
follow-up: 25 comment:24 by , 10 years ago
Actually the Win7 VM is a good testcase. I can reproduce the problem there and will try to debug + fix it.
comment:25 by , 10 years ago
Replying to frank:
Actually the Win7 VM is a good testcase. I can reproduce the problem there and will try to debug + fix it.
I think, version of OS not important, i got same error on W7 x64 and W8.1 x64. Maybe language or regional settings important? For me it is russian.
follow-up: 28 comment:26 by , 10 years ago
Finally found and fixed. Right, it does not depend on the Windows versions, but the bug is Windows-only, that is, on non-Windows platforms this didn't happen. It was a bit hard to find because the function often succeeds but Mihais testcase was a great help for debugging. I have prepared a test build. I would appreciate if users who are affected by this bug could confirm that the latest Windows test build from here fixes the problem. Thank you!
comment:27 by , 10 years ago
I can't reproduce the issue with the new build and my Windows 7 VM. But why would the Windows build ever want to check for "/etc/ssl/certs/ca-certificates.crt"? See src\VBox\Runtime\common\misc\http.cpp line 552, in RTHttpGetFile(). It hits this piece of code, if it can't access the vbox-ssl-cacertificate.crt file in the user home folder.
comment:28 by , 10 years ago
Replying to frank:
Finally found and fixed. Right, it does not depend on the Windows versions, but the bug is Windows-only, that is, on non-Windows platforms this didn't happen. It was a bit hard to find because the function often succeeds but Mihais testcase was a great help for debugging. I have prepared a test build. I would appreciate if users who are affected by this bug could confirm that the latest Windows test build from here fixes the problem. Thank you!
Oh come on! In the latest build still same error. Also removing vbox-ssl-cacertificate file didn't do the trick. VBoxSVC.log and VirtualBox.xml are again attached (if needed).
by , 10 years ago
Attachment: | VirtualBox.2.xml added |
by , 10 years ago
Attachment: | VBoxSVC.3.log added |
follow-ups: 30 31 comment:29 by , 10 years ago
What's the error message it gives you? Have you edited the log file to hide the name of the home folder? What's the language of your host OS?
comment:30 by , 10 years ago
Replying to mhanor:
What's the error message it gives you? Have you edited the log file to hide the name of the home folder?
Same error as always: "The network operation failed with the following error: SSL authentication failed." And no, I didn't. The home folder's name is written in hebrew, that's why you see "×¢××××".
comment:32 by , 10 years ago
Indeed. I can reproduce the SSL failure on my Windows 7 VM, if the home folder name contains special caracters (I have picked one from the character map, ș).
comment:33 by , 10 years ago
Many thanks guys for this hint. With this information we were able to reproduce the problem. We believe that we fixed it now properly. Could you confirm that this package works for you? Thank you!
follow-up: 37 comment:34 by , 10 years ago
To be more precise: This was an additional problem to the one we fixed with the previous test build.
comment:37 by , 10 years ago
Replying to frank:
To be more precise: This was an additional problem to the one we fixed with the previous test build.
Glad to see that! I aproove.
comment:40 by , 10 years ago
Thank you! This last update is working for me. Had special characters in path too: 'é'
comment:41 by , 10 years ago
Resolution: | → fixed |
Status: | reopened → closed |
Fix is finally part of VBox 4.3.22. Please don't reopen this ticket before you installed VBox 4.3.22!
comment:43 by , 8 years ago
Resolution: | fixed |
Status: | closed → reopened |
I have the same issue. Installed latest VB, extensions, guest tools with no success. System cannot validate SSL certificates. Manually installing SSL certficates doesn't work. Deleting vbox-ssl-cacertificate.crt doesn't work. I can't install applications that require SSL connections like Adobe Acrobat, can't google without going through error messages. OS: Windows Server 2012
comment:44 by , 8 years ago
What version of VirtualBox are you using? What's the exact error message?
comment:45 by , 7 years ago
I have the same problem. Win 8.1, long time I can not update because of this annoying ssl message. I tried everything above, To delete certificate, to delete file vbox-ssl-cacertificate.crt, to uninstall, VB, the install again, and nothing.
In last let it say 7-8 version I have all the time this problem. Now Im on the latest release 5.2.8
Is there any tutorial how to solve this annoying problem?
Should be fixed a while ago (4.3.12 or 4.3.14).