VirtualBox

Opened 10 years ago

Last modified 6 years ago

#12969 reopened defect

SSL authentication failed

Reported by: Rmplstltskn Owned by:
Component: other Version: VirtualBox 4.3.10
Keywords: SSL authentication failed Cc:
Guest type: other Host type: other

Description

  1. Launch new installed VirtualBox.
  2. Check for updates - everything ОК.
  3. In Windows Explorer find the image *.vbox from old HDD, which already in folder "VirtualBox VMs" and add it to the list in application (two clicks).
  4. Check for updates - SSL authentication failed
  5. Deleting recently added vritual machine from list.
  6. Restart of application.
  7. Checking update - everything ОК.

Attachments (5)

VBoxSVC.log (1.3 KB ) - added by Rmplstltskn 10 years ago.
VBoxSVC.2.log (1.6 KB ) - added by ItielMaN 9 years ago.
VirtualBox.xml (5.9 KB ) - added by ItielMaN 9 years ago.
VirtualBox.2.xml (6.1 KB ) - added by ItielMaN 9 years ago.
VBoxSVC.3.log (1.5 KB ) - added by ItielMaN 9 years ago.

Download all attachments as: .zip

Change History (50)

by Rmplstltskn, 10 years ago

Attachment: VBoxSVC.log added

comment:1 by Frank Mehnert, 10 years ago

Resolution: fixed
Status: newclosed

Should be fixed a while ago (4.3.12 or 4.3.14).

in reply to:  1 comment:2 by Rmplstltskn, 10 years ago

Replying to frank:

Should be fixed a while ago (4.3.12 or 4.3.14).

Bug still not fixed (new installed 4.3.16)

comment:3 by Rmplstltskn, 10 years ago

Resolution: fixed
Status: closedreopened

comment:4 by Frank Mehnert, 9 years ago

I cannot reproduce this problem, even after registering a new VM by clicking on a .vbox file.

in reply to:  4 ; comment:5 by Rmplstltskn, 9 years ago

Replying to frank:

I cannot reproduce this problem, even after registering a new VM by clicking on a .vbox file.

If I can give information about the system, it will help the cause? But what information?

by ItielMaN, 9 years ago

Attachment: VBoxSVC.2.log added

by ItielMaN, 9 years ago

Attachment: VirtualBox.xml added

in reply to:  5 ; comment:6 by ItielMaN, 9 years ago

Replying to Rmplstltskn:

Replying to frank:

I cannot reproduce this problem, even after registering a new VM by clicking on a .vbox file.

If I can give information about the system, it will help the cause? But what information?

I have the same issue. To be honest, I didn't double click the vbox files, it just happened by it's own a few versions ago. Using WIndows 7 SP1 x86 and latest version of VirtualBox. COMODO Internet Security installed. Disabling it's defenses didn't help.

I've attached some logs that might be of some help.

in reply to:  6 comment:7 by Rmplstltskn, 9 years ago

Replying to ItielMaN:

I have the same issue. To be honest, I didn't double click the vbox files, it just happened by it's own a few versions ago. Using WIndows 7 SP1 x86 and latest version of VirtualBox. COMODO Internet Security installed. Disabling it's defenses didn't help.

I've attached some logs that might be of some help.

Double click is not required it's just example. When I added one, or more VM's, in list of VM's i've got this error.

comment:8 by ItielMaN, 9 years ago

Some more info:

  1. Tried removing VirtualBox (without deleting the VMs) totally and re-installed.
  2. After upgrading to newer VB version and clicking the update feature (that as I mentioned- failed), it automatically detects the VirtualBox Extension Pack update and installs it successfully, which mean it can get to the server or something.

Are there any more logs I can supply that may help locating the issue?

comment:9 by LNabais, 9 years ago

I have the same issue, when Check for updates, cannot connect, SSL authentication failed. Windows 8.1 x64, Java 8 Update 25 x64, VirtualBox 4.3.18 r96516. No firewall except windows (and tried with it disabled). What more can I give to help on this?

comment:10 by tgm, 9 years ago

I also see this issue (check for update - SSL failure) in both 4.3.16 and 4.3.18. Running on Windows 7 Pro (SP1) 64 bit. I manually downloaded the 4.3.18 update and installed. Interesting thing though.. After upgrade VB prompts to update extension pack (expected behavior). I approved and installed directly without any issues. Wonder why no SSL error with this action.

comment:11 by woodbridge, 9 years ago

I have exactly same issue after just downloaded and installed newest version today. My laptop is Windows 7 Professional SP 1. Not sure what information I can provide. The errors showed in log file is basically same as already attached file.

comment:12 by Rmplstltskn, 9 years ago

In version 4.3.20 bug still not fixed.

in reply to:  12 comment:13 by ItielMaN, 9 years ago

Replying to Rmplstltskn:

In version 4.3.20 bug still not fixed.

Same here :(

comment:14 by Frank Mehnert, 9 years ago

If you remove the file vbox-ssl-cacertificate.crt in your .VirtualBox directory ($HOME/.VirtualBox on Linux, c:\users\USER\.VirtualBox on Windows) and do the test again, does this change anything?

in reply to:  14 comment:15 by ItielMaN, 9 years ago

Replying to frank:

If you remove the file vbox-ssl-cacertificate.crt in your .VirtualBox directory ($HOME/.VirtualBox on Linux, c:\users\USER\.VirtualBox on Windows) and do the test again, does this change anything?

Nope. After starting VB and trying again- same error. And the file vbox-ssl-cacertificate.crt is being recreated afterwards.

comment:16 by Mihai Hanor, 9 years ago

I can reproduce the issue with the PUEL version, running the VirtualBox Manager inside a Windows 7 x64 (clean install + updates) VM. I can't reproduce the SSL failure using the OSE build (inside the VM) and it doesn't occur on my host (Windows 8.1 x64).

I'm not sure if this is related to the SSL authentification failure, but, most of the times, both the OSE and the PUEL version, try to access the vbox-ssl-cacertificate.crt in the current folder (which is the installation folder) and in C:\etc\, but not in the user's home folder. When it happens, two first chance 800401f0 exceptions occur during the COMGETTER(HomeFolder) call (see one call stack below, 4.3.20 sources). The "." path is returned and converted to a full path.

The Manager accesses the .crt file in the user home folder if I check for updates in the first 2 seconds after it has started. After this time interval, all attempts to check for an update, fail.

When the SSL authentification fails, the VirtualBox Manager sends to the TLS server an alert message: Level 0x2 (fatal), description - 0x30 (Unknown CA).

KERNELBASE!RaiseException+0x39
RPCRT4!RpcpRaiseException+0x33
ole32!NdrExtpProxyGetBuffer+0x35c0
RPCRT4!NdrpProxyGetBuffer+0x1b
RPCRT4!NdrpClientCall2+0x9d1
ole32!ObjectStublessClient+0x1ad [d:\w7rtm\com\rpc\ndrole\amd64\stblsclt.cxx @ 620]
ole32!ObjectStubless+0x42 [d:\w7rtm\com\rpc\ndrole\amd64\stubless.asm @ 117]
VirtualBox!CVirtualBox::GetHomeFolder+0xeb [c:\work_x64\vbox\out\win.amd64\debug\obj\virtualbox\include\comwrappers.cpp @ 940]
VirtualBox!UINetworkReplyPrivateThread::fullCertificateFileName+0x8c [c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp @ 203]
VirtualBox!UINetworkReplyPrivateThread::applyHttpsCertificates+0x31 [c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp @ 129]
VirtualBox!UINetworkReplyPrivateThread::run+0xc2 [c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp @ 182]
QtCore4!QThreadPrivate::start+0x1a7 [c:\work_x64\qt\src\corelib\thread\qthread_win.cpp @ 357]
MSVCR100!_callthreadstartex+0x17
MSVCR100!_threadstartex+0x7f
kernel32!BaseThreadInitThunk+0xd
ntdll!RtlUserThreadStart+0x1d
Last edited 9 years ago by Mihai Hanor (previous) (diff)

comment:17 by Frank Mehnert, 9 years ago

Interesting information. GetHomeFolder() should always return the folder where the VirtualBox.xml file is resided in but never c:
etc or something like that...

comment:18 by Mihai Hanor, 9 years ago

It returns "." along that exception, which gets translated to the current folder (the installation folder) by one of the methods called by fullCertificateFileName(). The C:\etc\ path is accessed at some other point in the execution of the program, see below the call stack (as Process Monitor shows it):

0	fltmgr.sys	FltAcquirePushLockShared + 0x907	0xfffff8800112d067	C:\Windows\system32\drivers\fltmgr.sys
1	fltmgr.sys	FltIsCallbackDataDirty + 0x20ba	0xfffff8800112f9aa	C:\Windows\system32\drivers\fltmgr.sys
2	fltmgr.sys	FltReadFile + 0x10363	0xfffff8800114d2a3	C:\Windows\system32\drivers\fltmgr.sys
3	ntoskrnl.exe	MmCreateSection + 0x279c	0xfffff80002993efc	C:\Windows\system32\ntoskrnl.exe
4	ntoskrnl.exe	SeQueryInformationToken + 0xc48	0xfffff8000298f878	C:\Windows\system32\ntoskrnl.exe
5	ntoskrnl.exe	ObOpenObjectByName + 0x306	0xfffff80002990a96	C:\Windows\system32\ntoskrnl.exe
6	ntoskrnl.exe	PsTerminateSystemThread + 0x244	0xfffff80002924b34	C:\Windows\system32\ntoskrnl.exe
7	ntoskrnl.exe	KeSynchronizeExecution + 0x3a23	0xfffff80002692e53	C:\Windows\system32\ntoskrnl.exe
8	ntdll.dll	ZwQueryFullAttributesFile + 0xa	0x76d1241a	C:\Windows\SYSTEM32\ntdll.dll
9	KERNELBASE.dll	GetFileAttributesExW + 0x9d	0x7fefcd57e3d	C:\Windows\system32\KERNELBASE.dll
10	VBoxRT.dll	RTPathQueryInfoEx + 0x17c, c:\work_x64\vbox\src\vbox\runtime\r3\win\path-win.cpp(253)	0x7feefd9807c	C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll
11	VBoxRT.dll	RTFileExists + 0x3c, c:\work_x64\vbox\src\vbox\runtime\generic\rtfileexists-generic.cpp(41)	0x7feefd87b2c	C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll
12	VBoxRT.dll	rtHttpGet + 0xe8, c:\work_x64\vbox\src\vbox\runtime\common\misc\http.cpp(466)	0x7feefd857b8	C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll
13	VBoxRT.dll	RTHttpGetBinary + 0x31, c:\work_x64\vbox\src\vbox\runtime\common\misc\http.cpp(515)	0x7feefd85e31	C:\work_x64\vbox\out\win.amd64\debug\bin\VBoxRT.dll
14	VirtualBox.exe	UINetworkReplyPrivateThread::performGetRequestForBinary + 0x134, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(292)	0x13fc5ca64	C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe
15	VirtualBox.exe	UINetworkReplyPrivateThread::downloadCertificates + 0xeb, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(385)	0x13fc5d14b	C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe
16	VirtualBox.exe	UINetworkReplyPrivateThread::applyHttpsCertificates + 0x9d, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(139)	0x13fc5bcbd	C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe
17	VirtualBox.exe	UINetworkReplyPrivateThread::run + 0xc2, c:\work_x64\vbox\src\vbox\frontends\virtualbox\src\net\uinetworkreply.cpp(181)	0x13fc5bf02	C:\work_x64\vbox\out\win.amd64\debug\bin\VirtualBox.exe
18	QtCore4.dll	QThreadPrivate::start + 0x1a7, c:\work_x64\qt\src\corelib\thread\qthread_win.cpp(355)	0x73c1f587	C:\work_x64\vbox\out\win.amd64\debug\bin\QtCore4.dll
19	MSVCR100.dll	endthreadex + 0x43	0x740b1d9f	C:\Windows\system32\MSVCR100.dll
20	MSVCR100.dll	endthreadex + 0xdf	0x740b1e3b	C:\Windows\system32\MSVCR100.dll
21	kernel32.dll	BaseThreadInitThunk + 0xd	0x76ab59ed	C:\Windows\system32\kernel32.dll
22	ntdll.dll	RtlUserThreadStart + 0x21	0x76cec541	C:\Windows\SYSTEM32\ntdll.dll

The actual path is C:\etc\ssl\certs\ca-certificates.crt

Last edited 9 years ago by Mihai Hanor (previous) (diff)

comment:19 by Mihai Hanor, 9 years ago

With the PUEL version, the usual installation folder access rights/user access rights/UAC prohibits the creation of the crt file inside C:\Program Files\Oracle\VirtualBox\

comment:20 by Frank Mehnert, 9 years ago

Now I'm confused. How comes the installation folder into play? Again, GetHomeFolder() should deliver the position of VirtualBox.xml. If it returns '.' then that's a bug.

comment:21 by Frank Mehnert, 9 years ago

So far unable to reproduce. GetHomeFolder() always returns the correct home folder, therefore the .crt file is always found.

comment:22 by Mihai Hanor, 9 years ago

Have you tried with a fresh install of Windows 7? Also, let the Manager wait for 10 seconds then check for updates.

I was wrong, GetHomeFolder() doesn't return ".", it returns "". I think it just fails, because mRC is set to 800401f0 and aHomeFolder doesn't seem to be modified after the COMGETTER(HomeFolder) call (it's set to "" by the class constructor). The "." gets set in by one of the multitude of methods and constructors called by fullCertificateFileName(). I will try with the unoptimized Qt libraries. When it's about to fail the SSL authentification, the Manager process also decides to download the roots.zip file from verisign.com. When it's about to succeed (like in the first 2 seconds of the process lifetime), for some reason it doesn't download the roots.zip file.

Last edited 9 years ago by Mihai Hanor (previous) (diff)

comment:23 by Mihai Hanor, 9 years ago

The "." originates from the Qt library, see Qt\src\corelib\io\qdir.cpp line 100 (Qt 4.8.6).

comment:24 by Frank Mehnert, 9 years ago

Actually the Win7 VM is a good testcase. I can reproduce the problem there and will try to debug + fix it.

in reply to:  24 comment:25 by Rmplstltskn, 9 years ago

Replying to frank:

Actually the Win7 VM is a good testcase. I can reproduce the problem there and will try to debug + fix it.

I think, version of OS not important, i got same error on W7 x64 and W8.1 x64. Maybe language or regional settings important? For me it is russian.

comment:26 by Frank Mehnert, 9 years ago

Finally found and fixed. Right, it does not depend on the Windows versions, but the bug is Windows-only, that is, on non-Windows platforms this didn't happen. It was a bit hard to find because the function often succeeds but Mihais testcase was a great help for debugging. I have prepared a test build. I would appreciate if users who are affected by this bug could confirm that the latest Windows test build from here fixes the problem. Thank you!

comment:27 by Mihai Hanor, 9 years ago

I can't reproduce the issue with the new build and my Windows 7 VM. But why would the Windows build ever want to check for "/etc/ssl/certs/ca-certificates.crt"? See src\VBox\Runtime\common\misc\http.cpp line 552, in RTHttpGetFile(). It hits this piece of code, if it can't access the vbox-ssl-cacertificate.crt file in the user home folder.

Last edited 9 years ago by Mihai Hanor (previous) (diff)

in reply to:  26 comment:28 by ItielMaN, 9 years ago

Replying to frank:

Finally found and fixed. Right, it does not depend on the Windows versions, but the bug is Windows-only, that is, on non-Windows platforms this didn't happen. It was a bit hard to find because the function often succeeds but Mihais testcase was a great help for debugging. I have prepared a test build. I would appreciate if users who are affected by this bug could confirm that the latest Windows test build from here fixes the problem. Thank you!

Oh come on! In the latest build still same error. Also removing vbox-ssl-cacertificate file didn't do the trick. VBoxSVC.log and VirtualBox.xml are again attached (if needed).

by ItielMaN, 9 years ago

Attachment: VirtualBox.2.xml added

by ItielMaN, 9 years ago

Attachment: VBoxSVC.3.log added

comment:29 by Mihai Hanor, 9 years ago

What's the error message it gives you? Have you edited the log file to hide the name of the home folder? What's the language of your host OS?

Last edited 9 years ago by Mihai Hanor (previous) (diff)

in reply to:  29 comment:30 by ItielMaN, 9 years ago

Replying to mhanor:

What's the error message it gives you? Have you edited the log file to hide the name of the home folder?

Same error as always: "The network operation failed with the following error: SSL authentication failed." And no, I didn't. The home folder's name is written in hebrew, that's why you see "עליז×".

in reply to:  29 comment:31 by ItielMaN, 9 years ago

Replying to mhanor:

What's the language of your host OS?

Hebrew.

comment:32 by Mihai Hanor, 9 years ago

Indeed. I can reproduce the SSL failure on my Windows 7 VM, if the home folder name contains special caracters (I have picked one from the character map, ș).

comment:33 by Frank Mehnert, 9 years ago

Many thanks guys for this hint. With this information we were able to reproduce the problem. We believe that we fixed it now properly. Could you confirm that this package works for you? Thank you!

comment:34 by Frank Mehnert, 9 years ago

To be more precise: This was an additional problem to the one we fixed with the previous test build.

comment:35 by Mihai Hanor, 9 years ago

It's OK on my test VM.

comment:36 by ItielMaN, 9 years ago

Hell yeah! Working great now. Thanks frank :)

in reply to:  34 comment:37 by Rmplstltskn, 9 years ago

Replying to frank:

To be more precise: This was an additional problem to the one we fixed with the previous test build.

Glad to see that! I aproove.

comment:38 by VgnJhd, 9 years ago

I can confirm that this fixed all my issue Thanks Frank !

comment:39 by Frank Mehnert, 9 years ago

Thanks for helping debugging and for all the feedback!

comment:40 by NwDx, 9 years ago

Thank you! This last update is working for me. Had special characters in path too: 'é'

comment:41 by Frank Mehnert, 9 years ago

Resolution: fixed
Status: reopenedclosed

Fix is finally part of VBox 4.3.22. Please don't reopen this ticket before you installed VBox 4.3.22!

comment:42 by BGarber, 9 years ago

I'm seeing this issue on 4.3.28 r100309 Win 7 x64

comment:43 by MericClan, 7 years ago

Resolution: fixed
Status: closedreopened

I have the same issue. Installed latest VB, extensions, guest tools with no success. System cannot validate SSL certificates. Manually installing SSL certficates doesn't work. Deleting vbox-ssl-cacertificate.crt doesn't work. I can't install applications that require SSL connections like Adobe Acrobat, can't google without going through error messages. OS: Windows Server 2012

comment:44 by Mihai Hanor, 7 years ago

What version of VirtualBox are you using? What's the exact error message?

comment:45 by easydoor, 6 years ago

I have the same problem. Win 8.1, long time I can not update because of this annoying ssl message. I tried everything above, To delete certificate, to delete file vbox-ssl-cacertificate.crt, to uninstall, VB, the install again, and nothing.

In last let it say 7-8 version I have all the time this problem. Now Im on the latest release 5.2.8

Is there any tutorial how to solve this annoying problem?

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use