Forum / NoMachine Cloud Server Products / Unable to –nodeadd NX protocol
- This topic has 3 replies, 2 voices, and was last updated 10 years, 6 months ago by Haven.
-
AuthorPosts
-
May 13, 2014 at 10:26 #3535esarmienParticipant
Hi,
I am able to –nodeadd nodes from a Cloud Server using the SSH protocol, but, when I –nodeadd using the NX protocol I receive the following error on the Cloud Server:
14785 14793 11:46:51 782.445 Encryptor/Encryptable: ERROR! Failed to authorize the server certificate.
Error: Failed to authorize the server certificate.
This is the command I ran
/usr/NX/bin/nxserver –nodeadd rce6-1.priv.hmdc.harvard.edu –protocol NX –load-balancing yes
and I received
NX> 596 ERROR: Cannot authenticate to the requested node.
NX> 999 Bye.
I attempted to use openssl to request the cert running on rce6-1.priv.hmdc.harvard.edu:4000
openssl s_client -showcerts -connect rce6-1.priv.hmdc.harvard.edu:4000 -debug
and I got
CONNECTED(00000003)
write to 0x18b0d70 [0x18d1600] (263 bytes => 263 (0x107))
0000 – 16 03 01 01 02 01 00 00-fe 03 03 53 70 fd cd 61 ………..Sp..a
0010 – 17 0e 77 83 b3 fa 75 0e-53 a5 2f 55 ee 0c 4a fc ..w…u.S./U..J.
0020 – 87 8b 51 e4 b6 6e a6 5c-e3 35 b0 00 00 94 c0 30 ..Q..n.\.5…..0
0030 – c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$………k
0040 – 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a .j.9.8…..2…*
0050 – c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 12 .&…….=.5….
0060 – c0 08 00 16 00 13 c0 0d-c0 03 00 0a c0 2f c0 2b …………./.+
0070 – c0 27 c0 23 c0 13 c0 09-00 a2 00 9e 00 67 00 40 .’.#………g.@
0080 – 00 33 00 32 00 9a 00 99-00 45 00 44 c0 31 c0 2d .3.2…..E.D.1.-
0090 – c0 29 c0 25 c0 0e c0 04-00 9c 00 3c 00 2f 00 96 .).%…….<./..
00a0 – 00 41 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04 .A…………..
00b0 – 00 15 00 12 00 09 00 14-00 11 00 08 00 06 00 03 …………….
00c0 – 00 ff 01 00 00 41 00 0b-00 04 03 00 01 02 00 0a …..A……….
00d0 – 00 06 00 04 00 18 00 17-00 23 00 00 00 0d 00 22 ………#…..”
00e0 – 00 20 06 01 06 02 06 03-05 01 05 02 05 03 04 01 . …………..
00f0 – 04 02 04 03 03 01 03 02-03 03 02 01 02 02 02 03 …………….
0100 – 01 01 00 0f 00 01 01 …….
read from 0x18b0d70 [0x18d6b60] (7 bytes => 0 (0x0))
140583177619272:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
—
no peer certificate available
—
No client certificate CA names sent
—
SSL handshake has read 0 bytes and written 263 bytes
—
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
—
This is what I see in the log on the host rce6-1.priv
Info: Handling connection from 140.247.115.105 port 50007 on Mon May 12 12:57:30 2014.
Info: Connection from 140.247.115.105 port 50007 closed on Mon May 12 12:57:31 2014.
Info: Handler with pid 12004 terminated on Mon May 12 12:57:31 2014.
Info: Handler started with pid 12106 on Mon May 12 12:58:53 2014.
Info: Handling connection from 10.0.0.48 port 46036 on Mon May 12 12:58:53 2014.
12106 12114 12:58:53 939.394 DaemonGreeter/DaemonGreeter: ERROR! Invalid client identification ”.
Error: Invalid client identification ”.
Warning: Connection from 10.0.0.48 port 46036 failed on Mon May 12 12:58:53 2014.
Warning: Connection error is 22, ‘Invalid argument’.
I am using the certs that come with the NoMachine RPM
Best,
Evan
May 13, 2014 at 15:03 #3571HavenParticipantFrom what you have written, we can see that a connection to the remote node with protocol NX is created, but it is then lost. The host certificate on the client side cannot be read, and the server cannot see the client version.
Please check your firewall setting if connection on 4000 port is somehow being filtered or blocked.
May 14, 2014 at 08:54 #3576esarmienParticipantHaven,
Actually, from what I have written it is clear that port 4000 is not blocked. Check this out:
esarmien@rce6-portal-1.hmdc.harvard.edu
└─[~]> telnet rce6-1.priv 4000
Trying 10.0.0.98…
Connected to rce6-1.priv.
Escape character is ‘^]’.
^]q
telnet> q
Connection closed.
I can see here that rce6-1.priv:4000 (NX) is accepting connections, now I try to use openssl req to grab the cert
┌─[esarmien@rce6-portal-1.hmdc.harvard.edu]
└─[~]>openssl s_client -connect rce6-1.priv.hmdc.harvard.edu:4000
CONNECTED(00000003)
140383579920200:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
—
no peer certificate available
—
No client certificate CA names sent
—
SSL handshake has read 0 bytes and written 263 bytes
—
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
—
This is the weird part. Apparently it has no certificate?
I can actually use NXClient and connect directly to rce6-1.priv:4000 and achieve a session, but I am not able to –nodeadd.
Best,
Evan
May 14, 2014 at 11:07 #3587HavenParticipantTo investigate it further we will require the full set of logs:
https://www.nomachine.com/AR07K00677
from both servers: main and remote node.
-
AuthorPosts
Closed because the user did not provide further feedback. Please notify us if you confirm that it is resolved or open a new topic if you have the same problem.