Forum Replies Created
-
AuthorPosts
-
Guro
ContributorHello
we sent you a link to a debug package. Were you able to install and extract the logs?
Thanks
Guro
ContributorHello
The Log Error message indicated that nx user account is invalid. Please ensure that nx user is not registered as ad domain user and has only local profile.Please open powershell windows as admin and run the following command:
Get-LocalUser -Name “nx”
It might show as local user status.
Thanks
Guro
ContributorHello
Please provide results of the following:
1.
ls -la /Applications/NoMachine.app/Contents/Frameworks/bin/nxexec
to be sure that nxexec had suid flag.
2.
/Applications/NoMachine.app/Contents/Frameworks/bin/nxexec --auth
it will ask for user password input and allows to check if nxexec interacts correctly with PAM service.
Use local user credentials and network user too if you have.
Guro
ContributorHello
We investigated provided log data and it seems that it is not a permission issue. For now we suspect that issue might be related to incorrect interpretation of user token, but standard logs cannot provide such information as for security reason disabled logging one. Please let us know if you are willing to install nomachine debug package on the server and collect verbose logs.
Thanks
Guro
ContributorHello
please provide the results from running the following commands in power shell opened as Administrator.
1. net user nx
in result should be listed if the user is still in admin group.
2.
wmic useraccount get name,sid | Select-String nx
to have nx user sid so that we can compare with the logs.
3.
secedit /export /areas USER_RIGHTS /cfg privileges.txt
to have all permissions of user nx. and send to us privileges.txt file please.
If the default folder of power shell does not allow to save the file, then change path to file to another folder like:
secedit /export /areas USER_RIGHTS /cfg C:\Temp\ privileges.txt
4.
Get-WinEvent -FilterHashtable @{LogName = 'Application'} | Where-Object {$_.Message -like '*nx*'}
will parse Windows application events and NX items.
I also have an additional question, how much time passed before the last Windows restart and the NoMachine service issues?
Thanks
Guro
ContributorHello
please send server and client side logs of kerberos errors to as for more detailed test.Usually problems relate to correct configuration. as alternate you can try use ssh connection protocol,
please don’t forget enable
EnableNXKerberosAuthentication 1
, on server configure file.As you also have smartcard/PIN authentication, you also can extract public key from smartcard and register on server side as authorized_keys. for more details might be in:
https://kb.nomachine.com/DT11R00187
Thanks
Guro
ContributorHello
there is no need for krb5 files. If you have kerberos ticket for windows, you can use select prefered library ‘Microsoft SSPI’ and if your user has kerberos ticket after Windows login, then this ticket might be used by NoMachine,
thanks
Guro
Contributorhello
“Authentication is done with a smartcard and a PIN or a user/password pair in an Active Directory.
ECS is connected to the same AD, I can get a ticket with kinit for my user/password.”
We can recommend use kerberos authentication as client and server host in same ad domain.
You need enable kerberos authentication on server by edit /usr/NX/etc/server.cfg and update keys
#EnableNXKerberosAuthentication 0
to
EnableNXKerberosAuthentication 1
Please ensure that AD user is correctly seen on server host:
if commands: id , getent passwd | grep , su
correctly list/switch on user. More details for kerberos authentication are available in https://kb.nomachine.com/DT07S00230
Thanks
Guro
ContributorHello,
please send nomachine server side logs to us. You can extract them using the instructions here: https://kb.nomachine.com/DT07S00243. Send them to forum[at]nomachine[dot]com. Please use the title of this topic as the subject of your email.December 19, 2024 at 09:42 in reply to: Could not start the display server. Error is 5: Input/output error #51158Guro
ContributorAlso could you provide result of next command in administrator rights power shell window, please:
net localgroup AdministratorsWe need to be sure that nx user in Administrators groups as we suspect. Logs show:
“6120 29444 2024-10-23 22:35:30 674.235 ImpersonationWorker: ERROR! Failed to launch nxserver process.
6120 66060 2024-10-25 10:34:10 075.469 ExecuteServer: ERROR! Failed to duplicate input.
6120 66060 2024-10-25 10:34:10 075.469 ExecuteServer: Error is ‘6’.”
might be related.December 19, 2024 at 03:51 in reply to: Could not start the display server. Error is 5: Input/output error #51154Guro
Contributorhello
Did you update Windows before noticing the fail on server side?
Guro
ContributorIt’s also useful to know whether user Emile is a user of domain or windows AD?
Guro
Contributorhello
“If there are no security risks to installing the debug package, then I’m happy for you to send it to me and use it.” – It’s safe to install and use. It’s a regular package with extra debug enabled to allow us to go much deeper into why a particular error is happening so they will contain information about exchange protocol flow data, ssh key fingerprints and accepted encryption methods.
” Is the ssh tunnelling method I mentioned earlier in this thread sensible?” – Yes it is. You can see details here: https://kb.nomachine.com/AR10K00728
“Is there a way to make the connection more stable with this approach?” – I think the session freeze needs further investigation. First, can you send us server side logs? Logs would also allow us to check why the connection is failing without an appropriate error even without adding yubikey as a device. You can extract them using the instructions here: https://kb.nomachine.com/DT07S00243.
Send them to forum[at]nomachine[dot]com. Please use the title of this topic as the subject of your email. Thanks!
Guro
ContributorHello
Please could you provide exact information of NoMachine server you are trying to connect to?
The free NoMachine version does not support SSH connections.Thanks
Guro
ContributorHello
To be able to provide more advises there is need to have more detailed log data. As for security reason, authentication logs are disabled by default.
But if you are willing to install new debug package on your working machine and test the authentication process to provide us more detailed information about this error, we can send you a debug package.Thanks
-
AuthorPosts