Bug 1124263

Summary: [Windows Guest Tools] SSO not working on Windows 7 when secure logon is enabled
Product: Red Hat Enterprise Virtualization Manager Reporter: Jaison Raju <jraju>
Component: ovirt-guest-agentAssignee: Vinzenz Feenstra [evilissimo] <vfeenstr>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Belka <jbelka>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.4.0CC: ecohen, iheim, jraju, michal.skrivanek, mkenneth, pedro.aleluia, pstehlik, rbalakri, yeylon
Target Milestone: ---   
Target Release: 3.5.0   
Hardware: All   
OS: Linux   
Whiteboard: virt
Fixed In Version: rhevm-guest-agent-1.0.10-2 Doc Type: Bug Fix
Doc Text:
Previously the Single Sign on feature of RHEV-M did not correctly work on some 32 Bit Windows systems if the secure logon feature of windows was enabled. This limitation has been now resolved and single sign on does now also work on 32 Bit windows systems with secure logon enabled.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-17 08:27:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 1158470    
Bug Blocks:    
Attachments:
Description Flags
tools logs
none
Registry value to enable software generated 'Secure Attention Sequence' triggers none

Description Jaison Raju 2014-07-29 07:30:28 UTC
Description of problem:

Customer cannot do SSO after enabling secure logon (Ctrl+Alt+Delete). 
When secure logon is disabled login using SSO works properly. 
http://windows.microsoft.com/en-us/windows/enable-disable-ctrl-alt-delete-logon 

The agent logs (C:\ProgramFiles\RedHat\RHEV\Tools\InstallLogs\Install.rhev-agent-service) on Windows I see: 

Trying to login with SecureLogin (Ctrl + Alt + Del): 
Dummy-1::INFO::2014-07-11 22:59:45,596::ovirtguestservice::63::root::Starting OVirt Guest Agent service
Dummy-2::INFO::2014-07-12 00:05:33,802::ovirtagentlogic::266::root::Received an external command: lock-screen...
Dummy-2::ERROR::2014-07-12 00:05:33,802::guestagentwin32::302::root::LockWorkStation exception
Traceback (most recent call last):
  File "GuestAgentWin32.pyc", line 272, in LockWorkStation                               <<<-----------------===============-----------------
error: (1008, 'WTSQueryUserToken', 'Wykonano pr\xf3b\xea odwo\xb3ania si\xea do tokena, kt\xf3ry nie istnieje.')
Dummy-2::INFO::2014-07-12 00:05:33,990::ovirtagentlogic::266::root::Received an external command: login...
Dummy-2::ERROR::2014-07-12 00:05:35,006::guestagentwin32::197::root::Error writing credentials to pipe [1/3] (error = 2)
Dummy-2::ERROR::2014-07-12 00:05:36,006::guestagentwin32::197::root::Error writing credentials to pipe [2/3] (error = 2)
Dummy-2::ERROR::2014-07-12 00:05:37,006::guestagentwin32::197::root::Error writing credentials to pipe [3/3] (error = 2)
Dummy-2::INFO::2014-07-12 00:07:07,911::ovirtagentlogic::266::root::Received an external command: lock-screen...
Dummy-2::ERROR::2014-07-12 00:07:07,911::guestagentwin32::302::root::LockWorkStation exception
Traceback (most recent call last):
  File "GuestAgentWin32.pyc", line 272, in LockWorkStation

After a manual press CTRL+ALT+DEL is ok: 
Dummy-2 :: INFO :: 2014-07-12 10:24:01,197 :: ovirtagentlogic :: 266 :: root :: Received an external command: login ... 

In version 3.3 (RHEV-toolsSetup_3.3_14.iso) this works fine . Issue noticed on RHEV-toolsSetup_3.4_7.iso .

I guess the code points to :
===============================================================
 263     # The LockWorkStation function is callable only by processes running on the
264     # interactive desktop.
265     def LockWorkStation(self):
266         try:
267             logging.debug("LockWorkStation was called.")
268             sessionId = GetActiveSessionId()
269             if sessionId != 0xffffffff:
270                 logging.debug("Locking workstation (session %d)", sessionId)
271                 dupToken = None
272                 userToken = win32ts.WTSQueryUserToken(sessionId)
273                 if userToken is not None:
274                     logging.debug("Got the active user token.")
275                     # The following access rights are required 
===============================================================

Similar bug for w2k12
https://bugzilla.redhat.com/show_bug.cgi?id=965664


Version-Release number of selected component (if applicable):
 3.4.0-0.22 
Win7-32bit
RHEV-toolsSetup_3.4_7.iso ( works well on RHEV-toolsSetup_3.3_14.iso )

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:
SSO does not work after a control+alt+delete

Expected results:
SSo works while accessing guest console .

Additional info:
http://windows.microsoft.com/en-us/windows/enable-disable-ctrl-alt-delete-logon

Comment 7 Jaison Raju 2014-08-14 04:40:06 UTC
Created attachment 926624 [details]
tools logs

Comment 9 Vinzenz Feenstra [evilissimo] 2014-08-27 13:08:06 UTC
Created attachment 931459 [details]
Registry value to enable software generated 'Secure Attention Sequence' triggers

Comment 11 Vinzenz Feenstra [evilissimo] 2014-09-29 09:01:56 UTC
@Jaison Raju: Is there any update?

Comment 14 Vinzenz Feenstra [evilissimo] 2014-10-06 06:46:29 UTC
We found a potential cause for this and prepared a fix which will be available with the rhevm-guest-agent 1.0.10-2 build.

Moving the bug on QE

Comment 15 Michal Skrivanek 2014-10-30 09:50:55 UTC
testing is blocked by bug 1158470, but there's nothing to be done for this bug, please follow the dependent one and once it's fixed proceed with testing of this one

Comment 16 Pedro Aleluia 2014-11-06 18:11:09 UTC
I have the same error only when we use centos 7 as host.

Comment 17 Jiri Belka 2014-11-24 09:56:18 UTC
ok, 3.5.7 / vt11 (w7 32/64bit).

Comment 18 Omer Frenkel 2015-02-17 08:27:17 UTC
RHEV-M 3.5.0 has been released