Bug 1124263 - [Windows Guest Tools] SSO not working on Windows 7 when secure logon is enabled
Summary: [Windows Guest Tools] SSO not working on Windows 7 when secure logon is enabled
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-guest-agent
Version: 3.4.0
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
: 3.5.0
Assignee: Vinzenz Feenstra [evilissimo]
QA Contact: Jiri Belka
URL:
Whiteboard: virt
Depends On: 1158470
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-29 07:30 UTC by Jaison Raju
Modified: 2019-04-28 09:20 UTC (History)
9 users (show)

Fixed In Version: rhevm-guest-agent-1.0.10-2
Doc Type: Bug Fix
Doc Text:
Previously the Single Sign on feature of RHEV-M did not correctly work on some 32 Bit Windows systems if the secure logon feature of windows was enabled. This limitation has been now resolved and single sign on does now also work on 32 Bit windows systems with secure logon enabled.
Clone Of:
Environment:
Last Closed: 2015-02-17 08:27:17 UTC
oVirt Team: ---


Attachments (Terms of Use)
tools logs (863.92 KB, application/zip)
2014-08-14 04:40 UTC, Jaison Raju
no flags Details
Registry value to enable software generated 'Secure Attention Sequence' triggers (156 bytes, text/plain)
2014-08-27 13:08 UTC, Vinzenz Feenstra [evilissimo]
no flags Details


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 32039 master MERGED win: Enable policy for software SAS Never
oVirt gerrit 33533 ovirt-3.5 MERGED win: Enable policy for software SAS Never

Description Jaison Raju 2014-07-29 07:30:28 UTC
Description of problem:

Customer cannot do SSO after enabling secure logon (Ctrl+Alt+Delete). 
When secure logon is disabled login using SSO works properly. 
http://windows.microsoft.com/en-us/windows/enable-disable-ctrl-alt-delete-logon 

The agent logs (C:\ProgramFiles\RedHat\RHEV\Tools\InstallLogs\Install.rhev-agent-service) on Windows I see: 

Trying to login with SecureLogin (Ctrl + Alt + Del): 
Dummy-1::INFO::2014-07-11 22:59:45,596::ovirtguestservice::63::root::Starting OVirt Guest Agent service
Dummy-2::INFO::2014-07-12 00:05:33,802::ovirtagentlogic::266::root::Received an external command: lock-screen...
Dummy-2::ERROR::2014-07-12 00:05:33,802::guestagentwin32::302::root::LockWorkStation exception
Traceback (most recent call last):
  File "GuestAgentWin32.pyc", line 272, in LockWorkStation                               <<<-----------------===============-----------------
error: (1008, 'WTSQueryUserToken', 'Wykonano pr\xf3b\xea odwo\xb3ania si\xea do tokena, kt\xf3ry nie istnieje.')
Dummy-2::INFO::2014-07-12 00:05:33,990::ovirtagentlogic::266::root::Received an external command: login...
Dummy-2::ERROR::2014-07-12 00:05:35,006::guestagentwin32::197::root::Error writing credentials to pipe [1/3] (error = 2)
Dummy-2::ERROR::2014-07-12 00:05:36,006::guestagentwin32::197::root::Error writing credentials to pipe [2/3] (error = 2)
Dummy-2::ERROR::2014-07-12 00:05:37,006::guestagentwin32::197::root::Error writing credentials to pipe [3/3] (error = 2)
Dummy-2::INFO::2014-07-12 00:07:07,911::ovirtagentlogic::266::root::Received an external command: lock-screen...
Dummy-2::ERROR::2014-07-12 00:07:07,911::guestagentwin32::302::root::LockWorkStation exception
Traceback (most recent call last):
  File "GuestAgentWin32.pyc", line 272, in LockWorkStation

After a manual press CTRL+ALT+DEL is ok: 
Dummy-2 :: INFO :: 2014-07-12 10:24:01,197 :: ovirtagentlogic :: 266 :: root :: Received an external command: login ... 

In version 3.3 (RHEV-toolsSetup_3.3_14.iso) this works fine . Issue noticed on RHEV-toolsSetup_3.4_7.iso .

I guess the code points to :
===============================================================
 263     # The LockWorkStation function is callable only by processes running on the
264     # interactive desktop.
265     def LockWorkStation(self):
266         try:
267             logging.debug("LockWorkStation was called.")
268             sessionId = GetActiveSessionId()
269             if sessionId != 0xffffffff:
270                 logging.debug("Locking workstation (session %d)", sessionId)
271                 dupToken = None
272                 userToken = win32ts.WTSQueryUserToken(sessionId)
273                 if userToken is not None:
274                     logging.debug("Got the active user token.")
275                     # The following access rights are required 
===============================================================

Similar bug for w2k12
https://bugzilla.redhat.com/show_bug.cgi?id=965664


Version-Release number of selected component (if applicable):
 3.4.0-0.22 
Win7-32bit
RHEV-toolsSetup_3.4_7.iso ( works well on RHEV-toolsSetup_3.3_14.iso )

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:
SSO does not work after a control+alt+delete

Expected results:
SSo works while accessing guest console .

Additional info:
http://windows.microsoft.com/en-us/windows/enable-disable-ctrl-alt-delete-logon

Comment 7 Jaison Raju 2014-08-14 04:40:06 UTC
Created attachment 926624 [details]
tools logs

Comment 9 Vinzenz Feenstra [evilissimo] 2014-08-27 13:08:06 UTC
Created attachment 931459 [details]
Registry value to enable software generated 'Secure Attention Sequence' triggers

Comment 11 Vinzenz Feenstra [evilissimo] 2014-09-29 09:01:56 UTC
@Jaison Raju: Is there any update?

Comment 14 Vinzenz Feenstra [evilissimo] 2014-10-06 06:46:29 UTC
We found a potential cause for this and prepared a fix which will be available with the rhevm-guest-agent 1.0.10-2 build.

Moving the bug on QE

Comment 15 Michal Skrivanek 2014-10-30 09:50:55 UTC
testing is blocked by bug 1158470, but there's nothing to be done for this bug, please follow the dependent one and once it's fixed proceed with testing of this one

Comment 16 Pedro Aleluia 2014-11-06 18:11:09 UTC
I have the same error only when we use centos 7 as host.

Comment 17 Jiri Belka 2014-11-24 09:56:18 UTC
ok, 3.5.7 / vt11 (w7 32/64bit).

Comment 18 Omer Frenkel 2015-02-17 08:27:17 UTC
RHEV-M 3.5.0 has been released


Note You need to log in before you can comment on or make changes to this bug.