[Solved] Encryption password for guest OS no longer working

Discussions about using Mac OS X guests (on Apple hardware) in VirtualBox.

[Solved] Encryption password for guest OS no longer working

Postby t6535 » 4. Mar 2019, 17:30

Hi,
I had encrypted several guest OSes with the same disk encryption settings in virtualbox 6.0.4:
Disk encryption cipher: AES-XTS256-PLAIN264 (Settings --> Disk Encryption --> Enable Disk Encryption)
I used the same password for all VMs

Everything had been working fine for several days, but today I cannot start ANY of the VMs, here's the error message I get:
"Encryption password for ID = [VM name] is invalid."

Also, the fact that the issue is present across all my VMs is mindboggling.

The host is running macOS Mojave.

I have tried typing in the password as well as copy-pasting it, so I don't think it's a keyboard issue. I am also 100% sure that it is typed correctly (I have checked multiple sources).

I would highly appreciate if you have any ideas that are worth trying. Unfortunately, I have valuable information inside these VMs that is not backed up, and now that the encryption password is not working I am worried that I lost my data.
Last edited by socratis on 7. Mar 2019, 20:55, edited 1 time in total.
Reason: Marked as [Solved].
t6535
 
Posts: 8
Joined: 4. Mar 2019, 17:19

Re: Encryption password for guest OS no longer working

Postby socratis » 4. Mar 2019, 17:51

Pick a VM, any VM that has a problem and post its VBOX file.

Right-click on the VM in the VirtualBox Manager. Select "Show in Finder". ZIP the selected ".vbox" file and attach it to your response.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 24208
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Encryption password for guest OS no longer working

Postby t6535 » 4. Mar 2019, 17:56

Thanks so much for the quick reply. I really appreciate it.

I am attaching the vbox file.

Please let me know if there's any other info I can give you.
Attachments
VBOX.vbox.zip
(2.09 KiB) Downloaded 12 times
t6535
 
Posts: 8
Joined: 4. Mar 2019, 17:19

Re: Encryption password for guest OS no longer working

Postby socratis » 4. Mar 2019, 18:28

Please post the file "/Users/<you>/Library/VirtualBox/VirtualBox.xml" and the "VirtualBox.xml-prev" next to it. ZIP them and attach them to your reply...

This VM does NOT contain an encrypted VDI. In fact things don't look to good to be honest with you... The whole <MediaRegistry> section is missing! Example of a section like that, with an encrypted medium:
<MediaRegistry>
<HardDisks>
<HardDisk uuid="{992e63e4-85b9-4018-8812-2df7ef337b57}" location="FreeDOS 1.2 Clone.vdi" format="VDI" type="Normal">
<Property name="CRYPT/KeyId" value="FreeDOS 1.2 Clone"/>
<Property name="CRYPT/KeyStore" value="U0NORQABQUVTLVhUUzI1Ni1QTEFJTjY0AAAAAAAAAAAAAAAAAABQQktERjItU0hB&#10;MjU2AAAAAAAAAAAAAAAAAAAAAAAAAEAAAADikV3FgL9VJdN8+VmKIsrNQcacaYLe&#10;Lhom8iF6BIlvwCAAAACRqZyzjqwGKW/cyOFlF4jZQsGZ3w19r5FD539Zr1/RxSBO&#10;AACF1XUPNmHy+u5mMJxEMZhOETtQZV+OLLF/Ris2g4wsteAiAgBAAAAAgkOchi9D&#10;OsL7UbXcUPw9d+bszpN04bVUAaWxCaGF2oVx/JqQ+x5wr9G7jrQZChTSUSKzOrHa&#10;nD2ZkNWpEyq9nQ=="/>
</HardDisk>
</HardDisks>
</MediaRegistry>


If this is what I think it is, then:
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 24208
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Encryption password for guest OS no longer working

Postby t6535 » 4. Mar 2019, 20:11

Oh that doesn't sound good :(
I am attaching a ZIP file with the XML files. Hope there's something that can be done.
Thanks again for the follow-up.
Attachments
VirtualBoxXML.zip
(3.89 KiB) Downloaded 17 times
t6535
 
Posts: 8
Joined: 4. Mar 2019, 17:19

Re: Encryption password for guest OS no longer working

Postby socratis » 5. Mar 2019, 00:33

OK, it *is* the thing I was afraid of, a really rare bug. So "rare" and not-reproducible that I haven't filed a ticket for it, and I haven't heard of anyone reporting this except myself. I've been bitten a couple of times by that, but since I'm messing all the time with different versions, always testing the latest test builds, I thought it might have something to do with that aspect...

Here's what's going on... There is a section in each .VBOX file that holds the registered media, an example of which I showed you in my last post.

For some really weird reason, and under some really funky, unknown conditions, that same section can be found in the global settings file, VirtualBox.xml, but missing from the .vbox file!

VirtualBox will honor both locations. And that's part of the problem, because everything seems "normal", everything is working, snapshots, reverting, the whole thing. The only way to find out (and that's how I found out) was to copy the VM and try to register it on another host. The VM is not functioning, since the <MediaRegistry> section is missing from the VM config, and it's in the per-host config. Not supposed to be like that!

And this is exactly what's happening in your case; the <MediaRegistry> section is missing from your .vbox, but it's in the VirtualBox.xml. Now, in theory, this "move" should work and you should be prompted for your password. But obviously you're not.

Can you tell me exactly what happend? How did you end up like that? Did you move/create/change anything? Or it started happening just all of a sudden? I need each and every detail, no matter how insignificant you might think it is; we're trying to solve a mystery here...
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 24208
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Encryption password for guest OS no longer working

Postby t6535 » 5. Mar 2019, 02:01

At T=0 I started both VMs, everything was running as usual. I did not do any changes to the guest OSes (I did not touch anything beyond the home directory and certainly nothing that requires sudo).

At T0+~3h I shut down both guest OSes, the way I usually do, which is from within the guest OS.

At T0+~3.25h I thought I should try to change the settings to optimize performance (for some reason the VMs have been very slow since I first installed them, but I was never able to figure out why). For the two VMs, I reduced the number of processors from 2 to 1. I also reduced the base memory in both, but I don't remember by how much. I did not try to start the VMs after changing these settings and I put my host OS to sleep.

At T0+~9h I tried to start the VMs but the encryption password no longer worked. After it became clear that it wasn't just a case of a typing error, here's what I tried:

- Restored the processor and memory settings to the best of my recollection
- I thought it might be an issue with VirtualBox and not the images themselves since I thought it's unlikely that both became corrupted at the same time. So I installed VirtualBox 5.2 along with the appropriate extension pack but that didn't work either
- I reinstalled VirtualBox 6.0.4 with the appropriate extension but the problem persisted

That's about everything I can remember, but let me know if you have any specific questions or if any logs can be helpful.

My understanding of all of this is rather naive, but is it worth trying to manually copy the <MediaRegistry> part from the VirtualBox.xml to the .vbox?

Again, thanks so much. I really appreciate all your help.
t6535
 
Posts: 8
Joined: 4. Mar 2019, 17:19

Re: Encryption password for guest OS no longer working

Postby klaus » 5. Mar 2019, 13:31

The media registry transfer to VirtualBox.xml shouldn't happen (and while I know a reason in which this can happen you definitely didn't mention the magic words "cloning" or "importing" so far), but as such shouldn't be harmful. All the vital information is still there (and the KeyStore stuff isn't lost, which is the most important thing as this is where the password encrypted key for the data on disk lives). The only catch is that it wouldn't move with the VM as intended when copying the directory to a different system.
klaus
Oracle Corporation
 
Posts: 682
Joined: 10. May 2007, 14:57

Re: Encryption password for guest OS no longer working

Postby aeichner » 5. Mar 2019, 13:43

Please also attach the VBox.log and <VM name>.vbox and <VM name>.vbox-prev files for the affected VM. I wasn't able to reproduce your issue here by moving the medium to the global registry. Encrypted disks still work here.
aeichner
Oracle Corporation
 
Posts: 154
Joined: 31. Aug 2007, 19:12

Re: Encryption password for guest OS no longer working

Postby t6535 » 5. Mar 2019, 19:19

Thank you so much for your help.

I am very glad to hear that the vital information is still there. Any suggestions on how I can proceed to access my VM again?

I am attaching a zip file containing the VBox.log and <VM name>.vbox and <VM name>.vbox-prev files.

Klaus: just to clarify, I did not do any "cloning" or "importing". After the password stopped working, I did try to install VirtualBox 5.2 instead of the 6.0 I had been using, but since the VM directories were the same I did not have to import anything. Anyway, that didn't work and I again replaced 5.2 with 6.0.
Attachments
VBox_files.zip
(99.05 KiB) Downloaded 28 times
t6535
 
Posts: 8
Joined: 4. Mar 2019, 17:19

Re: Encryption password for guest OS no longer working

Postby t6535 » 7. Mar 2019, 14:00

Hi again,
Sorry for the persistence, but any thoughts on how I can access my vm again?
Thanks a lot.
t6535
 
Posts: 8
Joined: 4. Mar 2019, 17:19

Re: Encryption password for guest OS no longer working

Postby mpack » 7. Mar 2019, 16:11

The attachment contains manually edited "VirtualBox.xml" and "Whonix-Gateway.XFCE.vbox". You should back up your existing copies of these files and overwrite them with these - report the results.

I notice that two encrypted hard disks are registered (incorrectly) in VirtualBox.xml, only one of those was used by the VM, so presumably there's another VM with the same problem which will need a similar fix (I did not bother to read the above discussion, so perhaps you already said).
Attachments
Whonix-Gateway-XFCE.vbox.zip
(3.51 KiB) Downloaded 14 times
mpack
Site Moderator
 
Posts: 29306
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: Encryption password for guest OS no longer working

Postby socratis » 7. Mar 2019, 18:40

First of all, sorry for the late reply, but things have been kind of crazy... Just look at how many tabs I have open on the to-answer-tab-list! That's not the whole list of tabs, plus the red topics are the ones I haven't read yet! :o

t6535 wrote:but any thoughts on how I can access my vm again?
What 'mpack' sent your way is the <MediaRegistry> section that's moved from the global "VirtualBox.xml" to the specific "Whonix-Gateway-XFCE.vbox". It's the same exact information, which is what it's supposed to be if things are right. That doesn't mean they're 100% wrong, they're just being read from the wrong place.

Now, I'm not sure if this will fix your problem or not. I'm leaning towards not, but you never know. As 'aeichner' said, this should not affect the availability of the encryption part.

But, these are pre-made VMs that you downloaded from someplace else. I know because I have them as well. There can't be too many things that you have there that you wouldn't mind losing, are there?
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 24208
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Re: Encryption password for guest OS no longer working

Postby t6535 » 7. Mar 2019, 20:36

It worked, thank you all so much!!
I did the same for the other VM, worked as well.
I'm backing everything up from now on ;)
t6535
 
Posts: 8
Joined: 4. Mar 2019, 17:19

Re: Encryption password for guest OS no longer working

Postby socratis » 7. Mar 2019, 20:54

aeichner wrote:I wasn't able to reproduce your issue here by moving the medium to the global registry. Encrypted disks still work here.
And I tried what "aeichner" tried as well, successfully. And then you come back with:
t6535 wrote:It worked ... I did the same for the other VM, worked as well.

The big question is why it was failing before!!! :shock:
/me scratches head...

Is there anything missing from your original description?

BTW, I'm really glad that the whole thing worked, marking as [Solved].
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
socratis
Site Moderator
 
Posts: 24208
Joined: 22. Oct 2010, 11:03
Location: Greece
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5

Next

Return to Mac OS X Guests

Who is online

Users browsing this forum: No registered users and 3 guests