External authentication

[mje]

Has external authentication for VRDP stopped working for Windows hosts? I have VirtualBox 4.3.26 r98988 running on a Win 7 64-bit host. When configuring a VM to use external authentication and attempting to connect from another computer using Windows RDP, after a long timeout the client complains about a licensing failure.

Coming back to the logs on the host show an authentication failure. I'm aware full credentials need to be supplied, when connecting I'm giving a valid user and password combination to the client.

This excerpt shows the transaction when attempting to authenticate through a domain controlled user on the host system:

Code: Select all

00:28:14.661914 VRDP: Connection opened (IPv4): 9
00:28:14.662078 VRDP: Negotiating security method with the client.
00:28:14.678765 VRDP: Methods 0x0000001b
00:28:14.678809 VRDP: Channel: [rdpdr] [1004]. Accepted.
00:28:14.678831 VRDP: Channel: [rdpsnd] [1005]. Accepted.
00:28:14.678851 VRDP: Channel: [drdynvc] [1006]. Accepted.
00:28:14.678871 VRDP: Channel: [cliprdr] [1007]. Accepted.
00:28:14.974044 VRDP: Client seems to be MSFT.
00:28:14.974092 VRDP: Logon: <redacted> (<redacted>) build 7601. User: [<redacted>] Domain: [<redacted>] Screen: 0
00:28:14.974258 AUTH: User: [<redacted>]. Domain: [<redacted>]. Authentication type: [External]
00:28:15.084107 AUTH: external authentication module returned 'access denied'
00:28:15.084142 AUTH: Access denied.
00:28:15.084163 VRDP: Connection closed: 9

Similarly when trying to authenticate via a local account on the host machine:

Code: Select all

00:21:03.182531 VRDP: Connection opened (IPv4): 7
00:21:03.182684 VRDP: Negotiating security method with the client.
00:21:03.191855 VRDP: Methods 0x0000001b
00:21:03.191891 VRDP: Channel: [rdpdr] [1004]. Accepted.
00:21:03.191904 VRDP: Channel: [rdpsnd] [1005]. Accepted.
00:21:03.191915 VRDP: Channel: [drdynvc] [1006]. Accepted.
00:21:03.191926 VRDP: Channel: [cliprdr] [1007]. Accepted.
00:21:03.213666 VRDP: Client seems to be MSFT.
00:21:03.213699 VRDP: Logon: <redacted> (<redacted>) build 7601. User: [<redacted>] Domain: [] Screen: 0
00:21:03.213839 AUTH: User: [<redacted>]. Domain: []. Authentication type: [External]
00:21:03.218356 AUTH: external authentication module returned 'access denied'
00:21:03.218384 AUTH: Access denied.
00:21:03.218397 VRDP: Connection closed: 7

Searching the forums seems to indicate this is an issue that keeps creeping up, but I've not seen any resolution that works beyond various records showing a patch fixed things. Is there any policy that my host may be using that would prevent using external authentication from working?

Regards,
-mje

[QI]

I have a similar problem. I have two Virtualbox systems which host several Windows clients. Yesterday I upgraded one Virtualbox installation (including the extension pack) to the latest version and experienced the problem that Remote display no longer worked. I reinstalled the latest version several times, but no succes.

Log file from computer with updated, not working, Virtualbox install:

00:04:56.225961 VRDP: New connection:
00:04:56.226035 VRDP: Connection opened (IPv4): 5
00:04:56.226258 VRDP: Negotiating security method with the client.
00:04:56.243716 VRDP: Methods 0x0000001b
00:04:56.243739 VRDP: Channel: [rdpdr] [1004]. Accepted.
00:04:56.243749 VRDP: Channel: [rdpsnd] [1005]. Accepted.
00:04:56.243759 VRDP: Channel: [drdynvc] [1006]. Accepted.
00:04:56.243768 VRDP: Channel: [cliprdr] [1007]. Accepted.
00:04:56.243776 VRDP: Unsupported SEC_TAG: 0xC006/8. Skipping.
00:04:56.243786 VRDP: Unsupported SEC_TAG: 0xC00A/8. Skipping.
00:04:56.333519 VRDP: Client seems to be MSFT.
00:04:56.333552 VRDP: VRDP: Logon: QINLDT30-01 (172.16.130.1) build 9600. User: [presscontroller] Domain: [HOME] Screen: 0
00:04:56.333870 AUTH: User: [presscontroller]. Domain: [HOME]. Authentication type: [External]
00:04:56.385562 AUTH: external authentication module returned 'access denied'
00:04:56.385580 AUTH: Access denied.
00:04:56.385594 VRDP: Connection closed: 5

Log file from computer with older, working Virtualbox install:

723:57:10.147411 VRDP: Negotiating security method with the client.
723:57:10.160913 VRDP: Methods 0x0000001b
723:57:10.160932 VRDP: Channel: [rdpdr] [1004]. Accepted.
723:57:10.160937 VRDP: Channel: [rdpsnd] [1005]. Accepted.
723:57:10.160943 VRDP: Channel: [cliprdr] [1006]. Accepted.
723:57:10.160947 VRDP: Channel: [drdynvc] [1007]. Accepted.
723:57:10.160952 VRDP: Unsupported SEC_TAG: 0xC006/8. Skipping.
723:57:10.160957 VRDP: Unsupported SEC_TAG: 0xC00A/8. Skipping.
723:57:10.206709 VRDP: Client seems to be MSFT.
723:57:10.206736 VRDP: Logon: QINLDT30-01 (172.16.130.1) build 9600. User: [presscontroller] Domain: [HOME] Screen: 0
723:57:10.206938 AUTH: User: [presscontroller]. Domain: [HOME]. Authentication type: [External]
723:57:10.239151 AUTH: external authentication module returned 'access granted'
723:57:10.239169 AUTH: Access granted.
723:57:10.239764 VRDP: Enabling upstream audio.
723:57:10.239814 VBVA: VRDP acceleration has been requested.
723:57:10.448429 VRDP: SunFlsh disabled.

Then I removed the newer Virtualbox install and reinstalled the older one and now it's working again:

00:02:08.477898 VRDP: New connection:
00:02:08.478074 VRDP: Negotiating security method with the client.
00:02:12.361244 VRDP: Methods 0x0000001b
00:02:12.361280 VRDP: Channel: [rdpdr] [1004]. Accepted.
00:02:12.361290 VRDP: Channel: [rdpsnd] [1005]. Accepted.
00:02:12.361299 VRDP: Channel: [cliprdr] [1006]. Accepted.
00:02:12.361308 VRDP: Channel: [drdynvc] [1007]. Accepted.
00:02:12.361316 VRDP: Unsupported SEC_TAG: 0xC006/8. Skipping.
00:02:12.361325 VRDP: Unsupported SEC_TAG: 0xC00A/8. Skipping.
00:02:12.407318 VRDP: Client seems to be MSFT.
00:02:12.407354 VRDP: Logon: QINLDT30-01 (172.16.130.1) build 9600. User: [presscontroller] Domain: [home] Screen: 0
00:02:12.407694 AUTH: User: [presscontroller]. Domain: [home]. Authentication type: [External]
00:02:12.451562 AUTH: external authentication module returned 'access granted'
00:02:12.451574 AUTH: Access granted.
00:02:12.452158 VRDP: Enabling upstream audio.
00:02:12.452202 VBVA: VRDP acceleration has been requested.
00:02:12.667290 VMMDev::SetVideoModeHint: got a video mode hint (1280x1024x0) at 0
00:02:12.667353 VRDP: SunFlsh disabled.

Looks to me as if there's a bug or issue with the latest version. The version info:

Older, working version: 4.2.6 r82870
Latest, not working, version: 4.3.28 r100309

[mje]

I have not resolved this issue to date. My RDP authentication is handled locally by each client machine, which is about the exact opposite of a well managed configuration.

QI, it's good to know there's an older version in which this works. I may revert my system.