• Support Home
  • Create New
    • Ask a question
    • Post an idea
  • Categories
    • Announcements
    • Audio Driver
    • Beta Releases
      • Cloud Access 2.9 Beta
    • Cloud Access Platform
    • Cloud Access Software
      • Cloud Access Manager
      • Early Access to PCoIP Client for Linux
    • Hardware Accelerator
    • Management Console
    • Optimized Thin Client
    • PCoIP Protocol Technology
    • PCoIP in Amazon WorkSpaces
    • PCoIP in VMware Horizon View
    • Remote Workstation Card
    • Software Client
    • Workstation Access Software
    • Zero Client
  • Explore
    • Topics
    • Questions
    • Ideas
    • Users
  • Sign in
  • Home /
  • PCoIP in Amazon WorkSpaces /
avatar image
Question by Monty617 · Dec 31, 2015 at 02:00 PM · pcoip workstation access software

Kerberos Authentication Errors in Connection Manager (AWS Workspaces)

Installed the PCoIP Connection Manager for Amazon WorkSpaces instance per documentation and when running diagnostics or connection with Zero Clients we are getting authentication errors. We are able to connect to Workspaces directly so no issues there. It also appears that initial handshake is established but then fails auth. The instance is in the same VPC and Subnet as the Workspaces. Error log below:

2015-12-31T13:51:40.057Z TRACE PCMUtils                            : Client-Log-Id generated: 686b389e-a59e-4ccf-84fd-3536327ae21a
2015-12-31T13:51:40.073Z INFO  Context                             id=686b389e-a59e-4ccf-84fd-3536327ae21a s=none c=0021: ========> Detected a new session from client at 127.0.0.1
2015-12-31T13:51:40.075Z TRACE PCoIPConnectionManagerPBPServlet    id=686b389e-a59e-4ccf-84fd-3536327ae21a s=none c=0021: Received request from client (hello): <?xml version="1.0" encoding="UTF-8"?><pcoip-client version="2.1"><hello><client-info><product-name>Teradici Session Test Emulator</product-name><product-version>0.0.0</product-version><platform>Ubuntu 12.04</platform><locale>en_US</locale><hostname>my-ste-hostname</hostname><serial-number>my-ste-serial-number</serial-number><device-name>my-ste-device-name</device-name><organization-id>my-organization</organization-id></client-info><caps></caps></hello></pcoip-client>
2015-12-31T13:51:40.075Z TRACE AuthenticationAppliancePreProcessor id=686b389e-a59e-4ccf-84fd-3536327ae21a s=none c=0021: Pre-processing message of type: Value: hello
2015-12-31T13:51:40.076Z TRACE Context                             id=686b389e-a59e-4ccf-84fd-3536327ae21a s=none c=0021: Setting PBP version negotiated with client to 2.1
2015-12-31T13:51:40.076Z TRACE Context                             id=686b389e-a59e-4ccf-84fd-3536327ae21a s=none c=0021: Setting PBP version negotiated with broker to 2.1
2015-12-31T13:51:40.087Z TRACE Context                             id=686b389e-a59e-4ccf-84fd-3536327ae21a s=none c=0021: Setting locale to en_US
2015-12-31T13:51:40.087Z TRACE PCMUtils                            id=686b389e-a59e-4ccf-84fd-3536327ae21a s=none c=0021: X-Forwarded-For sent to the broker: 127.0.0.1
2015-12-31T13:51:40.175Z TRACE PCoIPBrokerHttpsConnectionImpl      id=686b389e-a59e-4ccf-84fd-3536327ae21a s=none c=0021: Sending request to AWS broker (hello): <?xml version="1.0" encoding="UTF-8"?><pcoip-client version="2.1"><hello><client-info><product-name>Teradici Session Test Emulator</product-name><product-version>0.0.0</product-version><platform>Ubuntu 12.04</platform><locale>en_US</locale><hostname>my-ste-hostname</hostname><serial-number>my-ste-serial-number</serial-number><device-name>my-ste-device-name</device-name><organization-id>XXXXXXXXX</organization-id></client-info><pcm-info><product-name>PCoIP Connection Manager for Amazon WorkSpaces</product-name><product-version>1.0.3.127.46151</product-version><platform>GNU/Linux x86_64</platform><ip-address>XXX.XXX.XXX.XXX</ip-address><hostname>XXXXXXXXX.ec2.internal</hostname></pcm-info><caps><cap>CAP_KERBEROS_AUTHENTICATION</cap><cap>CAP_ALTERNATE_PROVISIONING</cap></caps></hello></pcoip-client>
2015-12-31T13:51:40.246Z TRACE PCoIPBrokerHttpsConnectionImpl      id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0021: Received response from AWS broker (hello-resp): <?xml version="1.0" encoding="UTF-8" standalone="yes"?><pcoip-client revision="0" version="2.1"><hello-resp><brokers-info><broker-info><product-name>AWS WorkSpaces Connection Manager</product-name><product-version></product-version><platform></platform><locale></locale><ip-address></ip-address><hostname></hostname></broker-info></brokers-info><next-authentication><authentication-methods><method>AUTHENTICATE_VIA_KERBEROS</method></authentication-methods><domains/><kerberos-parameters><request-password/></kerberos-parameters></next-authentication></hello-resp></pcoip-client>
2015-12-31T13:51:40.246Z INFO  PCoIPBrokerHttpsConnectionImpl      id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0021: Received Set-Cookie: JSESSIONID=db9e****3a0b;HttpOnly;Secure
2015-12-31T13:51:40.246Z TRACE uthenticationAppliancePostProcessor id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0021: Post-processing message: Value: hello
2015-12-31T13:51:40.246Z TRACE Context                             id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0021: Setting PBP version negotiated with broker to 2.1
2015-12-31T13:51:40.247Z TRACE Context                             id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0021: Setting PBP version negotiated with client to 2.1
2015-12-31T13:51:40.249Z TRACE PCoIPConnectionManagerPBPServlet    id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0021: Sending response to client (hello-resp): <?xml version="1.0" encoding="UTF-8"?><pcoip-client version="2.1"><hello-resp><brokers-info><broker-info><product-name>AWS WorkSpaces Connection Manager</product-name><product-version /><platform /><locale>en_US</locale><ip-address /><hostname /></broker-info></brokers-info><pcm-info><product-name>PCoIP Connection Manager for Amazon WorkSpaces</product-name><product-version>1.0.3.127.46151</product-version><platform>GNU/Linux x86_64</platform><ip-address>XXX.XXX.XXX.XXX</ip-address><hostname>XXXXXXXXX.ec2.internal</hostname></pcm-info><next-authentication><authentication-methods><method>AUTHENTICATE_VIA_PASSWORD</method></authentication-methods><domains><domain>XXXXXXXXX.com</domain></domains></next-authentication></hello-resp></pcoip-client>
2015-12-31T13:51:40.255Z TRACE PCoIPConnectionManagerPBPServlet    id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0021: Processing request (hello) / response (hello-resp) took: 182ms
2015-12-31T13:51:40.310Z TRACE PCoIPConnectionManagerPBPServlet    id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: Received request from client (authenticate): <?xml version="1.0" encoding="UTF-8"?><pcoip-client version="2.1"><authenticate method="password"><username>XXXXXXXXX</username><password>****</password><domain>XXXXXXXXX</domain></authenticate></pcoip-client>
2015-12-31T13:51:40.311Z TRACE AuthenticationAppliancePreProcessor id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: Pre-processing message of type: Value: authenticate (with password)
2015-12-31T13:51:40.311Z DEBUG AuthenticationAppliancePreProcessor id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: Using Java KRB5.
2015-12-31T13:51:40.371Z TRACE PCoIPProcessorHelper                id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: Retrieved request-password: true
2015-12-31T13:51:40.382Z TRACE PCMUtils                            id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: X-Forwarded-For sent to the broker: 127.0.0.1
2015-12-31T13:51:40.389Z TRACE PCoIPBrokerHttpsConnectionImpl      id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: Sending request to AWS broker (authenticate): <?xml version="1.0" encoding="UTF-8"?><pcoip-client version="2.1"><authenticate method="kerberos"><kerberos-ticket>****</kerberos-ticket><user-principal-name>XXXXXXXXX@XXXXXXXXX.COM</user-principal-name><password>****</password></authenticate></pcoip-client>
2015-12-31T13:51:40.636Z TRACE PCoIPBrokerHttpsConnectionImpl      id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: Received response from AWS broker (authenticate-resp): <?xml version="1.0" encoding="UTF-8" standalone="yes"?><pcoip-client revision="0" version="2.1"><authenticate-resp method="kerberos"><result><result-id>AUTH_FAILED_KERBEROS_TICKET_INVALID</result-id><result-str>Authentication failed. Invalid kerberos ticket.</result-str></result></authenticate-resp></pcoip-client>
2015-12-31T13:51:40.636Z TRACE uthenticationAppliancePostProcessor id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: Post-processing message: Value: authenticate (with password)
2015-12-31T13:51:40.637Z TRACE PCoIPConnectionManagerPBPServlet    id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: Sending response to client (authenticate-resp): <?xml version="1.0" encoding="UTF-8"?><pcoip-client version="2.1"><authenticate-resp method="password"><result><result-id>AUTH_FAILED_UNKNOWN_USERNAME_OR_PASSWORD</result-id><result-str>User authentication failed. Please re-enter username, password, and/or domain.</result-str></result></authenticate-resp></pcoip-client>
2015-12-31T13:51:40.638Z TRACE PCoIPConnectionManagerPBPServlet    id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0022: Processing request (authenticate) / response (authenticate-resp) took: 329ms
2015-12-31T13:51:40.682Z TRACE PCoIPConnectionManagerPBPServlet    id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0023: Received request from client (bye): <?xml version="1.0" encoding="UTF-8"?><pcoip-client version="2.1"><bye><reason>Session Test finsihed.</reason></bye></pcoip-client>
2015-12-31T13:51:40.682Z TRACE AuthenticationAppliancePreProcessor id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0023: Pre-processing message of type: Value: bye
2015-12-31T13:51:40.687Z TRACE PCMUtils                            id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0023: X-Forwarded-For sent to the broker: 127.0.0.1
2015-12-31T13:51:40.704Z TRACE PCoIPBrokerHttpsConnectionImpl      id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0023: Sending request to AWS broker (bye): <?xml version="1.0" encoding="UTF-8"?><pcoip-client version="2.1"><bye><reason>Session Test finsihed.</reason></bye></pcoip-client>
2015-12-31T13:51:40.740Z TRACE PCoIPBrokerHttpsConnectionImpl      id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0023: Received response from AWS broker (error-resp): <?xml version="1.0" encoding="UTF-8" standalone="yes"?><pcoip-client revision="0" version="2.1"><error-resp><result><result-id>ERR_INVALID_SESSION</result-id><result-str>The sessionId provided is invalid</result-str></result><detected-by>PCM</detected-by></error-resp></pcoip-client>
2015-12-31T13:51:40.740Z TRACE uthenticationAppliancePostProcessor id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0023: Post-processing message: Value: bye
2015-12-31T13:51:40.741Z TRACE PCoIPConnectionManagerPBPServlet    id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0023: Sending response to client (error-resp): <?xml version="1.0" encoding="UTF-8"?><pcoip-client version="2.1"><error-resp><result><result-id>ERR_INVALID_SESSION</result-id><result-str>Error 6606: Command failed. Please report this failure to your system administrator.</result-str></result><detected-by>BROKER</detected-by></error-resp></pcoip-client>
2015-12-31T13:51:40.742Z TRACE PCoIPConnectionManagerPBPServlet    id=686b389e-a59e-4ccf-84fd-3536327ae21a s=0007 c=0023: Processing request (bye) / response (error-resp) took: 77ms

Comment

People who like this

0 Show 1
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image Monty617 · Dec 31, 2015 at 02:05 PM 0
Share

pcoip-connmgr-2015.txt

pcoip-connmgr-2015.txt (10.3 kB)

4 Replies

· Add your reply
  • Sort: 
avatar image
Best Answer

Answer by Monty617 · Jan 04, 2016 at 12:54 PM

So to answer my own question it looks like the Teradici PCoIP Connection Manager instance may not fully support Microsoft AD in AWS. Rebuilt the domain in Amazon Simple AD and it works like a charm. If anyone has any experience with MS AD and can provide some insight it would be greatly appreciated.

Comment

People who like this

0 Show 0 · Share
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image

Answer by krama westzaan · Mar 21, 2016 at 12:46 PM

Hi Monty617,

My error messages are almost the same.

Do you have some logging that backs 'it looks like the Teradici PCoIP Connection Manager instance may not fully support Microsoft AD in AWS.'?

Thx

Krama

Comment

People who like this

0 Show 0 · Share
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image

Answer by Monty617 · Mar 21, 2016 at 01:42 PM

Luckily this was a new build so we were able to switch to Amazon Simple AD. Would have liked to have the option of MS AD for other reasons but at this point we have moved on. If anyone has any progress in this area we would certainly be interested.

Comment

People who like this

0 Show 0 · Share
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image

Answer by krama westzaan · Mar 21, 2016 at 01:59 PM

Thx for sharing. We arent that lucky, we have and need MS AD so we cant switch.

Comment

People who like this

0 Show 0 · Share
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Welcome to the PCoIP Community Forum!

This forum hosts discussions about Teradici's technologies, and allows our users to connect with one another for community support and advice, as well as interacting directly with the Teradici technical support team

If you are having issues logging in, please submit a Customer Support Inquiry and select 'Account Management'. We will review your inquiry and respond as soon as possible.

Unrelated content posted to this forum will result in your account being suspended and/or deactivated.

Recently purchased PCoIP Zero Clients or PCoIP Remote Workstation Cards?

Register your purchase for a one year subscription to Teradici Desktop Access (PCoIP Zero Clients) or Cloud Access (PCoIP Remote Workstation Cards)

REGISTER
Zero Clients
REGISTER
Remote Workstation Cards
Follow this question

Related Questions

Teradici Amazon Workspaces PCoIP Connection Manager - Help / Issues 1 Answer

How to Use Software Client to Connect to Amazon Workspaces 11 Answers

  • Teradici Support Site
  • Teradici.com
  • Privacy
  • Terms and Conditions
  • Submit Feedback
  • Contact Us

Powered by AnswerHub

  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Post an idea
  • Categories
  • Announcements
  • Audio Driver
  • Beta Releases
    • Cloud Access 2.9 Beta
  • Cloud Access Platform
  • Cloud Access Software
    • Cloud Access Manager
    • Early Access to PCoIP Client for Linux
  • Hardware Accelerator
  • Management Console
  • Optimized Thin Client
  • PCoIP Protocol Technology
  • PCoIP in Amazon WorkSpaces
  • PCoIP in VMware Horizon View
  • Remote Workstation Card
  • Software Client
  • Workstation Access Software
  • Zero Client
  • Explore
  • Topics
  • Questions
  • Ideas
  • Users
  • Badges