Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Explorer

Unable to create any VPN site from Windows 10 Home

Dear all!

I'm trying to connect to some corporate VPN from my Windows 10 Home (1803) machine. For connection I use CheckPoint Mobile 80.85. I would like to point out that I'm an outsourcer and I have no idea what is VPN server configuration, I just've got an instruction from some company. I'm an IT guy but not a specialist in VPNs, network, security. So I'm unable to connect to this VPN from any Windows 10 Home machine. When I try to create a new site in client I've getting an error: Failed to create new site. Site is not responding. This problem persists on any Windows 10 Home machine which I've tried (I've tried 3). But I can connect perfectly to this VPN from Windows 7 Home or Windows 10 Pro.

The most interesting part of log is below:

[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_in: 2088: rc=0, next: 138736c with 0, req: 1024r, 0w
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_in: 2088: handler closed connection
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_end_conn: scheduling the end of connection 2088
[ 3896 4356][2 Dec 16:23:05][tevent] T_event_do_del: marking for deletion socket/type: 2088/0
[ 3896 4356][2 Dec 16:23:05][tevent] T_event_do_del: marking for deletion socket/type: 2088/1
[ 3896 4356][2 Dec 16:23:05][tevent] T_event_do_del: marking for deletion socket/type: 2088/0
[ 3896 4356][2 Dec 16:23:05][] T_event_do_del: failed to remove WSAsocket event
[ 3896 4356][2 Dec 16:23:05][tevent] T_event_do_del: marking for deletion socket/type: 2088/2
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_out: 1924: sent 0 of 143 bytes == 143 bytes to send
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_out: 1924: managed to send 143 of 143 bytes
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_out: 1924: call: 11eeed1 with 1
[ 3896 4356][2 Dec 16:23:05][cpwssl] cpWinSSL_fwasync_NegotiateHandler: state_read.
[ 3896 4356][2 Dec 16:23:05][] fwasync_conn_get: get max buffer size (1048576) .
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_out: 1924: rc=1, next: 11eeed1 with 1, req: 65536r, 0w
[ 3896 4356][2 Dec 16:23:05][] fwasync_connbuf_realloc: reallocating 0 from 0 to 66560
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_end_conn: closing connection 2088 (conn=33bb330)
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_end_conn: Removing connection 2088 from proxy's connection store(conn=33bb330)
[ 3896 4356][2 Dec 16:23:05][proxy_wrapper] ProxyWrapper::NotifyEndConnection (3): Starting ...
[ 3896 4356][2 Dec 16:23:05][TR_FIREWALL] CFirewallWrapper::RemoveSingleProxyRule (1): entering... my_addr:0, my_port:29634, peer_addr:0, peer_port:0
[ 3896 4356][2 Dec 16:23:05][] CFirewallWrapper::RemoveSingleProxyRule (1): ntohl(my_addr),ntohs(my_port),ntohl(peer_addr),ntohs(peer_port) : <0,49779> -> <0,0>
[ 3896 4356][2 Dec 16:23:05][TR_FIREWALL] CFirewallWrapper::RemoveSingleProxyRule (2): entering, src_ip_str=0.0.0.0, src_port=49779, dest_ip_str=0.0.0.0, dest_port=0
[ 3896 4356][2 Dec 16:23:05][TR_FIREWALL] CFirewallWrapper::RemoveSingleProxyRule (2): Firewall Driver Not Initialized
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_end_conn: end closing connection 33bb330 2088
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_in: 1924: got 0 of 65536 bytes == 65536 bytes required
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_in: 1924: managed to read 1761 of 65536 bytes
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_in: 1924: call: 11eeed1 with 1
[ 3896 4356][2 Dec 16:23:05][cpwssl] cpWinSSL_fwasync_NegotiateHandler: state_afterRead.
[ 3896 4356][2 Dec 16:23:05][cpwssl] cpWinSSL_fwasync_NegotiateHandler: Got 1761 negotiation bytes from peer.
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_conn_reset_read: 1924
[ 3896 4356][2 Dec 16:23:05][RunAs] SCRunAsInit: start...
[ 3896 4356][2 Dec 16:23:05][RunAs] SCRunAsInit: already initialized
[ 3896 4356][2 Dec 16:23:05][RunAs] SCRunAsInit: Ended
[ 3896 4356][2 Dec 16:23:05][RunAs] StartRunAsUser : calling StartRunAsUser_ex with default params
[ 3896 4356][2 Dec 16:23:05][RunAs] GetProcessIdFromName: Locating PID for explorer.exe
[ 3896 4356][2 Dec 16:23:05][RunAs] GetProcessIdFromName: Located PID 5524 for process
[ 3896 4356][2 Dec 16:23:05][RunAs] GetProcessIdFromName: Ended
[ 3896 4356][2 Dec 16:23:05][RunAs] GetCurrentShellProcessId: Current shell located as explorer.exe, process 5524
[ 3896 4356][2 Dec 16:23:05][RunAs] GetCurrentShellProcessId: Ended
[ 3896 4356][2 Dec 16:23:05][RunAs] GetSecurityContextInformation: Opening shell process
[ 3896 4356][2 Dec 16:23:05][RunAs] GetSecurityContextInformation: Opening shell process token
[ 3896 4356][2 Dec 16:23:05][RunAs] GetSecurityContextInformation: Duplicating shell process token
[ 3896 4356][2 Dec 16:23:05][RunAs] GetSecurityContextInformation: Creating environblock
[ 3896 4356][2 Dec 16:23:05][RunAs] GetSecurityContextInformation: Ended
[ 3896 4356][2 Dec 16:23:05][RunAs] StartRunAsUser_ex: return (0)

[ 3896 4356][2 Dec 16:23:05][wssl] ClientBufferedNeg: InitializeSecurityContextA returned SEC_E_INVALID_TOKEN
[ 3896 4356][2 Dec 16:23:05][wssl] ClientBufferedNeg: Error 0x80090308 returned by InitializeSecurityContext (2)
[ 3896 4356][2 Dec 16:23:05][wssl] ClientBufferedNeg: the error returned is the token supplied to the function is invalid

[ 3896 4356][2 Dec 16:23:05][RunAs] StopRunAsUser : calling StopRunAsUser_ex with default params
[ 3896 4356][2 Dec 16:23:05][RunAs] FreeSecurityContextInformation: Ended
[ 3896 4356][2 Dec 16:23:05][RunAs] StopRunAsUser_ex: return (0)
[ 3896 4356][2 Dec 16:23:05][cpwssl] cpWinSSL_fwasync_NegotiateHandler: ClientBufferedNeg returned with error.
[ 3896 4356][2 Dec 16:23:05][talkssl] error_handler_for_winssl: SSL negotiation error.-the token supplied to the function is invalid

[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_mux_in: 1924: rc=-1, next: 11eeed1 with 1, req: 65536r, 0w
[ 3896 4356][2 Dec 16:23:05][] fwasync_do_mux_in: 1924: handler returned with error
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_end_conn: scheduling the end of connection 1924
[ 3896 4356][2 Dec 16:23:05][tevent] T_event_do_del: marking for deletion socket/type: 1924/0
[ 3896 4356][2 Dec 16:23:05][tevent] T_event_do_del: marking for deletion socket/type: 1924/1
[ 3896 4356][2 Dec 16:23:05][tevent] T_event_do_del: marking for deletion socket/type: 1924/0
[ 3896 4356][2 Dec 16:23:05][] T_event_do_del: failed to remove WSAsocket event: The parameter is incorrect.
[ 3896 4356][2 Dec 16:23:05][tevent] T_event_do_del: marking for deletion socket/type: 1924/2
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_end_conn: closing connection 1924 (conn=2a1eee8)
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_end_conn: Removing connection 1924 from proxy's connection store(conn=2a1eee8)
[ 3896 4356][2 Dec 16:23:05][proxy_wrapper] ProxyWrapper::NotifyEndConnection (3): Starting ...
[ 3896 4356][2 Dec 16:23:05][TR_FIREWALL] CFirewallWrapper::RemoveSingleProxyRule (1): entering... my_addr:0, my_port:29890, peer_addr:0, peer_port:0
[ 3896 4356][2 Dec 16:23:05][] CFirewallWrapper::RemoveSingleProxyRule (1): ntohl(my_addr),ntohs(my_port),ntohl(peer_addr),ntohs(peer_port) : <0,49780> -> <0,0>
[ 3896 4356][2 Dec 16:23:05][TR_FIREWALL] CFirewallWrapper::RemoveSingleProxyRule (2): entering, src_ip_str=0.0.0.0, src_port=49780, dest_ip_str=0.0.0.0, dest_port=0
[ 3896 4356][2 Dec 16:23:05][TR_FIREWALL] CFirewallWrapper::RemoveSingleProxyRule (2): Firewall Driver Not Initialized
[ 3896 4356][2 Dec 16:23:05][cpwssl] cpWinSSL_fwasync_end_handler: 0x2A1EEE8 ended
[ 3896 4356][2 Dec 16:23:05][cpwssl] cpWinSSL_fwasync_connected: SSL failure: SSL negotiation error.
[ 3896 4356][2 Dec 16:23:05][cpwssl] cpWinSSL_fwasync_close: closing - conn - 0x2a1eee8
[ 3896 4356][2 Dec 16:23:05][] fwasync_close: close(1924): Unknown Winsock error (10038)
[ 3896 4356][2 Dec 16:23:05][talkssl] talkssl::end_handler: ending connection
[ 3896 4356][2 Dec 16:23:05][talkhttps] ATalkHttps::ssl_failure_cb: SSL ended. err=6
[ 3896 4356][2 Dec 16:23:05][talkhttps] ResetRcvBuffer: data 00000000 size 0  free_buffer=1.
[ 3896 4356][2 Dec 16:23:05][TalkCCC] talkccc::EndEv: got disconnected with AuthError_t==7.
[ 3896 4356][2 Dec 16:23:05][TalkCCC] talkccc::EndEv: connection status 1
[ 3896 4356][2 Dec 16:23:05][TalkCCC] talkccc::EndEv: Failed to connect - AuthError_t==7
[ 3896 4356][2 Dec 16:23:05][TalkCCC] talkccc::EndEv: event callback is registered. Notifying it
[ 3896 4356][2 Dec 16:23:05][TR_FLOW_STEP] TR_FLOW_STEP::TrSiteCreationStep::AuthFailureEv: entering...
[ 3896 4356][2 Dec 16:23:05][TR_CONN_MANAGER] TrConnManager::GetSCUIAPIMode: mbSCUIAPIMode is 0
[ 3896 4356][2 Dec 16:23:05][String] String::String::Translate: String with id 28 has been translated to string: Site is not responding
[ 3896 4356][2 Dec 16:23:05][TR_FLOW_STEP] TR_FLOW_STEP::TrSiteCreationStep::Notify: Failed to receive hello reply
[ 3896 4356][2 Dec 16:23:05][auth_server]  AAuthServer::Stop Stopping Authentication
[ 3896 4356][2 Dec 16:23:05][talkhttps] ATalkHttps::CloseConn: Close SSL conn: 0 State 0x6 Reason: Termination.
[ 3896 4356][2 Dec 16:23:05][talkssl] talkssl::disconnect: called
[ 3896 4356][2 Dec 16:23:05][talkssl] talkssl::disconnect: Cancel proxy wrapper connect
[ 3896 4356][2 Dec 16:23:05][proxy_wrapper] ProxyWrapper::ResetCallbacks: Starting ...
[ 3896 4356][2 Dec 16:23:05][proxy_wrapper] ProxyWrapper::ResetCallbacks: Invalid proxy conn
[ 3896 4356][2 Dec 16:23:05][proxy_wrapper] ProxyWrapper::CloseProxyConn: Starting ...
[ 3896 4356][2 Dec 16:23:05][proxy_wrapper] ProxyWrapper::CloseProxyConn: Invalid proxy conn
[ 3896 4356][2 Dec 16:23:05][MessageLoop] MessageLoop::MessageLoop::SchedCB: entering.
[ 3896 4356][2 Dec 16:23:05][TalkCCC] talkccc::RetryAllRequests: exit!
[ 3896 4356][2 Dec 16:23:05][fwasync] fwasync_do_end_conn: end closing connection 2a1eee8 1924
[ 3896 4356][2 Dec 16:23:05][TR_FLOW] TR_FLOW::TrBaseFlow::FinishStep: <------------------------------------- (1) Step 1 (class TrSiteCreationStep) finished with status -1000 - TrFAIL
[ 3896 4356][2 Dec 16:23:05][TR_FLOW] TR_FLOW::TrBaseFlow::FinishStep: Step failed

As you can see there is an initial fail of WinApi function InitializeSecurityContextA and then a cascade failure of the software.

Does anybody have any clue? I've tried to play with build in firewall, certificates, older versions of CheckPoint but nothing helped. I would appreciate any help.

Regards, Dmitri

0 Kudos
Reply
11 Replies
Admin
Admin

This is probably something that the remote end will have to fix.

See: VPN Site creation on a Client fails due to mismatch in versions of TLS protocol 

0 Kudos
Reply
Explorer

Thank you for replay.

But I've used the same client software version everywhere (Win 7, Win10 Pro, Win10 Home). It doesn't work in 10 Home only.

Anyway I have no access to server side and I'm unable to check protocol version...

0 Kudos
Reply
Admin
Admin

Not sure why Win 10 Home makes a difference, but a difference in allowed TLS versions is exactly what the symptoms point to.

Specifically these errors:

[ 3896 4356][2 Dec 16:23:05][cpwssl] cpWinSSL_fwasync_connected: SSL failure: SSL negotiation error.
[ 3896 4356][2 Dec 16:23:05][cpwssl] cpWinSSL_fwasync_close: closing - conn - 0x2a1eee8
[ 3896 4356][2 Dec 16:23:05][] fwasync_close: close(1924): Unknown Winsock error (10038)

I believe what TLS versions are offered is a function of the Windows OS itself.

What is accepted on the server side is a function of the remote end.

If you use Wireshark or similar to observe the communication between the endpoints, you should see this difference.

How to fix it? Not sure, but I believe there are registry settings you can tweak in the Windows OS.

What you will tweak them to will depend on what you observe with Wireshark.

0 Kudos
Reply
Explorer

I've run a WireShark. From the capture I can see that Client & Server use TLS 1.2, server hello is ok but then...

WireShark capture

0 Kudos
Reply
Admin
Admin

Possible this will help: Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings - Microsoft Community 

Am curious what the difference in setting between Win 10 Pro and Win 10 Home.

0 Kudos
Reply
Explorer

Ha, this stuff I did at first... Even had to install IE because only Edge was present. TLS was on. Didn't help.

0 Kudos
Reply
Admin
Admin

Expand the Client Hello and Server Hello packets in the screenshot.

Perhaps we can see some clue what's missing in the TLS negotiation.

0 Kudos
Reply
Explorer

Hi,

thank you for your time.

I've attached a WireShark captured TLS hello packets in pcapng format.

0 Kudos
Reply
Employee+
Employee+

Hi,

Please make sure that all latest Windows KBs are installed.

Thanks,

Adi

0 Kudos
Reply
Explorer

Hi,

yes they are. Everything latest is installed.

Today have tried to connect from Ubuntu 14.04 with snx 800007075. Got the same error - connection aborted.

The log is:

[ 1810 -147986688]@peso.ab.lv[11 Dec 19:04:42] fwrand_write_seed: Failed to write seed.: Operation not permitted
[ 1810 -147986688]@peso.ab.lv[11 Dec 19:04:42] ckpSSL_NegotiateStep: should retry.
[ 1810 -147986688]@peso.ab.lv[11 Dec 19:04:42] ckpSSL_NegotiateStep: current state = SSLv3 read server hello A
[ 1810 -147986688]@peso.ab.lv[11 Dec 19:04:42] SSL e stack
[ 1810 -147986688]@peso.ab.lv[11 Dec 19:04:42] 1810:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1033

[ 1810 -147986688]@peso.ab.lv[11 Dec 19:04:42] ckpSSL_NegotiateStep: Current step failed. Error is: 336151598

0 Kudos
Reply

There is new version (E80.90) which supports W10 build 1803:

Enterprise Endpoint Security E80.90 Windows Clients 

Kind regards,
Jozko Mrkvicka
0 Kudos
Reply