Odd problem using HTTPS in DUA

[David Harris]

Running Embedded Studio SP1 (eval version) with all latest QFE's in the
database.

Problem
--------
Set DUA to poll an HTTP server
Supply valid HTTPS server name and command file.
Target designer builds image correctly.
Deployed image finds and executes the command file.

Set DUA to poll an HTTPS server
Don't change server name and command file.
Specify blank user name and password in DUA security settings.
Target designer builds image correctly.

Set a valid user name and password for the server account in DUA security
settings.
Target designer build fails with message 'Invalid registry Data'.
Debug window shows 'Error 1006 (0x3EE) in PlatformLib::TargetRegEdit'

I have tried setting different lengths of user name & password, but anything in
those fields seems to prevent TD building the image. Any ideas as to the cause
of this problem?

David

 

[David Harris]

Problem

--------
Set DUA to poll an HTTP server
Supply valid HTTPS server name and command file.
Target designer builds image correctly.
Deployed image finds and executes the command file.

Set DUA to poll an HTTPS server
Don't change server name and command file.
Specify blank user name and password in DUA security settings.
Target designer builds image correctly.

Set a valid user name and password for the server account in DUA security
settings.
Target designer build fails with message 'Invalid registry Data'.
Debug window shows 'Error 1006 (0x3EE) in PlatformLib::TargetRegEdit'

I have tried setting different lengths of user name & password, but anything in
those fields seems to prevent TD building the image. Any ideas as to the cause
of this problem?

Update
-------
Set DUA to poll an HTTP server
Supply valid HTTP server name and command file.
Target designer builds image correctly.
Deployed image finds and executes the command file.

Set DUA to poll an HTTPS server
Don't change server name and command file.
Specify blank user name and password in DUA security settings.
Target designer builds image correctly.
Deployed image polls the HTTPS server (but cannot login)

Set a valid user name for HTTPS server in DUA security settings.
Leave the password field blank.
Target designer builds image correctly.
Deployed image polls the HTTPS server (but cannot login)

Set a valid password of the specified user in DUA security settings.
Target designer build fails with message 'Invalid registry Data'.
Debug window shows 'Error 1006 (0x3EE) in PlatformLib::TargetRegEdit'

It now seems to be just the password that is causing the prblem.

 

[David Harris]

Update
-------
Set DUA to poll an HTTP server
Supply valid HTTP server name and command file.
Target designer builds image correctly.
Deployed image finds and executes the command file.

Set DUA to poll an HTTPS server
Don't change server name and command file.
Specify blank user name and password in DUA security settings.
Target designer builds image correctly.
Deployed image polls the HTTPS server (but cannot login)

Set a valid user name for HTTPS server in DUA security settings.
Leave the password field blank.
Target designer builds image correctly.
Deployed image polls the HTTPS server (but cannot login)

Set a valid password of the specified user in DUA security settings.
Target designer build fails with message 'Invalid registry Data'.
Debug window shows 'Error 1006 (0x3EE) in PlatformLib::TargetRegEdit'

It now seems to be just the password that is causing the prblem.

After playing around with various password formats to see what might be
acceptable I find that so long as my password is numeric (composed of digits)
then TD builds the image.
However if I specify a single non-digit character at any position in the
password TD produces the 'Invalid registry data' error and will not build the
image.
According to MS documentation the registry key used to store the password is
REG_SZ, so why does TD reject non-numeric passwords.

Any idea's why this is happening?

David

 

[David Harris]

After playing around with various password formats to see what might be
acceptable I find that so long as my password is numeric (composed of digits)
then TD builds the image.
However if I specify a single non-digit character at any position in the
password TD produces the 'Invalid registry data' error and will not build the
image.
According to MS documentation the registry key used to store the password is
REG_SZ, so why does TD reject non-numeric passwords.

Any idea's why this is happening?

David

The same problem occurs when using the licensed version of XP Embedded Studio
SP1.
Also if I set the protocol used by DUA to HTTP instead of HTTPS.

David

 

[David Harris]

The same problem occurs when using the licensed version of XP Embedded Studio
SP1.
Also if I set the protocol used by DUA to HTTP instead of HTTPS.

David

AT LAST!!!!! Finally found the problem.

The DUA password is being stored (un-encrypted) in the registry by Target
Designer as a REG_DWORD not a REG_SZ. This is why non-numeric passwords are
causing registry errors during build in TD.

IMPORTANT:
If you specify a numeric password so that the build succeeds, then a network
snoop shows that DUA fails to try to access the HTTP server when the image is
deployed. As soon as you remove the DUA Password registry value (using
regedt32) and reboot then DUA starts working again.
If you replace the REG_DWORD value with a REG_SZ value that contains the correct
password in plain text then DUA starts to work again and will correctly
authenticate with the HTTP server.

This looks like a MAJOR bug with the DUA component that no-one has come across
before.


Solution
---------
Configure DUA with the user account name but DO NOT supply a password.
Add an extra registry value in TD as follows ...

HKLM\SYSTEM\CurrentControlSet\Services\DUAgent\Parameters\Config\Sessions\0000\P
assword REG_SZ <the password in plain text>

 

[Daniel Simpson \(MS\)]

Hi David,

Yes, this is a bug. This issue is currently documented in the Release
Notes:

Specifying a password causes build errors. If you need a user
name and password for polling, use the following procedure:
a. Type a user name in the User Name field of the
Device Update Agent component settings.

b. Leave the Password field blank.

c. Set the
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUAgent\Parameters\Config\S
essions\0000 registry key value as the password for polling. The type should
be either REG_SZ or REG_EXPAND_SZ.


Sounds like you already found the workaround for this though. Thanks for
posting your fixes to the problem!

Dan Simpson