"Custom Server Security Authorization Error" issue
Links used in this discussion
I have no problem logging into two of the hosts, but for one of them, no matter what I do, I always get the "Custom Server Security Authorization Error" message. The main difference between the three hosts is that, for the two that I can login to, they are on the same network as the RU Server and use an Intranet IP address to connect to it for authorization purposes and Internet ID purposes. For the host for which I get the error, it connects to the RU Server across the Internet and uses its public-facing IP address for both authorization and Internet ID.
I can connect to the problematic host without any issue if I use the Windows user authentication protocol, and I assume that it would work with the single password and RU user auths, although I haven't tried those specifically. So, the issue appears to be specific to the custom server authentication protocol.
I even tried running the viewer from the host itself, connecting by either IP address or Internet ID, but I got the error in all cases.
I examined the viewer and host log files, but there is nothing that is obvious in there, to me, that points to the cause of the problem. For the host log file, nothing is added when the error occurs.
This seems like a bug to me, and I setup all the hosts the same way except for using the public IP address instead of the internal IP address. In addition, it is clearly able to access the RU server for custom server security authentication purposes over the public Internet, because otherwise, I would not have been able to add users and groups to the host in the first place. I following the instructions at https://www.remoteutilities.com/support/docs/setting-up-auth-server/ for setting all of this up.
Thank you for your message.
Could you please double-check that your self-hosted Server is accessible fr om the outside. To do so, please do the following:
1. On the Server machine open a web browser and navigate to http://canyouseeme.org
2. Enter the RU Server's communication port number (the default communication port is TCP 5655) in the Port to Check field and click Check port.
3. In case if the form returns Success as the check result, please send us your Host logs from the remote Host machine wh ere the issue occurs, as well as the Viewer logs and the Server logs. You can send them to firstname.lastname@example.org.
In case, if you receive Error as the check result, please try referring to this troubleshooting guide and see if it helps to resolve the issue.
Looking forward to your reply.
Yes, correct. We also explain that in our documentation, on this page (see the yellow-highlighted area).
I think I had read on another post that "auto" chooses custom server security first if that protocol is enabled on the host.
I can't but agree that this is not necessarily the root cause. Otherwise, we would see multiple complaints here on the forum that the CSS authorization doesn't work when used over the Internet (and this is a very common scenario).
and the only thing that I identified that was different about the setup is that the host in question connects to the RU server via the Internet, as opposed to the intranet. But, that doesn't mean that's the cause of the issue.
There is one more thing that you can try - change the communication port the server uses or simple add new one and use it with the Host in question (don't forget to also change it on the Host side in the corresponding Viewer connection props).
In the Communication tab you can add a new port, no need to replace or remove existing ports.
I can't change the port, as there are multiple hosts, besides the three that I mentioned, that will stop being able to communicate with the server if I do that.
You can try 443.
Also, getting someone in IT to enable port forwarding for an additional port is not realistic at this point.
Still, I recommend that you try at least that and see if you can get any results. Meanwhile, we'll be testing it here as well and see if we can reproduce the issue or at least come up with more ideas about why it is happening in your case.
- a) Error code: 35
- b) IP address: 127.0.0.1
- c) Description: Password is incorrect or error occurs.
I can tell you with certainty that all the passwords are correct. In fact, there are no passwords to enter by this point, as I am already logged into the RU server by the time I get to this point.
Last night, I was also able to get the customer server security authorization error for some other hosts (the two that access the RU server via the intranet), but I don't believe that it was caused by the same problem. On the RU server system, the RU Server user interface was unable to connect to the server and kept on reporting access denied, even over a named pipe connection. Rebooting the system didn't fix anything. I ended up deleting the HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities\MiniInternetId Registry key, which caused settings to be reverted to their defaults, and that fixed the problem with being able to connect to the RU Server from the UI (note that address book information appears to be stored elsewhere, so that wasn't lost). But, now, the RU server had a new public and private key, which didn't match that used on the hosts. So, I had to go to each host that uses the RU server for CSS and login again, which displayed a warning message that the keys didn't match, etc, etc. Anyway, during this whole sequence, sometimes it would report CSS authorization error, and just updating the key wasn't enough. I ended up deleting users and groups from the hosts, turning off CSS, turning it back on, and then adding users and groups again. That was enough to get past the CSS error. I also tried this on the problematic host, but it didn't help, and I continue to get the CSS error, which makes me think that it is caused by something else.
There were some fixes to RU Server very recently and we currently prepare an update. We are going to release the update in a few days.
Sorry for any inconvenience.
* Website time zone: America/New_York (UTC -5)