Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:26 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Wed Jun 29, 2016 2:05 pm 
Offline
User avatar

Joined: Sat Jan 09, 2016 1:59 pm
Posts: 7
i tried to set up 2-factor logon on Windows 10 x64 Professional (version 1511 OS Build 10586.420 - latest available from MS Update) and it doesn't quite work:

1. the Yubico installer thinks it's running on Windows 8 x64

2. after enabling 2-factor logons all user accounts on the login screen are showing up doubled.

3. when testing for multiple login failures in a row, the system behaves as if it gets a BSOD-type of restart... the screen shuts down suddenly and the system reboots... looking up things in the system event log shows that the LSASS.exe process is crashing right at the time (or because) of the failed yubikey logins.

message in the event log:The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.


Attachments:
File comment: LSASS crashed after multiple failed login attempts
lsass_crash.png
lsass_crash.png [ 69.5 KiB | Viewed 2414 times ]
File comment: Windows10 - testing login without a yubikey connected - test 1b (doubled login) - stage 2 - yubikey not present
test1b_stage2_no_key_inserted.jpg
test1b_stage2_no_key_inserted.jpg [ 97.58 KiB | Viewed 2414 times ]
File comment: Windows10 - testing login without a yubikey connected - test 1a (original windows login) - stage 2 - no yubikey present
test1a_stage2_no_key_inserted.jpg
test1a_stage2_no_key_inserted.jpg [ 109.07 KiB | Viewed 2414 times ]


Last edited by Aditza on Wed Jun 29, 2016 2:34 pm, edited 1 time in total.
Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Jun 29, 2016 2:12 pm 
Offline
User avatar

Joined: Sat Jan 09, 2016 1:59 pm
Posts: 7
P.S. (could only attach 3 files to the initial post.. these are the 4th and 5th)

this is how it looks like when all user accounts on the login screen are showing up doubled:
Attachment:
File comment: doubled logons on windows 10
test1a_stage1.jpg
test1a_stage1.jpg [ 76.04 KiB | Viewed 2413 times ]

Attachment:
File comment: doubled logons on windows 10
test1b_stage1_no_key_inserted.jpg
test1b_stage1_no_key_inserted.jpg [ 70.49 KiB | Viewed 2413 times ]


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 29, 2016 2:24 pm 
Offline
User avatar

Joined: Sat Jan 09, 2016 1:59 pm
Posts: 7
note: i'm using a Yubikey 4 with firmware 4.2.7 and HMAC-SHA1 challenge-response is configured to not require touch... but even so.. i'm testing for what happens when the key is NOT connected and the user keeps insisting/trying to login... the firmware should not matter at all in this case since the key is not present.

note 2 - not sure if it matters: the system boots in EFI mode, secure boot mode is enabled, Windows 8+10 WHQL mode is enabled in the bios secure boot configuration.

note 3: some of my tests were with challenge-response set to require touch while connected, but avoiding to touch it on purpose... Win10 crashed anyway even so... i think the screenshot of the event log above might have been one of these "key present but not touched" crashes, as it follows some events related to WudfUsbccidDrv... i'll look into it tomorrow. Anyway, the same type of crash occurred when the key was not connected at all so i don't think it makes a difference.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 30, 2016 6:26 am 
Offline
User avatar

Joined: Sat Jan 09, 2016 1:59 pm
Posts: 7
found more info about yesterday's crashes:

in the application log:
Code:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Application Error" />
  <EventID Qualifiers="0">1000</EventID>
  <Level>2</Level>
  <Task>100</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2016-06-29T11:52:02.869406900Z" />
  <EventRecordID>2190</EventRecordID>
  <Channel>Application</Channel>
  <Computer>-----------deleted-------------</Computer>
  <Security />
  </System>
- <EventData>
  <Data>lsass.exe</Data>
  <Data>10.0.10586.0</Data>
  <Data>5632d7c6</Data>
  <Data>YubiClientAPI.dll</Data>
  <Data>4.1.0.0</Data>
  <Data>56fa33a0</Data>
  <Data>c0000005</Data>
  <Data>0000000000009850</Data>
  <Data>318</Data>
  <Data>01d1d1ee2395dab3</Data>
  <Data>C:\Windows\system32\lsass.exe</Data>
  <Data>C:\Program Files\Yubico\Yubikey Client API\Bin\x64\YubiClientAPI.dll</Data>
  <Data>4aca7058-d3d7-4762-a0ab-af59d29df0fa</Data>
  <Data />
  <Data />
  </EventData>
  </Event>


and another one, a bit later:
Code:
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="Application Error" />
  <EventID Qualifiers="0">1000</EventID>
  <Level>2</Level>
  <Task>100</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2016-06-29T11:54:07.782194900Z" />
  <EventRecordID>2201</EventRecordID>
  <Channel>Application</Channel>
  <Computer>----deleted----</Computer>
  <Security />
  </System>
- <EventData>
  <Data>lsass.exe</Data>
  <Data>10.0.10586.0</Data>
  <Data>5632d7c6</Data>
  <Data>YubiClientAPI.dll</Data>
  <Data>4.1.0.0</Data>
  <Data>56fa33a0</Data>
  <Data>c0000005</Data>
  <Data>0000000000009850</Data>
  <Data>318</Data>
  <Data>01d1d1fce77f4e8d</Data>
  <Data>C:\Windows\system32\lsass.exe</Data>
  <Data>C:\Program Files\Yubico\Yubikey Client API\Bin\x64\YubiClientAPI.dll</Data>
  <Data>6c252247-2704-4f5f-868d-e53b81eb0567</Data>
  <Data />
  <Data />
  </EventData>
  </Event>




and in windows error reports:
Code:
Source
Local Security Authority Process

Summary
Stopped working

Date
‎29.‎06.‎2016 14:52

Status
Report sent

Description
Faulting Application Path:   C:\Windows\System32\lsass.exe

Problem signature
Problem Event Name:   CriticalProcessFault2
Application Name:   lsass.exe
Application Version:   10.0.10586.0
Application Timestamp:   5632d7c6
Fault Module Name:   YubiClientAPI.dll
Fault Module Version:   4.1.0.0
Fault Module Timestamp:   56fa33a0
Exception Code:   c0000005
Exception Offset:   0000000000009850
Exception Data:   00000000
Exception Flags:   0x00000000
OS Version:   10.0.10586.2.0.0.256.48
Locale ID:   1048
Additional Information 1:   239b
Additional Information 2:   239b305196fda349743e699f81a44e44
Additional Information 3:   b014
Additional Information 4:   b0144722e63672165ee5b3aec4b84c5e

Extra information about the problem
Bucket ID:   2fe3be4afcc42abc6dd4526a1211d3d9 (126388077789)



Code:
Source
Local Security Authority Process

Summary
Stopped working

Date
‎29.‎06.‎2016 14:54

Status
Report sent

Description
Faulting Application Path:   C:\Windows\System32\lsass.exe

Problem signature
Problem Event Name:   CriticalProcessFault2
Application Name:   lsass.exe
Application Version:   10.0.10586.0
Application Timestamp:   5632d7c6
Fault Module Name:   YubiClientAPI.dll
Fault Module Version:   4.1.0.0
Fault Module Timestamp:   56fa33a0
Exception Code:   c0000005
Exception Offset:   0000000000009850
Exception Data:   00000000
Exception Flags:   0x00000000
OS Version:   10.0.10586.2.0.0.256.48
Locale ID:   1048
Additional Information 1:   239b
Additional Information 2:   239b305196fda349743e699f81a44e44
Additional Information 3:   b014
Additional Information 4:   b0144722e63672165ee5b3aec4b84c5e

Extra information about the problem
Bucket ID:   2fe3be4afcc42abc6dd4526a1211d3d9 (126388077789)


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group