quicsample always fail to run on win10.

[guoxiaoyu]

Describe the bug

.\quicsample.exe -server -cert_hash:**** It will always fail to run and return "ConfigurationLoadCredential failed, 0x80090331! "

1. I use the command "New-SelfSignedCertificate" to creates a new self-signed certificate. Open PowerSheel and execute the following command: New-SelfSignedCertificate -DnsName $env:computername,localhost -FriendlyName QuicInteropServer -KeyUsageProperty Sign -KeyUsage DigitalSignature -CertStoreLocation cert:\CurrentUser\My -HashAlgorithm SHA256 -Provider "Microsoft Software Key Storage Provider"
2. After executing this command, the certificate will be generated to the default directory, and the Thumbprint information will be printed out,I recorded the Thumbprint information and passed the generated Thumbprint value as the -cert_hash parameter to the quicsample program. .\quicsample.exe -server -cert_hash:****
3. It will always fail to run and return "ConfigurationLoadCredential failed, 0x80090331! " I found that the error code generated by calling function QuicTlsSecConfigCreate(in file tls_schannel.c) in function AcquireCredentialsHandleW.

[guoxiaoyu]

I don’t know what caused it, how can I make the program run?

[ThadHouse]

Are you using the latest insider preview? The schannel builds do not work without it. If you want to work on normal Windows 10, you need to either use the openssl binaries or build openssl based binaries from source.

[guoxiaoyu]

The version number of the win10 system I use is 19042.508. I use openssl command to generate certificate and secret key, and run ./quicsample -server -cert_file:cert -key_file:key It stills fail and returns "ConfigurationLoadCredential failed, 0x80004002! (QUIC_STATUS_NOT_SUPPORTED) "

[guoxiaoyu]

I found that the version of win10 I am currently using already supports TLS1.3(Experimental).

[nibanks]

It worked for me on the latest Windows image:

Server:

> quicsample.exe -server -cert_hash:3a2b586c111ae69601f456d236e0251f1f901ef0
Press Enter to exit.

[conn][0000023319189CB0] Connected
[strm][000002331918E260] Peer started
[strm][000002331918E260] Data received
[strm][000002331918E260] Peer shut down
[strm][000002331918E260] Sending data...
[strm][000002331918E260] Data sent
[strm][000002331918E260] All done
[conn][0000023319189CB0] Shut down by transport, 0x80410005
[conn][0000023319189CB0] All done

Client:

> quicsample.exe -client -target:localhost -unsecure
[conn][0000013663A846B0] Connecting...
[conn][0000013663A846B0] Connected
[strm][0000013663A87D90] Starting...
[strm][0000013663A87D90] Sending data...
[strm][0000013663A87D90] Data sent
[conn][0000013663A846B0] Resumption ticket received (45 bytes):
01FF0000202600010243E8030245C00404810000000504800080000604800080000704800080000801010E0104
[strm][0000013663A87D90] Data received
[strm][0000013663A87D90] Peer shut down
[strm][0000013663A87D90] All done
[conn][0000013663A846B0] Shut down by transport, 0x80410005
[conn][0000013663A846B0] All done

I do think you're failure is coming from a missing Windows TLS 1.3 dependency. You may have to manually enable it in the registry for your specific build (it might not be on by default). Either way, I'd recommend updating to the latest insider preview, or using OpenSSL.

As to why you seem to get not supported for openssl, are you sure you rebuilt for openssl and used the correct binary?

[nibanks]

FYI, openssl variant now supports thumbprint to Windows cert store. You can give that a try to see if it works for you.

[guoxiaoyu]

I did not manually enable TLS1.3 in the registry before. After manually enable it in the registry and updating to the latest win10 (I am using the normal win10 version,not the latest insider preview):

Server:

> quicsample.exe -server -cert_hash:3a2b586c111ae69601f456d236e0251f1f901ef0
Press Enter to exit.

[conn][0000018B61E93D90] Shut down by transport, 0x80410003 
[conn][0000018B61E93D90] ALL done

Client:

> quicsample.exe -client -target:localhost -unsecure
[conn][0000017B49371B30] Connecting... 
[conn][0000017B49371B30] Shut down by transport, 0x80410003 
[conn][0000017B49371B30] All done

It stills fail.

Why can't it run on the latest normal version of win10, do I must use the latest insider preview version? Mainly I don’t know how to upgrade to the latest insider preview.

I haven't tried to use openssl yet, I will try to use it next.

[nibanks]

That error code indicated ERROR_QUIC_INTERNAL_ERROR. We'll have to get logs to see what's up.

PS F:\msquic> .\scripts\log.ps1 -Start -Profile Full.Light
<run client>
PS F:\msquic> .\scripts\log.ps1 -Stop -OutputPath .\artifacts\logs\quic

Then take a look (or share out) .\artifacts\logs\quic.log.

[guoxiaoyu]

quic.log

[0]1FAC.0040::2020-12-15 10:06:30.096995700 [MSNT_SystemTrace]***
[0]1FAC.0040::2020-12-15 10:06:30.096995700 [MSNT_SystemTrace]***
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 33): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 34): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 34): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 35): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 35): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 35): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 35): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 35): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 35): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 35): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 35): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:30.096995700 []Unknown( 35): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0C9C.0CDC::2020-12-15 10:06:45.138035300 [MSNT_SystemTrace]***
[0]0C9C.0CDC::2020-12-15 10:06:45.142800500 [MSNT_SystemTrace]Unknown( 34): GUID=ce1dbfb4-137e-4da6-87b0-3f59aa102cbc (No Format Information found).
[0]0C9C.0CDC::2020-12-15 10:06:45.142807500 [MSNT_SystemTrace]Unknown( 34): GUID=ce1dbfb4-137e-4da6-87b0-3f59aa102cbc (No Format Information found).
[0]0C9C.0CDC::2020-12-15 10:06:45.142810000 [MSNT_SystemTrace]Unknown( 34): GUID=ce1dbfb4-137e-4da6-87b0-3f59aa102cbc (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 36): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 36): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 36): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 36): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 36): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 36): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 36): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 36): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 36): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 32): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).
[0]0000.0000::2020-12-15 10:06:45.142810000 []Unknown( 37): GUID=9b79ee91-b5fd-41c0-a243-4248e266e9d0 (No Format Information found).

Please help to take a look at the quic.log. I got errors when compiling before：

CMake Error at cmake/GitCommands.cmake:62 (message):
  message called with incorrect number of arguments
Call Stack (most recent call first):
  cmake/SourceLink.cmake:41 (get_git_remote_url)
  CMakeLists.txt:152 (source_link)

CMake Error at cmake/GitCommands.cmake:63 (message):
  Failed to get D:/share/msquic-main-1214 git remote
Call Stack (most recent call first):
  cmake/SourceLink.cmake:41 (get_git_remote_url)
  CMakeLists.txt:152 (source_link)

and

CMake Error at CMakeLists.txt:191 (include):
  include could not find load file:

   D:/share/msquic-main-1214/build/windows/x64_schannel/clog/CLog.cmake

-- Configuring for manifested ETW tracing
-- Disabling 0-RTT support
-- Using profile-guided optimization
-- Configuring for statically-linked CRT
CMake Error at CMakeLists.txt:194 (CLOG_GENERATE_TARGET):
  Unknown CMake command "CLOG_GENERATE_TARGET".
Call Stack (most recent call first):
  src/core/CMakeLists.txt:55 (add_clog_library)

I added two lines of commands to the CmakeLists.txt file，and then the compilation passed.It should have no effect on the test sample, right?

set(QUIC_SOURCE_LINK OFF)
set(QUIC_ENABLE_LOGGING OFF)

[nibanks]

Logs aren't going to work if you disable them. How about you try downloading the artifacts from the latest CI run: https://dev.azure.com/ms/_apis/resources/Containers/8240386/distribution?itemPath=distribution%2Fmsquic_windows_x64_Release_schannel.zip

[nibanks]

Closing because of inactivity. Feel free to re-open or start a new Discussion here: https://github.com/microsoft/msquic/discussions

[gvanem]

I'll comment here instead of opening another issue.

Just mucking around and running quicperf.exe -h, I got a crash when calling AcquireCredentialsHandleW() (in platform/tls_channel.c). Call-stack:

CRYPT32!GetCacheElement+0x2
CRYPT32!SerializeProperty+0x21
CRYPT32!SerializeStoreElement+0x25
CRYPT32!SerializeContextElement+0x2d
CRYPT32!CertSerializeCRLStoreElement+0x1c
schannel!GetUserAppCertDataCallback+0xfb
SSPICLI!LsaCallbackHandler+0x59
SSPICLI!SspipAcquireCredentialsHandle+0x25a
SSPICLI!LsaAcquireCredentialsHandleW+0x174
SSPICLI!AcquireCredentialsHandleCommon+0x92
SSPICLI!AcquireCredentialsHandleW+0x27
quic_perf!CxPlatTlsSecConfigCreate(struct QUIC_CREDENTIAL_CONFIG * CredConfig = <Value unavailable error>, struct CXPLAT_TLS_CALLBACKS * TlsCallbacks = <Value unavailable error>, void * Context = <Value unavailable error>, <function> * CompletionHandler = <Value unavailable error>)+0x328
quic_perf!LoadSecConfigHelper::Load+0x11
quic_perf!TcpServer::TcpServer(class TcpEngine * Engine = <Value unavailable error>, struct QUIC_CREDENTIAL_CONFIG * CredConfig = <Value unavailable error>, void * Context = <Value unavailable error>)+0x5b
quic_perf!PerfServer::PerfServer(struct QUIC_CREDENTIAL_CONFIG * CredConfig = <Value unavailable error>)+0x1e4
quic_perf!QuicMainStart(int argc = <Value unavailable error>, char ** argv = <Value unavailable error>, void ** StopEvent = <Value unavailable error>, struct QUIC_CREDENTIAL_CONFIG * SelfSignedCredConfig = <Value unavailable error>)+0x31b
quic_perf!QuicUserMain(int argc = <Value unavailable error>, char ** argv = <Value unavailable error>, bool KeyboardWait = <Value unavailable error>, struct QUIC_CREDENTIAL_CONFIG * SelfSignedCredConfig = <Value unavailable error>, char * FileName = <Value unavailable error>)+0x5a
quic_perf!main(int argc = <Value unavailable error>, char ** argv = <Value unavailable error>)+0x19f
....

I am not using the latest preview; I have Win-10, 20H2, build 19042.804. So I can understand quicperf.exe could not work, but crash?! And what is the Registry key mentioned above?

BTW. the above azure.com link leads me to a password protected page?!

[nibanks]

@gvanem can you upload the crash dump somewhere I can get access to it? I can then pass it to the appropriate folks. As for the link above, I haven't figured out how to allow general access to the artifacts our CI produces, so it's currently restricted to Microsoft employees. Sorry.

[gvanem]

@nibaccam At: https://www.watt-32.net/misc/quic_perf.dmp.xz

[gvanem]

@nibanks Probably related to 29 failing msquictest cases:

[----------] 20 tests from TlsTest
[ RUN      ] TlsTest.Initialize
unknown file: error: SEH exception with code 0xc0000005 thrown in SetUp().
[  FAILED  ] TlsTest.Initialize (2 ms)
[ RUN      ] TlsTest.Handshake
unknown file: error: SEH exception with code 0xc0000005 thrown in SetUp().
[  FAILED  ] TlsTest.Handshake (0 ms)
[ RUN      ] TlsTest.HandshakeParamInfoAES256GCM
unknown file: error: SEH exception with code 0xc0000005 thrown in SetUp().
[  FAILED  ] TlsTest.HandshakeParamInfoAES256GCM (1 ms)
[ RUN      ] TlsTest.HandshakeParamNegotiatedAlpn
unknown file: error: SEH exception with code 0xc0000005 thrown in SetUp().
[  FAILED  ] TlsTest.HandshakeParamNegotiatedAlpn (0 ms)
[ RUN      ] TlsTest.HandshakeParallel
unknown file: error: SEH exception with code 0xc0000005 thrown in SetUp().
[  FAILED  ] TlsTest.HandshakeParallel (0 ms)
[ RUN      ] TlsTest.HandshakeMultiAlpnServer
unknown file: error: SEH exception with code 0xc0000005 thrown in SetUp().
[  FAILED  ] TlsTest.HandshakeMultiAlpnServer (0 ms)
...
[----------] 6 tests from TlsTest/TlsTest
[ RUN      ] TlsTest/TlsTest.One1RttKey/0
unknown file: error: SEH exception with code 0xc0000005 thrown in SetUp().
[  FAILED  ] TlsTest/TlsTest.One1RttKey/0, where GetParam() = false (0 ms)
[ RUN      ] TlsTest/TlsTest.One1RttKey/1
unknown file: error: SEH exception with code 0xc0000005 thrown in SetUp().
[  FAILED  ] TlsTest/TlsTest.One1RttKey/1, where GetParam() = true (0 ms)
...

I think the script/prepare-*.ps1 scripts went okay. Since prior to that, my EventLog showed heaps of errors from SChannel (event 40749). So AFAICS the requirements are fulfilled. But who knows.

[wongdu]

@

I did not manually enable TLS1.3 in the registry before. After manually enable it in the registry and updating to the latest win10 (I am using the normal win10 version,not the latest insider preview):

Server:

> quicsample.exe -server -cert_hash:3a2b586c111ae69601f456d236e0251f1f901ef0
Press Enter to exit.

[conn][0000018B61E93D90] Shut down by transport, 0x80410003 
[conn][0000018B61E93D90] ALL done

Client:

> quicsample.exe -client -target:localhost -unsecure
[conn][0000017B49371B30] Connecting... 
[conn][0000017B49371B30] Shut down by transport, 0x80410003 
[conn][0000017B49371B30] All done

It stills fail.

Why can't it run on the latest normal version of win10, do I must use the latest insider preview version? Mainly I don’t know how to upgrade to the latest insider preview.

I haven't tried to use openssl yet, I will try to use it next.

Describe the bug

.\quicsample.exe -server -cert_hash:**** It will always fail to run and return "ConfigurationLoadCredential failed, 0x80090331! "

1. I use the command "New-SelfSignedCertificate" to creates a new self-signed certificate. Open PowerSheel and execute the following command: New-SelfSignedCertificate -DnsName $env:computername,localhost -FriendlyName QuicInteropServer -KeyUsageProperty Sign -KeyUsage DigitalSignature -CertStoreLocation cert:\CurrentUser\My -HashAlgorithm SHA256 -Provider "Microsoft Software Key Storage Provider"
2. After executing this command, the certificate will be generated to the default directory, and the Thumbprint information will be printed out,I recorded the Thumbprint information and passed the generated Thumbprint value as the -cert_hash parameter to the quicsample program. .\quicsample.exe -server -cert_hash:****
3. It will always fail to run and return "ConfigurationLoadCredential failed, 0x80090331! " I found that the error code generated by calling function QuicTlsSecConfigCreate(in file tls_schannel.c) in function AcquireCredentialsHandleW.

hi, guoxiaoyu: i got the same problem,how did you solve it?

[ThadHouse]

@wongdu Just to verify, you are using the latest Windows Insider release, correct? That is still a requirement to run schannel binaries. OpenSSL binaries do not have this restriction, and can be used on current copies of Windows 10.

[gvanem]

@ThadHouse

you are using the latest Windows Insider release, correct?

It would really help if the samples (or the library itself) could improve it's error-messages and tell users which Win-version it requires. Instead this sample and others are simply generating cryptic errors and a stream of EventRecords that is of no help.

I have Win-version 19042.867 and I'm still not sure if this is too old for MsQuic.

[ThadHouse]

In the library is difficult because of the abstraction layer and the errors we get from schannel are not super helpful either. I can look into seeing if we can get something in the sample though.

19042.867 is a release build, which means it does not have the proper internal support. Fast Ring insider builds are required for schannel support currently. No main channel release build has the support for schannel currently.

[Wilson-Ian]

I spent almost one day to make openssl solution work on win10.

Besides this link, other useful links are https://github.com/microsoft/msquic/discussions/1137 https://github.com/microsoft/msquic/blob/main/docs/TEST.md

The steps I made are following:

1. Use openssl as TLS provider to compile the projects. .\scripts\build.ps1 -Config Debug -Arch x64 -Tls openssl

2. Download windows64 openssl binaries from https://slproweb.com/products/Win32OpenSSL.html Remember to set the system env "PATH" for openssl.

3. Generate the cert and key as mentioned in the code comments in sample.cpp. openssl req -nodes -new -x509 -keyout server.key -out server.cert

4. Run server _.\artifacts\bin\windows\x64_Debug_openssl\quicsample.exe -server -cert_file:server.cert -keyfile:server.key

5. Run client and check the output in server console. .\artifacts\bin\windows\x64_Debug_openssl\quicsample.exe -client -target:127.0.0.1 4567 -unsecure

ConfigurationLoadCredential failed, 0x80004002! PS F:\src\quic\msquic> .\artifacts\bin\windows\x64_Debug_openssl\quicsample.exe -server -cert_file:server.cert -key_file:server.key Press Enter to exit.

[conn][000001F2998C6BD0] Connected [strm][000001F2998FA120] Peer started [strm][000001F2998FA120] Data received [strm][000001F2998FA120] Peer shut down [strm][000001F2998FA120] Sending data... [strm][000001F2998FA120] Data sent [strm][000001F2998FA120] All done [conn][000001F2998C6BD0] Shut down by transport, 0x80410005 [conn][000001F2998C6BD0] All done [conn][000001F2999C8E90] Connected [strm][000001F2998FA120] Peer started [strm][000001F2998FA120] Data received [strm][000001F2998FA120] Peer shut down [strm][000001F2998FA120] Sending data... [strm][000001F2998FA120] Data sent [strm][000001F2998FA120] All done ...

Things I tried but give up finally: 1) Install insider version - Actually I don't know how or whether possible upgrade from normal win10. 2) as suggested in threads - try to make key and cert with openssl, and pass it to thumbprint store. Failed. Searched some materials about the commands but no idea.

Hopefully it can help a little bit.

[Jagerbizzle]

Just wanted to add a quick comment that I experienced this issue, and resolved it by enabling the TLS 1.3 protocol in my registry. The entry was missing entirely.

[nibanks]

Just wanted to add a quick comment that I experienced this issue, and resolved it by enabling the TLS 1.3 protocol in my registry. The entry was missing entirely.

If you take a look at https://github.com/microsoft/msquic/blob/main/docs/Platforms.md#windows, you will see that if you use schannel (the inbox TLS library in Windows) it requires "running either Windows Server 2022, Windows 11". You can use Windows 10 with OpenSSL though.