Jump to content
KSerge

Returning Player getting INV-300

Recommended Posts

Hi All,

 

Been away from the Net-7/EMU scene for a while, but was looking to give it a go today, and am getting fast INV-300s when attempting to login. Trying the help options from the launcher went as follows:

 

  • Check Certificate - Error box came up "could not check SSL certificate status." with details stating "the underlying connection was closed. The connection was closed unexpectedly".
  • Install Certificate - Pop up prompted me to confirm installation of SSL certs, I said yes. After first use of this option, nothing happens.
  • INV-300 - Same result as "check certificate" option

 

As for my setup, I'm on Win7 Pro x64 with a typical Netgear router connecting to comcast via a typical cable modem.

 

I do notice that the cert files in my net-7\bin folder are really outdated, should those be more recent?

 

Edit - Some additional relevant info and screenshot of error when checking certificate.

 

LaunchNet7 version - 2.2.0

ENB version - 540?

 

Advanced Settings error log data reads as follows:

20:34:59: Found 1 servers in (sunrise.net-7.org)
20:34:59: Trying server: (sunrise.net-7.org)
20:34:59: Could not send HTTP request.                
    Last Error              : 12057                
    Description             : Error Description Not Found
20:34:59: GetTicketSync(1) failed with IAUTHORIZE_BAD_CONNECTION.                
    User                    : Serge                
    Password Context        : NOT NULL, NOT ZERO LENGTH                
    ServiceID               : 2184                
    Auth Login Base Service : AuthLogin                
    Auth Login Server       : sunrise.net-7.org                
    Code                    : INV-300                
    Text                    : EA.com is temporarily unavailable. This may be due to routine server maintenance or a problem with your Internet Service Provider. Please check your ISP connection or try again later. (INV-300)
 

LaunchNet7 Error Log file has following info:

 

LaunchNet7 - Exception
Version: 2.2.0.0 
Time: Thu, 29 Mar 2018 00:32:06 GMT 
Message: Could not check ssl certificate status. 
System.Net.WebException: The underlying connection was closed: The connection was closed unexpectedly.
   at System.Net.HttpWebRequest.GetResponse()
   at LaunchNet7.CertificationUtility.IsSslCertificateValid(String hostName, Int32 port)
   at LaunchNet7.FormMain.DoCheckCertificate()

Capture.PNG

Edited by KSerge
Adding info from digging into issue and screenshots with version info

Share this post


Link to post
Share on other sites

sunrise is using certificate from letsencrypt and is currently valid.

 

You should go over windows root certificates and remove all old ones belonging to net-7.org

 

Share this post


Link to post
Share on other sites

Thanks Karu,

 

I've taken a look at my installed certificates and don't see anything pointing to net-7.org but I do have one for "Let's Encrypt Authority X1" in my intermediate cert list. When I use the "install certificates" option in the launcher, nothing happens.

Share this post


Link to post
Share on other sites

Just tried that URL in IE11 and got a return of Valid=False

Share this post


Link to post
Share on other sites

I take there is no host overrides in c:/windows/system32/drivers/etc/hosts files and proxy settings (IE options) is set to manual and you dont use malware disguised as internet security suite (https man-in-the-middle proxy).

 

No idea whats causing the game cert error then.

Share this post


Link to post
Share on other sites

Thanks again for the help. I've checked and there are no hosts overrides that I can see (everything in the hosts file is commented out). proxy settings are unchecked in internet options, and as far as I know I don't have any malware problems.

 

I did try reinstalling Net-7 using the unified installer, but I am unfortunately getting the same results. Should I delete my net-7 folder completely and try again?

Share this post


Link to post
Share on other sites

KSerge,

 

My recommendation is a full uinstall and a reinstall if it's been a while. There's no telling what kind of conflicts have arisen since you were last around and it'll probably be less painful for you unless you just enjoy figuring out the problems. :)

Share this post


Link to post
Share on other sites

Thanks Kyp,

 

I went ahead and deleted my net-7 installation (and the app data from my users folder) to reinstall net7 from scratch. Unfortunately I'm still getting the same errors, and the "install certificate" help option still isn't doing anything.

Share this post


Link to post
Share on other sites

Hi all,

 

Sorry to be a bother but I'm still not able to get in. I used the https://sunrise.net-7.org/AuthLogin page to check my certificate status and while my browsers tell me the certificate I have is installed and valid, I'm still getting valid=false from that page. I've reset my game account password twice to make sure it's not my game account data that's wrong, but it's still not letting me login.

 

I've reinstalled Net-7 completely (deleted my old Net-7 folder and the user data folder) and after it did the launcher updates, I still get the same error. If there's any info I can provide that can help, I'll gladly do so.

Share this post


Link to post
Share on other sites

Hello,

   I'm new and unable to logon also (INV-300). I can access the net7 page and forum (and made 2 game accounts) but both give me inv-300. When I visit  https://sunrise.net-7.org/AuthLogin I get

Quote

valid=false

 

That is it, I checked the page source, no html tags, just that plain text. The browser shows the certificate is valid.

 

 

Share this post


Link to post
Share on other sites

You people happen to have HKEY_LOCAL_MACHINE\SOFTWARE\EACom\AuthAuth registry key perhaps?

.. or maybe AAIUrl in EnB\data\client\ini\auth.ini file does not point to right place? Launcher should modify it, but maybe there is permission issues.

 

If you know what wireshark is, then it would be interesting to know which certificate is served when client tries to connect.

Some so called "Internet Security" soft might intercept all https traffic from non-whitelisted programs and doing the man-in-the-middle attack to switch out certificate with its own to decrypt the traffic. It may also be your ISP, but that does not explain how IE gets thru (local soft doing whitelist mitm does)

Share this post


Link to post
Share on other sites

I Don't have a EACom in my registry at HKEY_LOCAL_MACHINE\SOFTWARE

 

But I do have one here HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\EACom\AuthAuth  (Note: I do have WoW installed)

default = (blank)
AuthLoginBaseService=AuthLogin
AuthLoginServer=www.ea.com
SSLRetry= 0x00000000

I tried chaning the AuthLoginServer to sunrise.net-7.org , but was still unable to logon :(

 

My Auth.ini is

[General]
AAIBase=AuthLogin
AAIUrl=sunrise.net-7.org
LKeyUrl=https://sunrise.net-7.org/misc/touchsession.jsp?lkey=%

 

Thanks for your help!

Share this post


Link to post
Share on other sites

auth.ini is correct, authlogin.dll has registry keys inside, but game probably ignores them.

 

You have no ip overrides in c:/windows/system32/drivers/etc/hosts file for net-7.org domains (like play.net-7.org / sunrise.net-7.org)

IE (not chrome, not firefox, not edge... I do mean IE) connects to https://sunrise.net-7.org/AuthLogin fine.

IE proxy settings are off.

You do not run thrird party internet firewall / packet filtering.

Your router/ISP does not do https man-in-the-middle attack (changing certificates) to inspect https.

 

No idea. Install windows into VM (from microsoft) and check it there? Dont know how directx7 (i think) is supported in those.

Share this post


Link to post
Share on other sites

Thank you for the other things to check!! No luck yet :(

 

1. No overrides in hosts file. Just one entry for a local machine.

2. IE connects fine, but shows Valid=False

3. No proxys defined under 'Internet Properties->Connections'

4. I Have Avast, but I selected 'disable all shields' for 1 hour. I also uninstalled the IE plugin, no change.

ie.jpg

Edited by tsaavik
more info

Share this post


Link to post
Share on other sites

Looking at your logs, it looks like AuthLogin failed with error 12057 which is usually thrown when a CRL verification fails (Certificate Revocation List check). The only reason that this should fail on your systems and not for other people is if your system time is incorrect.

 

Please ensure that your system's time and date are correct (use Windows' "Set Time Automatically" option if you need to, or if it set the clock incorrectly then set it manually).

 

After changing system time, reboot your system and try again.

 

If you still experience the same problem then see if this fixes your problem:

  • Open Control Panel
  • Click on Network and Internet
  • Click on Network and Sharing Center
  • In the bottom left, click on Internet Options
  • Click on the Advanced tab
  • Scroll down in that tab until you see the Security section
    • In this section, please uncheck "Check for server certificate revocation" then hit Apply.

 

If the above method (disabling server certificate revocation check) fixes your problem, I would still advise turning it back on (for security reasons) and just letting us know if that fixed the problem for you so that I can investigate further.

 

Zackman & Kenu - We may need to have these two enable and upload their Windows CAPI2 logs. authlogin.dll uses HttpOpenRequestA, HttpQueryInfoA, and HttpSendRequestA from WININET for this process. These all utilize CryptoAPI2 which has diagnostics/logging available in Events/Applications and Services Logs/Microsoft/Windows/CAPI2/Operational (you have to enable logging, it's disabled by default).

Share this post


Link to post
Share on other sites

I did some tests with clean win10 install

 

works out of the box ("run as admin" checkbox on launcher shortcut, copy-paste "install" in c:/games)

works with avast web shield on/off (sunrise page shows avast cert, "best before" date same as real cert)

works with revocation check on/off

works if clock is backward (3 apr 2018)

INV-300 if clock is forward (23rd apr 2018), without exiting game and fixing clock (auto in windows settings) login worked

Share this post


Link to post
Share on other sites
On 4/10/2018 at 7:50 AM, karu said:

You people happen to have HKEY_LOCAL_MACHINE\SOFTWARE\EACom\AuthAuth registry key perhaps?

.. or maybe AAIUrl in EnB\data\client\ini\auth.ini file does not point to right place? Launcher should modify it, but maybe there is permission issues.

 

If you know what wireshark is, then it would be interesting to know which certificate is served when client tries to connect.

Some so called "Internet Security" soft might intercept all https traffic from non-whitelisted programs and doing the man-in-the-middle attack to switch out certificate with its own to decrypt the traffic. It may also be your ISP, but that does not explain how IE gets thru (local soft doing whitelist mitm does)

Answers to each question:

 

1. Registry item - I do not have an \EACom\ folder under the HKEY_LOCALMACHINE\SOFTWARE path, so I can't check this. Is it possible this was missed during installation due to permissions?

 

2. the Auth.ini file I have has the following data:

[General]
AAIBase=AuthLogin
AAIUrl=sunrise.net-7.org
LKeyUrl=https://sunrise.net-7.org/misc/touchsession.jsp?lkey=%s
 

3. I've captured wireshark data for my attempts, but I'm not familiar with using the application so I'm not sure how to get what you're asking for. Should I just send you the capture data?

 

Regarding internet security apps, I have nothing installed other than what comes with Win7 Pro (windows firewall basically) so I don't think that's the issue.

Share this post


Link to post
Share on other sites
16 hours ago, Cipher said:

If you still experience the same problem then see if this fixes your problem:

  • Open Control Panel
  • Click on Network and Internet
  • Click on Network and Sharing Center
  • In the bottom left, click on Internet Options
  • Click on the Advanced tab
  • Scroll down in that tab until you see the Security section
    • In this section, please uncheck "Check for server certificate revocation" then hit Apply.

 

If the above method (disabling server certificate revocation check) fixes your problem, I would still advise turning it back on (for security reasons) and just letting us know if that fixed the problem for you so that I can investigate further.

This worked! I rebooted after disabling this setting and I was able to login! I tried setting my date/time in the past but that didn't seem to have any effect.

Share this post


Link to post
Share on other sites
17 minutes ago, KSerge said:

This worked! I rebooted after disabling this setting and I was able to login! I tried setting my date/time in the past but that didn't seem to have any effect.

 

Alright well that at least helps narrow the problem down a little bit.

 

I would be interested to see what your CAPI2 logs contain once you re-enable server certificate revocation checking.

 

To enable CAPI2 logging:

  • Re-enable Server Certification Revocation checks (see above post)
  • Launch Event Viewer (eventvwr)
  • Open the Applications and Services Logs category on the left side
  • Navigate to Microsoft/Windows/CAPI2.
  • In the tree view on the left side still, right click 'Operational' and click 'Enable Log'
  • Reboot your system

 

Once CAPI2 logging has been enabled and the CRL checks are re-enabled try getting the INV-300 on EnB again, then navigate to CAPI2/Operational again and see if any events have been generated.

 

 

Share this post


Link to post
Share on other sites

This fixed mine also. Although IE still shows Valid=false :D

Share this post


Link to post
Share on other sites
2 hours ago, Cipher said:

 

Alright well that at least helps narrow the problem down a little bit.

 

I would be interested to see what your CAPI2 logs contain once you re-enable server certificate revocation checking.

 

To enable CAPI2 logging:

  • Re-enable Server Certification Revocation checks (see above post)
  • Launch Event Viewer (eventvwr)
  • Open the Applications and Services Logs category on the left side
  • Navigate to Microsoft/Windows/CAPI2.
  • In the tree view on the left side still, right click 'Operational' and click 'Enable Log'
  • Reboot your system

 

Once CAPI2 logging has been enabled and the CRL checks are re-enabled try getting the INV-300 on EnB again, then navigate to CAPI2/Operational again and see if any events have been generated.

 

 

 

I've completed these steps, and the CAPI2 operational logs definitely show some errors, should I just post up the XML data here or is there sensitive info that shouldn't be posted?

Share this post


Link to post
Share on other sites
2 hours ago, KSerge said:

 

I've completed these steps, and the CAPI2 operational logs definitely show some errors, should I just post up the XML data here or is there sensitive info that shouldn't be posted?

 

There shouldn't be any personal or dangerous information but feel free to look through it yourself first to be sure if you're worried. You can also just message me the data in a private message.

Share this post


Link to post
Share on other sites

His CAPI2 logs showed that it's failing to connect to LE's revocation server. It also shows that the certificate issuer is 

 <IssuerCertificate fileRef="3EAE91937EC85D74483FF4B77B07B43E2AF36BF4.cer" subjectName="Let's Encrypt Authority X1" /> 

 

Here's the CRL info from his CAPI2 log.

- <CertVerifyRevocation>
  <Certificate fileRef="FD2ACFB6ED0D9CACF6BD955E3DBDB150E6157391.cer" subjectName="www.net-7.org" /> 
  <IssuerCertificate fileRef="3EAE91937EC85D74483FF4B77B07B43E2AF36BF4.cer" subjectName="Let's Encrypt Authority X1" /> 
  <Flags value="4" CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG="true" /> 
  <AdditionalParameters timeToUse="2018-04-12T01:25:26.196Z" currentTime="2018-04-12T01:25:26.202Z" urlRetrievalTimeout="PT19.997S" /> 
  <RevocationStatus index="0" error="80092013" reason="0" /> 
  <EventAuxInfo ProcessName="LaunchNet7.exe" /> 
  <CorrelationAuxInfo TaskId="{D088C52C-D432-43F7-8EC8-3787065A366F}" SeqNumber="28" /> 
  <Result value="80092013">The revocation function was unable to check revocation because the revocation server was offline.</Result> 
  </CertVerifyRevocation>

 

 

KSerge & tsaavik: Can you both check your User Certificate store?

  • Open the User Certificate MMC console by opening the Control Panel, searching for 'user certificate' and clicking 'Manager User Certificates'.
  • On the left side, open Intermediate Certification Authorities, then Certificates
  • Very which Let's Encrypt Certificate(s) you have, you should see something like the picture below:
    b59a780992.jpg

 

 

If you do not have a "Let's Encrypt Authority X3" certificate:

  • Download the Intermediate Certificate @ https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
  • Rename the certificate to use the .cer extension rather than the .pem.txt extension.
  • Double click on the certificate and click on [Install Certificate]
    • Choose the "Place all certificates in the following store" option and store it in "Intermediate Certification Authorities"

 

(If you have / Installed the X3 certificate)

If you have a "Let's Encrypt Authority X1" certificate:

  • Right click the certificate and click Delete
    • The X1 certificate has been retired since 2016

Share this post


Link to post
Share on other sites

Sorry, I don't seem to have a 'user certificate'  management system that I can find. I'm running Windows 7 SP1.

Update: I ran certmgr.msc, and I have the lets encrypt authority X1, issued by DST root CA X3, expires 10/19/2020

 

I'll delete and test with revocation turned back on tonight.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×