Omniverse Launcher Error

maximilian.auer · January 12, 2021, 1:18pm

I get the following error in the Omniverse Launcher while logging in.

I get redirected to a login page when hitting the login button. Afterwards it jumps back into the launcher but shows the following error:

If I quit the launcher and start it again it just stucks at a grey screen. (I can not add a second screenshot here as I am a new user but its just the launcher window completly grey)

I then have to delete user data in “C:\Users\USER\AppData\Roaming\omniverse-launcher” to see the login dialogue again.

Any ideas what could cause this?

[Edit] We think it has something to do with the ports the launcher is using. Our company has very specific Firewall rules. Is there any information about what ports the launcher is using?

mirice · January 12, 2021, 4:36pm

Thank you for using Omniverse, sorry you are having issues. The following is a link to the required ports.

Some other questions:

When you started the launcher the first time, did you select to install “Cache”? Did it install correctly?
can you try and install “create”, tell me if that installed

mirice · January 12, 2021, 6:26pm

@maximilian.auer -
Can you possibly attach the launcher logs
Location c:\User<your name>.nvidia-omniverse\logs*

maximilian.auer · January 13, 2021, 9:03am

I downloaded the launcher from https://www.nvidia.com/en-us/design-visualization/omniverse/.

The launcher did not gave any options what apps/components should be installed from the start. I think thats what the launcher is for right? To install the apps. But I can not launch it from our company network.

If we use the launcher outside our company network we do not get this error. Thats the reason we think it has something to do with specific ports used by the launcher. Are they the same as the ports from the nucleus documentation you send me?

maximilian.auer · January 13, 2021, 9:33am

Hey @mirice,

I attached a log from the launcher. This is the state where the launcher is just grey and doesnt show anything.

The \installers.json is just empty.

Hope it helps!
launcher.log (3.2 KB)

mirice · January 13, 2021, 5:13pm

@maximilian.auer -

I do not think the port numbers are the issue at this point.
Seems to be related to certificate security from the web interface needed in the install process for GDPR.

Are you using Chrome as your default browser? If not, which one are you using?
I will try and reproduce

The most common cause of the " unable to get local issuer certificate " error is a misconfigured web server that fails to send all of the intermediate certificates with the server certificate , when the client and server perform the SSL /TLS negotiation.

mirice · January 14, 2021, 4:36am

@maximilian.auer -
Please look at this link to see information about firewalls in terms of Nvidia Launcher. Allowing these links (or all of nvidia.com) should solve your issues with Launcher at work vs home.

maximilian.auer · January 14, 2021, 4:23pm

I forwarded everything to our IT-Department to resolve this issue.

Thanks for the help @mirice!

username808 · January 20, 2021, 2:12pm

Hello, IT department here.

This issue seems to be related to SSL de- and re-encryption by perimeter Firewall.

The Firewall re-encrypts with the companies private Certification Authority, so the client needs to check the certificate against a private root ca certificate.
The Firewall delivers the webservers certificate and the appropriate intermediate certificate, so the chain should be completely available for the client.

Debugging and checking the logs provided by maximilian.auer brought us to the electron framework. It seems the omniverse clients is build with this framework. According this issue[1] on Github it depends on the underlying http request lib if an internal ca store (like Firefox) or the system ca store is used to check the Certificate provided by a Webserver.

It seems the omniverse client uses an internal ca store and doesn’t know about the private root ca certificate. Can you confirm this?
Do you know about a workarround? We’ve played around with NODE_EXTRA_CA_CERTS[2] environment variables, but without success.

Regards
username808

[1] https://github.com/electron/electron/issues/11741
[2] https://stackoverflow.com/a/64885078

starabishy · January 20, 2021, 1:36pm

When getting this, two things seemed to work:
While the grey screen is there, I was getting this in the log

[2021-01-20 10:35:45.360] [info] Running production web server.
[2021-01-20 10:35:45.373] [info] Logged in.
[2021-01-20 10:35:45.380] [info] HTTP endpoints listening at http://localhost:33480
[2021-01-20 10:35:55.864] [debug] Running "...\AppData\Local\ov\pkg\view 2020.3.24\_build\windows-x86_64\release\omniverse-kit-view.bat"
[2021-01-20 10:39:07.004] [info] Checking for update
[2021-01-20 10:39:07.214] [info] Can't read the ...\AppData\Roaming\omniverse-launcher\data\installers.json file:  SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at Ui.parse (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:65463)
    at Ui.load (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:332:22827)
    at async Mi.load (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:67185)
    at async ...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:113813
    at async lo (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:113309)
    at async ...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:115366

Connecting to http://localhost:33480 actually works.

The other thing, since am behind a proxy and I assume you are too, the launcher was not picking up the system proxy.

So visiting https://launcher-prod.s3.us-east-2.amazonaws.com/disclaimers/gdpr.json was working.

I then tried to add to the shortcut launching Launcher this
"...\AppData\Local\Programs\omniverse-launcher\NVIDIA Omniverse Launcher.exe" --proxy-server="{proxy}:{port}"

Hope this helps.

username808 · January 20, 2021, 2:22pm

Hey @starabishy,
thank you for reply! The Proxy setting won’t help in the case described by @maximilian.auer.
In this setup a transparent proxy for Webcontent Filtering is configured, so the default gateway redirects the traffic through the proxy without any dedicated proxy setting needed on client side.

mirice · January 20, 2021, 4:28pm

@username808 -
I have contacted internal development concerning SSL de- and re-encryption by perimeter Firewall

Omniverse using the default functionality provided by Electron, nothing specific for certificates

Can you try to use NODE_TLS_REJECT_UNAUTHORIZED=0 as describe in this doc:

If that won’t help, they can you try and play with NODE_OPTIONS https://www.electronjs.org/docs/api/environment-variables#node_options

probably worth trying --use-openssl-ca (https://nodejs.org/api/cli.html#cli_use_bundled_ca_use_openssl_ca)

username808 · January 21, 2021, 9:30am

@mirice
NODE_TLS_REJECT_UNAUTHORIZED=0 did the job, thank you!
Here a powershell snippet to start the client:

$Env:NODE_TLS_REJECT_UNAUTHORIZED = "0"
Start-Process -FilePath "Nvidia Omniverse Launcher.exe"

Note: This should only be used for test/evaluation purposes. This paramter disables TLS verification in general and allows man in the middle attacks.

michael.easter · January 26, 2021, 9:48pm

I had this issue, with similar logs to the one submitted. My issue was with the proxy not being set in the launcher shortcut.