Omniverse Launcher Error

I get the following error in the Omniverse Launcher while logging in.

I get redirected to a login page when hitting the login button. Afterwards it jumps back into the launcher but shows the following error:

If I quit the launcher and start it again it just stucks at a grey screen. (I can not add a second screenshot here as I am a new user but its just the launcher window completly grey)

I then have to delete user data in “C:\Users\USER\AppData\Roaming\omniverse-launcher” to see the login dialogue again.

Any ideas what could cause this?

[Edit] We think it has something to do with the ports the launcher is using. Our company has very specific Firewall rules. Is there any information about what ports the launcher is using?

1 Like

Thank you for using Omniverse, sorry you are having issues. The following is a link to the required ports.

https://docs.omniverse.nvidia.com/prod_nucleus/prod_nucleus/usage/workstation.html

Some other questions:

  1. When you started the launcher the first time, did you select to install “Cache”? Did it install correctly?
  2. can you try and install “create”, tell me if that installed

@maximilian.auer -
Can you possibly attach the launcher logs
Location c:\User<your name>.nvidia-omniverse\logs*

I downloaded the launcher from Omniverse Platform for 3D Design Collaboration and Simulation | NVIDIA.

The launcher did not gave any options what apps/components should be installed from the start. I think thats what the launcher is for right? To install the apps. But I can not launch it from our company network.

If we use the launcher outside our company network we do not get this error. Thats the reason we think it has something to do with specific ports used by the launcher. Are they the same as the ports from the nucleus documentation you send me?

Hey @mirice,

I attached a log from the launcher. This is the state where the launcher is just grey and doesnt show anything.

The \installers.json is just empty.

Hope it helps!
launcher.log (3.2 KB)

@maximilian.auer -

I do not think the port numbers are the issue at this point.
Seems to be related to certificate security from the web interface needed in the install process for GDPR.

  1. Are you using Chrome as your default browser? If not, which one are you using?
  2. I will try and reproduce

The most common cause of the " unable to get local issuer certificate " error is a misconfigured web server that fails to send all of the intermediate certificates with the server certificate , when the client and server perform the SSL /TLS negotiation.

@maximilian.auer -
Please look at this link to see information about firewalls in terms of Nvidia Launcher. Allowing these links (or all of nvidia.com) should solve your issues with Launcher at work vs home.

https://docs.omniverse.nvidia.com/prod_launcher/prod_launcher/installing_launcher.html#using-a-proxy-server

I forwarded everything to our IT-Department to resolve this issue.

Thanks for the help @mirice!

Hello, IT department here.

This issue seems to be related to SSL de- and re-encryption by perimeter Firewall.

The Firewall re-encrypts with the companies private Certification Authority, so the client needs to check the certificate against a private root ca certificate.
The Firewall delivers the webservers certificate and the appropriate intermediate certificate, so the chain should be completely available for the client.

Debugging and checking the logs provided by maximilian.auer brought us to the electron framework. It seems the omniverse clients is build with this framework. According this issue[1] on Github it depends on the underlying http request lib if an internal ca store (like Firefox) or the system ca store is used to check the Certificate provided by a Webserver.

It seems the omniverse client uses an internal ca store and doesn’t know about the private root ca certificate. Can you confirm this?
Do you know about a workarround? We’ve played around with NODE_EXTRA_CA_CERTS[2] environment variables, but without success.

Regards
username808

[1] Electron's chromium is trusting different CAs then Electron's NodeJS · Issue #11741 · electron/electron · GitHub
[2] Ignore invalid self-signed ssl certificate in node.js with https.request? - Stack Overflow

When getting this, two things seemed to work:
While the grey screen is there, I was getting this in the log

[2021-01-20 10:35:45.360] [info] Running production web server.
[2021-01-20 10:35:45.373] [info] Logged in.
[2021-01-20 10:35:45.380] [info] HTTP endpoints listening at http://localhost:33480
[2021-01-20 10:35:55.864] [debug] Running "...\AppData\Local\ov\pkg\view 2020.3.24\_build\windows-x86_64\release\omniverse-kit-view.bat"
[2021-01-20 10:39:07.004] [info] Checking for update
[2021-01-20 10:39:07.214] [info] Can't read the ...\AppData\Roaming\omniverse-launcher\data\installers.json file:  SyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at Ui.parse (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:65463)
    at Ui.load (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:332:22827)
    at async Mi.load (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:67185)
    at async ...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:113813
    at async lo (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:113309)
    at async ...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:115366

Connecting to http://localhost:33480 actually works.

The other thing, since am behind a proxy and I assume you are too, the launcher was not picking up the system proxy.

So visiting https://launcher-prod.s3.us-east-2.amazonaws.com/disclaimers/gdpr.json was working.

I then tried to add to the shortcut launching Launcher this
"...\AppData\Local\Programs\omniverse-launcher\NVIDIA Omniverse Launcher.exe" --proxy-server="{proxy}:{port}"

Hope this helps.

Hey @starabishy,
thank you for reply! The Proxy setting won’t help in the case described by @maximilian.auer.
In this setup a transparent proxy for Webcontent Filtering is configured, so the default gateway redirects the traffic through the proxy without any dedicated proxy setting needed on client side.

@username808 -
I have contacted internal development concerning SSL de- and re-encryption by perimeter Firewall

Omniverse using the default functionality provided by Electron, nothing specific for certificates

Can you try to use NODE_TLS_REJECT_UNAUTHORIZED=0 as describe in this doc:
https://nodejs.org/api/cli.html#cli_node_tls_reject_unauthorized_value

If that won’t help, they can you try and play with NODE_OPTIONS Environment Variables | Electron

probably worth trying --use-openssl-ca (Command-line API | Node.js v18.9.0 Documentation)

1 Like

@mirice
NODE_TLS_REJECT_UNAUTHORIZED=0 did the job, thank you!
Here a powershell snippet to start the client:

$Env:NODE_TLS_REJECT_UNAUTHORIZED = "0"
Start-Process -FilePath "Nvidia Omniverse Launcher.exe"

Note: This should only be used for test/evaluation purposes. This paramter disables TLS verification in general and allows man in the middle attacks.

I had this issue, with similar logs to the one submitted. My issue was with the proxy not being set in the launcher shortcut.

Could you please share the path for where certificates are stored? I have the same problem but I think it is because of the ZScaler client installed on my system. I have this issue with a lot of other applications as well, my IT team has given me the .pem file for ZSclaler to add certificates to the cacert/ceritficates for different applications.
Thank you

Dear,
Is there a way to use the NODE_EXTRA_CA_CERTS variable ?
I work for a security red/blue team and we use Zscaler SSL Inspection. After troubleshooting, we found only two ways of avoiding SSL certificate error behind Zscaler, either bypassing .nvidia.com and amazonaws.com or setting NODE_TLS_REJECT_UNAUTHORIZED=0 , both solutions are not recommended as per security best practices. Usually, Nodes Apps allows usage of NODE_EXTRA_CA_CERTS variable (including Nodes.js) where we can place our ZS self-signed certificate in ca-bundle.pem file for instance. May you help?