If I quit the launcher and start it again it just stucks at a grey screen. (I can not add a second screenshot here as I am a new user but its just the launcher window completly grey)
I then have to delete user data in “C:\Users\USER\AppData\Roaming\omniverse-launcher” to see the login dialogue again.
Any ideas what could cause this?
[Edit] We think it has something to do with the ports the launcher is using. Our company has very specific Firewall rules. Is there any information about what ports the launcher is using?
The launcher did not gave any options what apps/components should be installed from the start. I think thats what the launcher is for right? To install the apps. But I can not launch it from our company network.
If we use the launcher outside our company network we do not get this error. Thats the reason we think it has something to do with specific ports used by the launcher. Are they the same as the ports from the nucleus documentation you send me?
I do not think the port numbers are the issue at this point.
Seems to be related to certificate security from the web interface needed in the install process for GDPR.
Are you using Chrome as your default browser? If not, which one are you using?
I will try and reproduce
The most common cause of the " unable to get local issuer certificate " error is a misconfigured web server that fails to send all of the intermediate certificates with the server certificate , when the client and server perform the SSL /TLS negotiation.
@maximilian.auer -
Please look at this link to see information about firewalls in terms of Nvidia Launcher. Allowing these links (or all of nvidia.com) should solve your issues with Launcher at work vs home.
This issue seems to be related to SSL de- and re-encryption by perimeter Firewall.
The Firewall re-encrypts with the companies private Certification Authority, so the client needs to check the certificate against a private root ca certificate.
The Firewall delivers the webservers certificate and the appropriate intermediate certificate, so the chain should be completely available for the client.
Debugging and checking the logs provided by maximilian.auer brought us to the electron framework. It seems the omniverse clients is build with this framework. According this issue[1] on Github it depends on the underlying http request lib if an internal ca store (like Firefox) or the system ca store is used to check the Certificate provided by a Webserver.
It seems the omniverse client uses an internal ca store and doesn’t know about the private root ca certificate. Can you confirm this?
Do you know about a workarround? We’ve played around with NODE_EXTRA_CA_CERTS[2] environment variables, but without success.
When getting this, two things seemed to work:
While the grey screen is there, I was getting this in the log
[2021-01-20 10:35:45.360] [info] Running production web server.
[2021-01-20 10:35:45.373] [info] Logged in.
[2021-01-20 10:35:45.380] [info] HTTP endpoints listening at http://localhost:33480
[2021-01-20 10:35:55.864] [debug] Running "...\AppData\Local\ov\pkg\view 2020.3.24\_build\windows-x86_64\release\omniverse-kit-view.bat"
[2021-01-20 10:39:07.004] [info] Checking for update
[2021-01-20 10:39:07.214] [info] Can't read the ...\AppData\Roaming\omniverse-launcher\data\installers.json file: SyntaxError: Unexpected end of JSON input
at JSON.parse (<anonymous>)
at Ui.parse (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:65463)
at Ui.load (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:332:22827)
at async Mi.load (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:67185)
at async ...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:113813
at async lo (...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:113309)
at async ...\AppData\Local\Programs\omniverse-launcher\resources\app.asar\dist\main.js:346:115366
The other thing, since am behind a proxy and I assume you are too, the launcher was not picking up the system proxy.
So visiting https://launcher-prod.s3.us-east-2.amazonaws.com/disclaimers/gdpr.json was working.
I then tried to add to the shortcut launching Launcher this "...\AppData\Local\Programs\omniverse-launcher\NVIDIA Omniverse Launcher.exe" --proxy-server="{proxy}:{port}"
Hey @starabishy,
thank you for reply! The Proxy setting won’t help in the case described by @maximilian.auer.
In this setup a transparent proxy for Webcontent Filtering is configured, so the default gateway redirects the traffic through the proxy without any dedicated proxy setting needed on client side.
Could you please share the path for where certificates are stored? I have the same problem but I think it is because of the ZScaler client installed on my system. I have this issue with a lot of other applications as well, my IT team has given me the .pem file for ZSclaler to add certificates to the cacert/ceritficates for different applications.
Thank you
Dear,
Is there a way to use the NODE_EXTRA_CA_CERTS variable ?
I work for a security red/blue team and we use Zscaler SSL Inspection. After troubleshooting, we found only two ways of avoiding SSL certificate error behind Zscaler, either bypassing .nvidia.com and amazonaws.com or setting NODE_TLS_REJECT_UNAUTHORIZED=0 , both solutions are not recommended as per security best practices. Usually, Nodes Apps allows usage of NODE_EXTRA_CA_CERTS variable (including Nodes.js) where we can place our ZS self-signed certificate in ca-bundle.pem file for instance. May you help?
