Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, September 4, 2019 10:45 AM
Hello,
I'm currently trying to setup my IKEv2 VPN client on Windows 10 IoT Core running on a Raspberry Pi Model 3B and referring this guide here https://docs.microsoft.com/en-us/windows/iot-core/connect-your-device/vpn
As mentioned by the documentation above, it asks me to:
- Apply user certs a. Login to the IoT Device using SSH as "DefaultAccount". b. From the command prompt, type "PowerShell". c. Issue the following commands from PowerShell (while logged in as "Default Account"):
Here comes to my question, how can I login as DefaultAccount? Is there a default password to this account that I don't know? Can I change its password by using Administrator account without breaking anything?
Many thanks.
Wen
All replies (6)
Thursday, September 5, 2019 1:57 AM âś…Answered
Hello 5he11,
If you want to login as DefaultAccount rather than as the administrator, you will need to generate a rsa key to login. Please refer to this document. Besides, you need to replace the host in the commands with the ip address of your device.
Best Regards,
Michael
MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].
Thursday, September 5, 2019 12:38 AM
Dear friend,
If you setup the device without IoT Dashboard, maybe you can try with "administrator" and "p@ssw0rd" as the default account.
Keep Fighting
Thursday, September 5, 2019 11:42 AM
Thanks to your reply.
But please note that there is an account called "DefaultAccount", so my question was asking about how to login as this DefaultAccount, NOT to login as "a default account"
Thursday, September 5, 2019 11:51 AM
Thank you Michael for your reply on this. It solved my issue to login as the DefaultAccount.
But bad thing happens. I'm now keep following the instructions described by the same document https://docs.microsoft.com/en-us/windows/iot-core/connect-your-device/vpn
I got stuck at here by executing a powershell command on behalf of DefaultAccount,
$mypwd = ConvertTo-SecureString -String "<password>" -Force -AsPlainText import-pfxcertificate -FilePath RasTest.pfx -CertStoreLocation cert:currentUser\my -Password $mypwd
I just got the following error message after executing it,
PS C:\Data\Users\DefaultAccount\documents> import-pfxcertificate -FilePath client.pfx -CertStoreLocation cert:currentUse
r\my -Password $mypwd
import-pfxcertificate : Access denied. (Exception from HRESULT: 0x80090010)
At line:1 char:1
- import-pfxcertificate -FilePath client.pfx -CertStoreLocation cert:cu ...
-
+ CategoryInfo : NotSpecified: (:) [Import-PfxCertificate], Exception
+ FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.ImportPfxCertificate
I'm pretty sure that the certificate password I provided was correct because if the password is wrong I get error message saying the password is incorrect.
But if I ssh login as the Administrator account, I'm then able to import the PFX certificate into both the LocalMachine and CurrentUser stores by using the same certificate password and the same powershell command.
Any idea on how can I get through of this please?
Regards,
Wen
Thursday, September 5, 2019 12:01 PM
The same permission issue I face when I try to execute the following command after SSH login as DefaultAccount,
CertMgr -add C:\Data\OEM\ca.cer -s -r LocalMachine Root -all
Error: Failed to open the destination store
CertMgr Failed
I found this article here and I think the answer describes the reason to my issue,
It basically says that when I login from the network, such as WinRM (I guess SSH falls into the same situation), the system uses the account that is configured with the WinRM service on the remote machine which by default it is the built-in Network Service account, the Network Service account is configured to act on behalf of the user account we use to authenticate to the server but it does not have access to all authenticated user's locations, e.g. certificate store. The Network Service can view it but not modify it. That is why we get access denied error when importing the certificate into the authenticated user's certificate store
So I guess it should probably be wrong to SSH login as DefaultAccount? Probably another way around it?
Regards,
Wen
Friday, September 6, 2019 8:08 AM
Hello 5he11,
You may try to create a custom app which is used to import the pfx certificate with API CertificateEnrollmentManager.ImportPfxDataAsync. And then run the the app as DefaultAccount.
Please note that you need to add the Certificates capability in your custom app.
Best Regards,
Michael
MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].