PIN Paired Devices

[Zod20]

Read before posting an issue

If you have an issue, please consider the following before:

• Have you tried updating:
  • Your operating system
  • Geforce Experience (mention if in beta)
  • Chrome to the latest version
  • The Moonlight client
• Have you tried pinging your host from the client?
• If streaming over the internet:
  • Have you followed the guide?
  • Have you opened all ports to they correct protocols (udp or tcp)
• Have you enabled hardware acceleration?
  • Check under chrome://settings/system to enable it
  • Check under chrome://flags/#disable-accelerated-video-decode for video hardware acceleration
  • Check under chrome://gpu for:
    • Video Decode: "Hardware accelerated"
    • WebGL: "Hardware accelerated"
    • WebGL2: "Hardware accelerated"
• Have you enabled NaCL?
  • Check under chrome://flags/#enable-nacl to enable it
  • Are you running Linux? if so, install Chrome from official ppa

If you still have problems, post them in the issues section with info, logs and screenshots if possible

[jorys-paulin]

@Zod20 I guess you want an extra layer of security before connecting to a host?

[Zod20]

Is there a way to authenticate with the nvidia gamestream service without pin? It's almost impossible to do it with headless AWS spot instances. Or where does the nvidia GFE store the paired devices file?

Sorry for not writing full post in title.

[Zod20]

@jorys-paulin sorry for not putting full post in title, please see my above comment on the issue :D

[jorys-paulin]

@Zod20 GeForce Experience opens up a pop-up wich you have to fill in the pin code to complete paring. This is a required security measure we can't overcome, at least I don't think so.

[Zod20]

@jorys-paulin Thank you very much for your time! I'm thinking that once you enter your pin and authenticate, for future connections the GFE remembers your device. So the authenticated device info must be located locally with the GFE.

I would like to access this file and add my new devices manually without going through the pin phase. (AWS headless instance without display or adapter driver so no way to see pin from screen, LONG STORY on why this is necessary but a ton of hacks and work-around.)

[jorys-paulin]

@Zod20 They might be a command line or config files, but I don't know much about it.

[jorys-paulin]

@Zod20 According to cgutman, a monitor is still required to properly launch games and stream them.

[Zod20]

Thanks for the tip @jorys-paulin

I did some more digging in the logs and came up with this -

#7(I)[2018-07-09 10:45:22,047]=16:45:22={00000E50} StreamerControllerWrapper connected to MessageBus
#8(I)[2018-07-09 10:45:22,047]=16:45:22={00000C68} PKCS7 Data
#9(I)[2018-07-09 10:45:22,047]=16:45:22={00000C68} Shrouded Keybag
#0(I)[2018-07-09 10:45:22,047]=16:45:22={0000305C} AppListProviderWrapper connected to MessageBus
#1(I)[2018-07-09 10:45:22,047]=16:45:22={00001A28} Starting GsProxyClientWrapper thread
#2(I)[2018-07-09 10:45:22,047]=16:45:22={00000C68} Shrouded Keybag
#3(I)[2018-07-09 10:45:22,047]=16:45:22={00000FD8} GsProxyClientWrapper connected to MessageBus
#4(I)[2018-07-09 10:45:22,047]=16:45:22={00000C68} PKCS7 Encrypted data
#5(D)[2018-07-09 10:45:22,047]=16:45:22={00001A28} Started native thread: GsProxyClientWrapper Thread (thread id: 00000C58)
#6(I)[2018-07-09 10:45:22,062]=16:45:22={00000C68} Certificate bag
#7(I)[2018-07-09 10:45:22,062]=16:45:22={00000C68} Certificate subjectName: F9009E09154F8D63
#8(I)[2018-07-09 10:45:22,062]=16:45:22={00000C68} Certificate bag
#9(I)[2018-07-09 10:45:22,062]=16:45:22={00000C68} Certificate subjectName: localhost
#0(I)[2018-07-09 10:45:22,062]=16:45:22={00000C68} Certificate bag
#1(I)[2018-07-09 10:45:22,062]=16:45:22={00000C68} Certificate subjectName: NVIDIA GameStream Server
#2(I)[2018-07-09 10:45:22,062]=16:45:22={00000C68} Server certificate: -----BEGIN CERTIFICATE-----
MIICwjCCAaoCCQDBV5flf3sYTTANBgkqhkiG...1vqtHeOW82a8H78DRzdQ9w1CCHuMpBUghjyo=
-----END CERTIFICATE-----
[1017]
#3(I)[2018-07-09 10:45:22,062]=16:45:22={00000C68} Server certificate subject name = NVIDIA GameStream Server
#4(I)[2018-07-09 10:45:22,062]=16:45:22={00000C68} Network Event Subscribe: 00007FFB46CE04C0 - 0000015FF9C026D8
#5(I)[2018-07-09 10:45:22,062]=16:45:22={00002C04} SSASRequestListener joined Message Bus
#6(D)[2018-07-09 10:45:22,078]=16:45:22={00000C68} AccountsHandlerEndpoint::AsyncInitialize complete
#7(D)[2018-07-09 10:45:22,078]=16:45:22={00000C68} Completed thread function for native thread: AccountsHandlerEndpoint::Initialize (thread id: 00000C68)
#8(I)[2018-07-09 10:45:22,078]=16:45:22={00000730} SSAURequestHandler connected to MessageBus
#9(I)[2018-07-09 10:45:22,078]=16:45:22={00001A28} Display '\.\DISPLAY1' resolution is 1920x1080@59, Orientation:0
#0(E)[2018-07-09 10:45:22,078]=16:45:22={00001A28} Failed to load: C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspapi64.dll with error: [0000007e]
#1(I)[2018-07-09 10:45:22,094]=16:45:22={00001A28} Loaded: nvspcap64.dll
#2(I)[2018-07-09 10:45:22,094]=16:45:22={00001A28} NvStreamUserAgentPlugin: PID 8256 OpenSSL 1.0.2j 18 Oct 2016 (with NVidia memory corruption patch)

Is the certificate host shown for the PIN pairing?

[jorys-paulin]

I don't know. I suggest you ask @cgutman for that, he knows the subject better than I do.

[ghost]

[Zod20] Hello Zod20
do you know pairing authenticated device info location yet ?
could you tell me ?

[ergors]

I would also like to know.

[cgutman]

I'm not exactly sure, but I know that the client certificate is enrolled in the "Trusted People" certificate store on the host system.

If you search for "Manage user certificates" in the Start Menu, then open "Trusted People" > "Certificates". You will see the client certificates there.

I don't know if that's the only place, but it's certainly one place.