Closed Bug 1354023 Opened 7 years ago Closed 6 years ago

security.enterprise_roots.enabled doesn't work for Firefox Sync

Categories

(Firefox :: Sync, defect)

Product:
Firefox
Component:
Sync
Version:
53 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1295122

People

(Reporter: hegsie, Unassigned)

Details

Attachments

(6 files)

error logs from attempted sync with security.enterprise_roots.enabled
90.65 KB, text/plain
Details
error logs from attempted sync with security.enterprise_roots.enabled
90.65 KB, text/plain
Details
error-sync-1529396073576.txt
4.22 KB, text/plain
Details
success-sync-1529396230726.txt
17.42 KB, text/plain
Details
error-sync-1529396313081.txt
2.06 KB, text/plain
Details
aboutsync-logfiles.zip - syncs with new sync account and new FF profile
40.39 KB, application/x-zip-compressed
Details 
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Steps to reproduce:

Added security.enterprise_roots.enabled to the about:config, can connect to websites but firefox sync still can't connect


Actual results:

Firefox sync can't connect to the internet, even when firefox can using this feature


Expected results:

Sync should connect
Component: Untriaged → Sync
> firefox sync still can't connect

Hi Ben, thanks for the report!  Can you give any more information about the connection error your receive from Firefox here?  If there are any error logs in about:sync-log that reflect this issue please attach them to the bug.
Flags: needinfo?(hegsie)
Would you believe that this morning I had 53.0b6 this morning and it wasn't working, now I have 53.0b9 and its started working, great news but all my logs are gone. Feel free to close :)
Flags: needinfo?(hegsie)
I'm happy to settle for "working", good to hear :-)
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
I noticed this today while trying security.enterprise_roots.enabled for the first time.   When I next reopened Firefox, "Firefox Sync" was logged out; and it would not stay logged in.

Firefox Quantum 60.0.2 (64-bit) on Windows.

about:sync-log sez:

1529078391848	Sync.Service	INFO	Loading Weave 1.62.0
1529078391854	Sync.Engine.Clients	DEBUG	Engine constructed
1529078391857	Sync.Engine.Clients	DEBUG	Resetting clients last sync time
1529078391861	Sync.Engine.Clients	DEBUG	SyncEngine initialized: clients
1529078391867	Sync.Engine.Addons	DEBUG	Engine constructed
1529078391871	Sync.Engine.Addons	DEBUG	SyncEngine initialized: addons
1529078391877	Sync.Engine.Forms	DEBUG	Engine constructed
1529078391881	Sync.Engine.Forms	DEBUG	SyncEngine initialized: forms
1529078391884	Sync.Engine.History	DEBUG	Engine constructed
1529078391888	Sync.Engine.History	DEBUG	SyncEngine initialized: history
1529078391892	Sync.Engine.Passwords	DEBUG	Engine constructed
1529078391907	Sync.Engine.Passwords	DEBUG	SyncEngine initialized: passwords
1529078391909	Sync.Engine.Prefs	DEBUG	Engine constructed
1529078391920	Sync.Engine.Prefs	DEBUG	SyncEngine initialized: prefs
1529078391922	Sync.Engine.Tabs	DEBUG	Engine constructed
1529078391927	Sync.Engine.Tabs	DEBUG	SyncEngine initialized: tabs
1529078391927	Sync.Engine.Tabs	DEBUG	Resetting tabs last sync time
1529078391929	Sync.Engine.Extension-Storage	DEBUG	Engine constructed
1529078391935	Sync.Engine.Extension-Storage	DEBUG	SyncEngine initialized: extension-storage
1529078391939	Sync.Engine.Bookmarks	DEBUG	Engine constructed
1529078391941	Sync.Engine.Bookmarks	DEBUG	SyncEngine initialized: bookmarks
1529078391942	Sync.Service	INFO	Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
1529078391944	Sync.AddonsReconciler	INFO	Registering as Add-on Manager listener.
1529078391944	Sync.AddonsReconciler	DEBUG	Adding change listener.
1529078391944	Sync.Engine.History.Tracker	INFO	Adding Places observer.
1529078391949	FirefoxAccounts	TRACE	not checking freshness of profile as it remains recent
1529078395953	Sync.Service	DEBUG	User-Agent: Firefox/60.0.2 (Windows NT 6.1; Win64; x64) FxSync/1.62.0.20180605171542.desktop
1529078395954	Sync.Service	INFO	Starting sync at 2018-06-15 16:59:55 in browser session vnmMGgZ82YQl
1529078395954	Sync.Service	DEBUG	In sync: should login.
1529078395954	Sync.Service	INFO	User logged in successfully - verifying login.
1529078395958	Sync.BrowserIDManager	DEBUG	unlockAndVerifyAuthState re-fetched credentials and is returning: error.login.reason.account
1529078395958	Sync.Status	DEBUG	Status.login: success.login => error.login.reason.account
1529078395958	Sync.Status	DEBUG	Status.service: success.status_ok => error.login.failed
1529078395958	Sync.Service	DEBUG	Fetching unlocked auth state returned error.login.reason.account
1529078395959	Sync.ErrorHandler	ERROR	Sync encountered a login error
1529078395959	Sync.SyncScheduler	DEBUG	Clearing sync triggers and the global score.
1529078395963	Sync.Service	DEBUG	Exception calling WrappedLock: Error: Login failed: error.login.reason.account (resource://services-sync/service.js:853:15) JS Stack trace: onNotify@service.js:853:15
1529078395964	Sync.Service	DEBUG	Not syncing: login returned false.
1529078395966	Sync.ErrorHandler	DEBUG	Addons installed: 6
1529078395967	Sync.ErrorHandler	DEBUG	 - Firefox Multi-Account Containers, version 6.0.0, id @testpilot-containers
1529078395967	Sync.ErrorHandler	DEBUG	 - GNOME Shell integration, version 10.1, id chrome-gnome-shell@gnome.org
1529078395967	Sync.ErrorHandler	DEBUG	 - Cookie AutoDelete, version 2.2.0, id CookieAutoDelete@kennydo.com
1529078395967	Sync.ErrorHandler	DEBUG	 - In My Pocket, version 0.9.3, id {cd7e22de-2e34-40f0-aeff-cec824cbccac}
1529078395968	Sync.ErrorHandler	DEBUG	 - uBlock Origin, version 1.16.10, id uBlock0@raymondhill.net
1529078395968	Sync.ErrorHandler	DEBUG	 - Cisco Webex Extension, version 1.1.0, id ciscowebexstart1@cisco.com


And the time before it said:
1529077256817	Sync.Service	INFO	Loading Weave 1.62.0
1529077256820	Sync.Engine.Clients	DEBUG	Engine constructed
1529077256821	Sync.Engine.Clients	DEBUG	Resetting clients last sync time
1529077256929	Sync.Engine.Clients	DEBUG	SyncEngine initialized: clients
1529077256933	Sync.Engine.Addons	DEBUG	Engine constructed
1529077257011	Sync.Engine.Addons	DEBUG	SyncEngine initialized: addons
1529077257103	Sync.Engine.Forms	DEBUG	Engine constructed
1529077257130	Sync.Engine.Forms	DEBUG	SyncEngine initialized: forms
1529077257132	Sync.Engine.History	DEBUG	Engine constructed
1529077257171	Sync.Engine.History	DEBUG	SyncEngine initialized: history
1529077257174	Sync.Engine.Passwords	DEBUG	Engine constructed
1529077257180	Sync.Engine.Passwords	DEBUG	SyncEngine initialized: passwords
1529077257181	Sync.Engine.Prefs	DEBUG	Engine constructed
1529077257185	Sync.Engine.Prefs	DEBUG	SyncEngine initialized: prefs
1529077257186	Sync.Engine.Tabs	DEBUG	Engine constructed
1529077257189	Sync.Engine.Tabs	DEBUG	SyncEngine initialized: tabs
1529077257189	Sync.Engine.Tabs	DEBUG	Resetting tabs last sync time
1529077257191	Sync.Engine.Extension-Storage	DEBUG	Engine constructed
1529077257216	Sync.Engine.Extension-Storage	DEBUG	SyncEngine initialized: extension-storage
1529077257220	Sync.Engine.Bookmarks	DEBUG	Engine constructed
1529077257223	Sync.Engine.Bookmarks	DEBUG	SyncEngine initialized: bookmarks
1529077257223	Sync.Service	INFO	Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
1529077257225	Sync.AddonsReconciler	INFO	Registering as Add-on Manager listener.
1529077257225	Sync.AddonsReconciler	DEBUG	Adding change listener.
1529077257225	Sync.Engine.History.Tracker	INFO	Adding Places observer.
1529077257230	FirefoxAccounts	TRACE	not checking freshness of profile as it remains recent
1529077262231	Sync.Service	DEBUG	User-Agent: Firefox/60.0.2 (Windows NT 6.1; Win64; x64) FxSync/1.62.0.20180605171542.desktop
1529077262232	Sync.Service	INFO	Starting sync at 2018-06-15 16:41:02 in browser session FL1ezK9poFa8
1529077262232	Sync.Service	DEBUG	In sync: should login.
1529077262232	Sync.Service	INFO	User logged in successfully - verifying login.
1529077262239	Sync.BrowserIDManager	DEBUG	unlockAndVerifyAuthState re-fetched credentials and is returning: error.login.reason.account
1529077262239	Sync.Status	DEBUG	Status.login: success.login => error.login.reason.account
1529077262239	Sync.Status	DEBUG	Status.service: success.status_ok => error.login.failed
1529077262239	Sync.Service	DEBUG	Fetching unlocked auth state returned error.login.reason.account
1529077262240	Sync.ErrorHandler	ERROR	Sync encountered a login error
1529077262240	Sync.SyncScheduler	DEBUG	Clearing sync triggers and the global score.
1529077262245	Sync.Service	DEBUG	Exception calling WrappedLock: Error: Login failed: error.login.reason.account (resource://services-sync/service.js:853:15) JS Stack trace: onNotify@service.js:853:15
1529077262246	Sync.Service	DEBUG	Not syncing: login returned false.
1529077262248	Sync.ErrorHandler	DEBUG	Addons installed: 6
1529077262248	Sync.ErrorHandler	DEBUG	 - Firefox Multi-Account Containers, version 6.0.0, id @testpilot-containers
1529077262248	Sync.ErrorHandler	DEBUG	 - GNOME Shell integration, version 10.1, id chrome-gnome-shell@gnome.org
1529077262248	Sync.ErrorHandler	DEBUG	 - Cookie AutoDelete, version 2.2.0, id CookieAutoDelete@kennydo.com
1529077262249	Sync.ErrorHandler	DEBUG	 - In My Pocket, version 0.9.3, id {cd7e22de-2e34-40f0-aeff-cec824cbccac}
1529077262249	Sync.ErrorHandler	DEBUG	 - uBlock Origin, version 1.16.10, id uBlock0@raymondhill.net
1529077262249	Sync.ErrorHandler	DEBUG	 - Cisco Webex Extension, version 1.1.0, id ciscowebexstart1@cisco.com
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: WORKSFORME → ---
Thanks for reporting this.  Could you please try generating some trace-level logs using the instructions at [1] and attach them here?

If I had to guess, I'd say this was a bad interaction between our pre-shipped certificate pin for accounts.firefox.com and some enterprise config that's trying to intercept it, but I hopefully trace logs will tell us more details.

To clarify, when this error occurs, does it cause you to be signed out of firefox, but allow you to open the signin page and reconnect?

[1] https://wiki.mozilla.org/CloudServices/Sync/File_a_desktop_bug
Flags: needinfo?(kkilfedder)
Thanks for looking at this, Ryan.

I've tried the following:

01. Opened FF; noticed that I was logged in to FF Sync correctly.
02. Set security.enterprise_roots.enabled to TRUE.
03. Closed and reopened FF, and entered my Master Password, allowed the normal homepage to open up.  (around 09:14)
04. Noticed yellow warning triangle on the hamburger menu.   (ie. FF Sync is logged out)
05. Pressed "Reconnect to Sync" (about 09:15).
06. Was taken to Options page, pressed "Sign In" and entered FF Sync password.
07. Opened the confirmation email and pressed "Confirm Sign In".
08. FF says "This Firefox is Connected".
09. Pressed the manual sync button next to my email address in the menu (about 09:17).  It seemed to work
10. Closed and reopened FF; entered Master Password.
11. Let homepage open.
12. Yellow warning triangle reappeared.
13. Generated Logs - four marked "error-sync"; one marked "success-sync".
14. Switched security.enterprise_roots.enabled to FALSE.
15. Restarted FF; no warning triangle - all working OK.

Will shortly attach the logs.
Flags: needinfo?(kkilfedder)
Comment on attachment 8986111 [details]
error logs from attempted sync with security.enterprise_roots.enabled

filename was 'error-sync-1529396186164.txt'
These error logs have "Failed to save data to the login manager: TypeError: Services.logins is undefined", which implies this is actually bug 1295122 rather than directly related to this pref. (Note that not all logs have this error, but that's probably expected for syncs between the first such failure and the subsequent reconnection)

Can you please try on a different profile?
I'll have a go later in the week - do you mean a different Firefox profile (i.e. 'firefox.exe -profilemanager') or a new Firefox Sync profile?   (or both!).
(In reply to kkilfedder from comment #14)
> I'll have a go later in the week - do you mean a different Firefox profile
> (i.e. 'firefox.exe -profilemanager') or a new Firefox Sync profile?   (or
> both!).

The former - I suspect that one of the logins.json, key3.db or key4.db files in your local profile are corrupt.
01. Set up new FF Profile and new FF Sync account.
02. Installed and configured the About Sync add-on.
03. Restarted FF, and confirmed the FF Sync account is lgoged in.
04. Set security.enterprise_roots.enabled to TRUE.
05. Restarted FF.
06. Did some browsing, confirmed that the FF Sync account stayed logged in.
07. Restarted FF.
08. Set a master password.
09. Restarted FF.
10. Browsed to a password-needing site, entered the master password.
11. Still seems to be logged into the FF Sync account.
12. Exported (and zipped) the log files from About:sync.  (Will attach them shortly).

Is it worth trying the new Profile with the 'old' Sync Account?   
If the logs confirm that there is something wrong with logins.json, key3.db or key4.db, should I delete them, and what would be the consequences?
Sorry for the delay

(In reply to kkilfedder from comment #16)
> Is it worth trying the new Profile with the 'old' Sync Account?   

Not really - I'm confident the issue relates to the profile and not the sync account.

> If the logs confirm that there is something wrong with logins.json, key3.db
> or key4.db, should I delete them, and what would be the consequences?

The earlier logs confirmed that. The consequences of deleting those files is that all logins will be deleted from the local profile, although if you de-select passwords from the things that are synced, sync, then re-select passwords, you should find sync re-populates them from whatever logins you have on the server.

Thanks for getting back to us - I'm going to close this as a dupe of bug 1295122, but feel free to come back with more questions if you have any.
Status: REOPENED → RESOLVED
Closed: 7 years ago6 years ago
Resolution: --- → DUPLICATE
I've found that when I delete those three files, I cannot get FF to resync passwords at all.  So I've disabled security.enterprise_roots.enabled for now.  (And restored the 3 files from backup to get my saved passwords back).

Having upgraded to FF 61.0 today, I thought I'd have another go.   I left the three files in place, and re-enabled security.enterprise_roots.enabled .

Now FF hangs at startup, with the Master Password prompt visible, but unresponsive.   I have to force-quite it and edit prefs.js to disable security.enterprise_roots.enabled .
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: