User principal name lookup failed for user

[monil-patel]

Troubleshooting steps
https://github.com/PowerShell/Win32-OpenSSH/wiki/Troubleshooting-Steps

Terminal issue? please go through wiki
https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH

Please answer the following

"OpenSSH for Windows" version
((Get-Item (Get-Command sshd).Source).VersionInfo.FileVersion)
8.1.0.1 and also tried on 8.9.1.0

Server OperatingSystem
((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion\" -Name ProductName).ProductName)
Windows 10 Enterprise for Virtual Desktops

(The server run on VMs with are AD joined )

Client OperatingSystem
Windows 10/11

What is failing
SSH is failing to resolve ntdev domain login. The user is an Admin on the VM they are attempting to connect to

26508 2022-04-18 23:03:01.524 debug3: checking match for 'Group administrators' user ntdev\\alias host 10.91.192.254 addr 10.91.192.254 laddr 10.249.236.212 lport 22
26508 2022-04-18 23:03:03.858 error: lookup_principal_name: User principal name lookup failed for user 'ntdev\\alias ' (explicit: 1355, implicit: 1355)
26508 2022-04-18 23:03:03.859 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'ntdev\\alias ' Status: 0xC0000062 SubStatus 0.
26508 2022-04-18 23:03:03.859 debug3: get_user_token - unable to generate token for user ntdev\\alias 
26508 2022-04-18 23:03:06.996 error: lookup_principal_name: User principal name lookup failed for user 'ntdev\\alias ' (explicit: 1355, implicit: 1355)
26508 2022-04-18 23:03:06.996 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'ntdev\\alias ' Status: 0xC0000062 SubStatus 0.
26508 2022-04-18 23:03:06.996 error: get_user_token - unable to generate token on 2nd attempt for user ntdev\\alias 
26508 2022-04-18 23:03:06.996 fatal: ga_init, unable to resolve user ntdev\\alias 
26508 2022-04-18 23:03:06.996 debug1: do_cleanup
26508 2022-04-18 23:03:06.996 debug1: Killing privsep child 22072
7612 2022-04-18 23:03:07.000 debug2: pselect_notify_done: reading

If the user connects via RDP to that VM and then connects via SSH it works. Im assuming the cached credentials are helping to resolve the upn in this scenario?

25420 2022-04-13 17:40:32.485 debug3: checking match for 'Group administrators' user ntdev\\alias host 10.137.119.64 addr 10.137.119.64 laddr 10.144.116.10 lport 22
25420 2022-04-13 17:40:32.844 debug3: lookup_principal_name: Successfully discovered explicit principal name: 'ntdev\\alias'=>'[email protected]'
25420 2022-04-13 17:40:32.907 debug3: LsaLogonUser Succeeded (Impersonation: 0)
25420 2022-04-13 17:40:32.907 debug1: user ntdev\\alias matched group list administrators at line 85

I am not well versed in AAD so any help on knowing if this is on the SSH side of things or AAD side would be appreciated

[bagajjal]

@ThatWileyGuy - Can you comment on this issue.

[ThatWileyGuy]

Can you clarify whether the server is domain-joined, AAD-joined, or hybrid? Ideally, the Device State section of dsregcmd /status would be great.

[monil-patel]

Sure I can grab info from the server machine. I setup a test one to debug this issue, a teammate of mine is apart of ntdev and is hitting this. (I am apart of REDMOND in case that changes anything)

 AzureAdJoined : YES
 EnterpriseJoined : NO
 DomainJoined : YES
 DomainName : REDMOND

[monil-patel]

@ThatWileyGuy ping on this, any more info I can provide?

[jjlay]

I am wrestling with this same issue. If I run sshd from PowerShell as a user with administrator rights, it works perfectly. If I try to run it as a service using the SYSTEM account, I receive the same error @monil-patel has.

3584 2022-07-22 16:15:12.656 debug1: userauth-request for user jj.lay service ssh-connection method none [preauth]
3584 2022-07-22 16:15:12.656 debug1: attempt 0 failures 0 [preauth]
3584 2022-07-22 16:15:12.843 error: lookup_principal_name: User principal name lookup failed for user '[REMOVED]\\jj.lay' (explicit: 5, implicit: 5)
3584 2022-07-22 16:15:12.843 debug1: generate_s4u_user_token: LsaLogonUser() failed. User '[REMOVED]\\jj.lay' Status: 0xC0000062 SubStatus 0.
3584 2022-07-22 16:15:15.453 error: lookup_principal_name: User principal name lookup failed for user '[REMOVED]\\jj.lay' (explicit: 5, implicit: 5)
3584 2022-07-22 16:15:15.453 debug1: generate_s4u_user_token: LsaLogonUser() failed. User '[REMOVED]\\jj.lay' Status: 0xC0000062 SubStatus 0.
3584 2022-07-22 16:15:15.453 error: get_user_token - unable to generate token on 2nd attempt for user [REMOVED]\\jj.lay
3584 2022-07-22 16:15:15.453 fatal: ga_init, unable to resolve user [REMOVED]\\jj.lay
3584 2022-07-22 16:15:15.453 debug1: do_cleanup
3584 2022-07-22 16:15:15.453 debug1: Killing privsep child 12900

dsregcmd /status

+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+

        AzureAdJoined : NO
     EnterpriseJoined : NO
         DomainJoined : YES
           DomainName : [REMOVED]

+----------------------------------------------------------------------+
| User State                                                           |
+----------------------------------------------------------------------+

               NgcSet : NO
      WorkplaceJoined : NO
        WamDefaultSet : NO
           AzureAdPrt : NO

+----------------------------------------------------------------------+
| Ngc Prerequisite Check                                               |
+----------------------------------------------------------------------+

        IsUserAzureAD : NO
        PolicyEnabled : NO
       DeviceEligible : YES
   SessionIsNotRemote : NO
     X509CertRequired : NO
         PreReqResult : WillNotProvision

[rkeithhill-keysight]

@jjlay Did you ever figure this out? I'm hitting the exact same problem. Works when running sshd from admin PowerShell, but the service does not work running as local system. I see the same lookup_principal_name: User principal name lookup failed for user error message in the log file.