Rebex.Net.Sftp - Key exchange failed, Unable to acquire context

0 votes
asked Oct 22, 2015 by DaveBrooks (180 points)

Hi,

Using Rebex.Net.Sftp on a Windows Mobile device it works most of the time. We are calling this (cut down example):-

 Sftp sftp = new Sftp();
 sftp.Connect(remoteHost, Sftp.DefaultPort, sshparams);

but often we get this error:-

Rebex.Net.SftpException: Key exchange failed. ---> Rebex.Net.SshException: Key exchange failed. ---> System.Security.Cryptography.CryptographicException: Unable to acquire context (-2146893795).
at fSAA8Z.4J1Sh.guGYU()
at Rebex.Security.Cryptography.CryptoHelper.242mil(1ZVxoO , 1ZVxoO , 1ZVxoO )
at Rebex.Security.Cryptography.CryptoHelper.GenerateDiffieHellmanKeys(Byte[] G, Byte[] P, Byte[]& privateKey, Byte[]& publicKey)
at gbMKS.qyK1..ctor(Byte[] G, Byte[] P)
at gbMKS.1iQOSNZ..ctor(Byte[] G, Byte[] P)

We repeatly try and connect and it does not work but the next day it seems to work.

Can you help with what is causing this error?

Thanks very much.

Applies to: Rebex SFTP

1 Answer

+1 vote
answered Oct 22, 2015 by DaveBrooks (180 points)

To answer my own question, it looks like -2146893795 = 0x8009001D which is documented here:-

https://msdn.microsoft.com/en-us/library/windows/desktop/aa379886(v=vs.85).aspx

NTE_PROVIDER_DLL_FAIL 0x8009001D
The provider DLL file could not be loaded or failed to initialize.

So I am thinking that the device has run out of memory available for loading dlls.

commented Oct 22, 2015 by Lukas Pokorny (87,030 points)
Yes, this definitely looks like a possible explanation. I don't remember any other customer reporting this error before, although NTE_PROV_DLL_NOT_FOUND errors do sometimes occur on Windows CE devices whose vendor forgot to include Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider" in the OS image (but we have an automated workaround for that). On the other hand, the error you got indicates that the DSS and Diffie-Hellman CSP was in fact found, but failed to load. And if this is caused by lack of free memory, applying the workaround (=use a managed but slow implementation of Diffie-Hellman) is not a proper solution. We will at least enhance the error message to make it easier to identify the issue in the future.
...