Skip to content

Instantly share code, notes, and snippets.

@rrhinox
Last active August 3, 2023 10:43
Show Gist options
  • Save rrhinox/d50fb3363cccc7d934ffa9e839b8acff to your computer and use it in GitHub Desktop.
Save rrhinox/d50fb3363cccc7d934ffa9e839b8acff to your computer and use it in GitHub Desktop.
Vagrant on windows workaround for error "schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid"

Vagrant - The token supplied to the function is invalid

This Gist aims to help some "internauts" to solve with a workaround a Vagrant error on windows. But I think on all new curl versions after the version 7.52.0 could have this problem.

The error born after launch the command:

$ vagrant up

The output of the error

URL: ["https://vagrantcloud.com/bento/ubuntu-22.04"]
URL: Error: schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid

System Details

Windows

# PowerShell or CMD : systeminfo | findstr /B /C:"OS Name" /B /C:"OS Version"
# or 
# slmgr /dlv

Edition	Windows 11 Pro
Version	22H2
Build	22621.1702

windows-version-command-or-powershell

GitBash

# git version for windows
git --version
git version 2.40.1.windows.1

VirtualBox

# virtualbox version click on help menu
Virtualbox Version 7.0.8 r156879 (Qt5.15.2)

Vagrant

# vagrant version 

vagrant --version
Vagrant 2.3.6

Curl

#curl verison

curl --version
curl 7.88.1 (x86_64-w64-mingw32) libcurl/7.88.1 OpenSSL/1.1.1t (Schannel) zlib/1.2.13 brotli/1.0.9 zstd/1.5.4 libidn2/2.3.4 libpsl/0.21.2 (+libidn2/2.3.3) libssh2/1.10.0 nghttp2/1.52.0
Release-Date: 2023-02-20
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM PSL SPNEGO SSL SSPI threadsafe TLS-SRP UnixSockets zstd

Root Cause

SEC_E_INVALID_TOKEN - 0x80090308

the new versions of curl uses by default TLSv1.3 protocol and the handshake fails with "The token supplied to the function is invalid " error. This links help me to understand the problem :

### use debug for more details in vagrant up command :

$ vagrant up --debug >> vagrant-debug.log

Resolution Workaroud

Put into Vagrantfile this configuration :

config.vm.box_download_options={"tls-max": "1.2"}

Here the Vagrant official documentation. With this options you could pass to curl command runs by Vagrant :

config.vm.box_download_options (map) - A map of extra download options to pass to the downloader. For example, a path to a key that the downloader should use could be specified as {key: "<path/to/key>"}. The keys should be options supported by curl using the unshortened form of the flag. For example, use append instead of a. To pass a curl option that does not accept a value, include the option in the map with the value true. For example specify the --fail flag as {fail: true}.

Doc link :

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
 # The most common configuration options are documented and commented below.
 # For a complete reference, please see the online documentation at
 # https://docs.vagrantup.com.

 # Every Vagrant development environment requires a box. You can search for
 # boxes at https://vagrantcloud.com/search.
 config.vm.box = "bento/ubuntu-22.04"
 ####config.vm.box_download_insecure=true
 config.vm.box_download_options={"tls-max": "1.2"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment