/dev/ptmx fails with Azure accounts

Wed Aug 3 06:19:00 GMT 2016

[I'm so sorry I'm messing up the mailing list by not replying to the proper email.... I only just got it through my thick skull now to subscribe to the mailing list. I think my brain is on vacation already....]

Unfortunately your prediction was correct - RunAs Administrator CMD gives this:


C:\WINDOWS\system32>whoami /all


User Name           SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282


Group Name                                Type             SID                                                  Attributes
========================================= ================ ==================================================== ===============================================================
Mandatory Label\High Mandatory Level      Label            S-1-16-12288
Everyone                                  Well-known group S-1-1-0                                              Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators                    Alias            S-1-5-32-544                                         Mandatory group, Enabled by default, Enabled group, Group owner
BUILTIN\Users                             Alias            S-1-5-32-545                                         Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE                  Well-known group S-1-5-4                                              Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                             Well-known group S-1-2-1                                              Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users          Well-known group S-1-5-11                                             Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization            Well-known group S-1-5-15                                             Mandatory group, Enabled by default, Enabled group
LOCAL                                     Well-known group S-1-2-0                                              Mandatory group, Enabled by default, Enabled group
                                          Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36                                          Mandatory group, Enabled by default, Enabled group


Privilege Name                  Description                               State
=============================== ========================================= ========
SeLockMemoryPrivilege           Lock pages in memory                      Disabled
SeIncreaseQuotaPrivilege        Adjust memory quotas for a process        Disabled
SeSecurityPrivilege             Manage auditing and security log          Disabled
SeTakeOwnershipPrivilege        Take ownership of files or other objects  Disabled
SeLoadDriverPrivilege           Load and unload device drivers            Disabled
SeSystemProfilePrivilege        Profile system performance                Disabled
SeSystemtimePrivilege           Change the system time                    Disabled
SeProfileSingleProcessPrivilege Profile single process                    Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority              Disabled
SeCreatePagefilePrivilege       Create a pagefile                         Disabled
SeBackupPrivilege               Back up files and directories             Disabled
SeRestorePrivilege              Restore files and directories             Disabled
SeShutdownPrivilege             Shut down the system                      Disabled
SeDebugPrivilege                Debug programs                            Disabled
SeSystemEnvironmentPrivilege    Modify firmware environment values        Disabled
SeChangeNotifyPrivilege         Bypass traverse checking                  Enabled
SeRemoteShutdownPrivilege       Force shutdown from a remote system       Disabled
SeUndockPrivilege               Remove computer from docking station      Disabled
SeManageVolumePrivilege         Perform volume maintenance tasks          Disabled
SeImpersonatePrivilege          Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege         Create global objects                     Enabled
SeIncreaseWorkingSetPrivilege   Increase a process working set            Disabled
SeTimeZonePrivilege             Change the time zone                      Disabled
SeCreateSymbolicLinkPrivilege   Create symbolic links                     Disabled


<squeek squeek>

Though I am going on vacation in a couple of days until the 15th....


C:\Users\RussellMora>whoami /fqdn
ERROR: Unable to get Fully Qualified Distinguished Name (FQDN) as the current
       logged-on user is not a domain user.

C:\Users\RussellMora>whoami /all


User Name           SID
=================== ===================================================
azuread\russellmora S-1-12-1-2043906341-1249388050-2635137163-399631282


Group Name                                Type             SID                                                  Attributes
========================================= ================ ==================================================== ==================================================
Mandatory Label\Medium Mandatory Level    Label            S-1-16-8192
Everyone                                  Well-known group S-1-1-0                                              Mandatory group, Enabled by default, Enabled group
BUILTIN\Administrators                    Alias            S-1-5-32-544                                         Group used for deny only
BUILTIN\Users                             Alias            S-1-5-32-545                                         Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\INTERACTIVE                  Well-known group S-1-5-4                                              Mandatory group, Enabled by default, Enabled group
CONSOLE LOGON                             Well-known group S-1-2-1                                              Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Authenticated Users          Well-known group S-1-5-11                                             Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\This Organization            Well-known group S-1-5-15                                             Mandatory group, Enabled by default, Enabled group
LOCAL                                     Well-known group S-1-2-0                                              Mandatory group, Enabled by default, Enabled group
                                          Unknown SID type S-1-12-1-2741946010-1181797680-2322883994-3292483823 Mandatory group, Enabled by default, Enabled group
NT AUTHORITY\Cloud Account Authentication Well-known group S-1-5-64-36                                          Mandatory group, Enabled by default, Enabled group


Privilege Name                Description                          State
============================= ==================================== ========
SeShutdownPrivilege           Shut down the system                 Disabled
SeChangeNotifyPrivilege       Bypass traverse checking             Enabled
SeUndockPrivilege             Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set       Disabled
SeTimeZonePrivilege           Change the time zone                 Disabled


On Aug  1 22:24, Thomas Wolff wrote:
> For Azure Domain users (and I do not really know what that means),
> pts handling does not seem to work, at least not for mintty, where forkpt=
> fails.
> Please check https://github.com/mintty/mintty/issues/563 for a discussion,
> and my comment
> https://github.com/mintty/mintty/issues/563#issuecomment-235310199
> Also, there has been a similar report here:
> https://sourceware.org/ml/cygwin/2016-02/msg00046.html
> I have no idea how to establish a working startup of mintty for those use=

The problem here is that it's impossible to generate access
permissions for the pty with those weird accounts.  I like it
how Microsoft screws up otherwise working software with this
strange domain handling.

To fix this we have to be able to come up with a working user and group
account for these cases.  For that I need at least output from `whoami
/all'.  I wonder why supposedly nobody tried that after /fqdn didn't

This may be fixable by somebody with such an account and willing to hack
on the Cygwin function pwdgrp::fetch_account_from_windows().  There's
already some code for the so-called "Windows accounts" which seem to
work in a similar fashion (albeit in this case the user has a local
account SID).

Alternatively I need at least a guinea pig with such an account,


