This article applies to as of PRTG 16 and as of PRTG for Android


How can I resolve the "could not retrieve passhash" login error with the PRTG Android app on Android N, while the same credentials work via a web browser?


Failed Logins to PRTG for Android on Android N

Android N includes several changes to its SSL library compared to previous Android versions. These changes also affect the secure connections between PRTG for Android and your PRTG server and may result in unsuccessful login attempts on Android N devices. The error message of PRTG for Android which may reflect this issue is “could not retrieve passhash”.


We have already released a PRTG update with in PRTG 16.2.23.3269/3270 that makes it possible to login with PRTG for Android on Android N. Please update PRTG to this version or a later version. If you still cannot connect and see the passhash error message, the reason may be missing keys for the Diffie–Hellman key exchange (D–H). The required keys for establishing secure connections are not available by default sometimes, especially on older systems.

Connecting to PRTG from Android N

PRTG uses an elliptic curve for secure connections that Android N does not support. Because of this, Android N tries to use the Diffie-Hellman method as fallback. This will fail if D–H parameters are not available which results in the error message about an incorrect password.

If you run PRTG core server version 16.2.23.3269/3270 or later but you still cannot connect with PRTG for Android on Android N, please follow the steps below.

  1. On your PRTG core server system, navigate to the \cert subfolder of your PRTG program directory.
  2. Check if the file dh.pem is in this folder.
  3. If you cannot find dh.pem, execute the script generatedh.bat in the same folder to generate dh.pem.
  4. Restart the PRTG core server.

Try to login with PRTG for Android again. If the connection still does not work, please double-check the credentials you provide in the mobile app.


Troubleshooting

Should you face any issues this solution might help:

  1. On your PRTG core server system, navigate to the \cert subfolder of your PRTG program directory.
  2. Check if the file dh.pem is in this folder.
  3. If you cannot find dh.pem, execute the script generatedh.bat in the same folder to generate dh.pem.
  4. Restart the PRTG core server.


Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.