SSSL still talking to Nintendo servers?

Hi, I put in the DNS settings, but when I created a Nintendo id with my Pretendo details in the Wii U, I got a confirmation email from Nintendo. Sure enough, I was then able to login to the Nintendo id website. Is DNS not resolving to the Pretendo auth servers?

1 Like

I’m getting Error Code: 199-1102 which makes me think my Wii U is not talking to Pretendo. Here’s what I’m seeing from my DNS:

dig account.nintendo.net

; <<>> DiG 9.10.6 <<>> account.nintendo.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36228
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;account.nintendo.net.		IN	A

;; ANSWER SECTION:
account.nintendo.net.	60	IN	A	34.213.149.216
account.nintendo.net.	60	IN	A	44.227.238.216
account.nintendo.net.	60	IN	A	52.26.245.240

;; Query time: 11 msec
;; SERVER: 72.22.1.5#53(72.22.1.5)
;; WHEN: Mon Jun 10 18:45:19 CDT 2024
;; MSG SIZE  rcvd: 97
dig account.nintendo.net @88.198.140.154

; <<>> DiG 9.10.6 <<>> account.nintendo.net @88.198.140.154
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40228
;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;account.nintendo.net.		IN	A

;; ANSWER SECTION:
account.nintendo.net.	300	IN	A	88.198.140.154

;; Query time: 134 msec
;; SERVER: 88.198.140.154#53(88.198.140.154)
;; WHEN: Mon Jun 10 18:45:59 CDT 2024
;; MSG SIZE  rcvd: 74
nslookup conntest.nintendowifi.net
Server:		72.22.1.5
Address:	72.22.1.5#53

Non-authoritative answer:
Name:	conntest.nintendowifi.net
Address: 198.62.122.140
nslookup conntest.nintendowifi.net 88.198.140.154
Server:		88.198.140.154
Address:	88.198.140.154#53

Non-authoritative answer:
Name:	conntest.nintendowifi.net
Address: 88.198.140.154
curl -H'Host: account.nintendo.net' https://88.198.140.154 -k
<?xml version="1.0"?><errors><error><cause>client_id</cause><code>0004</code><message>API application invalid or incorrect application credentials</message></error></errors>
curl -H'Host: conntest.nintendowifi.net' https://88.198.140.154 -k

<!DOCTYPE html PUBLIC "-// *W3C// *DTD XHTML 1.0 Transitional// *EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>HTML Page</title>
</head>
<body bgcolor="#FFFFFF">
This is test.html page
</body>
</html>

All this looks okay, but my Wii U still seems to pass traffic on to the official nintendo servers (where I deleted my nintendo id – since I never intended to create it there anyway).

1 Like

The error on my Wii U is:

Error Code: 199-1102
This Nintendo Network ID cannot be linked, as it has been deleted.

Support Information
1: 5.5.6 U
2: WUP-101(02)
3: FW700789052
4: HASK-0210-5175

In the Wii U, I opened up the browser to try to hit the endpoints mentioned above:

Page Information
Title:
Error Code: 112-1006

Address:
http://connttest.nintendowifi.com/

Security:
Your connection to this page is not encrypted.

Page Information
Title:
Error Code: 112-1028

Address:
http://account.nintendo.net/

Security:
Your connection to this page is not encrypted.

If I do https, it loops:

Error Code: 112-1819
Cannot confirm the security certificate for this page.

Allow connection anyway?
(This is not recommended.)

Error Details:
Self-signed certificates cannot be verified.

Certificate Subject
Nintendo of America Inc

Certificate Issuer
Nintendo of America Inc.

Issue Date
04/18/2024 16:15:09

Expiration Date
12/31/2037 18:59:59

and this tells me it’s not using the right certificate:

curl -H'Host: account.nintendo.net' https://88.198.140.154 -vk

 Server certificate:
*  subject: CN=*
*  start date: Feb 22 16:20:13 2024 GMT
*  expire date: Feb 19 16:20:13 2034 GMT
*  issuer: C=US; ST=Washington; O=Nintendo of America Inc.; OU=IS; CN=Nintendo CA - G3

So, I’d expect a February cert instead of an April cert from the Wii U. Even if I only set the primary DNS on the Wii U to 88.198.140.154 with no Secondary DNS, it still resolves the wrong place (evidenced by the wrong cert):

openssl s_client -showcerts -connect account.nintendo.net:443 | openssl x509 -noout -text | grep Certificate -A8

depth=1 C=US, ST=Washington, O=Nintendo of America Inc., OU=IS, CN=Nintendo CA - G3
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 C=US, ST=Washington, O=Nintendo of America Inc., OU=IS, CN=Nintendo CA - G3
verify return:1
depth=0 C=US, ST=Washington, L=Redmond, O=Nintendo of America Inc, OU=ITREO, CN=account.nintendo.net, emailAddress=itreo@noa.nintendo.com
verify return:1
C01F9E55F87F0000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:861:SSL alert number 40
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1399 (0x577)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, O=Nintendo of America Inc., OU=IS, CN=Nintendo CA - G3
        Validity
            Not Before: Apr 18 21:15:09 2024 GMT
            Not After : Dec 31 23:59:59 2037 GMT
1 Like

I connected to a different WiFi network (with the same DNS settings) and it picked up the correct location in the Wii U browser. Then I tried to link my Pretendo account and it worked. How bizarre! Is it even possible for a router to override client DNS settings?

2 Likes

It is possible for the router or even ISP to intercept the client’s DNS packets and send them to a different server, since the Wii U uses plain, unencrypted DNS. That probably explains the issue you had. It may or may not be possible to change this setting depending on your router or ISP.

Thanks for your detailed and high-quality issue investigation process by the way!

2 Likes

Hi Matthew

I’m having problems with dns settings because this morning I was playing online of Mario Kart 8 and splatoon when I turn off my wii u and turn it back I’m getting error code just now saying that my Wi-Fi is successful and using pretendo dns settings

Did it happen to everyone with this issues and my friend list is flaky right now it won’t let go on there to talk to my friends at all.

I know beta servers are down due to progress the games.

I will be patient til beta servers are back on.

This is unrelated to the current thread. @MarioSuperBros, please start a new thread to talk about the issues you’re having instrad of making off-topic comments in unrelated threads.

2 Likes

Ok sorry Matthew about that