Support

Hello Devolutions Support Team, I am testing Devolutions Server PAM in a lab environment and I am having an issue with permissions. I created a new normal domain user and added him to Devolutions Server as a regular user, not an administrator. Then, when I log into Remote Desktop Manager with this user, he already has many permissions on a PAM vault/entry even though I did not explicitly give him those permissions. For example, in “My permissions” for the PAM entry, the user appears to have permissions such as edit, delete, view password, reset password, approve checkout request, force check-in, and grant checkout. What I want is simple: Technician user: only view/use the entry and request checkout. Approver user: approve checkout requests. Admin user: full control. Could you please help me understand where these permissions are coming from and how I can remove the inherited/default permissions so the technician user only has the minimum required access? Thank you.

Hello, we are having issues when we try to configure email sending with a postfix email relay. This is the detailed report created with Devolutions Server 202.1.16.0: ================================================================================ BUG REPORT — DEVOLUTIONS SERVER FREE 2026.1.16.0 SMTP / TLS — SSL ALERT 42 (bad_certificate) AFTER SUCCESSFUL TLS HANDSHAKE ================================================================================ Date: 2026-05-21 Reported by: Alessio Gennari — Senior Systems Engineer, Trigano Servizi S.r.l. Product: Devolutions Server Free 2026.1.16.0 Component: Administration > Server Settings > Email (SMTP client) Severity: Critical — email functionality completely non-functional -------------------------------------------------------------------------------- 1. ENVIRONMENT -------------------------------------------------------------------------------- Devolutions Server host: Hostname : TGRP-SRVDVLS.domain.local IP address : X.X.200.57 OS : Windows Server 2019 Domain : domain.local (Active Directory domain-joined) SMTP relay host: Hostname : testsmtp.domain.local IP address : X.X.201.162 OS : Debian GNU/Linux 12 MTA : Postfix 3.7.x Port : 587 (submission / STARTTLS) Devolutions SMTP configuration (Administration > Server Settings > Email): Host : testsmtp.domain.local Port : 587 Username : devolution Password : (configured) Connection security: Automatic based on port number Send email as : devolution@trigano.it -------------------------------------------------------------------------------- 2. CERTIFICATE DETAILS -------------------------------------------------------------------------------- The SMTP relay presents an X.509 certificate issued by an internal Active Directory Certificate Services Enterprise CA (caravansinternational-CA). Subject CN : testsmtp.domain.local Issuer : caravansinternational-CA SANs : DNS:testsmtp.domain.local, DNS:testsmtp, IP:X.X.201.162 Key usage : Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment EKU : TLS Web Server Authentication (1.3.6.1.5.5.7.3.1) Valid from : 2026-05-21 Valid to : 2036-05-18 Key size : RSA 4096-bit The issuing CA certificate is automatically deployed to all domain-joined machines via Group Policy (Trusted Root Certification Authorities store). TGRP-SRVDVLS is domain-joined and has the CA in its trusted root store. -------------------------------------------------------------------------------- 3. OBSERVED BEHAVIOR -------------------------------------------------------------------------------- When Devolutions Server attempts to send email via the configured SMTP relay, the connection always fails with: "Error sending email — Unexpected exception. Please see server logs for details." The Postfix server logs show the following sequence on every attempt: 1. TCP connection established from X.X.200.57:ephemeral to X.X.201.162:587 2. EHLO command sent by Devolutions — acknowledged by Postfix 3. STARTTLS command sent by Devolutions — acknowledged by Postfix ("220 Ready") 4. Full TLS 1.2 handshake completes successfully (Postfix logs: "Anonymous TLS connection established ... TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)") 5. Immediately after the handshake, Devolutions sends TLS alert 42 (fatal: bad_certificate) WITHOUT reading any post-STARTTLS SMTP data 6. Connection is dropped Postfix log excerpt (representative, from a clean full handshake): postfix/submission/smtpd[12109]: connect from TGRP-SRVDVLS...[X.X.200.57] postfix/submission/smtpd[12109]: SSL_accept:SSLv3/TLS write certificate postfix/submission/smtpd[12109]: SSL_accept:SSLv3/TLS write key exchange postfix/submission/smtpd[12109]: SSL_accept:SSLv3/TLS write server done postfix/submission/smtpd[12109]: SSL_accept:SSLv3/TLS read client key exchange postfix/submission/smtpd[12109]: SSL_accept:SSLv3/TLS read change cipher spec postfix/submission/smtpd[12109]: SSL_accept:SSLv3/TLS read finished postfix/submission/smtpd[12109]: Issuing session ticket, key expiration: ... postfix/submission/smtpd[12109]: SSL_accept:SSLv3/TLS write finished postfix/submission/smtpd[12109]: Anonymous TLS connection established from tgrp-srvdvls.domain.local[X.X.200.57]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) postfix/submission/smtpd[12109]: SSL3 alert read:fatal:bad certificate postfix/submission/smtpd[12109]: warning: TLS library problem: error:0A000412:SSL routines::sslv3 alert bad certificate: ../ssl/record/rec_layer_s3.c:1601:SSL alert number 42: postfix/submission/smtpd[12109]: lost connection after STARTTLS from TGRP-SRVDVLS.domain.local[X.X.200.57] postfix/submission/smtpd[12109]: disconnect from TGRP-SRVDVLS...[X.X.200.57] ehlo=1 starttls=1 commands=2 Note: "commands=2" confirms only EHLO and STARTTLS were sent — Devolutions aborts before sending any SMTP commands after TLS is established. -------------------------------------------------------------------------------- 4. PROOF THAT THE ISSUE IS NOT A CERTIFICATE TRUST PROBLEM -------------------------------------------------------------------------------- A PowerShell SslStream test was executed directly on TGRP-SRVDVLS to verify whether Windows SChannel trusts the server certificate. The test manually performed the SMTP STARTTLS upgrade and authenticated via SslStream with the same hostname Devolutions uses. PowerShell script executed on TGRP-SRVDVLS: $tcp = New-Object System.Net.Sockets.TcpClient("testsmtp.domain.local", 587) $stream = $tcp.GetStream() # [EHLO / STARTTLS exchange omitted for brevity] $ssl = New-Object System.Net.Security.SslStream($stream, $false, { ... return $true }) $ssl.AuthenticateAsClient("testsmtp.domain.local") Result: Certificate errors : None Cert subject : CN=testsmtp.domain.local, ... TLS OK : Tls12 / Aes256 Windows SChannel successfully validates the certificate with zero errors. The CA is trusted, the hostname matches the SAN, and TLS 1.2 negotiates correctly. This conclusively rules out any certificate trust issue on the Windows side. -------------------------------------------------------------------------------- 5. WHAT HAS BEEN RULED OUT -------------------------------------------------------------------------------- The following have been investigated and eliminated as root causes: - Certificate not trusted by Windows : RULED OUT (see Section 4) - Certificate chain incomplete : RULED OUT (chain verified OK by both openssl and SChannel) - Hostname mismatch (SAN) : RULED OUT (SAN contains the exact hostname Devolutions uses) - TLS version mismatch : RULED OUT (TLS 1.2 negotiated successfully by both sides) - TLS downgrade sentinel (DOWNGRD) : RULED OUT (TLS 1.3 disabled on submission port; no sentinel present in server hello) - Postfix requesting client certificate : RULED OUT (no smtpd_tls_req_ccert or smtpd_tls_ask_ccert configured; Postfix logs show "Anonymous TLS") - SASL user missing : RULED OUT (devolution user added to sasldb after investigation; failure unchanged) - IP not in mynetworks : RULED OUT (X.X.200.57 added; failure unchanged) - AUTH advertised before STARTTLS : RULED OUT (smtpd_sasl_auth_enable disabled globally, enabled only in submission override; failure unchanged) - Postfix misconfiguration : RULED OUT (identical Postfix setup works correctly with other SMTP clients on the same network) -------------------------------------------------------------------------------- 6. ROOT CAUSE ASSESSMENT -------------------------------------------------------------------------------- The evidence indicates a bug in Devolutions Server's SMTP client implementation. After a fully successful TLS 1.2 handshake (confirmed by both Postfix logs and independent SChannel verification), Devolutions sends TLS alert 42 (bad_certificate) to the server without reading any post-STARTTLS SMTP response. Alert 42 (bad_certificate) in this context is being generated by Devolutions' application-layer SMTP/TLS code, not by Windows SChannel — SChannel itself reports no errors when performing the identical handshake independently. The pattern suggests that Devolutions' SMTP client performs an additional certificate validation step after the TLS handshake (possibly using a different certificate store, trust policy, or validation API than SslStream) and aborts when that secondary check fails, before the application has read any data. Possible areas to investigate in the Devolutions codebase: - Custom certificate validation callback rejecting the cert despite SChannel accepting it - Use of a different trust store or certificate pinning mechanism - An exception thrown during post-handshake processing that causes the connection to be closed with alert 42 rather than a clean error - Difference in behavior between .NET SslStream and the SMTP client library Devolutions uses internally (e.g. MailKit, SmtpClient, or custom) -------------------------------------------------------------------------------- 7. SUGGESTED DIAGNOSTIC STEPS FOR DEVOLUTIONS TEAM -------------------------------------------------------------------------------- 1. Enable verbose SMTP/TLS logging in Devolutions Server and capture the full exception stack trace at the point where alert 42 is sent. 2. Identify which certificate validation API is used in the SMTP client (e.g. RemoteCertificateValidationCallback, X509Chain.Build, etc.) and compare its behavior against SslStream with the same certificate. 3. Test against an SMTP relay using a publicly trusted certificate (e.g. Let's Encrypt) to determine if the issue is specific to internal/private CA certificates. 4. Test with Connection Security set to "No encryption" to confirm the SMTP client itself functions correctly when TLS is not involved. 5. Test with Connection Security set to "Use SSL or TLS immediately (SMTPS)" on port 465 to determine if implicit TLS (no STARTTLS negotiation) works where STARTTLS does not. -------------------------------------------------------------------------------- 8. CONTACT -------------------------------------------------------------------------------- Reported by : Alessio Gennari ================================================================================ END OF REPORT ================================================================================ Anyway there is the same error also with version 2026.2.4.0 just installed. Can you please help us? Very kind regards. Alessio

We are using Devolutions Server v2025.3.19.0 and are experiencing the following issue. It has already happened three times this month that suddenly no login with a domain user was possible. The Devolutions Server is a member of Domain A. The user accounts are located in Domain B. When the problem occurs, we observe that the LDAP account configured on the Devolutions Server (Administration > Server settings > Authentication > Domains) for the domain suddenly authenticates against Domain A instead of Domain B. We can clearly identify this because we see audit failure events (Event ID 4625) for the ldap account on the domain controllers in Domain A. This state persists until we restart the server. When the issue occurs, it always happens at the same time of day. In the Windows Event Log, we consistently see the following events. It is clear that these events can trigger this issue: (These events occur daily but do not always lead to the problem.) [image] [image] [image] [image] [image] Is this behavior a known issue? Are there any configuration options to resolve this problem?

Hi there, I want to create a fully automated workflow using Devolutions RDM using the PowerShell module. This workflow will use the entry ID as input. This same workflow will be also implemented within the same data source but on a different vault. My question is, is the Entry ID field unique on the data source level or on the vault level? I know, the field is 16 bytes long field and getting the same two IDs is very unlikely, but I want to make sure to eliminate this risk completely by understanding the uniqueness of the Entry ID within a data source. Thanks!

Hello, I am currently migrating automation scripts from Remote Desktop Manager PowerShell to Devolutions.PowerShell for DVLS. I managed to create SSH and Web entries using New-DSEntryBase. Now, I am trying to automatically create FileZilla SFTP entries using New-DSEntryBase. I successfully create the entry in DVLS, but when opening it from the Web UI or from RDM app, the entry is incomplete. There is no host, no username, no password... What I already tested: Creating entries manually in DVLS Exporting existing entries using Get-DSEntry Rebuilding the JSON payload manually Using: connectionType = "FTP" or "9" connectionSubType = "FileZilla" protocol/host/port/username/password fields Cloning existing entries However, exported FileZilla entries seem incomplete: host is missing username is missing provider-specific settings are not visible only minimal data is returned I also tried using New-DSEntryBase -FromRDMConnection and integrate the input configuration that is used in my functional RDM PowerShell script but it fails because the cmdlet expects: Devolutions.RemoteDesktopManager.Business.Entities.ConnectionInfoEntity while New-RDMSession returns: RemoteDesktopManager.PowerShellModule.PSOutputObject.PSConnection My goal is to fully automate the creation of FileZilla SFTP entries in DVLS from PowerShell. Could you please provide: The correct JSON schema for FileZilla SFTP entries The required connectionType / connectionSubType values The recommended way to automate FileZilla entry creation in DVLS Whether some provider-specific data is intentionally hidden from Get-DSEntry Thank you. Here is my non-functional JSON configuration : $body = @{ name = "SFTP - Test 01" group = "FOLDER01" vaultID = "00000000-0000-0000-0000-000000000000" connectionType = "9" data = @{ host = "10.1.1.1" username = "sftpuser" protocol = 1 passwordItem = @{ sensitiveData = "MyPassword123!" } } }

Good morning, I am currently working on a POC to migrate from RDM + SQL to a Devolutions Server + RDM solution (Devolutions Server will be used solely as a data source; web access is not planned, and everything will go through the RDM client). I would like to configure session recording for RDP and SSH. While reviewing the documentation, I noticed that using Devolutions Gateway is required. Are there any alternative solutions? At the moment, I am working on deploying DVLS in a Kubernetes infrastructure. I have already configured the environment with 3 separate pods and an external SQL Server hosted on a Windows server. Deploying the Gateway could be problematic because the company needs to connect to dozens (or even hundreds) of segregated customer environments. Our current operating model relies on dedicated VPN connections, and introducing an additional agent like Devolutions Gateway would be difficult. My question is the following: Is it possible to configure a recording service that saves session data to a specific network path without necessarily going through the Gateway? (for example, a path within the database server environment) Additionally, is it possible to configure a retention policy with automatic deletion for the recording files? Thank you in advance for your support.

Team, Is it common when creating usernames that it takes 30 to 120 seconds to process? It'll pinwheel until complete, naturally. [image]

Hi there Since updating DVLS to 2026.1.7, I get user modification notification every night for nearly all users, but I don't see any value which has changed wether in Entra or within DVLS. Please assist for trouble shooting this. Backgroud for this notification is to get informed as soon a new account has been created. [image] Thank you. Best regards, John

Hi, what do I have to do get the host information within the api response from the devolutions server? Username, password and name are there but the addresses are missing. Kind Regards

Hello, I'm currently working with the Devolutions Server API (version 2026.1.14.0) and running into an issue when trying to create entries via the /api/v1/vault endpoint. Specifically, I am unable to create entries of type SSH or WebBrowser . Each attempt results in the following error: "The specified entry type is not supported for creation." The main difficulty I’m facing is that the available documentation at /dvls/api-documentation is quite limited. I couldn't find: Concrete examples of request payloads for creating entries A list of valid values for fields like type, subType, or the structure of the data object Clear guidance on which entry types are actually supported for creation via the API Given this, I have a few questions: Is there a more complete or detailed API documentation available somewhere? Is it currently possible to create SSH or WebBrowser entries via the API? If direct creation is not supported, is it possible to create entries using templates (e.g., via a template endpoint)? Any clarification or guidance would be greatly appreciated. Thank you.

Hello everyone I've updated from Devolutions Server 2024 to 2026.1.12.0 and while the update was successful, i couldn't get rid of the error message i was receiving when updating the server which stated "Could not find any recognizable digits". I then found out, i could trigger the error just by clicking on "Update database" in DVLS.Console under Edit < Database: [image] I've tried to do some research, however i have not been able to find any information regarding Devolutions, since its a common .NET error, not directly linked to Devolutions Server itself. I tried to regenerate the encryption keys under Tools < Key management without success, the error persists. Any help is appreciated!

In my Devolutions Server setup my devolutions server docker containers every 5 minutes automatically duplicating a new (same) docker container in the web application in system dashboard. Is there a way to stop automatically duplicating web application in system dashboard overview inside Devolutions Server? [image]

When I try to add a Yubikey MFA device to a user form both Devolution Server and RDM application it fails with the message "Yubikey is Invalid". The key I'0m using is a Yubikey 5 NFC with firmware 5.2.4. The key has OTP interface enabled and configured with Yubico OTP. By following the enroll procedure from your documentation I cannot add the key neither from RDM nor Devolution web server.

We currently have 2 Entra-synced groups into DVLS, one for Administrators and one for Users. We since then found out that Administrators have access to all entries in PAM vault, so I tried moving myself from Administrators to Users, but doesn't seem to have made a difference. So my next step was to de-select "Is administrator" tickbox within the group and then specifically assign permissions to the group. However when deselcting and trying to save settings we get the following errors: TypeError: Cannot read properties of undefined (reading 'netbiosName') at i.onSave (https://<SERVERNAME>/dvls/chunk-YGRHIQBO.js:1:91037) at https://<SERVERNAME>/dvls/chunk-YGRHIQBO.js:1:83874 at Tf (https://<SERVERNAME>/dvls/chunk-4HFZZ7HS.js:7:74231) at Object.o [as next] (https://<SERVERNAME>/dvls/chunk-4HFZZ7HS.js:7:74400) at Ui.next (https://<SERVERNAME>/dvls/chunk-4HFZZ7HS.js:3:3484) at be._next (https://<SERVERNAME>/dvls/chunk-4HFZZ7HS.js:3:3208) at be.next (https://<SERVERNAME>/dvls/chunk-4HFZZ7HS.js:3:2935) at https://<SERVERNAME>/dvls/chunk-4HFZZ7HS.js:3:5944 at zt (https://<SERVERNAME>/dvls/chunk-4HFZZ7HS.js:3:2326) at ya.next (https://<SERVERNAME>/dvls/chunk-4HFZZ7HS.js:3:5783) I've replaced our server URL with <SERVERNAME> just to clarify that it's now actually saying that/using that variable

Hello, We are currently facing an issue where an entry with 3 passwords stored in it reveals the "wrong" password on the webapp. [image] If you press the top button the bottom password gets revealed, if you press the middle button the top password gets revealed, and if you press the bottom button the middle password gets revealed.

Hello Devolutions Support Team, we are currently experiencing an issue with our Devolutions Server after refreshing the license. Issue description: After clicking “Refresh License” , all users were logged out of the Devolutions Launcher and are no longer able to authenticate using Microsoft (Entra ID). We are receiving the following error message on the login screen: Invalid license (Product: Launcher) Current situation: Licenses are displayed as fully assigned (e.g. 9/9 users) AD groups are still correctly assigned No changes were made to authentication configuration The issue started immediately after refreshing the license Additional observations: When attempting to re-add the product license, the “Add” button is greyed out This suggests the license cannot be validated or re-applied Users are completely blocked from accessing the Launcher Environment: Devolutions Server version: 2025.2.5.0 Authentication: Microsoft (Entra ID) License type: Remote access management package (9 users) Remote desktop management & IT operations (5 users) Troubleshooting already performed: Verified license is still valid and not expired Confirmed AD group assignments are intact Attempted to re-add license (button disabled) Issue persists across all users Kind regards Omar

Hello, I am trying to setup Devolutions Server in our Docker environment, and it works on the first setup, but then when we destroy the container and bring it up again, this error shows up: When I check the file in docker, I indeed see that it contains an unexpected value like this: "Guid----xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" instead of only the guid. Is this normal, or am I missing something? 2026-04-23 14:57:59.225 | Launching Devolutions Server: http://localhost:5000/ 2026-04-23 14:58:00.934 | Unhandled exception. System.InvalidOperationException: Failed to convert configuration value 'Guid----xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' at 'WebAppID' to type 'System.Guid'. 2026-04-23 14:58:00.934 | ---> System.FormatException: Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). 2026-04-23 14:58:00.934 | at System.Guid.GuidResult.SetFailure(ParseFailure failureKind) 2026-04-23 14:58:00.934 | at System.Guid.TryParseExactN[TChar](ReadOnlySpan`1 guidString, GuidResult& result) 2026-04-23 14:58:00.934 | at System.Guid.TryParseGuid[TChar](ReadOnlySpan`1 guidString, GuidResult& result) 2026-04-23 14:58:00.934 | at System.Guid..ctor(String g) 2026-04-23 14:58:00.934 | at System.ComponentModel.GuidConverter.ConvertFrom(ITypeDescriptorContext context, CultureInfo culture, Object value) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.Configuration.ConfigurationBinder.TryConvertValue(Type type, String value, String path, Object& result, Exception& error) 2026-04-23 14:58:00.934 | --- End of inner exception stack trace --- 2026-04-23 14:58:00.934 | at Microsoft.Extensions.Configuration.ConfigurationBinder.ConvertValue(Type type, String value, String path) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue[T](IConfiguration configuration, String key, T defaultValue) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.Configuration.ConfigurationBinder.GetValue[T](IConfiguration configuration, String key) 2026-04-23 14:58:00.934 | at Devolutions.Server.Services.RegisterService..ctor(IConfiguration configuration) 2026-04-23 14:58:00.934 | at System.Reflection.MethodBaseInvoker.InterpretedInvoke_Constructor(Object obj, IntPtr* args) 2026-04-23 14:58:00.934 | at System.Reflection.MethodBaseInvoker.InvokeDirectByRefWithFewArgs(Object obj, Span`1 copyOfArgs, BindingFlags invokeAttr) 2026-04-23 14:58:00.934 | at System.Reflection.MethodBaseInvoker.InvokeWithOneArg(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) 2026-04-23 14:58:00.934 | at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitIEnumerable(IEnumerableCallSite enumerableCallSite, RuntimeResolverContext context) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.DependencyInjection.ServiceLookup.CallSiteRuntimeResolver.VisitRootCache(ServiceCallSite callSite, RuntimeResolverContext context) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.DependencyInjection.ServiceProvider.CreateServiceAccessor(ServiceIdentifier serviceIdentifier) 2026-04-23 14:58:00.934 | at System.Collections.Concurrent.ConcurrentDictionary`2.GetOrAdd(TKey key, Func`2 valueFactory) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.DependencyInjection.ServiceProvider.GetService(ServiceIdentifier serviceIdentifier, ServiceProviderEngineScope serviceProviderEngineScope) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider, Type serviceType) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService[T](IServiceProvider provider) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token) 2026-04-23 14:58:00.934 | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host) 2026-04-23 14:58:00.934 | at Devolutions.Server.Program.Main(String[] args) 2026-04-23 14:58:02.043 | New-DPSAppSettings: /usr/local/bin/entrypoint.ps1:170 2026-04-23 14:58:02.043 | Line | 2026-04-23 14:58:02.043 | 170 | New-DPSAppsettings -Configuration $Configuration 2026-04-23 14:58:02.043 | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2026-04-23 14:58:02.043 | | Newtonsoft.Json.JsonSerializationException: Error converting value 2026-04-23 14:58:02.043 | | "Guid----xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" to type 2026-04-23 14:58:02.043 | | 'System.Nullable`1[System.Guid]'. Path 'WebAppID', line 28, position 60. 2026-04-23 14:58:02.043 | | ---> System.ArgumentException: Could not cast or convert from 2026-04-23 14:58:02.043 | | System.String to System.Guid. at 2026-04-23 14:58:02.043 | | Newtonsoft.Json.Utilities.ConvertUtils.EnsureTypeAssignable(Object 2026-04-23 14:58:02.043 | | value, Type initialType, Type targetType) at 2026-04-23 14:58:02.043 | | Newtonsoft.Json.Utilities.ConvertUtils.ConvertOrCast(Object 2026-04-23 14:58:02.043 | | initialValue, CultureInfo culture, Type targetType) at 2026-04-23 14:58:02.043 | | Newtonsoft.Json.Serialization.JsonSerializerInternalReader.EnsureType(JsonReader reader, Object value, CultureInfo culture, JsonContract contract, Type targetType) --- End of inner exception stack trace --- at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.EnsureType(JsonReader reader, Object value, CultureInfo culture, JsonContract contract, Type targetType) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue) at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent) at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType) at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings) at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings) at DPS.Console.Common.Business.Helper.AppSettingsDataStore.ReadAppSettingsFile()

Hi, We are using devolutions 2023.2.9.0. We want a report that shows which group has access to where. Is there a built in report that shows this?

Hello, I’m currently working on a migration to Devolutions Server (version 2026.1.11) and I’m encountering an issue with user vaults after the process. Context Source: SQL data source used with Remote Desktop Manager Target: Devolutions Server (DVLS 2026.1.11) Migration steps: Full SQL database backup and restore to the new server Data source migration using the DVLS console (SQL migration tool) User authentication migration using the Authentication Migration tool (converted a SQL user to a domain user) Current behavior I can successfully log in with my migrated domain account I have access to the Default vault and can see all entries without issues However, when I try to access my User Vault , I get the following error: Unable to load the data. Root is empty ConnectionNavigationManager.GetConnectionsTree TypeError: Cannot read properties of undefined (reading 'tree') Questions Is it expected that user vaults are not migrated when using the SQL migration + DVLS migration tool? Should user vaults be automatically recreated after authentication migration, or is an additional step required? Is there a supported way to recover or migrate user vault data from the original data source? At this point, I’m trying to determine whether: the user vault data was never stored in SQL (e.g., local storage), or it exists but was not properly mapped/recreated in DVLS Any guidance or recommended approach would be greatly appreciated. Thank you.

Hi I have added a Website entry manually with the public available URL https://citrixportal.rm.dk/vpn/index.html I filled in the username and password fields. Now the Devolutions Web Login thinks that both the PIN and Password fields are passwords and fills the password in both fields. [image] I tried opening the RDM and setting IDs manually. It works when the Display is "Embedded (tabbed)", but not External or when I visit the webpage directly from my browser. [image] [image] Can you help so when I use my browser with the Web Login extension, the password is only filled in the password field?

What is the best way to move DVLS Server with SQL Express to a new Server with SQL Express

Hi Team, I updated from last 2025 version of DVLS to 2026.1.12.0 and the Scheduler will not start. I've uninstalled and reinstalled the Scheduler and same thing. Thank you in advance for your support. [image]

Hello, Using RDM 2025.3.30 and DVLS 2025.3.15. When connecting via Azure App Proxy, entries are sporadically appearing as read only, cannot be launched, and sometimes not visible. For example: when right mouse clicking on an entry the 'open session' and 'properties' options are greyed out, which prevents launching or editing sometimes when switching between vaults, all the entries disappear, and a message is displayed that there is no access (going offline and back online usually resolves it) If caching is disabled for the data source, then these limitations are removed, however as soon as caching is reenabled (either file or memory), the behavior returns. Please let me know if you would like any additional info. Thanks Joe [image] [image] [image] [image]

Hi Devolutions-Community, we recently updated to DVLS v2026.1.11.0 and now we can't add OTPs to username/password entries. [image] When I try to create one in the Workspace app I can't save the entry anymore. [image] Is this normal or do I need to set it somewhere? Best wishes, MB

Enabled passkey authentication in Administration > Server settings > Multi-factor. Logged in user > Preferences > Multi-factor > Select Passkey Configure > Register passkey Error Passkey registration was cancelled. Chrome 146.0.7680.165 [image] Is there anything additional that needs to be configured to enable the Passkey registration process?