Support

Please consule https://blog.devolutions.net/2021/07/wayk-is-dead-long-live-wayk

Hey, can you turn in on "wayk-now config --global logginglevel 1" as default when we install unattended access for next releases? Its not generate many logs, but can help a lot with troubleshooting. I've problems at many customers, but not everywhere I've turn it on, so I don't have how open cases at forum. I'll help a lot. My problems are: - changed ID (sometimes it's change and computer have new one) - can't open wayknow client again from try (I saw post at forum) - can't connect - unknown ID response from waykden servers -- KriS

Hello, In order to provide access to my users outside the company, I opened port 443 on the firewall and provided a remote connection with wayk, but 443 is also broadcast on the admin panel. I want to publish my admin panel from different port.

I don't know that I've ever struggled this much to understand SSL and install it properly for a product, but there is a first time for everything. Maybe I'm overcomplicating it. I've gone through several demos and tutorials on creating a Self-Signed SSL certificate and importing it into IIS but I can't seem to get that working properly. From the IIS server I've used: New-SelfSignedCertificate ` -FriendlyName '<certificatName>' ` -DnsName "<waykname>.<my>.<domain>.<name>" ` -KeyAlgorithm RSA ` -KeyLength 2048 ` -CertStoreLocation 'Cert:\LocalMachine\My' ` -NotAfter (Get-Date).AddYears(2) ` -KeyExportPolicy 'Exportable' When starting/restarting Wayk the WARNING appears: WARNING: HTTPS is not configured for external access, peer-to-peer sessions will be disabled Which I understand when Get-WaykBastionConfig sees -ExternalURL and ListenerURL without HTTPS. Corrected(?) by doing: Set-WaykBastionConfig -ExternalURL https://<waykname>.<my>.<domain>.<name> -ListenerURL https://localhost:4000 ( -Realm is <my>.<domain>.<name> ) Restart Wayk, Restart IIS Export the key to a file for use as PFX Attempt to import the key Import-WaykBastionCertificate -CertificateFile '<mypath>\<myfile>.pfx' -password <password> ConvertFrom-RsaPrivateKey : Cannot bind argument to parameter 'Rsa' because it is null. At C:\Program Files\WindowsPowerShell\Modules\WaykBastion\2021.1.6\Private\CertificateHelper.ps1:149 char:62 + ... $PrivateKey = ConvertFrom-RsaPrivateKey -Rsa $cert.PrivateKey + ~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidData: (:) [ConvertFrom-RsaPrivateKey], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,ConvertFrom-RsaPrivateKey WARNING: The certificate chain includes only one certificate (leaf certificate). WARNING: The complete chain should also include the intermediate CA certificate. I stumbled across this article from another help thread: https://blog.devolutions.net/2021/03/how-to-configure-secure-ldap-ldaps-in-active-directory-with-lets-encrypt but I'm so turned around right now its not making any sense... I know I can skip past creating a domain etc since obviously have one. Thanks you

Dear, I set up a Wayk Bastion on an on premise server using a trial key. When I change my agent/client configuration and point to the on premise Bastion I get the following errors. Agent: Failed to check registration status Client: Not available. What did I do wrong? Best regards Hannes

Hi, probably I am doing something wrong since nobody asked this question - how do we get wayk client to have a "dynamic" resolution - I am expecting this kind of feature when using Virtual Login Session. In "Physical session" and especially "Active Session" I understand that computers setting should be to kept for the "user experiance reasons" but in unattended remote session to a vitual server, a XGA is not something we could use for our type of work... Is there any way to write audit event on an agent side in eventlog, would be very usefull to have a separate Windows Event Log or in security event log? Best regards, Rok

Hi, since I guess those questions are quite general I will post them here (although they are not really question about technical stuff): what is the future of Wayk, is it future proof, are there any development plans? aproximatelly how many customers use wayk today (you porbably have an aprox. number of user licenses sold with exclusion of unlimited :-)) what is the number of customers / percentage of market share you are trying to reach to make it a "long term project" is there any roadmap of new features development? does it have any officialy certification (we are most interested in HIPAA, but any security or data-handling certification will help in our decision)? Is there a plan to get any such certification? I understand those are more "marketing related" questions, but I guess it will be helpful also for others to be able to find information I could not find on your website... Best regards, Rok

Hi, I have a little problem after installation of wayk bastion: I want to use Windows Server 2019 Core edition LTSC, so localhost is not an option for initial config. Is it possible to start WaykBastion so it allows initial config for another machine, not localhost. Currently I am getting an error when trying to open the website: [image] All containers start without an error: PS C:\ProgramData\Devolutions\Gateway> Start-WaykBastion -Verbose docker rm den-mongo Removing C:\ProgramData\docker\volumes\den-mongodata\_data\WiredTiger.lock Starting den-mongo VERBOSE: docker run --name den-mongo -d --restart=on-failure --network=den-network -v "den-mongodata:c:\data\db" library/mongo:4.2-windowsservercore-1809 den-mongo successfully started docker rm den-picky Starting den-picky VERBOSE: docker run --name den-picky -d --restart=on-failure --network=den-network -e "PICKY_DATABASE_URL=mongodb://den-mongo:27017" -e "PICKY_REALM=sectra.com" -e "RUST_BACKTRACE=1" -e "PICKY_PROVISIONER_PUBLIC_KEY_PATH=c:\picky\picky-public.pem" -v "C:\ProgramData\Devolutions\Wayk Bastion/picky:c:\picky:ro" devolutions/picky:4.8.0-servercore-ltsc2019 den-picky successfully started docker rm den-lucid Starting den-lucid VERBOSE: docker run --name den-lucid -d --restart=on-failure --network=den-network -e "LUCID_ADMIN__SKIP=true" -e "LUCID_TOKEN__DEFAULT_ISSUER=https://wayk-somedomain.com" -e "LUCID_API__ALLOWED_ORIGINS=https://wayk-somedomain.com" -e "LUCID_ACCOUNT__LOGIN_URL=http://den-server:10255/account/login" -e "LUCID_ACCOUNT__APIKEY=qUe9kCHK6BL8DTIvvENKJkmG...HLcrw" -e "LUCID_ACCOUNT__USER_EXISTS_URL=http://den-server:10255/account/user-exists" -e "LUCID_LOGIN__ALLOW_UNVERIFIED_EMAIL_LOGIN=true" -e "RUST_BACKTRACE=1" -e "LUCID_ACCOUNT__REFRESH_USER_URL=http://den-server:10255/account/refresh" -e "LUCID_ACCOUNT__SEND_ACTIVATION_EMAIL_URL=http://den-server:10255/account/activation" -e "LUCID_DATABASE__URL=mongodb://den-mongo:27017" -e "LUCID_LOGIN__PATH_PREFIX=lucid" -e "LUCID_LOGIN__SKIP_COMPLETE_PROFILE=true" -e "LUCID_TOKEN__ISSUERS=https://localhost:4000" -e "LUCID_LOGIN__ALLOW_FORGOT_PASSWORD=false" -e "LUCID_LOGIN__PASSWORD_DELEGATION=true" -e "LUCID_LOCALHOST_LISTENER=https" -e "LUCID_LOG__LEVEL=warn" -e "LUCID_API__KEY=DAO1IMY02aAl9zbN6rh....N9z5xevUI" -e "LUCID_LOGIN__DEFAULT_LOCALE=en_US" -e "LUCID_LOG__FORMAT=json" -e "LUCID_ACCOUNT__FORGOT_PASSWORD_URL=http://den-server:10255/account/forgot" --health-interval=5s --health-timeout=2s --health-retries=5 --health-start-period=1s --health-cmd='curl -sS http://den-lucid:4242/healthz' devolutions/den-lucid:3.9.5-servercore-ltsc2019 den-lucid successfully started docker rm den-server Starting den-server VERBOSE: docker run --name den-server -d --restart=on-failure --network=den-network -e "MONGO_URL=mongodb://den-mongo:27017" -e "PICKY_REALM=sectra.com" -e "LUCID_INTERNAL_URL=http://den-lucid:4242" -e "DEN_PRIVATE_KEY_FILE=c:\den-server\den-private.key" -e "DEN_API_KEY=qUe9kCHK6BL8D.....kmGHLcrwLTv" -e "DEN_HOST_INFO_FILE=c:\den-server\host_info.json" -e "RUST_BACKTRACE=1" -e "LUCID_AUTHENTICATION_KEY=DAO1IMY02......rhaWp7N9z5xevUI" -e "DEN_EXTERNAL_URL=https://wayk-somedomain.com" -e "DEN_ROUTER_EXTERNAL_URL=https://wayk-somedomain.com/cow" -e "DEN_LOGIN_REQUIRED=false" -e "DEN_PUBLIC_KEY_FILE=c:\den-server\den-public.pem" -e "DEN_LISTENER_URL=https://wayk-somedomain.com:4000" -e "JET_RELAY_URL=https://wayk-somedomain.com" -e "LUCID_EXTERNAL_URL=https://wayk-somedomain.com/lucid" -e "AUDIT_TRAILS=true" -e "PICKY_URL=http://den-picky:12345" -e "PICKY_EXTERNAL_URL=https://wayk-somedomain.com/picky" -v "C:\ProgramData\Devolutions\Wayk Bastion/den-server:c:\den-server:ro" --health-interval=5s --health-timeout=2s --health-retries=5 --health-start-period=1s --health-cmd='curl -sS http://den-server:10255/health' devolutions/den-server:3.6.0-servercore-ltsc2019 -l info -m onprem den-server successfully started docker rm den-traefik Starting den-traefik VERBOSE: docker run --name den-traefik -d --restart=on-failure --network=den-network -v "C:\ProgramData\Devolutions\Wayk Bastion/traefik:c:\etc\traefik" -p 4000:4000 library/traefik:1.7-windowsservercore-1809 --file --configFile=c:\etc\traefik\traefik.toml den-traefik successfully started docker rm den-gateway Starting den-gateway VERBOSE: docker run --name den-gateway -d --restart=on-failure --network=den-network -e "DGATEWAY_CONFIG_PATH=c:\gateway" -e "RUST_LOG=info" -e "RUST_BACKTRACE=1" -v "C:\ProgramData\Devolutions\Wayk Bastion/den-gateway:c:\gateway:rw" -p 8080:8080 devolutions/devolutions-gateway:2021.1.4-servercore-ltsc2019 den-gateway successfully started In the config, I gave up with external db already, is quite deafult except for External Url ( https://wayk.somedomain.com ) and Listener Url: ( https://wayk.somedomain.com :4000). Configuration of gw is according to documentation listening on 7171 and 8181. Best regards, Rok

I recall the original wayk-now having features that allowed for wake on lan as well a remote script execution, but I don't see any of that on the Wayk Bastion web interface, nor the client. Am I missing something? Also, I'm kinda lost about what the usefullness of the Wayk Clients are since they don't contain a list of "Machines" to connect to on their own. You have to go to the web interface for that and there's a client built into the web interface so what's the desktop and android clients good for? I would prefer to use the desktop clients but not having the list of computers on them isn't convenient and bookmarks are not good enough to substitute since they are not replicated across client installations despite having my login accounts registered on the client.

Is there any way to restrict what machines a technician have access to in the Mongo DB even if it isn't officially supported? I have hundreds of permissions that I will need to configured and if my only option is to point and click my way through the web interface, then integrating this product into my environment is infeasible. How are other people managing permissions? I can't imagine it's all done manually.

So I can't tell if this issue is just me, Possibly related to the database curruption issues I had a week or two ago but I noticed that the last seen dates appear to be wrong on the client page. attempting to sort them by date seen also does not properly sort even by incorrect or outdataed dates. using the provided refresh button does not make any difference, however refreshing the whole browswer page does make some changes in the right direction but ultimately still incomplete and attempting to sort again by clicking colomn sorting messes things back up. [image]

OK, now i have a strong feeling that this and my previous posting are database related. i cant save whitelabel changes and my imported files do not reflect all my changes or just reset to default. [image]

I am trying out a new setup for my server. The setup should look like this. [image] For this I use this docker compose script . The setup works well if I create more docker instances (virtual hosts) and include the environment variables. I have been trying to integrate Wayk bastion into this setup for days. Using virtual host nginx without virtual host nginx (directly) but I had no success until now. Is it possible to integrate wayk bastion in this setup? Thanks a lot Best regards Patrick

I had a little trouble with the WaykBastion server this morning. My login attempts would stop at entering username on the web page. After about half a dozen stops and starts and update modules and reboots I managed to get it working but now I'm having a new problem... sigh. I don't know if it's my setup or what, but there's always something with my server every time I need to use it. Anyway, here's what my current problem is when attempting to expand the containers to get to my client's "machines". Besides the screenshots I attachment the "Generate Report" file. [image] [image]

Hi there, When connecting to a PC using the Wayk Client for the first time , the only available authentication type is SRD despite having a default config. However, once this session is over and I connect a second time, I do get the other options (like prompting) to choose from. After quiting the Client for a few minutes and trying the same connection again, I'm back to SRD only. Is there a way to solve this? Ideally we'd like to go to a prompt-only config for certain PC's and this is obviously stopping us. Thanks in advance for any help. Best regards, Niels

I have been working with Bastion inside RDM and have found it works quite well. Recently I installed RDM on another computer outside my LAN and created a connection to my Bastion server and found that I was getting the following error trying to connect to an endpoint joined to my server [image] Not sure why, but the original machine does not throw this error and I definitely have a license. I tried clearing validation and relogging in but that did not seem to help

Hey there! I'm evaluating Wayk Bastion - and so far I really enjoy the product! I'm running independent IT management services (single-man business at the moment) and I have been piloting this for few machines. Few questions though as I have explored so far: 1) Wayk Bastion stores log files within containers. I would have to collect and audit data for security. I would like to review logon attempts, authentication attempts, failures etc . - standard security audit stuff. Is there a neat way to do so (built-in log sink? ) or I need to craft a hacky way to export docker logs containers? 2) Wayk Bastion consists of several components, but I don't understand what exactly these are all doing. Could someone guide me to documentation? So far what I assume: den-gateway - Assume it manages traffic between agents and clients? den-traefik - reverse proxy to expose 80,443 den-server - main core server den-lucid - Oauth endpoint den-picky - ?? den-mongo - database container 3) What configuration needs to be done to split containers onto dedicated hosts / VM clusters for HA / load balancing? Some of these could be deployed to seemingly Service Fabric for instance, and it seems you guys like Microsoft tech :-) 4) Your public Wayk Den uses Websockets (wss:// ) - is there a way to make hosted Wayk Bastion use Websockets too? Is there a performance difference? 5) I have noticed severe lags when using Wayk Bastion sometimes. Like there was no reaction and only after few seconds it has been "played back" on my screen I have had alternate remote session tool open (Windows Quick Assist) and it hasn't been experiencing performance issues - how do I come around troubleshooting that with Wayk Bastion? 6) If Wayk Agent has a personal password enabled, could you please elaborate on the security model of this? Where is the password validated? Is it sent to Wayk Bastion? Is there a way for agent to publish its password to Wayk Bastion? 7) Is there a way to enable Azure AD login to web console instead of built-in user/password ? I would love to integrate Azure AD into Wayk Bastion if possible, centralized access provisioning sounds like a big win for this product. 8) Teamviewer has a "native connector" inside Intune - do you consider talking to Microsoft on enabling your built-in connector for remote sessions? Sorry for the loads of questions, but these all have come up during my initial pilot phase and now I had some time to follow up with these. Thanks in advance for some replies! Best regards Aleksander Pawlak

I just moved from our older Wayk Den server to a new Wayk Bastion server built from scratch on a new Ubuntu 18.04 server in Azure. Using my old parameters, I configured and deployed my URLs and enabled SSL like before and I see all 77 of our machines checking in and showing up. However, the ONLY user I can use is the wayk-admin user there by defaults. I repeated the JumpCloud setup steps a few times, and can confirm the right user and password appear in both the Get-WaykBastionConfig and in the web/settings/account-provider screen. My two users coming from JumpCloud show up on the user list, they are assigned licenses, and they have assigned roles (Owner) in Wayk Bastion. Is there something I'm missing? All functions and features seem good except for the LDAP login.

My Certificate Expired. When i first did the install I ran a manual certificate request with Let's encrypt. I have run it again and thr new certificate is exactly where the old certificate and name was. I was hoping it would renew it automatically but I even ran the import-CertificateWaykBastion but my browsers still shows the old expired certificate. How do i import a new certificate?