Support

When updating Devolutions Server docker image from 2026.1.6.0 to 2026.1.7.0 im getting follow error: New-DPSInstallConfiguration: /usr/local/bin/entrypoint.ps1:163 Line | 163 | $Configuration = New-DPSInstallConfiguration @InstallParams | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Microsoft.Data.SqlClient is not supported on this platform. What have changed in the latest docker image? And can I fix it? https://hub.docker.com/r/devolutions/devolutions-server

Hello, Using DVLS 2025.3.15, which is accessed via Azure App proxy using url https://rdm.company.com If gateway URL is in a different domain (i.e. https://gateway.company.app), the sessions will not launch via WebUI. Conversely, accessing the same DVLS instance in the same browser session via an alternate url (i.e. https://rdm.company.app) results in successful launch of browser based session. It is fairly common in a Hub Business deployment to have cross origin domains (i.e. https://customerhub.devolutions.app and https://gateway.company.com . Does DVLS support an equivalent setup? Customer would prefer to use primary domain (i.e. https://rdm.company.com) for branding purposes, but wants gateway traffic routing via a separate Cloudflare hosted domain. Please let me know if you would like any additional info. Thanks Joe

Hello, Using DVLS 2025.3.15, with AD Dashboard entry configured as per Configure a web-based Active Directory dashboard entry - Devolutions Documentation When user attempts to launch the entry via WebUI, there is only the option to open in RDM. Same user can launch RDP entry via same gateway, so unlikely to be a licensing issue. Also confirmed gateway settings set to allow access to all vaults. Please let me know if you would like any additional info. Thanks Joe

Good afternoon, I'm writing to ask for your help. I have a Credentials folder, and I don't want anyone to see its structure, but the remote sessions are linked to the passwords. Is this possible? Thank you very much.

Hello everyone, After updating from the latest version 2025.3.15.0 to 2026.1.6.0, I get the message “Server unavailable!” in the WebUI. Everything worked fine with version 2025.3.15.0. With the current version 2026.1.6.0, the WebUI no longer works. Everything looks fine in the Devolutions Console. The scheduler has started correctly. IIS is working. .NET 10 Hosting has been installed. The logs look fine. According to the DPS.Console log, the update was successful. Uninstalling .NET 9 (hosting and runtime) was also unsuccessful to get the WebUI functionally. Reinstalling was also successful. I would appreciate some help. Many thanks in advance. Alex

Hi! We have some older versions of .NET Runtime and other dependencies still installed as remnants of previous DVLS versions. Is there documentation about which runtime versions are needed by different DVLS versions, and which can be safely uninstalled? I see these packages installed with multiple older versions: Microsoft .NET - Windows Server Hosting Microsoft .NET Host Microsoft .NET Host FX Resolver Microsoft .NET Runtime Microsoft ASP.NET Core - Shared Framework Microsoft ASP.NET Core Hosting Bundle Options Microsoft Visual C++ Redistributable Microsoft Visual C++ Additional Runtime Microsoft Visual C++ Minimum Runtime Microsoft Visual Studio Tools for Applications Microsoft Windows Desktop Runtime Thank you! Best regards, Daniel

Hello, Using RDM 2025.3.30 and DVLS 2025.3.15. When connecting via Azure App Proxy, entries are sporadically appearing as read only, cannot be launched, and sometimes not visible. For example: when right mouse clicking on an entry the 'open session' and 'properties' options are greyed out, which prevents launching or editing sometimes when switching between vaults, all the entries disappear, and a message is displayed that there is no access (going offline and back online usually resolves it) If caching is disabled for the data source, then these limitations are removed, however as soon as caching is reenabled (either file or memory), the behavior returns. Please let me know if you would like any additional info. Thanks Joe [image] [image] [image] [image]

Hello, Using DVLS 2025.3.15. After adding a new permission set in Administration\System Settings\PAM Vault Management, then clicking save (which displays a message saying saving was successful), then navigating to a PAM vault to apply the permission set, it is not listed. Navigating back to system settings, the recently added set is no longer present, as though it was never saved. Please let me know if any additional information required. Thanks Joe

Hi! We installed a staging environment for DVLS following this guide: https://docs.devolutions.net/server/kb/how-to-articles/create-server-staging-instance/ However, we have the production instance running at the root URL (https://dvls.example.com/ rather than https://dvls.example.com/dvls) The staging instance is now a nested application within the production instance, at https://dvls.example.com/staging. While installing and updating the staging instance, I got some errors in the log: Dateiname: \\?\C:\inetpub\wwwroot\staging\web.config Zeilennummer: 60 Fehler: Doppelter Auflistungseintrag vom Typ "add" mit auf "aspNetCore" festgelegtem eindeutigen Schlüsselattribut "name" kann nicht hinzugefügt werden. Unable to configure feature delegation. Please ensure the feature delegation is set to Read/Write for these features: - Authentication - Windows - Handler Mappings - Modules That German error translates to: Cannot add duplicate collection entry of type 'add' with unique key attribute 'name' set to 'aspNetCore' After I added <remove name="aspNetCore"/> before that line in web.config and restarted the application pool, everything worked. I was just wondering if this can be considered a bug, and if you can add fixes that would allow nested instances without errors and manual editing of the web.config file. Maybe you can disable inheritance of those settings in nested application directory. Otherwise you could update documentation and/or create a check during install, to state that creating nested instances is not supported. In that case, an alternative way could be to create another IIS site and use a different host name or port for the staging instance. Also, we are using the stable version, so this might be different in 2025.3, but I didn't test that. (production was 2025.1, staging was 2025.2) Thank you! Best regards, Daniel

Hi Team, We are attempting to configure Jira integration in Devolutions Server / RDM against our Jira Data Center instance. It appears the integration is calling the Jira Cloud API path (/rest/api/3/) instead of the Jira Data Center API path (/rest/api/2/). Questions: Does the current Jira connector support Jira Data Center? Is there a configuration option to force API v2 instead of v3? Any guidance on the correct configuration for Jira Data Center environments would be appreciated. Thank you!

hi, we are using solely Microsoft Entra groups to manage vault ownership and membership. Yet some people occassionally request vault access using DPS internal tooling. Can this feature be disabled completely somwhere in the Administration settings so that we don't have confusion on this topic? KR G.

Just upgraded to 2022.3.0, from Server Console everything is showing fine. Check IIS diagnostics and that is all green as well. Also checked DB tests, and they all went well. I also checked I am at 240 for the config of aspNetCore - https://kb.devolutions.net/http-error-500_30.html Any ideas on what to try next?

We had Enabled Syslog Server for a while but didn't use it. Because of this I disabled Syslog server in Devolutions Server (under Administration > Server settings > Logging > Syslog Server > Log in to Syslog server). After that we receive every minute a large amount of emails about Syslog server is unreachable. Because of this I had to re enable this setting and the alerts stopped. We use version 2025.3.11.0 of Devolutions Server. This looks like a bug to me. Is this a known bug and can this be solved so I can disable Syslog Server?

Hey guys, we are currently at a little hiccup at the "migration" into DVLS, we still have some passwords with 16 Characters that need to be accepted, but in future we want to enforce Users to use atleast 20. So my idea would be: Password Policy allows 16 Password Generator always generates 20 but i feel like thats not doable since the policy "password length" instantly binds the generator to its length. Is this correct? If so, any other ideas?

Bonjour à tous, Je viens d'effectuer dans notre environnement state la migration de notre server sql de Windows 2022 à 2025. Le tout c'est très bien passé et fonctionnait bien. Mais, suite à l'installation des mises à jour mensuel de Janvier (Patch Tuesday updates) , j'obtient sur les serveur web une erreur de connexion et d'authentification au serveur SQL I have migrated our SQL Server from Windows Server 2022 to 2025 in our state environment. Everything went very smoothly and was working perfectly. However, after installing the January monthly update (Patch Tuesday updates) , I'm getting on the web servers a connection and authentication error with the SQL Server. Nous utilisons / we are using SQL 2022 Voici l'erreur / Here is the error: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication. SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The operating system error code indicates the cause of failure. The logon attempt failed [image] [image] Nous utilisons une Authentification Windows avec un compte gMSA. Leur utilisation est fastidieuse. We use Windows Authentication with a gMSA account. Which are a pain to use. Quelqu'un d'autres à aussi rencontré ce problème après la migration de leur serveur SQL Server vers Win2025 ? Is anyone also encounter the same problem after the migration of their SQL server to Win 2025 ? Après quelques recherche j'ai trouvé ceci / After some research, I found this «The security baseline on Windows Server 2025 differed from that of Server 2022.» «In short, Windows Server 2025 was enforcing AES only, while the gMSA was configured for AES + RC4.» «The security baseline for Group Managed Service Accounts (gMSA) in Windows Server 2025 differs from Windows Server 2022 by enhancing cryptographic requirements, introducing Delegated Managed Service Accounts (dMSA), and strengthening Active Directory (AD) defaults.» Êtes-vous déjà au courant de ce type de problème ou auriez-vous des pistes de solution permettant de le résoudre facilement après une migration vers Windows Server 2025 ? Avez-vous également des recommandations, de la documentation ou un guide spécifique à la migration de DVLS vers Windows Server 2025, notamment concernant les configurations à vérifier, ajuster ou modifier ? Une documentation à jours concernant l'utilisation des gMSA avec Windows Serveur 2025 % Merci.

Hi Team, My corporate uses two AD systems that are linked together. We have created a new "Devolutions License Users" AD group that is nested in our Domain B. Within this new AD group, we have added specific users from both Domain A and Domain B. My goal is to ensure that when "Automatic User Creation" is enabled that Devolutions will be able to add users between both domains. I would assume it goes by whatever "Active Directory Domain Services Folder" that user belongs to. In other words, I should not need an AD group for each domain based on user since the domains are crosslinked already. Also, I want to note the inefficiency adding my new AD group to the "Automatic User Creation". Our corporation is very large, with thousands of AD groups. At least for "Automatic User Creation", Devolutions Server does not allow typing in the AD group to the "Only from this group" section, and instead you must scroll until you find the exact group you want. What's worse, the groups naturally aren't populating quickly due to the sheer amount that must be generated over the net. I would be so very thankful if you could modify this to allow typing of the actual AD group. You already allow this in "Administrator > User Groups" so I felt this was a miss within "Automatic User Creation". [image] [image]

hi, Some colleagues used to use the RDM Windows Client and switched to using the website only. They noticed that Secure Notes written in Markdown are parsed and rendered in the Windows Client on the dashboard when clicking on it - while on the web only the plain text is shown. The only way to see the text rendered in the browser is to edit the entry - which is quite cumbersome. Steps to Reproduce: create new Secure Note (sensitive option unchecked) and add Markdown click on the entry using RDM Windows Client and see the Markdown rendered in the dashboard navigate to the web instance of the vault to the entry and see that only plain text is shown KR G. PS: we are running DPS version 2025.1.12.0

Hello, After updating to DVLS 2025.3.7, RDP entries using domain user PAM credentials would no longer work because the correct domain attribute was not being passed to target host. It appeared that the currently logged in user's domain was being passed instead. Rolled back to 2025.2.x all the respective RDP entries started working again. Using RDM 2025.3.16 Wondering if this (or a similar) issue been reported elsewhere? Please let me know if you would like any additional info. Thanks Joe

Hello, We are currently facing an issue where an entry with 3 passwords stored in it reveals the "wrong" password on the webapp. [image] If you press the top button the bottom password gets revealed, if you press the middle button the top password gets revealed, and if you press the bottom button the middle password gets revealed.

I have just deployed my first Devolutions server, and am working on getting the RDP sessions created from VMWare. When I do the synchronizer, it seems to work, and it creates quite a lot of the environment, but not all of it. I am missing entire folders of VMs from VirtualCenter in the Devolutions server after the sync. It's not like the entries are created in the wrong folder, or some folders are missing some entries, it appears that it just doesn't create all the folders, and any VM in the folder is also not created. I don't see any logs that tell me why, just that the sync happened, was successful, and nothing more. Is there a place where the actual sync documentation lands? Any idea why only half or so of our VMs create a new RDP entry? I do have this error in the Devolutions windows log, but it doesn't tell me much (I removed the computer name from the output): Log Name: Devolutions Source: DVLS Date: 1/16/2026 2:49:46 PM Event ID: 0 Task Category: None Level: Information Keywords: Classic User: N/A Computer: <*computername*> Description: The description for Event ID 0 from source DVLS cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: VMWareSynchronizer The message resource is present but the message was not found in the message table Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="DVLS" /> <EventID Qualifiers="0">0</EventID> <Version>0</Version> <Level>4</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2026-01-16T20:49:46.7233816Z" /> <EventRecordID>4881</EventRecordID> <Correlation /> <Execution ProcessID="7204" ThreadID="0" /> <Channel>Devolutions</Channel> <Computer><*computername*></Computer> <Security /> </System> <EventData> <Data>VMWareSynchronizer</Data> </EventData> </Event>

I have the same question as this https://forum.devolutions.net/topics/51915/duo-certificate-pinning but for server since if you're using web you don't need the RDM client. Action Required by February 2, 2026: Announcing Duo certificate authority bundle expiration Please ensure that you update all affected applications as well as the Duo Mobile application on phones. Failure to update the affected applications and application versions described in this guide will impact user access and authentication! This guide provides background information about Duo's root certificate authority (CA) bundle replacement and guidance for updating affected applications before February 2, 2026. Is any update required?

I have a 2025.3 instance running in docker, and I am able to connect and log into it. My problem is that I would like to run this behind an nginx reverse proxy and have nginx had all of the ssl certificate and everything behind that run in http. The reverse proxy sends data to the DVLS over port 5000, and so when I have DVLS configured to talk over port 5000 and http, going to http://dvls .domain.com:5000 works, but going to https://dvls.domain.com doesnt and I get Error during OAuth server initialization. Please contact your administrator. I assume this is because the Access uri, as showing in the settings page is http://dvls.domain.com:5000 and doesnt match. but it seems I am unable to change, or the switch is not documented on how to update the access URI for the docker installation.

Good Day, a few days ago, I`ve switched from MySQL to Devolutions Server ver. 2025.3.12.0. Now, I wanted to try using smart folders but doesn`t seem to be able to create them, let alone allow the users to create them. I`ve tried simply creating a new smart folder like I would create a normal folder, but the option is missing. When I check the settings with my admin account (Administration -> System Settings -> Type Availability), smart folders are`t listed there either. Is this a mistake on my side? How can i activiate smart folders and allow my (test)users to try them? Thank you in advance. Kind Regards, Nico

DVLS: 2025.1.5.0 RDM: 2024.1.29.0 Hi All We are using the Entry Expiry function for several Entries which works great so far. But ive two Questions about it: Im receiving a month before the Entry is expired an expiry message which tells me, that the Entry is expired by tomorrow: [image] [image] Maybe this is a bug? And the second Question is, it seems that only global Administrators receive the Mail Notifications. Since for several Entries are different Teams responsible, we need an Option to set specific Email Addresses for each Entry (or an option to use predefined Notification Groups from DVLS as example). Is there allready an option available or planned in future to achieve this? Thanks and best regards, Andreas

Hello there, We are currently facing an issue with creating a repository using a PowerShell script. Once the script has performed its work (create repo, import data, set role assignements), all groups become unavailable for a few minutes (Administration > User Groups List is empty), and thus non of our users are able to use RDM, as all repositories disappear. If I flush the cache in the admin panel the issue resolves immediately instead of after a few minutes. Please let me know if and what logs you need from me to troubleshoot this. (I'm an engineer without access to the file system of the VM that runs the application or database. If you can point me to exact locations that would be appreciated) Relevant snippet from Powershell: function New-RepositoryFromTemplate { param ( [string]$NewRepositoryName, [string]$TemplateRepositoryName, [string]$TemplateExportFile, # optional path to cached template export [string[]]$AllowedRoles ) try { $templateRepo = Get-RDMRepository -ErrorAction SilentlyContinue | Where-Object { $_.Name -eq $TemplateRepositoryName } | Select-Object -First 1 if (-not $templateRepo) { Write-LogSimple -Message "Template repository '$TemplateRepositoryName' not found. Creating empty repository and importing cache if available." -Type "WARNING" } $newRepo = New-RDMVault -Name $NewRepositoryName -ErrorAction Stop -IsAllowedOffline $true -VaultContentType "Everything" -SetRepository if (-not $newRepo) { $newRepo = Get-RDMRepository -ErrorAction Stop | Where-Object { $_.Name -eq $NewRepositoryName } | Select-Object -First 1 } if (-not $newRepo) { throw "Repository '$NewRepositoryName' could not be created or resolved." } Set-RDMCurrentRepository -Repository $newRepo -ErrorAction Stop if ($TemplateExportFile -and (Test-Path $TemplateExportFile)) { Write-LogSimple -Message "Importing template cache '$TemplateExportFile'." -Type "INFO" Import-RDMSession -Path $TemplateExportFile -Set -ErrorAction Stop ` -ForcePromptAnswer ([System.Windows.Forms.DialogResult]::Yes) -DuplicateAction "Overwrite" | Out-Null } else { Write-LogSimple -Message "No template cache provided. Run single export/import flow if needed." -Type "WARNING" } Grant-RepositoryRoles -Repository $newRepo -RoleNames $AllowedRoles Write-LogSimple -Message "Template applied to '$NewRepositoryName'." -Type "INFO" } catch { Write-LogSimple -Message "Error while cloning template: $($_.Exception.Message)" -Type "ERROR" $existingRepo = Get-RDMRepository -ErrorAction SilentlyContinue | Where-Object { $_.Name -eq $NewRepositoryName } | Select-Object -First 1 if (-not $existingRepo) { New-RDMVault -Name $NewRepositoryName -ErrorAction Stop -IsAllowedOffline $true -VaultContentType "Everything" -SetRepository | Out-Null } throw } } function Grant-RepositoryRoles { param ( [Parameter(Mandatory = $true)] [psobject]$Repository, [string[]]$RoleNames ) if (-not $Repository) { throw "Repository reference missing for role assignment." } $roles = $RoleNames | Where-Object { -not [string]::IsNullOrWhiteSpace($_) } | ForEach-Object { $_.Trim() } | Where-Object { $_ } if (-not $roles -or $roles.Count -eq 0) { Write-LogSimple -Message "No repository roles configured; skipping role assignment." -Type "INFO" return } try { $addAccessCmd = Get-Command Add-RDMRoleRepositoryAccess -ErrorAction SilentlyContinue if (-not $addAccessCmd) { throw "Add-RDMRoleRepositoryAccess command not available to assign roles." } Set-RDMCurrentRepository -Repository $Repository -ErrorAction SilentlyContinue | Out-Null Write-LogSimple -Message ("Assigning roles to repository '{0}' (ID: {1}; Type: {2})" -f $Repository.Name, $Repository.ID, $Repository.GetType().FullName) -Type "DEBUG" $resolvedRoles = New-Object System.Collections.Generic.List[object] foreach ($roleName in $roles) { $roleObj = $null Write-LogSimple -Message ("Resolving role '{0}'..." -f $roleName) -Type "DEBUG" try { if (Get-Command Get-RDMRole -ErrorAction SilentlyContinue) { $roleObj = Get-RDMRole -Name $roleName -ErrorAction Stop | Select-Object -First 1 } } catch { $roleObj = $null } if (-not $roleObj) { $available = @() try { $available = (Get-RDMRole -ErrorAction SilentlyContinue | Select-Object -ExpandProperty Name) } catch { } Write-LogSimple -Message ("Role '{0}' not found. Available roles: {1}" -f $roleName, ($available -join ", ")) -Type "ERROR" throw "Role '$roleName' not found; cannot grant repository access." } Add-RDMRoleRepositoryAccess -Repository $Repository -Role $roleObj -ForcePromptAnswer ([System.Windows.Forms.DialogResult]::Yes) -ErrorAction Stop | Out-Null $resolvedRoles.Add($roleObj.Name) | Out-Null Write-LogSimple -Message ("Role '{0}' granted repository access." -f $roleObj.Name) -Type "DEBUG" } Write-LogSimple -Message ("Roles granted to repository '{0}': {1}" -f $Repository.Name, ($resolvedRoles -join ", ")) -Type "INFO" } catch { Write-LogSimple -Message ("Failed to assign repository roles: {0}" -f $_.Exception.Message) -Type "ERROR" throw } }