Getting 401 errors instead of 2FA challenge

Hello,

Could you please upgrade your DVLS to version 4.0.7.0? This should help to resolve your issue.

Best regards,

Can do - there's no mention of 2FA changes in the change history at https://server.devolutions.net/Home/ChangeHistory though - if I had seen it there I would have tried that first. Just sayin' :)

Hello,

Could you please check if the WebDAV server role is enabled on the server? This server role must be disabled.

Do you have something relevant about this issue in the Server Logs of your DVLS instance?

Best regards,

Hello,

Ran the DVLS server diagnostic tool and it's all green. WebDAV is not installed. Upgrading to 4.0.7.0 did not fix the issue unfortunately.

Set up failed request tracing in IIS, getting the following (not much to work with I suppose):


ModuleName
__DynamicModule_Microsoft.Owin.Host.SystemWeb.OwinHttpModule, Microsoft.Owin.Host.SystemWeb, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35_67a026a1-11ca-4e37-b18d-63c6adf2f28b

Notification
PRE_EXECUTE_REQUEST_HANDLER

HttpStatus
401

HttpReason
Unauthorized

HttpSubStatus
0

ErrorCode
The operation completed successfully.
(0x0)


I've enabled the 'Log debug information' setting, but I'm not sure where/if this produces any additional log data anywhere? I suppose I could point it to a syslog server if necessary.

Hello,

You can access the Server Logs from the Devolutions Server console.



Have you enabled the Integrated Security option in the Database tab of the Server Settings?

Best regards,

Ok, log just says:

RDMSMembershipProvider: CheckPasswordActiveDirectoryMultiDomain - Enter:Debug
RDMSMembershipProvider: CheckPasswordActiveDirectoryMultiDomain - EXIT:Debug
Unable to update logHistory:Invalid data:Warning

Same error in syslog:


1 2017-01-18T17:27:07.103845+01:00 ::1 Devolutions Server 11200 LoginHistory - n++Invalid data
1 2017-01-18T17:27:07.150745+01:00 ::1 Devolutions Server 11200 Login - n++CheckPasswordActiveDirectoryMultiDomain - Enter
1 2017-01-18T17:27:07.369597+01:00 ::1 Devolutions Server 11200 Login - n++CheckPasswordActiveDirectoryMultiDomain - EXIT

Oh, and database already uses Integrated Security.

Hello,

Could you please run this SQL statement over the SQL database to list which permissions are granted on it? Please send the result to support@devolutions.net.

select
class_desc
,USER_NAME(grantee_principal_id) as user_or_role
,CASE WHEN class = 0 THEN DB_NAME()
WHEN class = 1 THEN ISNULL(SCHEMA_NAME(o.uid)+'.','')+OBJECT_NAME(major_id)
WHEN class = 3 THEN SCHEMA_NAME(major_id) END [Securable]
,permission_name
,state_desc
FROM sys.database_permissions dp
LEFT OUTER JOIN sysobjects o
ON o.id = dp.major_id
-- where major_id >= 1 -- ignore sysobjects

order by
class_desc desc
,USER_NAME(grantee_principal_id)
,CASE WHEN class = 0 THEN DB_NAME()
WHEN class = 1 THEN isnull(schema_name(o.uid)+'.','')+OBJECT_NAME(major_id)
WHEN class = 3 THEN SCHEMA_NAME(major_id) end
,permission_name

Best regards,

Sure thing.

Hello,

Thank you for the report. Is it possible that the RDMS... account has the db_owner role membership on your DVLS database?

Best regards,

Hi, yes, the SQL account has dbo role.

Hello,

Could you please try to login into the DVLS web page?
Do you also get an error?

Best regards,

Login to the DVLS web page works fine :) So maybe the problem is with the RDM client?

Hello,

Could you please try RDM beta version 12.0.10.0? A fix has been made about a possible issue with DVLS and the Web API Service type and maybe it could help to fix your issue.

You can download it here https://remotedesktopmanager.com/Home/Download/beta

Best regards,

DVLS: 4.0.7.0 RDM: 12.0.8.0
(note. DVLS installed in root of IIS website)

We have the exact same problem...

2017-01-23 13:16:57 xx.xx.xx.xx POST /api/login - 443 - xx.xx.xx.xx - - 200 0 0 734
2017-01-23 13:16:57 xx.xx.xx.xx GET /api/login/twofactor - 443 - xx.xx.xx.xx - - 200 0 0 15
2017-01-23 13:16:57 xx.xx.xx.xx POST /api/security/twofactorbyusername - 443 - xx.xx.xx.xx - - 200 0 0 15
2017-01-23 13:16:57 xx.xx.xx.xx POST /api/security/twofactorbyusername - 443 - xx.xx.xx.xx - - 200 0 0 15
2017-01-23 13:16:57 xx.xx.xx.xx POST /api/connection/data - 443 - xx.xx.xx.xx - - 401 0 0 62
2017-01-23 13:16:57 xx.xx.xx.xx GET /api/logout - 443 - xx.xx.xx.xx - - 200 0 0 15



System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Devolutions.Server.ApiWrapper.RestClient.GetInfoDataFromBodyRequest[T,K](String apiUrl, T postObject)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.c4cfebae48c715cba5241d6a671d47c8d[cb75a0a5d15a1ad8b8a8a5e57cca214a3](c31561c0d54939abd223ac7c0cf30e7e6`1 c6cc9ab02b2ea9ccd42c7c0497677bcc2, String ce54111a2f696be07240ffb02871e6867)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.c5f4f6c72c053c0cd60a62abeeaa43fdf[cb75a0a5d15a1ad8b8a8a5e57cca214a3](c31561c0d54939abd223ac7c0cf30e7e6`1 c6cc9ab02b2ea9ccd42c7c0497677bcc2)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.GetData(String proxyConnectionCacheID, Byte[] version)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSConnectionDataSource.GetDataSourceSettings()
at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.c29fbd34504079a3525ca4c390d5d4074(BaseConnectionDataSource cf40b69955d088020784eb92737f0a505)


DVLS server log not working fro some reason, showing multiple of
Title: Unable to update logHistory
Content: Invalid data

Hello,

@Michael, does the Integrated Security option is activated in the Database tab of the Server Settings?

If yes, does the Service account have proper permissions over the DVLS database? Please run the SQL statement that you will find in this thread (https://forum.devolutions.net/topic27274-getting--errors-instead-of-fa-challenge.aspx?lastpage=1#post101372) and send the results at support@devolutions.net.

Best regards,

Hi Érica, 12.0.10 beta works! So hopefully it will make its way out of beta relatively quickly and we can all go on with our day. :)

Same here, works fine in 12.0.10.0 Beta