Forum / Devolutions Password Server - Support

Windows Authentication feature not working with DPS 6.0/RDM 14

  • Create an Issue
  • Cancel

Hello Marc,

Thank you for your feedback and glad that it's now working.

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock2 mths

@erica

Hi again,

I've checked the log in DPS, nothing special here. I have a couple of ArgumentException from the Scheduler, but they are a 10-15 minutes old. Nothing when I push the "Test Autentication" button from RDM.

Kind regards
Peter

Clock2 mths

Hello,

@Peter, could you please try to connect using the Windows Authentication in RDM and not using the Test Connection button? I want to be sure that an error will be triggered in the DPS Logs.

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock2 mths

Hi

@erica sure thing, sadly no change in behaviour:
https://imgur.com/a/NQBWbxC
image

I click "ok", the same dialog pops up again
I click "ok" again, the same dialog pops up/stays on (cant determine),
I click "ok" 2-3 times more, before the dialog disappears, and turns back to a disconnected RDM.

Clock2 mths

Hi,

this is my output.

DPS V 6.0.2.0
RDM 14.0.4.0

fill in Credentials manually.

image


Windows Authentication - successful


image


Properties:


Domain: FQDN without .local , @

This setting working good, for us.

image

Clock2 mths

Hello,

Thank you @Marc for your configuration. It could be very helpful for other customers.

@Peter, do you have something relevant in the DPS logs now?

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock2 mths

@erica

No nothing new.
https://imgur.com/rPebomX
image

Clock2 mths

Just to clarify:

Connecting using:
- Prompt for credentials - works
- Username and password, with or without "Always ask password" option on/off - works
Successfull authentication using "Test connection" button or starting RDM with the above options.

Unsuccessfull authentication using "Test connection" button or starting RDM, as soon as i check the "Use Windows authentication"

Clock2 mths

Hello Peter,

Thank you very much for the information and the screen shots.


Could you please send an email to ticket@devolutions.net? I will send you our online calendar to book an appointment for a remote session.

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock2 mths

Is there anything inside IIS that we should cross check?
My setup is:
Running in the Default Web Site, in the dvls subfolder as an enabled application.
Application is running with a SSL certificate and authentication enabled for Anoymous Authentcation enabled and Windows Authentication enabled (HTTP 401 Challenge).
Read/Write feature delegation on the server for Authentication - Anoymous and Autentication Windows features, as described in your KB.

Apart from that a pretty basic Windows Server 2016 1607 14393.2248 virtual machine built only for the purpurse of hosting DPS, so no fancy configs besides the stuff in your KB regarding DPS and Windows Authentication.
Local SQL express with a local db-account for DPS. Both Test Server and Test Database turns up Successfull.

Clock2 mths

yeah sure thing I'll do that right away

Clock2 mths

Peter Loft wrote:

Just to clarify:

Connecting using:
- Prompt for credentials - works
- Username and password, with or without "Always ask password" option on/off - works
Successfull authentication using "Test connection" button or starting RDM with the above options.

Unsuccessfull authentication using "Test connection" button or starting RDM, as soon as i check the "Use Windows authentication"


This is identical to our testing as well

Clock2 mths

Hello,

@Stuart and @Peter,


Could you please check in the IIS Logs?


If there is anything relevant there, could you please check if you have the exact same settings for the Authentication in IIS?

image


Only the Anonymous Authentication must be enabled here.


image

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock2 mths

For your information,

any tries to sign in failed, with any authentication.
Workaroud:

I edit the DPS settings, go on Domain and save the settings again.
After that, the authentication was successfully.

I had the same mistake yesterday morning.

Clock2 mths

Hi all

I've changed the Default Web Site, and the Application Authentication Settings to the pictures above.

Also tried MarcST1984 workaround, all with the same outcome "Invalid username or password, please verify your credentials!"


No errors in DPS log and all 200-ok http status in the W3SVC log to urls like loginWindows/partial, security/forcepublicipvalidation and the IIS is seeing my credential but as DOMAIN\initials. We logon on using initials@domain.tld

Clock2 mths

Hello,

@Peter, have you received my email from ticket@devolutions.net for the remote session?

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock2 mths

Hi Erica,
I confirmed that our IIS authentication settings are correct.

I also tried Marc's suggestion of editing domain details in DPS and saving again but no luck.

We have a remote session for another issue later today - perhaps we can look at this then too.

Stuart

Clock2 mths

Hi Everyone

We managed to fix this with a remote session.

In DPS / Auth / Domain - the domain must be set to the NETBIOS name of the domain rather than the FQDN (ie. MICROSOFT instead of MICROSOFT.LOCAL)


Hope his helps

Clock2 mths

Hi

@erica no i did not, but the NETBIOS name did the trick here too! We can now logon using Windows Authentication. Yay!

Clock2 mths

The domain config with NETBIOS works, the FQDN don't work fo us.

Clock2 mths

Hello,

@everyone, a ticket has been sent to our engineering department for the issue when the Windows Authentication feature fails with the domain name set with the FQDN in the Domain tab of the DPS settings. The ticket number is DPS-2365.

As soon as a fix will be available, I will post an update here.


Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock28 days

Hello,

Our engineering department has made a fix when the Windows Authentication using the FQDN in the Domain tab of the DPS Settings. In our internal tests, it's working flawlessly. To be sure that we are on the right track, I want to know if someone can test that beta internal DPS version in their environment. It will be important to test this is a staging/test environment. Please let me know and I will send a download link in a private message.

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock18 days

Hello, we use UPN for the authentication and the SSO not works but manual yes

Clock7 days

Hello,

@Malot Tyba, which domain name format is set in the Domain tab of the Devolutions Password Server settings? If the domain name set is the FQDN (YourDomain.local), please try to set the NetBios domain name (YourDomain). This should help to resolve the issue.

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock7 days

works fine thanks

Clock7 days

Erica Poirier wrote:

Hello,

Our engineering department has made a fix when the Windows Authentication using the FQDN in the Domain tab of the DPS Settings. In our internal tests, it's working flawlessly. To be sure that we are on the right track, I want to know if someone can test that beta internal DPS version in their environment. It will be important to test this is a staging/test environment. Please let me know and I will send a download link in a private message.

Best regards,


@Erica, Did the fix get for the FQDN get through testing yet? We have been waiting to upgrade until the fix for FQDN is available.

Thanks,

Richard

Clock7 days

Hello,

@Richard, yes we have tested it and it's working on our environment. We have also tested it with a customer in its own environment successfully.

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock7 days

Hello,

@Erica, that is great news. Which version of the server includes the FQDN fix?

Thanks,

Richard

Clock6 days

Hello,

@Richard, the version that will include the fix should be 6.0.7 or higher. We are currently testing that version internally and should release it soon.

Best regards,



Érica Poirier

Customers that use Devolutions Password Server are provided free remote sessions for performing upgrades. Please send a request to the Devolutions Service Desk to get the process started.

signaturesignature

Clock6 days

Can we get an ETA on when the next release will be available?

Clock5 hrs