Devolutions no longer works with Key and secret after update- not working after updating to latest version of Powershell 2022.1.10

Oops! looks like this is a duplicate of another thread. I am testing the new code now.

Thanks!

Okay it looks like the latest version of the Powershell isn't working. I'm still getting the same error as the person in the other thread:



I may put in a support ticket per our DVLS admin's recommendation

Hello Brian,

Could you try the following, it should be able to connect?

$DS_URL= 'https://server/dvls'
$appSecret = 'longkey' 
$appKey = 'key' 

[securestring]$Password = ConvertTo-SecureString $appSecret -AsPlainText -Force
[pscredential]$Credential = New-Object System.Management.Automation.PSCredential ($appKey, $Password)
New-DSSession $Credential $DS_URL

Best regards,

Hi I ran the following commands:

okay let me try

Hi I pasted your commands from above into my test script and changed the appropriate values to be able to access our vault with the result:

Seems like maybe it could be due to our custom version of Password Server being 2022.1.9 based, what is your opinion?

Hello Brian,

It depends on what build your custom version is based upon. If PowerShell module version 2022.1.10.0 doesn't work for you, please try the previous release:

Install-Module -Name Devolutions.Server -RequiredVersion 2021.6.4

I believe your custom version does not include the changes made to login parameters. If that's the case, PowerShell module version 2021.6.4 should work for you.

Thank you,

I'll try that previous version thanks!

No Dice:


We are using 2022.1.9.999

Hello Brian,

I just realized we are missing an important parameter for the login to work.

$DS_URL= 'https://server/dvls'
$appSecret = 'longkey' 
$appKey = 'key' 

[securestring]$Password = ConvertTo-SecureString $appSecret -AsPlainText -Force
[pscredential]$Credential = New-Object System.Management.Automation.PSCredential ($appKey, $Password)
New-DSSession $Credential $DS_URL -AsApplication

Notice the "AsApplication" flag parameter. I have no real way of differentiating a user from an application before login, hence this switch parameter.

Please try again with the flag parameter. Since we can't be sure of what build your custom version was based upon (x.x.x.999 is for custom version, not a real build number), you might have to try again on both versions previously mentioned.

Thank you,

okay will do!

Hi,
I tried it with both 2021.16.4 and 2022.1.10

Both are giving me the invalid credentials error.

Hello Brian,

This issue will need further testing. I'm currently in a meeting, I'll come back to you as soon as possible after testing on various builds.

Meanwhile, you could try with a newly generated application key/secret key and see if the pair works.

Best regards,

Hello Brian,

Since we are unable to reproduce your issue, would it be possible to upgrade your Devolutions Server instance to 2022.1.10? The fix in the .9.99 build is integrated in it, and it has quite a few fixes for authentication issues.

For more details: https://devolutions.net/server/release-notes

Best regards,

That's probably the solution, but I wanted to make sure before I told anyone that.

Thanks!

Good morning sir,
I convinced them to update our devolutions server to 2022.1.10.0



I also have that version of the Powershell module installed on my computer and I am still getting the Invalid Username and password error out of the DS-Session:


So I'm wondering if it's possible that my secret key is somehow locked or expired in the system. Or if maybe it became invalidated when the system updates were performed?

Any help is appreciated!

Hi Brian,

Your application key could be disabled, but I do not believe this to be the case since it's not the error sent back to the client when logging in with a disabled secret key. It is not likely to have been invalidated after an update, as I am using an older key with no issue on my end. However, let's not rule out this option just yet. Have you tried with a newly generated application key as mentioned previously?

Best regards,

I have not. I will see about getting a new one and then get back to you

Hi,
We tried a different access key and no luck
They also have all the access allowed

The guy in charge says to tell you that they are behind a WAF and load balancer.
There are two nodes, and a RDS server in AWS

Hi Brian,

Could you please send us a copy of your login attempt & data source logs? We will try to find out what's happening from those and get back to you as soon as possible.

To do so, export them via the web interface and fill the form at https://devolutions.sharefile.com/share/filedrop. If possible, please rename the files with my last name so they can be easily redirected to me.

Best regards,

will do.

In the meantime I've also had some behavior where I tried to just create a new DS-Session and gotten stuck in some kind of loop where it's trying to open Chrome and opens a bunch of tabs until I CTRL+C on the PowerShell window:

Logs have been uploaded for the last 7 days per John

I turned on verbose so we have this error logging in the console:

The test code I am using is:


EDIT: noticed I had a mistake in my test code and corrected to the above.
Still getting a failure at line 116 of New-DSSession.

Apparently the $NewResponse.isSuccess is still coming back false. We are wondering if something with the Auth works changed in the newer version of the code and the request is getting killed somewhere in our network.

It's got to be something new though because the production code used to work fine before the update and I haven't changed it since I originally got it working

Hi Brian,

This is hard one for me verify. We were not able to successfully reproduce the issue on our end with a more "streamlined" installation of Devolutions Server, but be assured that we are actively working on the case to fix it for you.

I cannot affirm this with 100% certainty, but I am pretty sure the issue comes from how your Devolutions Server is set up. I will need to investigate deeper with the developers responsible for the authentication part of our code base and come back to you later.

Best regards,

okay thanks!

Hi Brian,

In order to investigate any further, I will need another log from you.

Logs related to token validation are located in your Devolutions Server installation folder under "App_Data". The file should be called "DPS_Main.log". If there's no such file, you need to edit the folder security and give your user write permissions. After that, try to log in again and send us the "DPS_Main" log file using the same link previously given to you.

This log will contain detailed explanations as to why your token was not valid and should help us track down your issue.

Best regards,

I will relay to John, thanks

Hi,
The logs from servers have been uploaded

Hi Brian,

After going through the authentication part of the code base with the developer who worked on it, we narrowed down the issue to 2 options with the information you gave us.

First thing to check would be that "Cli" and "Scripting" are both allowed in your Devolutions Server settings. Those settings are located under Administration -> System Settings -> Application Access.

After that, check under Administration -> Server Settings -> Security and make sure "Force token public IP validation" and "Use X-Forwarded-For" are unchecked. Also clear the first 4 fields on that page.

If the issue persist after those validations, I'd suggest you schedule a remote session with our support team so they can better investigate your setup. To do so, send an email to service@devolutions.net with a link to this thread attached.

Best regards,

Thank you sir!
And thanks to the dev team!

Hi,
I've set up the support session.
Thanks!

Was there a fix for this one? - I seem to be running into the same exact issue



Hi Brian,

After going through the authentication part of the code base with the developer who worked on it, we narrowed down the issue to 2 options with the information you gave us.

First thing to check would be that "Cli" and "Scripting" are both allowed in your Devolutions Server settings. Those settings are located under Administration -> System Settings -> Application Access.

After that, check under Administration -> Server Settings -> Security and make sure "Force token public IP validation" and "Use X-Forwarded-For" are unchecked. Also clear the first 4 fields on that page.

If the issue persist after those validations, I'd suggest you schedule a remote session with our support team so they can better investigate your setup. To do so, send an email to service@devolutions.net with a link to this thread attached.

Best regards,

Hello,

The issue is related to AWS ELB, but we do not have this type of configuration in our environment. We are still waiting for additional logs.

Best regards,

Thanks @Richard

Hello,

The issue is related to AWS ELB, but we do not have this type of configuration in our environment. We are still waiting for additional logs.

Best regards,