Devolutions ForumDevolutions Forum

Need help using LAPS with RDM

Need help using LAPS with RDM

avatar
edgarwagner

Hey guys,

We are trying to setup a JumpHost with RDM which uses LAPS to connect to other Windows Machines using RDP.

The steps we followed can be found here: https://forum.devolutions.net/topics/28828/login-using-laps-credentials

First of all, we changed the Script to the following:

<?xml version="1.0"?>
<ArrayOfConnection>
  <Connection>
    <Credentials>
      <CredentialType>Custom</CredentialType>
      <CustomScript>Import-Module AdmPwd.PS -ErrorAction SilentlyContinue

$isImport = Get-Module -List AdmPwd.PS

if ($isImport)
{
    try 
        {
         $null2 = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()
         $isDomain = $true
        }
    catch 
        {
         $isDomain = $false
        }

    if ($isDomain)
    {
        $lapshost=Get-AdmPwdPassword -ComputerName:$HOST$
  	    $pw=$lapshost.Password
          if ($pw)
             {
              $Result.Username=".\Administrator"
              $Result.Password=$pw
  	          $pw | Out-File -FilePath 'D:\laps_pw.txt'
             }
          else
             {
              $Result.Cancel=$True
              $Result.ErrorMessage="LAPS did not return any value!"
             }
    }
    else
    {
        $Result.Cancel=$True
        $Result.ErrorMessage="Your computer must be connected to a domain to use LAPS features!"
    }
}
else
{
        $Result.Cancel=$True
        $Result.ErrorMessage="The LAPS module must be installed in this architecture!"
}</CustomScript>
      <CustomScriptParameter1>$HOST$</CustomScriptParameter1>
    </Credentials>
    <ConnectionType>Credential</ConnectionType>
    <ID>5e9b66e4-1e74-44b9-85aa-a2bbdd61adad</ID>
    <Name>WG_LAPS_SCRIPTv2</Name>
    <OpenEmbedded>true</OpenEmbedded>
    <Stamp>e937ea6a-84e7-4023-84a5-686634320392</Stamp>
  </Connection>
</ArrayOfConnection>

Then we imported the Script as "My personal Credentials" and edited a LAPS registered Session to use these Credentials.
When we try to connect, the parameters for the Hostname and the Username work, but the connection failes because of a wrong Password. With the line "$pw | Out-File -FilePath 'D:\laps_pw.txt'" we can confirm that the password is retrieved correctly and we are also able to use LAPS on the same VM without RDM. We also tried importing the *.RDM File in different kinds of ways and use the Credentials through the personal vault which also failed in the same way. Why is RDM unable to use the password? Is that even the correct approach?

Kind regards,

WG

All Comments (8)

avatar
Erica Poirier

Hello,

What RDM version are you using?

Is your script working in a Custom Credential entry instead of the "My personal credentials" section?

I will test as the My personal credentials and will get back to you with my findings.

Best regards,

Érica Poirier

avatar
edgarwagner
Hello,

What RDM version are you using?

Is your script working in a Custom Credential entry instead of the "My personal credentials" section?

I will test as the My personal credentials and will get back to you with my findings.

Best regards,



Thanks for the quick reply,

We are running RDM Version 2022.3.15.0,

How would i use the Script as a Custom Credential Entry? Do i just import the *.RDM and link it somehow?

avatar
Erica Poirier

Hello,

To create a Custom Credential entry to use your LAPS script, select the Custom entry in the Credential Entry section.

forum image

Then, you can add your LAPS script in the Command parameter of the entry.

forum image

I'm still working to get the LAPS test environment in place. Once I will be able to test the LAPS script form "My personal credentials" feature, I will get back to you.

Best regards,

Érica Poirier

avatar
edgarwagner
Hello,

To create a Custom Credential entry to use your LAPS script, select the Custom entry in the Credential Entry section.

forum image

Then, you can add your LAPS script in the Command parameter of the entry.

forum image

I'm still working to get the LAPS test environment in place. Once I will be able to test the LAPS script form "My personal credentials" feature, I will get back to you.

Best regards,


Hello,

quick update, we tested the Script just like you described and we still have the same problem

avatar
Erica Poirier

Hello,

Thank you for the update.

Finally I got my test environment working and I think I know what could cause the issue on your side.

Could you please set the Override domain property to Use Host Name value and the Username format property to {Domain}\{User} value in the Advanced tab of the RDP entry?

forum image

Let me know if that helps.

Best regards,

Érica Poirier

avatar
edgarwagner
Hello,

Thank you for the update.

Finally I got my test environment working and I think I know what could cause the issue on your side.

Could you please set the Override domain property to Use Host Name value and the Username format property to {Domain}\{User} value in the Advanced tab of the RDP entry?

forum image

Let me know if that helps.

Best regards,


Thank you very much, the connection is now working as intended. Do you know if it's possible to use the "Quick Connection" Feature together with this LAPS Script? Otherwise we would have to create thousands of RDP Entries to be able to connect to every VM we have.

avatar
edgarwagner

Last Update:
We have found a solution for my previous Question. You can configure the Template for a Standard RDP Connection with the same settings we discussed in this thread. Now we are able to type in the Hostname in the Searchbar and just quick connect to the VM using LAPS.

avatar
Erica Poirier

Hello,

Thank you for your feedback. That's a good news you have found how to do it.

You are right that using a template to use LAPS is the solution to connect to any remote host using the Quick Connect feature.

Best regards,

Érica Poirier