Forum

Posts by Pow3r.us3r.78 (Pow3r.us3r.78)

Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79


Thanks for the fast work! Connection list is readable again. I haven't found anything broken anymore but I'll let you know if I do. There are some cosmetic things but that can wait.

1 day App doesn't work with Dark Mode (App version 2019.2 on iOS 13.1.3)
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79


App shows black text on black background making it impossible to read/navigate...


7 days App doesn't work with Dark Mode (App version 2019.2 on iOS 13.1.3)
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Thanks. That fixed it!

4 mths Red Cross in private vault after Windows 10 version 1903 upgrade
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Using https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed I see 461814 so that's v4.7.2.

4 mths Upgrade screen always empty
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79


Hi,

After upgrading to Windows 10 version 1903 my private vault is crossed out. Strangely enough it is still 'functional' so if I happen to click at the right spot I can still access the item I clicked on.

Any ideas?

4 mths Red Cross in private vault after Windows 10 version 1903 upgrade
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Windows Server 2016, .NET (CLR) version 4.0

4 mths Upgrade screen always empty
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79


Both server and console have version 2019.1.17.0.

IE is working fine if I open it on the server. It does have the 'Enhanced Security Configuration' enabled. Any URL I can check?

4 mths Upgrade screen always empty
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79


Hi Erica,

I found the issue. DPS was running in a /dvls virtual directory that was omitted in the datasource URL. The 404 in the exception was the clue.

Thanks!

4 mths DPS server not responding - Request aborted. Could not create secure SSL/TLS channel
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79


Somehow this upgrade screen is always empty. Not a huge problem but a bit silly, I guess. Any idea why?

4 mths Upgrade screen always empty
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79


Hi Erica,

I am experiencing the same (or a similar) problem. If I start RDM I get the error message 'Unable to connect to your data source', 'DPS server is not responding' (details below).

Strange thing is that from a different PC I can login with the same user without problems.


I have no clue why it is a 'TryGoOfflineException' as I'm not trying to go offline, I'm just trying to open RDM.

Any ideas?


Devolutions.RemoteDesktopManager.Business.TryGoOfflineException: DPS server is not responding.The remote server returned an error: (404) Not Found. at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSConnectionDataSource.cb6f90699089bd1c9688221883b0c338f(String c18973cea236a9feff75c32ca7d1697d5, String ceb81d1ee93f91e0bc57f34876c263863, Boolean c8c947c51eb176e7175409fd081e947ab, Boolean c2de1417c23cd0676ca16f3b418d16455) at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSConnectionDataSource.c88b8bc6e236931f324b713404e90b15d(Boolean c5d807049ab3ae30aad5318fa57dc6159, String& c18973cea236a9feff75c32ca7d1697d5, String& ceb81d1ee93f91e0bc57f34876c263863, Boolean c610d13086e89db4f49ea9522070c88ec, Boolean c575c634ac2e9c9220d3bb5cb37d2a34f) at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSConnectionDataSource.Login(Boolean useCredentials) at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.get_c3e2a9eaefc85e07772d691a26117253e() at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.ca57904db71c82dc73869f78817c39be7.cdf58e16eb8b138876bc94432fe455e46() at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.c5f4f6c72c053c0cd60a62abeeaa43fdf[cb75a0a5d15a1ad8b8a8a5e57cca214a3](c31561c0d54939abd223ac7c0cf30e7e6`1 c6cc9ab02b2ea9ccd42c7c0497677bcc2, ExecuteActionLogMode c92f46156e371279a4f61cd5822be5fee) at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.GetData(String proxyConnectionCacheID, Byte[] version, String repositoryID) at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSConnectionDataSource.GetDataSourceSettings(String repositoryID) at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSConnectionDataSource.GetDataSourceSettings() at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.c29fbd34504079a3525ca4c390d5d4074(BaseConnectionDataSource c7f28727fc7a5daa94ba08f688b2a5781) at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.ca4799bebd8b706f34eea94a778843b55(BaseConnectionDataSource c7f28727fc7a5daa94ba08f688b2a5781, Boolean cfe205b02d73750f8fd14d199343fe545) at Devolutions.RemoteDesktopManager.Managers.ConnectionManager.LoadConnections(BaseConnectionDataSource dataSource, ConnectionEngine currentEngine)

4 mths DPS server not responding - Request aborted. Could not create secure SSL/TLS channel
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79


Hi David,

you wrote 'Thanks for the information, we have roll back our version to .30 yesterday. We found the issue and are currently working on it.'

Is the issue resolved in the latest version (.38)? I can't find it specifically in the release notes nor in this post...

Bas

4 mths After update to 2019.1.34.0 users can't access
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Thanks. Ctrl-F5 works like a charm!

2 yrs Roles based on AD groups working erratically
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Ok, I've fixed this by delegating 'read member, memberof' on groups and 'read memberof' on users to the service account. The groups are now correctly listed under 'Active Directory groups' (Roles tab) and also as roles.

Unfortunately, the items secured by these roles are still not visible unless I remove the data source and add it back again for the user or edit the object the rights apply to. I tried using File->Refresh, closing and opening the data source, restarting RDM, recycling the application pool, flushing the server cache but none of these seems to help...

Apparently some cache is still in the way. Any idea what and how I could flush it?

2 yrs Roles based on AD groups working erratically
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Ok, I think I found the problem.

The user that queries group membership has different permissions on the different accounts. It appears that users that were created in a specific time interval (I'm guessing between 2003-2010) behave differently than others. Ah, the joy of an AD that has seen too many Exchange and Lync versions upset

I think I can sort it out from here! Thanks for your help!

2 yrs Roles based on AD groups working erratically
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

I've sent it using the button. The interesting part is probably that under 'Active Directory groups' (Roles tab) it only shows Domain Users and not the actual groups the user is a member of. For a user that does work, all groups are listed.

Big question now is of course WHY does it resolve group membership correctly for some but not for others?

2 yrs Roles based on AD groups working erratically
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Hi,

We're trying to secure RDM based on AD groups. This is not working as it should for most users (but works fine for others):
- Roles based on explicit membership (non-AD) work fine
- Roles based on AD membership work for some users, not for others

I have been unable to find anything special about the users that it works for or that it doesn't work for.

We've just upgraded tot 5.1.1 (from 4.7.1) but that didn't help (didn't work in either version).

For both users that AD groups works for as for users where it doesn't, on successful authentication I see two debug messages in the server logs, logged by the RDMSMembershipProvider:
ProcessDomainUserInfo using userName/password - Enter
ProcessDomainUserInfo using userName/password - Exit

No more details are given and no other entries are logged.

Windows logs show nothing special. Only the security log showing a security Audit Success Logon (4648, A logon was attempted using explicit credentials) for the username signing in so that's as was expected plus of course the same message as above in the Devolutions log.

For the users that it works for, everything is working like a charm. Even nested groups (if the checkbox is set and not if it's cleared, as it should).

I've tried recycling the app pool and even rebooting the server. Results stay the same: for the same users it keeps working, for the same users it keeps broken.

The only thing that changed anything is I deleted a user that it DID work for and after recreating it, it NO LONGER worked (sign in works but has no access to items secured by AD groups, items secured by non-AD groups work). Tried recreating by username and recreating by AD lookup, no difference.

I've even tried things that should matter (because for some users it works): AD access for the AD account works fine (runas -> AD Users and groups -> view group membership).

Any ideas on what to try next?

2 yrs Roles based on AD groups working erratically
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Upgrading server from 4.7.1.0 to 5.1.1.0 solved the problem. Thanks James from support chat!

2 yrs Report->Activity Logs filter on 'Username' should filter on 'Database User' not the local user
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

We have a lot of users that install RDM on several different pc's or devices, e.g. at home, phone, etc. RDM logs both the 'local' user on the device (e.g. 'DESKTOP-B7G15JK\John') and the 'domain' user (e.g. 'DOMAIN\John'). The first is logged as the Username, the second as the Database User.

The problem is that the same user (DOMAIN\John) has logged in from several computers:
DESKTOP-B7G15JK\John --> a desktop computer
LAPTOP-JOHN\John --> a laptop
DOMAIN\John --> a terminal server that is domain joined
Android 8.0.0 --> his phone
… and the list goes on


If I want to see the activity log for a certain user I would like to be able to enter DOMAIN\John and see all his activity, regardless of the device he came from. Currently the filtering is done based on the 'local' user and that's not very helpful (especially with nasty names like 'Android 8.0.0').

An extra box for 'Database User' would also be ok, of course, but for me it can simply replace the Username filter which (IMHO) is pointless.

Thanks!

2 yrs Report->Activity Logs filter on 'Username' should filter on 'Database User' not the local user
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Ok, 4.5.0.0 no longer seems to have the problem. If I use a 'red' code in the last second it still fails but that might be due to the extra time lost in communicating with the server but if I have 2 or 3 seconds left it still validates.

Thanks!

Bas

3 yrs 2FA with Google Authenticator doesn't work if the code is already 'red'
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Hi Erica,

I am using RDM 12.5.6 against a Devolutions Server 4.0.7. The GA 2FA is the server side 2FA used when logging in to the server, not the client side 2FA. This issue has been around for at least a year now so I don't think it's something introduced in a newer version.

I see a server upgrade to 4.5.0.0 is available, just to make sure I'll upgrade and post back.

Bas

3 yrs 2FA with Google Authenticator doesn't work if the code is already 'red'
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

If I login with Google Authenticator (GA) and the code turns red (last 5 seconds of validity) it no longer works to login. I tested this while typing in the code when it was still valid longer, waited for it to turn red and immediately submitted the code and confirmed that it stops accepting the code as soon as it turns red. I have no technical knowledge about GA but from a functional perspective I know other applications to still accept 'red' codes and even accept a code for a few seconds after it renewed so there's probably some way to detect if a code is 'old but still valid'. Maybe that's not handled correctly?

Not a huge problem, of course, because you can simply wait 5 seconds and use the next code but still annoying... smile

3 yrs 2FA with Google Authenticator doesn't work if the code is already 'red'
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

No, that wouldn't really help as the connection has already been made at that point.

My preference would be not to ask for 2FA at that point as I don't see any added security value (nor any other good reason) to ask for 2FA again.

Bas

3 yrs 2FA with Google Authenticator pops up unnecessarily
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

I can see how this would 'fix' the issue. I have two problems with this:
1. I'd rather have it not ask in the first place as I don't see the added security
2. This is dependent on the client settings so a nice solution as it's hard to control client settings for all workstations of all employees in the company

2 -> this is the reason we waited for server side 2FA to become available before using 2FA at all and to get a DVLS server license (instead of SQL)...

3 yrs 2FA with Google Authenticator pops up unnecessarily
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Yes, all is default.

3 yrs 2FA with Google Authenticator pops up unnecessarily
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

RDM 12.0.8.0 connected to (only) a DVLS server (4.0.7.0).

I am using the (newer) server side 2FA, not the (older) one configurable in the client.

3 yrs 2FA with Google Authenticator pops up unnecessarily
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Hi,

When using RDM the Google Authenticator pops up after my computer resumes from standby and I try to open a connection. Below the popup, the connection is still opening, however, and even if I cancel out of the pop up I can still use the connection.

Probably has something to do with the TCP connection being reset and RDM trying to refresh from the server (and using the unrefreshed data in the meantime).

From a functional perspective, this behavior is really silly. If from a security perspective I need to enter my 2FA again, I can get that, but then it shouldn't use old data in the background. It should behave more like a website where I login once when I start the browser and then get a session cookie that I can reuse with a TCP reset.

And to make things functionally even less logical, when I do a 'normal refresh' (e.g. File -> Refresh) RDM doesn't need me to reauthenticate but after a standby-resume I do.

And to make matters worse, now I get my customers commenting that this 2FA isn't safe at all (because they saw this behavior in a demo) :-(.

Can you please fix this? smile

Bas

3 yrs 2FA with Google Authenticator pops up unnecessarily
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

It works now even without pressing the credentials button... strange but good smile.

4 yrs RDM has trouble signing in to iLO 3/4
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

I am connecting to the test machine itself (iLO 4) smile

4 yrs RDM has trouble signing in to iLO 3/4
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

iLO support in 11.1.0 is certainly much better. Thanks for that!

For iLO 2 everything works good (if I specifically select iLO 2 but that's cool).

For iLO 3&4 it fills the right credentials but doesn't submit. Behavior seems the same for Default or when I specifically select Version 3 or 4.

4 yrs RDM has trouble signing in to iLO 3/4
Pow3r.us3r.78
Pow3r.us3r.78
Posts: 79

Sure, no problem. I'll keep you posted.

4 yrs How to use the 'built in SSH shell' (as opposed to putty)