Forum

Posts by Craig Roser (Craig Roser)

Craig Roser
Craig Roser
Posts: 50

Hi Erica,

Appreciate the help on this but still having problems.


Tried to do the update again and it said it completed.

In testing both 14.1.3.0 & 2019.1.25.0 clients after user/pass duo accept the client now goes not responding. Eventually it comes back with the login to the repository screen again, then does the same thing if you try again.

I had to roll back again so people can use it.

No longer getting any error popups or error emails so I don't have anything else to report for you.

4 mths Password server update 6.1.3.0 to 2019.1.14.0 - No 2FA settings any more
Craig Roser
Craig Roser
Posts: 50

Oh i see what you're asking, no i don't have the dps app there. I don't ever recall seeing it either is it new to the newer versions?

1

4 mths Password server update 6.1.3.0 to 2019.1.14.0 - No 2FA settings any more
Craig Roser
Craig Roser
Posts: 50

Hi Erica,

I've run that sql query now, there was 1 null entry. Haven't tried the upgrade again yet.

Website is in its own RDMS Site not Default Website (files are in c:\devolutionserver), in the bindings it is using a host header for the fqdn and only bound to 443. That could be a problem if its using something like a localhost call to the site?

Thanks,
Craig

4 mths Password server update 6.1.3.0 to 2019.1.14.0 - No 2FA settings any more
Craig Roser
Craig Roser
Posts: 50

Hi Again,

I've tried going to 2019.1.17 still having issues although a different issue.

Now when a user goes to login it does all the duo stuff and they accept the push it says can not connect to datasource.

It also emails me the following errors, not sure what the difference as to each one i get.

I've had to roll it back again.


The bottom of the upgrade install says this the app pool is called RDMS


...
Upgrading database for data source 'Remote Desktop Management Server' with version 523
Done!
Restoring encryption file...Done!
Updating encryption file...Done!
Restoring the configuration...System.FormatException: The application pool name must be between 1 and 64 characters.
at Microsoft.Web.Administration.ApplicationPoolCollection.ValidateName(String name)
at Microsoft.Web.Administration.ApplicationPoolCollection.Add(String name)
at Devolutions.RemoteDesktopManager.Managers.IISManager.CreateEditApplicationPool(String applicationPoolName, String runtimeVersion, ManagedPipelineMode pipelineMode)

...Checking .NET Framework runtime
...Saving settings in database
...Saving connection string in web.config
...Saving Scheduler connection string
...Saving emails configuration in web.config
...Saving encryption configuration
...Done!
Restoring the custom folders...Done!
Install scheduler service...Done!
Starting scheduler service...Done!
Starting the web application...Done!

Upgrade to version 2019.1.17.0 completed!


The following error was received by tom at 8/07/2019 1:37:58 PM

Error:
ArgumentNullException - Value cannot be null. Parameter name: source at System.Linq.Enumerable.FirstOrDefault[TSource](IEnumerable`1 source, Func`2 predicate) at Devolutions.Server.ServerCacheManager.GetConnectionRoot(Guid repository) at Devolutions.Server.SecurityRoleManager.HasAccess(SessionContext context, Guid repositoryId, SecurityRoleDataSourceRight right) at Devolutions.Server.Controllers.APIControllers.V2.BackendApiController.GetLoginAccessEntity(SessionContext context) at Devolutions.Server.Controllers.APIControllers.V2.BackendApiController.DoLogin(SessionContext context, String userName, String password, ClientApplicationInfo clientApplicationInfo, String twoFactorID, TwoFactorInfo twoFactorInfo, String publicIPAddress, Byte[] sessionKey, String repositoryId, Boolean partialMode, Boolean useWindowsAuthentication, Boolean useAzureADAuthentication, String localMachineName, String localMachineUserName) at Devolutions.Server.Controllers.APIControllers.V2.BackendApiController.Login(LoginData loginData, Boolean partialMode) at lambda_method(Closure , Object , Object[] ) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.b__9(Object instance, Object[] methodParameters) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ExceptionFilterResult.d__0.MoveNext() --- Default
Source:


System.Core


The following error was received by brian at 8/07/2019 1:37:24 PM

Error:
InvalidOperationException - Nullable object must have a value. at System.ThrowHelper.ThrowInvalidOperationException(ExceptionResource resource) at Devolutions.Server.ServerCacheManager.<>c__DisplayClass58_0.b__2(ConnectionInfoEntity c) at System.Collections.Generic.List`1.ForEach(Action`1 action) at Devolutions.Server.ServerCacheManager.RefreshConnections(Byte[] clientVersion) at Devolutions.Server.Controllers.APIControllers.V2.BackendApiController.GetAllConnectionStates() at lambda_method(Closure , Object , Object[] ) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.b__9(Object instance, Object[] methodParameters) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.AuthorizationFilterAttribute.d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ExceptionFilterResult.d__0.MoveNext() --- Default
Source:

mscorlib


4 mths Password server update 6.1.3.0 to 2019.1.14.0 - No 2FA settings any more
Craig Roser
Craig Roser
Posts: 50

Hi Folks,

Any news on this one?

Craig

4 mths Password server update 6.1.3.0 to 2019.1.14.0 - No 2FA settings any more
Craig Roser
Craig Roser
Posts: 50

2FA usage is set to Required.

Noted about the database, only didn't restore it as a test. Have restored it now.

4 mths Password server update 6.1.3.0 to 2019.1.14.0 - No 2FA settings any more
Craig Roser
Craig Roser
Posts: 50

I've found it in the web interface on the older version. If that's the same in the new version my issue is, if its only in the web interface, when duo isn't working I can't login with my domain administrator account that has duo enabled.

Then using the local admin account I use on the console, that is not Duo enabled so the webpage tells me to enroll the local account. I can't do that it's not a domain account (we're only allowed domain accounts in Duo for security reasons).


Also Im pretty sure there was nothing wrong with the duo settings. As a test when I rolled back, I only reverted the front end files, not the database and the Duo authentication works.

4 mths Password server update 6.1.3.0 to 2019.1.14.0 - No 2FA settings any more
Craig Roser
Craig Roser
Posts: 50

Hello,

I updated our server from 6.1.3.0 to 2019.1.14.0. Duo authentication for users no longer works giving a popup on their client after they type in username and password saying "Unable to connect to Duo. Please check you Duo Settings".

Upon trying to find the duo settings in the console I can't find them to check them, where'd they go (and all the other settings)?

I have restored our installation back to the older version so people can use keep using it.

Cheers,
Craig


4 mths Password server update 6.1.3.0 to 2019.1.14.0 - No 2FA settings any more
Craig Roser
Craig Roser
Posts: 50

take it this is related to this post and i should update?

https://forum.devolutions.net/topic31161-ad-roles-not-working-with-windows-authentication-in-rdm--with-dps-.aspx

9 mths Switching DataSources permissions problems
Craig Roser
Craig Roser
Posts: 50

Hi Folks,

On the latest versions for RDM for mac & pc we're connecting to a devolutions server using AD and DUO 2FA.

Works fine until you switch datasources to anything else then switch back to the devolution server repository. When you do switch back you lose permissions and only get the default permissions from the repository.

We're using AD groups, specifically we have one group of people who are allowed a couple folder trees. If you're not in that group they don't show up but you can see everything else and that is what's happening if you switch away repositories and switch back to it.

RDM stays online the whole time.

Thanks,
Guys

9 mths Switching DataSources permissions problems
Craig Roser
Craig Roser
Posts: 50

+1 on this issue, disabled the service in the mean time.

seeing the same argumentexception errors as magnus/william

worked fine on 6.0.0.0, but not on 6.0.1.0

12 mths DevolutionsSchedulerService high CPU
Craig Roser
Craig Roser
Posts: 50

Hi Erica,

Yes everyone is working with the username only on the datasource.

No urgency on this one.

Craig

12 mths Datasource login domain issue
Craig Roser
Craig Roser
Posts: 50

No no multi-domain, I just sent through the diag report.

12 mths Datasource login domain issue
Craig Roser
Craig Roser
Posts: 50

Hi Folks,

Just updated to rdm 14.0.1.0 found a bug we're using a devolution server as a datasource with AD integration.

On the datasource user name you have domain\user with no password

When you connect to said data source it pops up the login box showing domain\user if you change it to just user with no domain it still sends whatever you've got set on the datasource to the server (so still sends domain\user).

Noticed it for a user that had his set to domain\user. Which brings me to a second bug. I updated devolution server to 6.0.1.0 as well and if we try to send the domain it shows the below in the logs and fails. If we just send just the username it works fine. I've worked around all our these issues by simply not having the domain in the datasource in the rdm client so not a problem for us.

UserName contains bad domain : DOMAIN

then a second error with

GetDomainUserIdentity - User does not belong to default domain

then another error with


DirectoryServicesCOMException - The user name or password is incorrect.


at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_ConnectedServer()
at Devolutions.RemoteDesktopManager.Managers.DirectoryServicesManager.ValidateCredentials(DirectoryServicesQueryParameter parameters, Boolean logException)

12 mths Datasource login domain issue
Craig Roser
Craig Roser
Posts: 50

Hi again folks,

We're using Duo MFA on both devolution server/rdm and secret server. They both work great.

Is there any plans to make RDM able to use duo push when using a secret server credential (it currently works, but only with the duo pin in the radius field not duo push). If not would be neat if it could.

Craig

2 yrs Secret Server Credential Duo Push
Craig Roser
Craig Roser
Posts: 50

Hi Hubert,

Back from holidays and got time to update my rdm to 13.6.7.0. Did it make it in to this version I'm not seeing it on the advanced tab upset

Cheers,
Craig

2 yrs Secret Server Integration - Select which password on the secret
Craig Roser
Craig Roser
Posts: 50

Sounds Great, thanks for that Hubert.

I'm going on leave for 2 weeks after today, so if it's released when I get back I'll check it out and post back.

Regards,
Craig

2 yrs Secret Server Integration - Select which password on the secret
Craig Roser
Craig Roser
Posts: 50

Hi Hubert,

That sounds like a great idea, should work for connections where we define the secret server credential in it.

Not sure how well it would work for the pick from list secret server option, as I don't know how you'd define the search fields since you can pick any secret template (not an issue for us as the ones we use pick from list on only have 1 user/pass in the secret). Could just leave pick from list using the first user/pass it finds.

It's definitely using the second(or last if its iterating through a loop, haven't tested that) password field in the secret though. Cause if i have a blank second password field(doesn't matter what its named) it doesn't pull the password, if I cut paste from the first field to the second it pulls the password.

Cheers,
Craig

2 yrs Secret Server Integration - Select which password on the secret
Craig Roser
Craig Roser
Posts: 50

Thanks Jeff, much appreciated.

2 yrs Secret Server Integration - Select which password on the secret
Craig Roser
Craig Roser
Posts: 50

Hi Folks,

Having a sort of problem with the secret server integration. It's working as its supposed to but some of our secrets templates in secret server have 2 password fields. RDM will always pull back the last password in the secret but the first user name.

So in my example attached it would try to log in as "First User"(guessing cause it looks for a field called username) with a password of "Second Password"(guessing cause its the last password type field) can you guys look at making that selectable some how in rdm, or atleast send "First User" "First Password"? First option is preferable as second one I'll have to go through all our stuff that has 2 passwords and split them in to 2 secrets.

Works fine if you've only got 1 username/password field.

Regards,
Craig

2 yrs Secret Server Integration - Select which password on the secret
Craig Roser
Craig Roser
Posts: 50

Haven't had any more .net errors since the windows updates, so I guess we can go ahead and mark this one as resolved.

2 yrs .Net Error on Devolution server event logs
Craig Roser
Craig Roser
Posts: 50

oddly yesterday i ran windows updates on the dvls server (windows server 2016), it installed KB890830 and KB4132216.

I haven't seen any .net errors in the dvls logs since then, i've had rdm running nearly all day now without the issue occurring. I'll keep an eye on it tomorrow

2 yrs .Net Error on Devolution server event logs
Craig Roser
Craig Roser
Posts: 50

Hi Erica,

Looks like I already have those AppPool settings set that way.

I'm fine with auto refresh being off, it hasn't popped up the google auth thing.

Regards,
Craig

2 yrs .Net Error on Devolution server event logs
Craig Roser
Craig Roser
Posts: 50

Hi Erica,

My ping online method was already set to none, i changed the auto refresh from 10 to 0. Also when it was working fine before the errors it wasn't poping up the google authenticator thing and I haven't changed that setting until now.

I submitted the ticket after I made the change above in my RDM.

Regards,
Craig

2 yrs .Net Error on Devolution server event logs
Craig Roser
Craig Roser
Posts: 50

Hi Erica,

Sorry was out of town for a bit, I've sent the diag report off.

I'm seeing the errors mentioned above plus another safe handle has been closed error as attached

Regards,
Craig

2 yrs .Net Error on Devolution server event logs
Craig Roser
Craig Roser
Posts: 50

i just uninstalled 13.5.8.0 and installed 13.5.6.0 and it's doing the same thing so its not that. Although I did get a slightly different .net error as attached

2 yrs .Net Error on Devolution server event logs
Craig Roser
Craig Roser
Posts: 50

Hi Folks,

Another weird one. We login to our devolutions server datasource which uses sql data store with our AD credentials and google 2fa. It logs in and works fine.

Fairly often after a short time maybe 5 minutes it pops up asking for the google authenticator again then no matter what you put in wrong/right, click cancel or go offline, RDM will become unresponsive and only way to close it is to end task it.

At the same time on the devolutions server we get a .net error relating to its app pool as shown attached, the ip address mentioned in the error is the ip of the workstation that RDM locked up on.

This only seems to have started to happen for users in rdm version 13.5.8.0 (was ok on 13.5.6.0, not sure about 13.5.7.0 don't think anyone updated to that)

RDM works fine in offline mode if you go offline before it pops up asking for the authenticator again, if you click go offline when it pops that up it becomes unresponsive.

Devolutions server version: 5.0.2.0

Regards,
Craig

2 yrs .Net Error on Devolution server event logs
Craig Roser
Craig Roser
Posts: 50

Hi Erica,

Just confirming that these updates fix the issue.

Thanks for your help.

Craig

2 yrs Upgraded to 5.0.1.0 RDMS, Goggle 2FA weirdness / not working
Craig Roser
Craig Roser
Posts: 50

Hi Erica,

Ours is set similar to williams. We specifically require that in our security policies, as for example if someone has RDM on their BYOD phone (where their google authenticator is), loses the phone and it has no pin/etc on it they may as well not have a password or 2fa at all. We'd have to wait for them to realise they lost it then reset their AD account.

You have found the issue as in my testing it works saving it. Seems the 2fa doesn't read the settings from the popup when you haven't saved those settings, so i guess that needs to get fixed.


Testing process,
- Enabled my 2fa on the server

- Open RDM
- Changed my RDM to save the user/password(was already saving the username) on the source.


- connect to datasource, AD login does not appear (logs in automatically)

- Scan the QR that pops up and enter a code
- RDM connects to RDMS ok
- Close RDM


- Open RDM

- connect to datasource, AD login does not appear (logs in automatically)

- enter google authenticator code
- RDM connects to RDMS ok

2 yrs Upgraded to 5.0.1.0 RDMS, Goggle 2FA weirdness / not working
Craig Roser
Craig Roser
Posts: 50

The account refreshes fine.

2 yrs Upgraded to 5.0.1.0 RDMS, Goggle 2FA weirdness / not working