Forum

Posts by Craig Roser (Craig Roser)

Craig Roser
Craig Roser
Posts: 50

Hi Erica,

I checked the field and it was blank, I think the update must have cleared it as it previously had an account in there. I readded the account after confirming I had the right password.

Now there's a different issue.


- I enable 2fa for myself only (i've got the server set to optional 2fa now for testing)
- Open RDM and login using my AD user

- Scan the QR and enter a code
- RDM connects to RDMS ok
- Close RDM


- Open RDM and login using my AD user

- Enter Google Auth code, I no longer get invalid auth code, I get a windows message box saying unable to connect to the data source. Do you want to go in offline mode.

- Clicking yes(go offline) on that brings up the login box again
- Enter AD details again
- RDM opens in offline mode.

- Clicking no (don't go offline) I get the RDM message box (one with the blue bar that doesn't look like standard windows message box) with the following
Devolutions.RemoteDesktopManager.Business.TryGoOfflineException: Unexpected exception ---> System.Net.WebException: Unexpected exception
at Devolutions.Server.ApiWrapper.RestClient.GetResponse[T](HttpWebRequest request)
at Devolutions.Server.ApiWrapper.RDMSWebClient.Login(String route, String userName, RDMOLoginParameters parameters)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.cba2d075b9d5d7ff70cb004276ee25dfc.c77d0eaf9cc2aad7d81235affb2e7e8e4()
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.Login(String userName, RDMOLoginParameters parameters)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSConnectionDataSource.cfd5a34f5d07fc88d4e80bd65d54ea43c(String c18973cea236a9feff75c32ca7d1697d5, String ceb81d1ee93f91e0bc57f34876c263863, String cb50ec7aadfaa7e89f2b5694e72d1e841, TwoFactorInfo c7bf7c79d7781c7b960a67d7061274a24)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSConnectionDataSource.c23f6d0afb290ae96fa7779029070da0d(String ceb81d1ee93f91e0bc57f34876c263863, String c18973cea236a9feff75c32ca7d1697d5)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSConnectionDataSource.Login(Boolean useCredentials)
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.get_c3e2a9eaefc85e07772d691a26117253e()
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.cae356a0eae8f067f8384e2b245439614.cd14da9e5db3492e4c95f914049f3f28a()
at Devolutions.RemoteDesktopManager.Business.DataSources.RDMSWebApiClient.c5f4f6c72c053c0cd60a62abeeaa43fdf[cb75a0a5d15a1ad8b8a8a5e57cca214a3](c31561c0d54939abd223ac7c0cf30e7e6`1 c6cc9ab02b2ea9ccd42c7c0497677bcc2, ExecuteActionLogMode c92f46156e371279a4f61cd5822be5fee)
--- End of inner exception stack trace ---


- Close RDM
- Turn off my 2FA and RDM works fine again and can connect.


Checking the logs on the server i now see this exception when i get the unable to connect to data source message.


ArgumentNullException - Value cannot be null.
Parameter name: identityValue

at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue)
at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
at Devolutions.RemoteDesktopManager.Managers.DirectoryServicesManager.FindUserByIdentity(String userName, DirectoryServicesQueryParameter parameters, PrincipalContext principalContext)
at Devolutions.RemoteDesktopManager.Managers.DirectoryServicesManager.FindUserByIdentity(String userName, DirectoryServicesQueryParameter parameters)
at Devolutions.Server.UserManager.FindUserInDomain(String userName, String password)
at Devolutions.Server.Controllers.APIControllers.V2.BackendApiController.DoLogin(SessionContext context, String userName, String password, ClientApplicationInfo clientApplicationInfo, String twoFactorID, TwoFactorInfo twoFactorInfo, String publicIPAddress, Byte[] sessionKey, String repositoryId, Boolean partialMode, Boolean useWindowsAuthentication, String localMachineName, String localMachineUserName)
at Devolutions.Server.Controllers.APIControllers.V2.BackendApiController.Login(LoginData loginData, Boolean partialMode)
at lambda_method(Closure , Object , Object[] )
at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.<GetExecutor>b__9(Object instance, Object[] methodParameters)
at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ApiControllerActionInvoker.<InvokeActionAsyncCore>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Web.Http.Filters.ActionFilterAttribute.<CallOnActionExecutedAsync>d__5.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Filters.ActionFilterAttribute.<ExecuteActionFilterAsyncCore>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ActionFilterResult.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Web.Http.Controllers.ExceptionFilterResult.<ExecuteAsync>d__0.MoveNext()

2 yrs Upgraded to 5.0.1.0 RDMS, Goggle 2FA weirdness / not working
Craig Roser
Craig Roser
Posts: 50

Hi,

We are just using our ad login SAM name, and that's whats configured in the username format, but that's working. It's purely the google auth 2FA that doesn't after the upgrade.

I'm seeing this in the log when the Google Authenticator says the codes invalid. I don't see the below when logging in and scanning the QR code, using the authenticator code for that first login. I note that it talks about username and password however they are correctly entered and turning off the 2fa it works fine. See my attached screenclip


ArgumentException - The user name and password must either both be null or both must be non-null.

at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
at Devolutions.RemoteDesktopManager.Managers.DirectoryServicesManager.GetPrincipalContext(ContextType contextType, String contextName, String username, String password, Boolean ldapsEnable, Int32 ldapsPort)

2 yrs Upgraded to 5.0.1.0 RDMS, Goggle 2FA weirdness / not working
Craig Roser
Craig Roser
Posts: 50

Hi Maurice,

We're in Australia/Brisbane GMT+10

In the meantime i've disabled the 2FA. Not ideal but staff need to use the program.

Cheers,
Craig

2 yrs Upgraded to 5.0.1.0 RDMS, Goggle 2FA weirdness / not working
Craig Roser
Craig Roser
Posts: 50

Hi,

Yesterday upgraded to rdms 5.0.1.0 and everything seemed to be ok after testing, Including the google authenticators. There were no errors during the upgrade.

Today no ones google 2fa works (invalid code), this includes the users that were working yesterday.

If I reset the users 2FA and get them to scan the new QR when they login, it works for that login only. Once they logout and back in, put the code in they get the invalid code message. I can repeat the reset process and it works again(for that login only)

I've checked clocks on local machines, the RDMS Server and the phones with the authenticator app, they are all in sync.

We're using an SQL backend, people were using the latest RDM(13.5.4.0) before the upgrade when everything was working ok. I was using the beta it was working in that before the server upgrade too.

Database version is at 414

I have 2FA usage set to required in the rdms server settings. The Default required 2FA is set to Google Authenticator

Users are from AD (but that seems to be working)

Any ideas on what may be causing this issue?

Regards,
Craig

2 yrs Upgraded to 5.0.1.0 RDMS, Goggle 2FA weirdness / not working
Craig Roser
Craig Roser
Posts: 50

Thanks Michaƫl, you time looking in to that is much appreciated.

Regards,
Craig

2 yrs Add-on Problem: Veeam plugin
Craig Roser
Craig Roser
Posts: 50

Hello again,

I'm using the veeam add-on and trying to use it with a ssh forward session. Issue is it doesn't seem to honour the port set in the veeam connection

I have an ssh port forward set with source 127.0.0.1 source port 40202 destination 192.168.0.9 destination port 9392.

I then have a veeam connection that connects to 127.0.0.1 on port 40202.

While its connecting it looks like its works (see connecting.jpg) however it then fails and shows that it was trying 127.0.0.1:9392 instead of 127.0.0.1:40202 (see failed.jpg)


I can make it work one of two ways but both will mean i can only connect to one console at a time as the local 9392 port is required.

fix 1
if i leave the ssh port forward as 40202 and add another with the settings ssh port forward to source 127.0.0.1 source port 9392 destination 192.168.0.9 destination port 9392. Then also leave the veeam connection on port 40202, it works

fix 2
If I modify the ssh port forward to source 127.0.0.1 source port 9392(from 40202) destination 192.168.0.9 destination port 9392 and set the veeam connection to 9392 it works.

Another thing of note is if i don't have the ssh port forward source of 127.0.0.1:9392 it still knows if i get the login details wrong(see weird.jpg) or if i have the wrong version of the veeam client installed on my pc with just the 40202 forwarded

Is there a way to resolve this as we have multiple veeam servers in a dmz (accessible via the ssh tunnel) that i need to connect to(obviously I just change the source port for each console.)

Cheers,
Craig

2 yrs Add-on Problem: Veeam plugin
Craig Roser
Craig Roser
Posts: 50

Hi All,

I have another weird one.

On a connection if you specify a vpn type ssh and set the credential to a pick from list secret server credential(then select the secret), it doesn't work when you connect the vpn. It pops up the pick from list box(which it shouldn't do) and you can then pick the secret and it works.

If I set the secret server credential to lookup type default and then select the right secret in there it works fine if I use it in the above.

Hope you can understand what I mean

Craig

2 yrs SSH Tunnel/VPN
Craig Roser
Craig Roser
Posts: 50

Actually I just found where it does it.

If you have a pick from list secret server credential when you assign that as a credential to a connection and click pick from list it pops up the box without pulling your my account settings.

2 yrs Secret Server Credential super slow
Craig Roser
Craig Roser
Posts: 50

Using devolutions server with sql db. However today it seems to be showing my name up on the ss entry screen,not sure whats going on there so I guess don't worry about it.(I closed and opened it multiple times yesterday but still had the problem)

2 yrs Secret Server Credential super slow
Craig Roser
Craig Roser
Posts: 50

Hi Folks,

So I have some news Thycotic got me to run some sql queries against the ss db this one in particular "EXEC sp_updatestats @resample = 'resample';" has sped it up so it works in about 3-5 seconds. So yay usable now.

I have one more question, I have the Secret server credential set to Use "My Account Settings" on the General, general Tab. It shows my user name on that screen. However when I go to select from list a credential using that secret server credential it pops up the "secret server database opening" screen and it only has the domain filled in(cause I filled it in the domain box on the general tab of the credential). Doesn't seem to use my account settings credential to connect to secretserver.

Thanks,
Craig

2 yrs Secret Server Credential super slow
Craig Roser
Craig Roser
Posts: 50

Resolved, thanks for that.

2 yrs Refactoring with template
Craig Roser
Craig Roser
Posts: 50

Bulk changing some of my rdp connection by applying a template.

it works but seems it doesn't matter if I tick or untick Group/Folder in Entry parts to keep. It moves the connection in to the folder listed in the template, which is really annoying.

Anyone else confirm this behaviour?

2 yrs Refactoring with template
Craig Roser
Craig Roser
Posts: 50

An update on this i've logged a support ticket with thycotic last week (case 00198276). They are currently looking at the secret server logs.

My trial ends in 2 days, is there anyway of extended it. Will be a little hard to troubleshoot if I can't use the program.

Thanks guys.

2 yrs Secret Server Credential super slow
Craig Roser
Craig Roser
Posts: 50

Hello. As we are only trialing it at the moment, I went ahead and did the update myself.

This resolved the problem.

Thanks again,
Craig

3 yrs Unable to Conect to your Data Source on Server Console
Craig Roser
Craig Roser
Posts: 50

Thank you, That sounds like what it is, I'm away from our office for the next few days so I'll look in to it when I get back.

3 yrs Unable to Conect to your Data Source on Server Console
Craig Roser
Craig Roser
Posts: 50

I'm on my Devolutions Server Console any time I try to save some thing I'm now getting this. Doesn't matter what it is new role, group user all seems to give the same error.

Last time I tried to do something it was working but that was before I applied the v13 update to the DB. I'm running the latest RDM as well.

Accessing the repository, adding and saving stuff seems to work from RDM. Only seems to be on the server console I have the issue.


The test server in server settings -> database comes up successful as does the test database button. Database version says its 377

Any ideas?

Craig

System.Data.SqlClient.SqlException (0x80131904): Invalid column name 'HasAccessRDM'.
Invalid column name 'HasAccessPVM'.
Invalid column name 'HasAccessWeb'.
Invalid column name 'HasAccessWebLogin'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Devolutions.RemoteDesktopManager.Business.DataSources.DatabaseConnectionDataSource.ExecuteNonQuery(String sql, IDbTransaction dbTransaction, IDbDataParameter[] parameters, Int32 commandTimeout)
at Devolutions.RemoteDesktopManager.Business.DataSources.DatabaseSecuritySubDataSource.InsertUserSecurity(UserEntity user, IDbTransaction dbTransaction)
at Devolutions.RemoteDesktopManager.Business.DataSources.DatabaseSecuritySubDataSource.UpsertUserSecurity(UserEntity user, IDbTransaction dbTransaction)
at Devolutions.RemoteDesktopManager.Business.DataSources.SQLServerSecuritySubDataSource.c420570cc362838b38ecc18ba825950e5(UserEntity cf98b881282579a38f0d3820b4755fa4a, Boolean cd589fb599494638c495afc5cf9b2449e, String ceb81d1ee93f91e0bc57f34876c263863, SaveUserInfoAdvancedCustomData ca846991ced5070300e1c8ec384f436f9, Guid[] cf090f8a8f0907c3009c224a9172cab64)
ClientConnectionId:4cf5b48d-cc02-4266-a289-e51d012a704c
Error Number:207,State:1,Class:16

3 yrs Unable to Conect to your Data Source on Server Console
Craig Roser
Craig Roser
Posts: 50

More testing, created a ss credential that uses the name lookup option, set the group to use it. right click on a session and select view password. goes not responding again for about the same time. It then pops up the window with the correct details. only 1 entry in the profiler.


SecretServerReader - Proxy Creation: 338 milliseconds

Connecting the session has the same results.

3 yrs Secret Server Credential super slow
Craig Roser
Craig Roser
Posts: 50

Hi again,

I installed the 13.0.0.0 version today and did some testing with the debugging on. What do you make of the info below?

Here's my findings.


* Got this when I picked from the secret server credential on the group the connections inherit from
SecretServerReader - Proxy Creation: 7637 milliseconds
FrmSelectSecretServerEntry - Get Entries: 71261 milliseconds.

* Got this when I then connected the session inheriting the creds from the group. It sat at not responding before the opening in console line appeared. Noticed it didn't have the second FrmSelectSecretServerEntry come up, but did have the proxy creation twice.
SecretServerReader - Proxy Creation: 357 milliseconds
SecretServerReader - Proxy Creation: 231 milliseconds
Opening in Console / Admin mode

* Created new SS cred and made it the default lookup option clicked the ... to select got this (missing FrmSelectSecretServerEntry)
SecretServerReader - Proxy Creation: 4505 milliseconds
FrmSelectSecretServerEntry - Get Entries: 72228 milliseconds.

* After selecting the entry it went not responding again for an even longer time and got this (missing FrmSelectSecretServerEntry)
SecretServerReader - Proxy Creation: 374 milliseconds

* Clicked ok to save it and it went not responding again got this
SecretServerReader - Proxy Creation: 527 milliseconds

* Modified the group i used earlier to use the new lookup SS cred I just created. Instant, no log.

* Connected the same session as before, got not responding again (missing FrmSelectSecretServerEntry)
SecretServerReader - Proxy Creation: 364 milliseconds
SecretServerReader - Proxy Creation: 226 milliseconds
Opening in Console / Admin mode

Each time it went not responding there was a 2-3 minute wait


Craig

3 yrs Secret Server Credential super slow
Craig Roser
Craig Roser
Posts: 50

Hi David,

I've tried all 3 selection types they all seem to have the same slowness issue.

Attached is what I get when I click the ... on the standard method. Sits like that for a minute or two then brings up the list to select secrets from

Cheers,
Craig

3 yrs Secret Server Credential super slow
Craig Roser
Craig Roser
Posts: 50

Hello, Trialing RDM to replace another product we're currently using.

I'm having issues with the secret server integration, it works however when it tries to do anything that would require accessing secret server the whole program goes not responding for probably about 2 minutes but does eventually work.

This will happen if you try to pick the secret from the secret server credential store on a new RDP connection. Also happens after you've set up your RDP connection and simply click open session. It'll just sit there not responding for a while and then it does actually work.

Our secret server is locally hosted, I even installed RDM on the server that hosts our secret server and used https://localhost/SecretServer/webservices/SSWebservice.asmx for the service url but still had the same issue. Oddly it did get worse when running it that way RDM would now sometimes throw a timeout error.

We have thousands of passwords in secret server looks like it may be searching them all every time?

The delay is the killer for us our engineers are constantly jumping on and off sessions and that isn't workable for us. Is there something that we can do to speed it up I'd like to try and solve it because the program looks really great and we're going to be looking at the server too.

Thanks in advance,
Craig

3 yrs Secret Server Credential super slow