Search the Community

Hello. We are using the remote session launcher to access customers. Our team does not even access our own network any more. On our network however, we have a CIFS share on our network, and we can use the remote session to access a server in our network. but then they need to copy from there and then move it to the customer if they need a file. I am wondering if there is a way to present the file share as a mount or something when you connect to a remote session. in other words, i want to present a local folder on my proxy server that the remote connection can access. I know you can set this up when you use RDP, i was just hoping we could do something like this as well.

We use a bastion host to SSH into the cloud. when running long commands such as tail and things like that, are users are getting D/C'ed after 5min. our team would like to be able to configure the time out to a longer time frame. Can we add a way to configure the time out of a session?

Is it possible to change the colors for a terminal window when using remote session launcher? We just started using the hosts feature in my team, and a lot of our unix team would like to change the color?

Purpose: This post outlines the process you need to follow, to grant someone access to the Remote Session Launcher, without them having the need to know the password. An example could be you have a contractor coming on site, and you want them to connect to machines and perform work, but you do knot want them knowing the password they are using to connect. If you are not familiar with how to set up the Remote Session Launcher, please see this in depth Forum Post - https://www.clickstudios.com.au/community/index.php?/topic/2110-how-to-set-up-the-remote-session-launcher-passwordstate-8/ 1. Under the Passwords tab, add a new Password Record that has an account that has permissions to connect into machines on your network. The following example is an Active Directory account which can connect to any Windows Server or Desktop. **Note, you do not grant the contractor permissions to see or use this Password Record: 2. Under Hosts tab -> Hosts Home, create a new Remote Session Credential, and link it to the existing Password Record you just created: 3. Grant your Contractor access to the remote session Credential you have just created in step 2 above: 4. Under the Hosts tab, grant the user access to the Folder of your choice, which has the machines added into it: 5. The user will now be able to choose a Host of their choice, and click the Auto Launch button. This will use the Remote Session Credential to establish a connection to the remote host, and the contractor will not have access to the password that they have connected in with: Regards, Support Click Studios

**Edit 27th September 2019** We've updated this forum post with some more suggestions, including how to turn on verbose logging and a link to some known error codes. **Edit 6th January 2020** The Gateway installation process is now much simpler than what the video at the bottom of this thread shows. Please see the Install documentation which describes how to use this new and improved install method: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Remote_Session_Launcher_Gateway_Install_Guide.pdf The Browser Based Remote Session Launcher that was introduced in Build 8275 requires some installation and configuration to be applied to your Passwordstate web server, but if you find you cannot launch session for any reason, please run through these troubleshooting steps below to resolve the problem: Issue 1: Do you see the Passwordstate-Gateway Service running on your web server? If not then please follow the documentation under https://www.clickstudios.com.au/downloads/version9/Passwordstate_Remote_Session_Launcher_Gateway_Install_Guide.pdf to set up this feature as a once off process Issue 2: The Passwordstate-Gateway service is running but connections won't launch, you should be presented with a page of troubleshooting steps. Try clicking the "Test SSL Certificate" link on this page and see what results that gives you. If you get results saying your certificate is not secure, take the necessary steps to ensure your browser trusts your Passwordstate certificate. This could be installing the certificate into the Trusted Certificate Authorities on your desktop though Internet Explorer, or adding an exception in Firefox as an example. Issue 3: If you receive a Web Proxy Gateway error like the screenshot above in Issue 2, this might be caused by a firewall on your web server blocking the connection. To fix this, log into your Passwordstate web server (assuming this is where you installed the gateway) and run the following command in elevated Command Prompt to create a firewall rule: netsh.exe advfirewall firewall add rule name="Passwordstate-Gateway" dir=in action=allow protocol=TCP localport=7273 Also consider that it may not be your Web Server firewall causing this issue, but it could be another firewall. For example, if your DNS is hosted externally to your network, then port 7273 must be open on your company firewall and forwarding all traffic on to where you have your gateway installed. To test that ports are open, run this Powershell test from your desktop where you access Passwordstate from, to the Passwordstate web server, assuming this is where you installed the gateway. You'll need to change the name of the web server in this test: Test-NetConnection webserver01.contoso.com -Port 7273 Issue 4: If you receive a Web Proxy error like the screenshot above in Issue #2, this may be caused by incorrect syntax in your gateway.conf file. Please ensure the syntax of this section of the gateway.conf file is in the same format as the below screenshot Issue 5: Can you successfully start the Passwordstate-Gateway service on your web server? If not, please try these suggestions: Possible Fix Suggestion 1: Check the name of the C:\inetpub\Passwordstate\hosts\gateway\Passwordstate.pfx file is correct. This file must be called 'Passwordstate.pfx' for the service to work correctly Possible Fix Suggestion 2: Is OpenJDK installed on your web server? If not please run the Gateway installer again, as this automatically downloads and installs Java for you: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Remote_Session_Launcher_Gateway_Install_Guide.pdf Possible Fix Suggestion 3: Did you configure the SSL Certificate for the gateway, and put the encrypted password for this certificate in the gateway.conf file? If not please refer to https://www.clickstudios.com.au/community/index.php?/topic/2971-how-to-encrypt-the-certificate-password-for-use-with-the-browser-based-gateway/ Possible Fix Suggestion 4: Is the default port of 7273 is in use by something else? To test this, run a command prompt on your web server, and run the following command: netstat -ano | findstr :7273 You should get a blank result back from this command if the port is free. If something else is using the port, try changing the listening port in the C:\inetpub\Passwordstate\hosts\gateway\gateway.conf file to something else under 10000, save and restart the service Possible Fix Suggestion 5: Check the password that you set when exporting the certificate is the same password that you have encrypted and applied to your C:\inetpub\Passwordstate\hosts\gateway\gateway.conf file. One way to test this is to export the certificate again from IIS, and set a new password. Update the password in the Gateway.conf file and see if the service starts then Possible Fix Suggestion 6: In the Gateway.conf file, update SSL to false, and save the file. Try restarting the service again now, and if it starts, this confirms that the certificate is the issue. And you should try running through the export process again by following this forum post: https://www.clickstudios.com.au/community/index.php?/topic/2971-how-to-encrypt-the-certificate-password-for-use-with-the-browser-based-gateway/ **Note** The SSL value in the gateway.conf file needs to be set to true in order to establish successful connections. This test of changing it to false is purely to establish if there is something wrong with the certificate. You should set this back to true after you have finished troubleshooting your issue. Possible Fix Suggestion 7: Possibly the recording path that is set in the Gateway.conf file does not exist or is incorrect. Try changing the recording path back to the default location which is shown in the screenshot below, and then try starting the service again Issue 6: RDP into Server 2008 and Server 2008 R2 is not working, but Server 2012 and above is working okay. If you run into this issue, it's because your server's are not patched with the TLS1.2 and TLS1.2 updates from Microsoft. Please download and installed the appropriate patch below: Server 2008 - https://support.microsoft.com/en-us/help/4074621/add-rds-support-for-tls-1-1-and-tls-1-2-in-windows-server-2008-sp2 Server 2008 R2 - https://support.microsoft.com/en-au/help/3080079/update-to-add-rds-support-for-tls-1-1-and-tls-1-2-in-windows-7-or-wind Issue 7: You can establish some connection to some machines with the Browser Based Launcher, but others seem to hang and do not make a connection. Try one of these suggestions to help troubleshoot this kind of scenario: Possible Fix Suggestion 1: Try doing an open port test when logged in to your Passwordstate web server, to the remote host? Does this return True or False? This Powershell example would be is me connecting to my remote Windows host: Test-NetConnection devpc1 -Port 3389. If you are having issues with SSH connections, the default port you should be testing for is 22. Possible Fix Suggestion 2: Possible you will get an error code in returned to you in the Error Console which will help diagnose the issue. See this forum post for a list of Error Codes: https://www.clickstudios.com.au/community/index.php?/topic/2853-error-codes-for-the-browser-based-remote-session-launcher/ Possible Fix Suggestion 3: You could temporarily enable verbose logging for your connections, and then refer to the logs to see if this can help diagnose the issue. See this forum post on how to enable verbose logging of connections: https://www.clickstudios.com.au/community/index.php?/topic/2852-enabling-verbose-logging-for-the-browser-based-remote-session-launcher/ Installation Video of installing the Gateway can be found below, which outlines all steps to set this up on your web server: We hope this helps and please log a support call with support@clickstudios.com.au if you are still having difficulty getting the Browser Based Remote Session Launcher to work correctly. Regards, Support.