support

Thanks for letting us know we overlooked adding it this time. Regards Click Studios

Hello Everyone, Today we have released build 9350 with many changes and fixes included. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

Hey Tburke, Could you take a look at this forum post for more information on this? https://forums.clickstudios.com.au/topic/13780-passwordstate-9050-and-below-issue-enabling-maintenance-mode-generates-a-general-error/?ct=1634683067 Regards, Support.

Issue: You've noticed since the upgrade to Passwordstate 9, that one or more Remote Site Agents aren't polling back in. As a result you try to reinstall the Agent but when doing so, the service will not start. You see the following errors in the event log in this order: Fix: This issue is caused due to the server where the agent is installed does not have .NET Framework 4.7.2 or higher installed, which is a requirement in Passwordstate 9. Please update .NET Framework and the service should then start. Regards, Support

ISSUE: When attempting to log into Passwordstate, you may get an access denied message. Or, when syncing security groups, it fails with a general error page. Upon further investigation, you find in the Error Console or the Application event logs on your Passwordstate web server an error which contains "Server not Operational". Specific error messages could be: - Failed to authenticate UserID of 'domain\user'. Error = The server is not operational. - Failed 'Active Directory' login attempt for UserID 'domain\user' from the IP Address '172.18.37.55'. Possible incorrect Username or Password, or this could also be caused by restricted Logon Hours in Active Directory. POSSIBLE FIXES: We'll run through a few different possible fixes for this, as the error of “Server is not operational” means Passwordstate cannot communicated with your domain. This is the error that is returned from the .NET Framework, and it gives us no indication as to why, ie it's very generic. TEST 1: In you Passwordstate UI, go to Administration -> Active Directory Domains and check your domain details are still current: To Confirm if these values are correct: Open a command prompt on your computer and type set userdomain, and then set userdnsdomain The NetBIOS Name for your Active Directory settings should match the result of set userdomain FQDN should match the result of set userdnsdomain The LDAP Query String for your Active Directory settings should match the result of set userdnsdomain. e.g. dc=clickstudios,dc=com,dc=au for the domain clickstudios.com.au TEST 2: Whilst one the Same Screen, as a test, change the Protocol to LDAP, if you have it to LDAPS and save this change. Does this fix the issue? TEST 3: Whilst on the same screen, check to see if you have hardcoded a domain controller using the IP Address as per screenshot below. Unfortunately you cannot use IP Addresses in this field, and will need to use a FQDN for yoru domain controller instead. Either remove this server all together, or set the server in FQDN format and ensure that FQDN is resolvable when logged into your Passwordstate web server. TEST 4: Log into you Passwordstate web server, and do two open port tests to you domain. Example of this in Powershell is: LDAPS TEST: test-netconnection <mydomain> -Port 636 LDAP TEST: test-netconnection <mydomain> -Port 389 Depending on which protocol you have configured for your domain as per TEST 2 above, then this port should be open. If it is closed, please investigate firewalls blocking access. TEST 5: If using LDAPS, ensure your CA Certificate on you Passwordstate web has not expired. If your Passwordstate web server is not joined to your domain, then it's possible the domain certificate did not renew automatically. A valid certificate is required to perform the handshake with the domain. TEST 6: Check the user account in Active Directory does not have specific logon hours set: Test 7: Reboot your Passwordstate web server. If there is a pending reboot for a Windows patch, this can cause issues connecting to your domain. If we find any other solutions/tests to this issue, we'll update this forum post. Regards, Support.

Hello bib_ak, Unfortunately this is not possible as we return a class definition here for the records. Regards Click Studios

Hello, Yes, you can do this. Please go to the screen Administration -> Remote Session Management and click on the 'Browser Based Gateway Settings' button. Regards Click Studios

Hello Mikael, Could you do the following for us: With SQL Server Management Studio, execute the commands below: USE Passwordstate UPDATE DiscoveryJobs SET InProgress = 0 Now restart your Passwordstate Windows Service to pick up this change also When you next run a job, can you see if our Windows Service is logging any exceptions in the Windows Application Event Log? Thanks Click Studios

Hello, We do plan on adding support for listing/searching documents, and we'll post back here once the feature is available. Regards Click Studios

Hello GrouchyAdmin, We need to do some work again soon on the credential provider, to support Edge instead of IE, so we will explore the MSI option at that time. To uninstall the WCP, this could be put into a batch file, and computer needs reboot as part of the uninstall process. This is tested and working but please note the path changes for each version of the credential provider we have installed. To find the uninstall string, look in the registry under HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall for the Passwordstate Credential Provider key This must be running "As Administrator" to work correctly. Batch file to execute "C:\ProgramData\{66E41BAF-6B77-467E-9AB4-F9B2F5ED50FD}\PasswordstateCredentialProvider.exe" REMOVE=TRUE MODIFY=FALSE /s del /f c:\windows\system32\Passwordstatecp_config.ini We hope this helps.

Hello, The bare minimum requirement for SQL High Availability is your primary SQL Server needs to be SQL Server Standard and above, and the HA SQL Server can be using SQL Express. This is an active/passive configuration. We have various instructions on the following page for SQL Server High Availability, and also for doing moves of our software https://www.clickstudios.com.au/documentation/ Regards Click Studios

Issue: You have the High Availability module of Passwordstate, so you have two Passwordstate websites and two SQL databases replicating data in real time. You perform an upgrade to both servers and when logging into the second server it quickly logs you out to the log out screen. Fix: When upgrading your second server, you should never be prompted to upgrade the database. There’s a few reasons that this may have happened for you which I’ll list below: Did you log into your Primary web site after you upgraded the install files? If you didn’t then next time please ensure you do, as this will then prompt you to automatically upgrade the database. At this point you will then need to re-establish SQL replication (if you are using transactional), and then the primary database will mirror across to the second database, also effectively upgrading it to the latest build. Possibly you did not re-establish Transactional Replication after upgrading the primary instance. If you are using transactional replication this must be re-established before upgrading second server install files. Possibly SQL replication was not working at all before you attempted the upgrade. To confirm if SQL Replication is working well, could you please use SQL Management Studio Tolls and connect to both of you database servers, and run the following SQL Command: select count(*) from auditing This will give you a count of the auditing events from both databases, and the value should either be identical, or very similar if replication is working. Regards, Support

Hi Guys, Dragging up an old feature request. With Azure MFA, we believe this can only be achieved by using our SAML feature, in which case we are not in control of the authentication page. Is there some other way you are using Azure MFA, without using our SAML option? Regards Click Studios

Thanks

Hello, We’ve found recently that us updating the Telerik ASP.NET controls in the latest build has caused this, as Telerik’s commands for saving the Password List’s grid layouts do not seem to be compatible – that data format has changed. To fix this, please follow these instructions: Using SQL management Studio Tools, connect to your Passwordstate database Server, and run the following commands below. USE Passwordstate DELETE FROM GridSettings Regards Click Studios

Hello FeSa, You can vote on a feature request for this here - https://forums.clickstudios.com.au/topic/8443-create-remote-session-credentials-via-api/?tab=comments#comment-19133 This is to manage the credentials via the API. Regards Click Studios

Okay, thanks Sven. Do you have many Security Administrators who have access to this screen? Maybe you could reach out to them and ask why the permissions were removed? Regards Click Studios

Hi Sven, For this request, do you mean auditing on the screen Administration -> Feature Access, where you can grant user's access to use the Windows Integrated API? If so, and you've probably considered this, but was there any change control documentation for changes on this screen - maybe that will help determine who modified these permissions? Regards Click Studios

Hello, At this stage we do not have support for more fields like this. Regards Click Studios

Hello. All load balancers should be able to be configured for X-Forwarded Support. We would recommend logging a support call with your Load Balancing vendor, and ask how this can be done. There currently is no way to disable this feature, for security reasons - typically customers install this module in their DMZ, so you do need to protect against these failed login attempts. If you go to the screen Administration -> Password Reset Portal Administration -> System Settings -> Miscellanous tab, you can increase this lockout value though. Regards Click Studios

@Max @tboggs13 - just to clarify, with the other products you've mentioned - are they auto logging you in when you have an active session with Azure AD? If they are, when you logout via the application (not Azure AD) and then return to the home page, are you automatically logged in again or prompted to re-authenticate via Azure AD? Regards, Click Studios

Hi Guys, Thanks for your request, but we will not be changing the behaviour for this. We have engaged with an external Cyber Security company for the development of the App Server, and they also recommended the current method we implemented. As certificates are quite cheap, we instead recommend purchasing a certificate, instead of using Let's Encrypt. Regards Click Studios

Hi All, We're currently working on this for the next release, and have successfully corrected the 302 error using the new AAD logout URL. However, during our testing we're still observing that all Azure Apps are subsequently signed out after posting the LogoutRequest.“ If you input the generic URL it will log you out of all AzureAD applications” implies that you would like to only sign out of Passwordstate and not all the other apps utilising the Azure AD session. Did we interpret this correctly? If so, we believe this is not possible unless we force re-authentication even when an Azure AD session is currently active which would ultimately defeat the purpose of single sign on. Regards,Click Studios