Jump to content

support

Administrators
 View Profile  See their activity

  • Posts

    5,086

  • Joined

  • Last visited

  • Days Won

    318

 Content Type 

Posts posted by support

    More compliance reports

    in Feature Requests

    Posted

    Hi Jon,

     

    Does the report "What passwords have not been used lately?" and the field "Last Updated" help at all?

     

    Or maybe the report "What passwords have recently been reset?" and for the duration, specify "Report All Data"?

     

    Regards

    Click Studios

    IIS Crypto for Ciphers and Protocols

    in General Hints and Tips

    Posted

    Sometimes issues can arise when disabling communication Protocols or Ciphers on your Passwordstate server, and normally these are disabled for security reasons. 

     

    To help Click Studios Support understand what is and isn't enabled on your server, we may ask you to run IIS Crypto.  IIS Crypto is a tool that can read which protocols and Ciphers are enabled/disabled on your system, and it does this by reading the registry.

     

    IIS Crypto does not need to be installed, rather it is just an executable you download and run. When you simply open the software, it will read the registry and shows what is currently enabled.  Example screenshot below for this.  As long as you do not make any changes on this screen, your registry will not be altered.  Please send Click Studios support a screenshot like this one below if requested in your Support call.

     

    2023-03-08_10-49-57.png

     

     

    If you have any concerns about running this executable on your server, you are more than welcome to deny this request from Click Studios, and we'll find some other way to help troubleshoot the issue you are seeing.  Alternatively, you can upload the executable to Virus Total for a scan to confirm it has no malicious content: https://www.virustotal.com/gui/home/upload

     

     

    IIS Crypto Can be downloaded from here: https://www.nartac.com/Products/IISCrypto/Download

     

     

    Regards,

    Click Studios Support

    Change a private Passwordlist into a shared one

    in Password Reset Portal

    Posted

    Hello marpheus,

     

    We can confirm that Click Studios has no access to your Passwordstate environment in any way.

    We also no longer support that method of converting Private Password Lists to shared ones. Instead, please see feedback below:

     

    As of the release of Passwordstate V9 Build 9455 Click Studios no longer supports the Restricted Feature enabling Security Administrators to convert Private Password Lists to Shared Password Lists.  This applies in the following cases;

     

    • In V9 Build 9455 the Generate Request code functionality for converting Private Password Lists has deprecated
    • For all Versions and Builds prior to 9455 we will no longer supply the corresponding unlock code for this conversion

     

    We have made this change for security and compliance reasons, and, the change has been requested by many Enterprise customers globally.  There are still two valid approaches to convert Private Password Lists to Shared Password Lists, those being:

     

    1. You request your user perform this action themselves as per the menu in the screenshot below, or,
    2. You liaise with your Human Resources or equivalent department to have the user account password reset.  Then log in as them and perform the conversion mentioned above.

     

    How to Convert a Private Password List:

    convert.png

    Regards

    Click Studios

    High Availability Multi Subnet Failover issues

    in Known Issues

    Posted

    Issue:

    If running Passwordstate in High Availability mode, where you have two webservers both communicating to 2 x SQL servers replicating data in real time, some customers have had issues testing an automatic failover in SQL to the second database.  This only happens when the second database server is located on a different subnet to where the Primary Passwordstate website is hosted.

     

    Potential Fixes:

    Three are a few things you can try to fix this issue:

     

    Fix 1:

    In the connection string sections of your web.config files, add in the following code:

     

    MultiSubnetFailover=True

    This tells the Passwordstate website that it can communicate to a database on a different subnet

     

    Connect Timeout=30

    This setting can be expanded to 60, or 90 and this is how long the website stays alive for whilst it’s trying to establish a connection to the new database.

     

    Persist Security Info=True

    This means the SQL password is stored in cache when failing over - Use this at own risk and please see Microsoft Explanation for this below.  Perhaps only do this for testing purposes:

     

    Microsoft Explanation of Persist Security Info:

    The default value for Persist Security Info is false; we recommend using this default in all connection strings. Setting Persist Security Info to true or yes allows security-sensitive information, including the user ID and password, to be obtained from a connection after it has been opened. When Persist Security Info is set to false or no, security information is discarded after it is used to open the connection, ensuring that an untrusted source does not have access to security-sensitive information.

     

    Example of web.config file:

     

    <connectionStrings>

    <add name="PasswordstateConnectionString" connectionString="Data Source=xxxxxxxxx; Initial Catalog=passwordstate; User ID=passwordstate_user; Password=xxxxxxxxx; Persist Security Info=True; MultiSubnetFailover=True; Connect Timeout=30" providerName="System.Data.SqlClient” />

    </connectionStrings>

     

     

    Fix 2:

    Instead of MultiSubnetFailover=True set this to Yes like this example: MultiSubnetFailover=Yes

     

    We're not 100% sure why, but possibly different versions of SQL accept the different values and we've had some customers report that one works, but the other doesn't.

     

    Fix 3:

    You'll be using an Active Directory Listener as part of your SQL fail over.  A Listener is just a virtual computer object in AD with functioning DNS like any physical server. Typically you would set the Netbios name of Listener object in your connection string as the Data Source.  Instead of setting the Netbios name for this Listener, set the IP Address of the Listener in the Connection String.

     

     

    The only other thing we can recommend is logging a support call with Microsoft if none of the above suggestions help.  There's no code inside Passwordstate that can be changed to get this to work, and the issue lies between IIS and the SQL Technology.  Microsoft should be able to assist with this.

     

    Regards,

    Click Studios Support

    Change Folder Permission Model

    in Community Support

    Posted

    Hello,

     

    You should be able to change top level folders - maybe you don't have access to the top level folder, which is why this setting is disabled.

     

    We'll need to see some data to troubleshoot this further, so please log your support ticket here https://www.clickstudios.com.au/support.aspx

     

    Could you then please provide a copy of the data in the PasswordLists table, by following this article https://www.clickstudios.com.au/documentation/query-data.aspx 

    Thanks

    Click Studios

    Import Keepass Error - "403 forbidden" or "The Remote Name Could Not Be Resolved"

    in Known Issues

    Posted

    Issue:

    When importing a Keepass XML file you may see one of the following error messages and no data is imported into the system:

     

    error1.png

     

    error2.png

     

    Fix:

    Both of these errors are related to an incorrect Base URL in Passwordstate being set.  Go to Administration -> System Settings -> Miscellaneous and confirm that the URL starts with HTTPS (not HTTP), and also that the URL is the exact URL you use to access Passwordstate and there are no spelling errors etc.

     

    If the URL you have set on this page is the URL of a Load balancer, this should still work, but we have seen some customers run into this issue if the Load Balancer does not pass the request on to the Primary Passwordstate website API.  The import process is doing a simple POST  command to insert the data through the API, so if the API is not reachable through the Load Balancer you will see this issue.

     

    A possible work around for this is to change the URL to not use the Load Balancer URL temporarily, just until you get the data imported correctly into the system.

     

    If you still have an issue importing, please log a support call with Click Studios from this page:  https://www.clickstudios.com.au/support.aspx

     

    Regards,

    Support.

     

    Upgrading to Passwordstate 9 from Version 8

    in General Hints and Tips

    Posted

    System Requirements:

    This guide is actually applicable if upgrading from version 7 of Passwordstate too, and we recommend checking you meet the system requirements which can be found here before you upgrade:  https://www.clickstudios.com.au/passwordstate-system-requirements.aspx

     

     

    Expected Time Frame to Complete Upgrade:

    The time of the upgrade will vary, depending on how much data you have in the system.  With an environment with 5000 passwords in 1000 Password lists, the database upgrade will take approximately 3 minutes.  With an environment with 250,000 passwords in 20,000 Password Lists, it can take up to 20 minutes. Whilst the database upgrade is in progress, please do not refresh your page or close it down.  This will break the upgrade and you'll have to restore the system.

     

    If you are using the High Availability version of Passwordstate, please factor in extra time to upgrade the second server, and potentially administer SQL replication, depending on what type of replication you are using.

     

     

    Pre-Upgrade Database Check:

    Also, in one of the later version 9 builds, we support Unicode characters, and this can grow your database in size by 300 – 400 %.  Please see this Forum Post which helps with database management before you attempt to upgrade: https://forums.clickstudios.com.au/topic/15057-build-9493-database-management/

     

    This database management recommendation by us is only applicable to this upgrade attempt, and any future upgrades do not require this process to be followed.

     

     

    Pre-Upgrade Backup:

    Before attempting any upgrade of Passwordstate, it highly recommended to take a backup of your system.  Theer are multiple ways to achieve this but in order to restore your environment, you will need at least a copy of your Passwordstate install folder and your Database.  Passwordstate has built in Backups that you may already be using, a Virtual Machine snapshot may be suitable, or you can take a manual backup by following this guide: https://forums.clickstudios.com.au/topic/13911-manual-backup-using-sql-management-studio-tools/

     

     

     

    Upgrade Process:

    Please see this upgrade guide which shows the complete process to upgrade from version 8 to version 9: https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf

     

    Upgrading from Passwordstate 8 to 9, being a major version update, is a two part process:

     

    Part 1:

    • Download version 8995 source files on your web server and install them
    • Log into Passwordstate to complete the database portion of the 8995 upgrade
    • At this point you will have a fully functional instance of Passwordstate running build 8995

     

    Part 2:

    • Download the latest version 9 source files on your web server and install them
    • Log into Passwordstate again to complete this version 9 database upgrade
    • Process complete

     

    All source files are linked in the above document, and any future upgrades will only require you to download the latest Version 9 source files and run those. 

     

    Post Upgrade Tasks:

    After upgrading to Version 9, we have a new Backup process that is slightly different to the backup feature in Version 8.  If you are currently using the backup feature, you’ll need to revisit the settings and configure accordingly. Version 9 can be backed up to a local folder with a local Windows account, or to a network share with a domain account.  We have two separate guides for this and following one of these should help you get set up:

     

    Domain Account With Network Share:

    https://www.clickstudios.com.au/downloads/version9/Passwordstate_Automatic_Backups.pdf

     

    Local Account with Local Folder:

    https://www.clickstudios.com.au/downloads/version9/Passwordstate_Automatic_Backups_Local_Account.pdf

     

     

     

    Additional Module Upgrades:

    If you are using any additional modules such as the Password Reset Portal, or Self Destruct website, you will need to upgrade these too.  All Upgrade instructions for these can be found in the Upgrade Guide: https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf

     

    How do you tell if you are using any additional Modules?  Please see this blog post: https://blog.clickstudios.com.au/what-passwordstate-options-are-installed-and-where/ and this Blog post:  https://blog.clickstudios.com.au/wheres-my-password-reset-portal/

     

    Please note, if you were using the Mobile Website in Passwordstate 8, we have replaced this with iOS and Android Apps for your phone.  You will need to install the new "App Server" module to take advantage of these new mobile Apps:  https://www.clickstudios.com.au/downloads/version9/Passwordstate_App_Server_Install_And_Administration_Guide.pdf

     

     

    Restoring in the Event of a Failed Upgrade:

    Please see the Disaster Recovery section starting on page 199 of this manual to help restore your environment: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Security_Administrators_Manual.pdf

     

     

    Additional Support:

    You are welcome to log a support call with Click Studios at any stage for more advice: https://www.clickstudios.com.au/support.aspx

     

     

    Regards,

    Click Studios Support

     

     

    Importing KeePass data into Private Lists

    in General Hints and Tips

    Posted

    Issue:

    Passwordstate's Keepass import process will set up and create shared Password Lists, and then import passwords into them according on how you have your Groups set up within Keepass.  If you need to import a user's Keepass data into a Private Password List, this is a slightly different process listed below.

     

    Process:

    Export your KeePass data to a CSV file:

    2023-02-16_14-20-23.png

    2023-02-16_14-20-42.png

     

    Create a new Private Password List, and possibly select the "Web Site Logins" template, this way it enables the URL field on the Password List, which will allow you to import Entries from KeePass that have a URL set.

    2023-02-16_14-26-34.png

     

    Next, go to Import Passwords, and choose the CSV File into Single Password List type:

    2023-02-16_14-28-49.png

     

    Search for, and select your Private List, and Generate a new CSV Template:

    2023-02-16_14-29-54.png

     

    Copy all data from the KeePass Exported CSV across to your Passwordstate CSV Template, and save these changes:

    2023-02-16_14-33-35.png

     

    On the Import Data tab, select the CSV Template that contains all the new data, and choose Import:

    2023-02-16_14-36-30.png

     

    You should see a successful result:

    2023-02-16_14-37-49.png

     

    And all Passwords are now added into your List:

    2023-02-16_14-38-08.png

     

     

    Regards,

    Support

    Exchange Online Issues

    in Community Support

    Posted

    Hello mackov83,

     

    Yes, unfortunately technical support only comes with the paid version of Passwordstate. We wish we were resourced to provide support for the free version, but we do have thousands of customers using the free version.

     

    We will look into your points above for the next build though.

     

    Regards

    Click Studios

    Username or Password incorrect when logging into Passwordstate - Non Domain joined webserver or Non Trusted Domains

    in Known Issues

    Posted

    Issue:

    You are hosting Passwordstate on a workgroup computer, or possibly on a domain in a different forest with no trust, and you cannot login to the web interface.  The error you receive is "Username or Password is incorrect"

     

    Potential Fix:

    Confirm that the settings for your domain under Administration -> Active Directory Domains are correct in the first instance, including the LDAP Query string, netbios and FQDN.  To confirm the settings are correct, open a command prompt on a computer joined to the domain you wish to log into, and follow these instructions:

     

    • Open a command prompt on your computer and type set userdomain, and then set userdnsdomain
    • The NetBIOS Name for your Active Directory settings should match the result of set userdomain
    • FQDN should match the result of set userdnsdomain
    • The LDAP Query String for your Active Directory settings should match the result of set userdnsdomain. e.g. dc=clickstudios,dc=com,dc=au for the domain clickstudios.com.au

     

    Next, try changing the connection protocol on your domain under Administration -> Active Directory Domains to LDAPS, and ensure your remote domain is configured to accept LDAPS connections.

     

    If this does not work, you can try changing the Protocol to Kerberos.

     

    Ports that need to be open between your Passwordstate webserver and the remote domain are as follows:

     

    LDAP: 389

    LDAPS: 389, 636

    Kerberos, 88, 389 464

     

    If needed, try running Wireshark or something similar to track traffic from your webserver to the domain, and check domain event logs for any errors with authentication attempts coming from your Passwordstate webserver.

     

    Regards,

    Support

     

     

×
×
  • Create New...