All Activity
This stream auto-updates
- Today
-
SAML Authentication with a second two factor authentication option
support replied to support's topic in Feature Requests
Hi All, We will have an option for this in the next build - due in a few days. Regards Click Studios - Last week
-
Daniel Fresneda joined the community
-
Hello Joakim, Can you check three things for us: On the screen Administration -> System Settings -> Miscellaneous tab, is your Base URL field here correct for your Passwordstate URL? On this System Settings screen, if you click the 'Save' button, can you report the actual error it comes back with And in IIS, if you look at the Passwordstate web site (expand the site in the tree), is the 'SelfDestruct' folder configured as an 'Application' in IIS - this should have a different icon from most other folders? Thanks Click Studios
-
Hello, Could you please follow those on screen instructions and let us know the outcome? Thanks Click Studios
-
Source: Passwordstate Service An error has occurred calling the method MoveSelfDestrucAuditingData(). Error = One or more errors occurred. What to do?
-
Lukasz joined the community
-
THIS IS MY PROBLEM unfortunately an error has occurred within the passwordstate website, for wich we apologize for the inconvenience if passwordsate is able to communicatie with database then the error will be logged on the screen administration -> passwordstate administration ->error console if you are unable to view the error console screen for any reason you can ask your database administrator to run the following sql query which will show th same data from the error console screen use passwordstate Select From Debuginfo
-
harryqueen joined the community
- Earlier
-
Great, I forgot about that thread. So it looks that it is needed by community
-
+1 There is another request for this as well: //Jasper
-
Thank Mi Ke, We will try to reproduce this this week, and will report back here if we can. Appreciate the information you provided. Regards, Support
-
Thanks for letting the community know
-
Coming in the next build
-
Hi Guys, We've added the mentioned security headers in build 8600. Regards Click Studios
-
Okay thanks
-
Hi, Thanks for your support. We will find a solution. :-) The reason seems to be the parameter of the task "MRT_ERROR_HB". I can reproduce the error on a Windows Server 2016 build 1607 by creating a new Basic Task. I hope this works for you as well. Regards, Mike Create a basic task Use any program and add the parameter from the task "MRT_ERROR_HB": /EHB /HeartbeatFailure "ErrorStack,Previous=SubmitHeartbeatReportData,Hr=0x80072f0d" /HeartbeatError "0x80072f0d" Add the System account Now in Passwordstate you can run the dicovery script. My output was:
-
Hi, yes I did and this is exactly why i would like to request to have such thing as to generate destruct URLs via API I am not talking about actually sending the email, but rather as the first version just to be able to generate valid URLs.
-
Hello, Have you tested our new version of the Self Destruct Message feature, where the site can be deployed separately to your main Passwordstate web site? And this deployed site does not need any access back to your Passwordstate API at all? We don't have any features in our API right now to send Self Destruct Messages, but it may be something we look into in the future. Thanks Click Studios
-
Hi Mike, Sorry it's not fixed. It is quite difficult for us to test this sort of fix, when we cannot reproduce the issue ourselves. This returns 'System' for us every time, and we're not sure how to replicate what you are seeing - would you have any ideas what we need to do to this scheduled task to replicate it? Thanks Click Studios
-
Hi, i would like to ask/propose to introduce new API endpoint for generating self destruct messages. Would it be something possible? We have a business case where such functionality would be implemented internally to our client services to automatically send sensitive information via such messages and also credentials from PasswordState. For API it would be enough to send post request ("Automatically self-destruct this message if not viewed in" and "Allow the self-destruct message to be viewed" - required values)and get a response of self destruct message URL. In our case, if someone would like to send credentials from PasswordState we can build aggregation with existing API endpoints and tie together with this newly requested API endpoint. Best case scenario would be to include optional fields in this new API endpoint where you could specify password record ID value
-
Hi, Unfortunately, adjusting the uppercase and lowercase characters in the SID in the new script makes no difference. Like I have tried to descripe I think the problems are the commas "," in the column "Task To Run" of the command output (or "arguments" in the task xml). The following command "ConvertFrom-Csv" splits this string on every single comma regardless the comma is part of a value or not. Have a look to the original output of the command: The Command "ConvertFrom-Csv" splits the value of “Task To Run” into multiple parts. This is wrong and all the following values shift to x columns. I hope that explains more exactly what I tried to explain yesterday. Reagards, Mike Compare the output of the script and how it should be.pdf
-
Hi Mike, We're not sure why your scheduled tasks are reporting n/a like this - we've never seen this before. Can you try the attached script again - we've added this in as an exclusion as well. Get-Dependencies.ps1 Regards Click Studios
-
AD authentication using samba or OpenLDAP?
support replied to idl0r's topic in Installing Passwordstate
Hello IdlOr, We're really sorry, but Passwordstate is only designed to work with Active Directory store, and not the other two directories you've mentioned. Regards Click Studios -
Hi, It doesn't work and I think in this case it's because the script gets the user "S-1-5-18" from the task xml-file. So the filter on the output of "schtasks.exe" make no difference. Let me explain: I have made the following script based on your original script: In the output of the script the key "Run As User" has sometimes a value "Disabled", "n/a" or something else instead a username or SID. I think the problem is the special character "," in the task Argument: /EHB /HeartbeatFailure "ErrorStack,Previous=SubmitHeartbeatReportData,Hr=0x80072f0d" /HeartbeatError "0x80072f0d" The command "ConvertFrom-Csv" splits the string on the wrong place. Script Output Task ""MRT_ERROR_HB.xml" Because the value of the key "Run As User" is not a known keyword to ignore your original script Looks then into the "MRT_ERROR_HB.xml" file and reads the key "<UserId>S-1-5-18</UserId>". I hope that makes sense. Regards, Mike
-
andrewtwelch joined the community
-
AD authentication using samba or OpenLDAP?
idl0r replied to idl0r's topic in Installing Passwordstate
Ok, it looks like it was a samba issue. Even though there could have been more debug infos. https://wiki.samba.org/index.php/Samba_4.4_Features_added/changed#ldap_server_require_strong_auth_.28G.29 -
Hey, I've been trying to setup AD authentication using our samba AD replica but there are weird errors so, first of all I'm curious whether samba or OpenLDAP methods are supported/tested at all? Just adding it seems to be fine at first, but e.g. adding security groups fails. The groups are listed properly but adding it throws an error with like no details nfortunately an error has occurred within the Passwordstate web site, for which we apologize for the inconvenience. If Passwordstate is able to communicate with the database, then the error will be logged on the screen Administration -> Passwordstate Administration -> Error Console. If you are unable to view the Error Console screen for any reason, you can ask your Database Administrator to run the following SQL Query, which will show the same data from the Error Console Screen: USE Passwordstate SELECT * FROM DebugInfo If you need some assistance from Click Studios in troubleshooting this error, please ask your Passwordstate Security Administrators to contact us for help. Error console: A more secure authentication method is required for this server. , StackTrace = at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.PropertyValueCollection.PopulateList() at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName) at System.DirectoryServices.PropertyCollection.get_Item(String propertyName) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) at System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(PrincipalContext context, String identityValue) at admin_securitygroups_addadsg.CountNumberOfRequiredLicenses(String strSecurityGroup, String DomainName, String FQDN, String ObjectSID) at admin_securitygroups_addadsg.SaveSecurityGroup(String Button) at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) Thing is, it's already LDAPS so I'm not sure what that means and why it's fine to fetch the groups, accounts etc. but adding it fails. Adding a user seems to work as well as the login. Another, even more weird error: Trying to add a security group using the right arrow results in: It appears an error has occured trying to query Active Directory for user information. Please check the 'Active Directory Domain Name' value specified below is correct. If not, please update in the 'Active Directory Domains' screen. Active Directory Information NetBIOS Name: office FQDN: ad.dc.somecompany.com LDAP Query String: How can the LDAP query string be empty? Any ideas?
-
idl0r joined the community
-
Hi Mi Ke, We are very sorry, we did actually forget to follow this up. I've taken a look at this today and here's some information to consider: In our discovery job, we are excluding the discovery of "System" as per screenshot below, but we cannot understand why on your systems this isn't working: We found out that the Profile of the System Account has the unique profile registry key as S-1-5-18 So we've now added this to our exclusions in the Account Dependency Script, tested this and it seems to be working: For this to work for you, can you please do the following on your Passswordstate web server? 1. On your Passwordstate web server, download this file: Get-Dependencies.ps1 2. Place it in C:\inetpub\Passwordstate\setup\scripts, and overwrite the existing file 3. In Passwordstate, go to Administration -> Powershell Scripts -> Account Discovery Scripts and restore the default Windows Account Dependency script from the Actions Menu: Now try your Discovery Dependency again, does this fix the issue? If it does, we'll include this new script in the next build of Passwordstate we release. Regards, Support
-
Hello, Passwordstate should work fine with TLS 1.0 and 1.1 disabled – we’ve tested this ourselves, and other customers have disabled these protocols as well. Could you please try the following, on both your Web and Database Servers: 1. Using the following IIS Crypto Tool, click on the ‘Best Practices’ button, then close the application - https://www.nartac.com/Products/IISCrypto/ 2. Follow the instructions again for changing the registry keys, as IIS Crypto may have updated them. You can refer to this document for that https://support.microsoft.com/en-au/help/3135244/tls-1-2-support-for-microsoft-sql-server, in the section ‘Frequently Asked Questions’ 3. Now reboot both servers Hopefully this should resolve it for you. Regards Click Studios
