support

Issue: When enabling DUO two factor authentication, it is possible you might get this error: Resolution: For one of our customers, we were told that changing the User Normalization setting to Simple in the DUO console (Under Applications) has fixed this for him. Thanks to Scott for making us aware of this fix. Regards, Support Click Studios

Thanks very much

Excellent - thanks for letting us know.

Hi Gregory, Sorry, but unfortunately we do not have support for LDAP over SSL for Passwordstate yet. It is something we wish to work on, but we have many outstanding feature requests that we are working through currently. Regards Click Studios

Hello, Yes, if you go to the Auditing screen in the Administration area, there is an Activity Type called 'Remote Session Connection' - this will give you what you need. Regards Click Studios

Hello, The encryption keys are split and stored in two places - the database, and the web.config file. When needed, we join these two split "secrets" and form the encryption key(s) so they can be used. For further security, you can also encrypt the AppSettings section in the web.config file, and we have information on this in our installation manual - https://www.clickstudios.com.au/downloads/version8/Installation_Instructions.pdf We hope this helps, and please let us know if you have any further questions. Regards Click Studios

Issue: If using the High Availability version of Passwordstate, with Transactional Replication in place it is possible to get the following error when uploading a document that exceeds 64kb: Error Code = The statement has been terminated. Length of LOB data (1138720) to be replicated exceeds configured maximum 65536. Use the stored procedure sp_configure to increase the configured maximum value for max text repl size option, which defaults to 65536. A configured value of -1 indicates no limit, other that the limit imposed by the data type., StackTrace = at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) at System.Data.OleDb.OleDbCommand.ExecuteNonQuery() at Passwordstate.Document.UploadPasswordListDocument(Int32 PasswordListID, String PasswordList, String DocumentDescription, String DocumentName, Object DocumentContent, String FileSize, Boolean Folder) Fix: In order to resolve this error, increase the ‘Max Text Replication Size’ of SQL Server: Open SQL Server Management Studio Right click on the server name à Properties Advanced Set Max Text Replication Size to a value higher than the document size limit specified in the Passwordstate System Settings For example: 4194304 is about 4MB Set -1 for unlimited Make this change on both SQL database servers Restart of SQL Server was not necessary Click Studios would like to thanks our friend Hans for supplying this fix:) We appreciate feedback from our customers that helps out all of our customers:) Regards, Click Studios Support

Hi Jagrys, You are right, in version 8 we reduced the amount of panels from 6 to 4, with three panels on either side. We did this to remove "Hosts" from the Passwords Home screen, as Hosts now has it's own dedicated Tab in the new version. If you are only needing favorite passwords and search, would setting up your panels like my screenshot below work for you?

Thanks Hans Regards Click Studios

Hi Hans, Sorry you've run into this issue, but no-one else has reported this so far, so we can't be sure why this occurred. We also did testing on multiple different operating systems, and did not see if ourselves. We also did not need to restart the server, only our browser. Do you remember where you downloaded the "newer version" from? Regards Click Studios

Hi Hans, It is the user's personal Password Generator Policy that is used by default - and the user can change these settings to anything they like. If they are wanting to pick from one of the other Password Generator Policies, then they can still do so, but only from the menu Tools -> Password Generator. This is also where the user can change their personal settings. We hope this helps. Regards Click Studios

Excellent - thanks Shane. We'll update our documentation a bit more to show a screen of what should be set. Regards Click Studios

Thanks for confirming Shane. I think we may have found the cause of this issue. In IIS, for the WinAPI folder, can you please make sure ASP.NET Impersonation and Windows Authentication are enabled - all others should be disabled? I think when we documented the changes required in the KB article, possibly ASP.NET Impersonation was enabled by default System Wide on the dev environment we tested on, so we need to update our documentation for this. And one other thing to check is that the URL for your Passwordstate web site is being detected in the 'Local Intranet Zone' in Internet Explorer. If it isn't, this may cause issues as you may see prompting for authentication. Can you let us know if this helps? Regards Click Studios

Hi Shane, Sorry you're having some issues with this. To help troubleshoot this issue, can you tell me the following: What build of Passwordstate are you using? In Build 8114, we provided some better error reporting for the WinAPI And if you go to the screen Administration -> Passwordstate Administration -> System Settings -> API Tab, under the section 'Windows Integrated API Settings' is this set to Yes? If it's not, can you change it and then restart IIS Thanks Shane. Regards Click Studios

Hi Daniel, We've found what the issue is - can you please avoid using the ¿ character, this is a reserved character we are using for our own purposes. If you have any other issues with certain characters not displaying correctly, you may need to change the default 'Code Page' settings in Passwordstate for this. This can be done on the following two screens: Administration -> Passwordstate Administration -> System Settings -> Password List Options tab Or if you edit the properties of a Password List, can you have it set differently on each Password List as well. We hope this helps. Regards Click Studios

Hi Daniel, We also responded to your email regarding this, and this issue would be caused by us not supporting any other languages except for English. We will look into whether there is a fix for this, but possibly look at our KeePass import suggestion as well, as our PowerShell script is set for UTF8 encoding and should help with your import process. Here is a link for those instructions - https://www.clickstudios.com.au/blog/import-passwords-keepass-passwordstate Regards Click Studios

Hi HeDish, Scheduled Reports are user specific, so they will need to manage them themselves - they can find them under the Preferences menu. Regards Click Studios

Thanks very much for sharing Whitey - we really appreciate it. Regards Click Studios

Purpose: The process below will import all of your KeePass data into Passwordstate. We highly recommend taking a backup of your Passwordstate database prior to performing this import. You can either use the automatic backup feature within Passwordstate, or possibly use SQL Management Studio Tools instead. Exporting from KeePass in the Correct Format: If you would like to migrate your passwords from KeePass to Passwordstate, you will need to export them as a csv file, which Passwordstate reads correctly. The best version of KeePass to do this in is the Classic version and must be at least Version 1.31. The Classic version has better options when exporting, allowing you to select which attributes of your passwords you would like to insert into the csv file. If you are using KeePass Professional, you will need to transfer all of your passwords to the Classic version. To do this: 1. Open KeePass Professional and click File -> Export 2. Select KeePass KDB (1.x) 3. Select a place on your local disk to save the export to, and click OK 4. If you get an error saying "This file format does not support root groups" click Close 5. Open KeePass Classic 6. Click File -> Import -> KeePass Database... 7. Open the .kdb file you generated in the export process above 8. Enter in the Master Password for your exported database and click OK 9. Click File -> Export -> CSV File... 10. Save the .csv to somewhere local like D:\KeePass-Import\Passwords.csv 11. Under the fields to export, ensure you also tick "Group" and click OK **Important** Once you have exported this .csv file, DO NOT modify and save in Excel in any way. This can make the .csv file unreadable for the purpose of this exercise. Preparing Passwordstate for the import 1. In Passwordstate, under the Passwords menu, create a Password List Template. This process will be copying the settings and permissions from this template when setting up your data. 2. On the Template, ensure you deselect the "Prevent saving of Password Record is 'Bad' password is detected": 3. Also on the same Template, ensure you select the URL field as follows, and save it: 4. Apply appropriate permissions to the template via the Actions Menu. Any user you give access to on this screen will get access to all passwords you import from KeePass. If need be, you can easily modify permissions after you've completed this import process: 5. Press the Toggle ID Column Visibility and take note of the TemplateID 6. Download the Import-Keepass.zip file from the Click Studios web site, and extract the contents into the same folder as your exported KeePass .csv file. 7. Take note of your System Wide API key in Passwordstate, which can be found under Administration -> System Settings -> API Keys. If you need to, you can generate a new one: 8. Open the extracted import-keepass.ps1 file in your favorite Powershell scripting tool, and modify the top 4 variables to reflect the correct information about your environment. You will need to enter your Passwordstate URL, the exact path your exported .csv file, your system wide API key, and your Template ID: 9. If you now run your Powershell script, you should notice a KeePass Import folder in Passwordstate, along with Multiple Password Lists which are named the same as all your groups and sub-groups from KeePass. They will also contain all the relevant passwords: 10. If you like, you can create some Folders in Passwordstate and begin dragging and dropping your new Password Lists as appropriate. If you have any questions about this, please contact Click Studios on support@clickstudios.com.au

Hi HeDish, Sorry, but unfortunately it is not possible to include Generic Fields in the Expiring Passwords Report - I believe this is what you mean by 'field email'. This is mainly because each Password List can be created with different fields, of different data types, and either encrypted or not. And exporting this to HTML or CSV would be quite difficult to read and interpret. Regards Click Studios

Issue: When trying to run a report in Passwordstate 8, you may see the error below: Cause: In Windows Server 2008R2, the TLS 1.2 secure protocol is disabled by default, but Passwordstate 8 requires this to run certain functionality. On newer operating systems it is enabled by default, but it is possible to manually disable it. It is recommended by Microsoft to have this protocol enabled on your server as it is the most secure protocol. Fix: **Before making any changes to your web server, confirm there are no other applications running on it that may be affected by this change** Enable TLS 1.2 on your web server by: Downloading the IIS Crypto Tool from here: https://www.nartac.com/Products/IISCrypto/Download On your web server, run the Crypto Tool "as Administrator" Tick the TLS 1.2 protocol so that it is bold black, as per below screenshot: Open Regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client. Change the Enabled REG_DWORD to a value of "1" Open Regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server. Change the Enabled REG_DWORD to a value of "1" Reboot your web server and the issue should now be resolved. If you need further help with this, please contact support@clickstudios.com.au Regards, Support

Hi Albert, We're sorry, but the organization of these Zones cannot be in one column - Passwordstate is not really designed for small 12" screens. If you're happy with only 2 of these grids, you can leaves the others in Zone 2 and 4, and just disable them - this will give you the one column effect. Regards Click Studios

Hi SGauvin, The only option we have for this is the one I mentioned above - either just users with Admin privileges, or all users who have access to the Password List. Regards Click Studios

Hello, This is very strange that this has just stopped working for you. The only thing I can think of which may cause this is the password being wrong for the Privileged Account Credential which is associated with your domain in Passwordstate, but if this was the case you also should not be able to search for security groups, so it is very odd. Can you please contact us via our Support page, as we will need you to share some screenshots of your setup so we can troubleshoot this - https://www.clickstudios.com.au/support.aspx Thanks very much. Regards Click Studios

Hi Jeffrey, Unfortunately we don't have a feature where you can set the default expiration time, as it's not a feature that is used all that often by our customers. Regards Click Studios