Jump to content

jimmy

Members
  • Content Count

    10
  • Joined

  • Last visited

  1. So that's good news twice! For me because I now know that I am not doing it wrong, for you because you can now fix a bug. I will have to do my work double now, because I need to write a procedure to do the update process from dev/test, via acc, to prod. Which now means I have to describe both the manual and the "regular" internet disconnected upgrade method. But at least I now know what to do. Thank you for all the effort!
  2. In the meantime I've been testing the other way around: unplug the NIC. Now the button keeps saying "testing download..." forever (or at least for 30 minutes until I terminated it). So there seems to be some difference but still not like it works at your side. When the NIC is disconnected I see Windows Events "An error has occured executing the call 'SecurityGroupExists'. The server is not operational." Perhaps this is because the ADDS is then also unreachable. With te NIC connected I see nothing in the eventlog. To make sure it really attempts to access internet, I added www.clickstudios.com.au to the hosts file, pointing to 127.0.0.1. This causes the upgrade now to fail even faster. That proves that it does do a call to www.clickstudios.com.au at a point where it should not. (I double checked the permissions on the zip-file, and also extracted it once to verify that it's not corrupted) I have created a quick-and-dirty webserver replacement of http and https for www.cliskstudios.com.ca to have a bit of logging, and I see that it requests /NewBuildInfo.xml (plain over port 80?). Perhaps then you know what is going on? (it's not the upgrade zipfile but an xml) Tomorrow I won't be able to change or test anything, but please feel free to keep me informed (I am able to reach this site).
  3. Let's not give up please, as I suggested before this is probably not a security issue but there must be a simple reason why it tries to download a file that is already there? Can we continue on that? Why does it want to access the internet while we follow the procedure for upgrading without internet? From Windows- and permissions perspective there is nothing special about this machine, it's just that we cannot just change the current SQL account, especially because you now say that we do not need that if we do not need the backup.
  4. Can we go back one step. The symptom it that the program wants to go to the internet instead of using the locally placed file. And now we are discussing backups, accounts, permissions and stuff. Isn't there a totally different reason why it tries to download a file that is already there?? And just to make sure, we're not talking about the backup account but the (same) account needed for the upgrade. I just tested the backup to show that there are probably related issues. We don't actually need the backup, I'm just going through that all because you explained that the account settings are also needed for the upgrade... So if we can skip the backup-issues (unless they help solving the upgrade issue), I'm fine with that. But.. Do you really want me to go through a 180pg document just to solve an issue with a 1/2pg upgrade description? I did check what you mentioned before, the NETWORK SERVICE has (F) on the passwordstate folder and subfolders and so does it on the backupfolder. The account that I use for the upgrade is the domain admin which I guess should just be enough? From that manual, I found at least: The path to where you would like to store the backups - please use UNC naming conventions here, not a literal path such as c:\backups · Username and Password required for the backup (below in this document is an explanation of the permissions required) So I am now using \\computername\sharename which are accessible. Then it says: To allow backups to work through the Passwordstate web interface, you will need to specify an account (domain or Windows account), which has the following permissions: · Permissions to write to the Backup path you’ve specified · Permissions to stop and start the Passwordstate Windows Service on the web server · Permissions to write to the Passwordstate folder on your web server Which are all correct. Now we come to this: In addition to this, you must configure the SQL Server service to use a domain or Windows account which has permissions to also write to the Backup Path. We did a normal install and that installed the MSSQL Express instance. That has installed it with (default?) NTService\MSSQL$SQLEXPRESS account. Since this is going to run in a very secure environment (that's why we cannot update from the internet), are you positive that we need a Domain account there? Is there a way to skip this, just because this is only for the backup-part and not for the upgrade?? I also went through the Automatic Backup Troubleshooting part, where I also do not see any reason for an issue.
  5. Sorry, addition: The Start backup error was because at that point I was doing tests with an intentionally wrong account. With the domain admin, it says: Backup error detected - Object reference not set to an instance of an object. (I did restart the service after making changes to the backup settings and account)
  6. Current build is 8180. Yes, on administration-> backups and upgrades, it shows the current and latest (8325). So that seems to be fine then (except for the upgrade pdf that tells me to check the top of the screen). But then next, any attempt to enter credentials keeps failing on the Test Permissions button. I have D:\passwordstate as the path and Full control for the Domain Administrator, NETWORK SERVICE, local administrators, and the MSSQL$SQLEXPRESS user. The folder is new and empty. The result is the same when I share it (with full share permissions) and use the \\computername\sharename. I tested it with the domain-admin account and my personal admin account. When I click Backup Now -> Start backup, it says Please check the account you've specified has appropiate access rights to restart the passwordstate service. However, I am currently logged in as that same user and I am able to restart the service. (Finally, at Upgrade Now -> Begin Upgrade, the button changes to Test Downloading, which assumes it want to download instead of using the local file.)
  7. It looks to me that the problem is one step before that. It's on the step "seeing the upgrade". When I alter the database, place the zipfile and go into the web-interface, the update should be shown at the top of the page. In our case, it is not. So that's probably why it wants to go to the internet when attempting to upgrade, it does not "recognize" that the upgrade is present locally. Also, when I enter a username/password the Test Permissions fails. Either with my personal (admin-like) domain account and with our domain-admin account. I enter it with domain\username, and the path is just d:\backup. The permissions are "Authenticated users":M(RWL)
  8. I guess we are now talking about two different things? We don't need the backup because we create a snapshot (and have a VM backup). What would the backup account have to do with the ntfs permissions for upgrading without a backup?
  9. Our VM does have a network so it probably "thinks" that internet is reachable? It's just that the default gateway does no internet. Wouldn't those permissions be a large security risk? This install is in a no-internet zone because it's a very secure company... I doon't understand what you mean with "specify an account"? I can only specify an account for the backup, not for the install. Or am I missing something?
  10. From the Upgrade_Instructions.pdf file, I am trying to do the part: In-Place Upgrade Instructions without Internet Connectivity According to this: I've changed the DB with the 8.3 version and build 8325, downloaded the passwordstate_upgrade.zip file to the passwordstate\upgrade folder, disabled the automatic backup (I have a vmware snapshot), entered maintenance mode, restarted the service, but when I go to the upgrade (Administration / Backups and Upgrades / Upgrade now / Begin Upgrade) the system says that it needs connectivity to the clickstudio's website. (Also, the upgrade is not shown on top after the current version) To be precise, the button changes in testing download and then it says In order to perform an inplace-upgrade of paswordstate, your passwordstate install must be able to query click studio's web site. I guess the system does not see that I placed the zip-file into the upgrade folder?
×