Guest George Cirease Posted September 14, 2017 Share Posted September 14, 2017 Hi, We have a situation with email notifications sent weekly to one of our users. This are some examples: "Your access to the Password List/Folder '\XXX\Test' has been removed by Passwordstate Windows Service Account." "Your account on Passwordstate has been enabled by Passwordstate Windows Service Account. To login to Passwordstate, please use the link below." "You have been granted the following access within Passwordstate:Password List: \XXXPermission: Modify AccessExpires At: No Expiry SetGranted By: Passwordstate Windows Service Account" This user account that is receiving this weekly notifications has Admin Folder Permissions on "Test" folder. The question is: Is there any chance to stop sending this type of notifications. Thanks, George Link to comment Share on other sites More sharing options...
support Posted September 14, 2017 Share Posted September 14, 2017 Hi George, Are there any more events like this? It sounds like the Active Directory Synchronization process (performed by the Passwordstate Windows Service) is removing the users account, and then re-added it back during the next Sync. Or possibly the user is being removed from a security group, and then re-added back. What permissions on the domain does the 'Privileged Account Credential' have which is associated with your Active Directory Domain in Passwordstate? Lack of permissions could explain this, and possibly added this account to a security group like 'Account Operators' might help? Regards Click Studios Link to comment Share on other sites More sharing options...
Dariusz Posted December 20, 2017 Share Posted December 20, 2017 Dear support, we are experiencing similar issues where users are receiving dozen of emails in regards to: "Your access to the Password List/Folder '\XXX\Test' has been removed by Passwordstate Windows Service Account." "Your account on Passwordstate has been enabled by Passwordstate Windows Service Account. To login to Passwordstate, please use the link below." "You have been granted the following access within Passwordstate Our users question whether their passwords are secure and we are wondering what may cause this emails to be sent out. Currently, our setup is a follows: - we have a dedicated service account called svc.passwordstate - this service account has been added to a security group like 'Account Operators' as you advised above - in PasswordStae console > Active Directory Domains, this service account has permissions to Read Active Directory Security Groups and User Accounts (screenshot 1 below) - in PasswordStae console > Privileged Account Credentials, the service account has permissions to Read Active Directory Security Groups and User Accounts for All Users and Security Groups (screenshot 2) - Windows service called 'PasswordState Service' is ran with the Local System Account (screenshot 3) Is there anything that needs to be modifies to make sure that AD Synchronization process does not remove/add, disable/enable users accounts which would trigger emails to be sent? Please advise. Regards, Dariusz screenshot 1. screenshot 2. screenshot 3 Link to comment Share on other sites More sharing options...
support Posted December 20, 2017 Share Posted December 20, 2017 Hi Dariusz, It sounds like you have everything configured correctly, but it seems the Passwordstate Windows Service is having issues communicating with your Active Directory at times. It's difficult for us to know why this is, without seeing any errors. Is it reporting any errors in the Windows Application Event Log at the time of the scheduled Sync? While we investigate this, I would suggest setting the two System Settings you see below to 'Do Nothing', and then restart the Passwordstate Windows Service. Regards Click Studios Link to comment Share on other sites More sharing options...
Dariusz Posted December 21, 2017 Share Posted December 21, 2017 Hi, thanks for your prompt reply. Our Synchronisation with AD was set to perform every 1 Hour, i changed it to every 4 Hours now. As for any errors in Windows Application Event Log, it looks ok, obviously we had plenty of the Events (information) since the sync ran every hour: - Started Passwordstate Active Directory User Accounts and Security Group Synchronization. - Finished Passwordstate Active Directory User Accounts and Security Group Synchronization. The only error was: An error has occurred executing the method CheckForNewBuildNo() - Unable to connect to the remote server&stacktrace= at System.Net.HttpWebRequest.GetResponse() at PasswordstateService.PasswordstateService.CheckForNewBuildNo(String ProxyServer, String ProxyUserName, String ProxyPassword, String BuildNo, String NewBuildNo, String ShowNewBuildsTo) I will monitor the number of emails sent to users. Please let me know if there is anything else that should/may be done in our case. Regards, Dariusz Link to comment Share on other sites More sharing options...
support Posted December 21, 2017 Share Posted December 21, 2017 Hi Dariusz, That event log entry simply means the Passwordstate Windows Service cannot check our web sites for new builds, and has nothing to do with this issue. We've done testing in the past trying to force the similar issue where our domain controllers seemed to be unavailable, but we were unable to reproduce this issue. We disabled NICs, faked DNS entries, but all we got was an Event Log error saying the service could not communicate with AD - and it did not remove any user accounts or security groups. Make sure those System Settings are set for you, and lets monitor this to see if we run into any more issues. Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.