Error Console Errors Due to Anti-Virus Software

[support]

Certain brands of Anti-Virus software installed on your Passwordstate web server can cause issues with sessions in IIS (Internet Information Services). These AV products can kill sessions in IIS, causing the general error screen to appear in Passwordstate, and the following types of errors in the Error Console screen:

 

• It appears the user's session in IIS has been prematurely ended, causing the following error
• Object variable or With block variable not set
• Error Code = Incorrect syntax near the keyword 'DEFAULT'
• Error Code = Thread was being aborted
• ApplyScreenCustomisations
• Invalid Viewstate
• There was an issue validating both the AuthToken session variable and cookie

• The parameterized query

• Specified argument was out of the range of valid values in conjunction with ApplyScreenCustomisations()

 

If you see any errors like this, please temporarily exclude the Passwordstate folder from any active scanning, as well as the w3wp.exe process, which is IIS.  Generally the Passwordstate install folder is c:\inetpub\passwordstate.  If this resolves the issue then remove the exclusion and contact your AV vendor for a permanent solution.

 

Some of these errors can also be caused by using multiple instances of Passwordstate open in different browsers, or different tabs, and upgrading to the latest version will fix these errors.

 

**EDIT** We have also been made aware that reverse proxies, or even web load balances can cause some of these errors.  To rule out these solutions are causing these errors, please bypass them an monitor the error console. 

 

If you can determine that a Load Balancer or Reverse Proxy is causing the issue, please log a support call with that vendor to ask for advice on how to configure their solution to prevent this from happening.  

 

**EDIT 14th August 2023**

Another customer has given us information when using Blackberry’s Cylance ENDPOINT (aka Cylance PROTECT and Cylance OPTICS).  Information about this can be seen below:

 

Memory protection policy needs to have these exclusions added:

1. “\inetpub\Passwordstate\Bin\Passwordstate.exe” – for all violation types (build 9700 or below)
2. “\inetpub\Passwordstate\WindowsService\Passwordstate.exe” – for all violation types (build 9708 or above)
3. “\Program Files (x86)\Passwordstate Agent\PasswordstateAgent.exe” – ignore Malicious payload violation type
4. “\Program Files (x86)\Passwordstate Agent\PasswordstateAgentUpgradeService.exe” – ignore Malicious payload violation type

 

 

Regards

Click Studios

[Gennysmith]

It actually happens. I have also got under this with the Antivirus software installed on my laptop. But after I fix Error Code 0X80071A90 it got solved then only. 

[support]

Thanks for letting the community know

[Sarge]

These errors "It appears the user's session in IIS has been prematurely ended, causing the following error" also occur during the Out of Box setup wizard as you click "Next" to apply the "System Settings" if you've got the STIG for Windows Server 2019 applied.

We're still trying to find exactly what setting within the STIG is causing the issue. @support is there any guidance you can provide of what is occurring after clicking Next on the System Settings setup wizard screen? 

[Sarge]

The above was caused by Windows Server 2019 must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. (stigviewer.com)

The IIS errors are a red herring in this case.