User Logon Tracking SSL Issue

[mobybrick]

Hi Nick,

Just getting to grips with user/PC tracking.

At the moment HAP is set up on a test server using an untrusted SSL certificate of the correct name.

When a user logs on tho, the logon tracking does not work because the logon tracker process encounters a System.Net.WebException - Could not establish trust relationship for the SSL/TLS secure changel ->remote certificate invalid according to the validation procedure.

I've attached the exact popup window that the user sees

If I browse the server remotely, it warns me that the certificate is untrusted.

Even if/when we get a free SSL certficate, it will likely not match the internal domain name (as opposed to the external internet DNS name) so a similar certificate error will be presented.

Question: Can the HAP logon tracker.exe be modified/configured to ignore SSL warnings and complete anyway?

Your thoughts and help, as always, would be appreciated!

Thanks
Moby

[nickbro]

Ok, I'll look into this.

[nickbro]

I've added code to ignore invalid certs, try this version:

(Should be v3.5)

[mobybrick]

Hi Nick,

This change seems great, thanks!

Now on to the next thing: The various 'Logoff' buttons do not seem to work (i.e. a user cannot log themselves off another machine if attempting a multiple logon) nor can the administrator log all users off.

Is there any other requirement or anything else that needs to be done? I did have a quick look at the code to see how the logoff function was implemented... in api.asmx.cs should not the following two lines

connoptions.Username = hapConfig.Current.AD.User;
connoptions.Password = hapConfig.Current.AD.Password;

also be followed by connoptions.EnablePrivileges=true;

My bad if I've got this wrong, but when connecting to remote PCs this is turned off by default (EnablePrivileges Property)

I can't see any other reason why the remote logoff shouldn't work, unless there's some other service needed on the clients (Windows Remote Management and Windows Management Interface services both running).

Also, as per one of your excellent videos, the logon tracker.exe needs the parameters https://servername/hap/ (with the trailing slash) but in the latest PDF file on the site the trailing slash is missing (a 'File not found' message is reported by the tracker if the slash is missing).

Sorry for so much hassle & thanks again for your help!

Regards
Moby
&

I've added code to ignore invalid certs, try this version:

(Should be v3.5)

[nickbro]

@mobybrick, I'll add that code to the API, thanks. It always seems to have worked for me at CHS. We don't have Win7 here yet though.

[mobybrick]

No worries... Any chance of a rebuilt DLL, when you can, that I can re-test with?

Thanks again,

Moby

[mobybrick]

Hi Nick,

Got it working without this change, so not sure it's needed right at the mo. When using Win7, need to make sure that not only is WMI running but also enabled as a firewall exception via GPO. Disabling the firewall service is not enough

Is it worth considering as a future feature request a button on the admin console that resets the state of the logon tally? i.e. Similar to the "Log all off" button, but doesn't actually log people off - just writes them as logged off in the DB? We have lots of intermittent power failures but can't always guarantee that users will re-use the same room/PCs if a power cut goes over more than one lesson...

Thanks again!
Moby

No worries... Any chance of a rebuilt DLL, when you can, that I can re-test with?

Thanks again,

Moby

[nickbro]

The logon tracker should clear all logons on that machine when it reboots. I've added a "Set all as Logged Off" button to the tracker