+ Post New Thread
Results 1 to 8 of 8
Home Access Plus+ Thread, User Logon Tracking SSL Issue in Projects:; Hi Nick, Just getting to grips with user/PC tracking. At the moment HAP is set up on a test server ...
  1. #1

    Join Date
    Sep 2009
    Posts
    133
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    11

    User Logon Tracking SSL Issue

    Hi Nick,

    Just getting to grips with user/PC tracking.

    At the moment HAP is set up on a test server using an untrusted SSL certificate of the correct name.

    When a user logs on tho, the logon tracking does not work because the logon tracker process encounters a System.Net.WebException - Could not establish trust relationship for the SSL/TLS secure changel ->remote certificate invalid according to the validation procedure.

    I've attached the exact popup window that the user sees

    If I browse the server remotely, it warns me that the certificate is untrusted.

    Even if/when we get a free SSL certficate, it will likely not match the internal domain name (as opposed to the external internet DNS name) so a similar certificate error will be presented.

    Question: Can the HAP logon tracker.exe be modified/configured to ignore SSL warnings and complete anyway?

    Your thoughts and help, as always, would be appreciated!

    Thanks
    Moby
    Attached Thumbnails Attached Thumbnails User Logon Tracking SSL Issue-ssl-error.jpg  

  2. #2
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,561
    Thank Post
    38
    Thanked 507 Times in 437 Posts
    Rep Power
    114
    Ok, I'll look into this.

  3. #3
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,561
    Thank Post
    38
    Thanked 507 Times in 437 Posts
    Rep Power
    114
    I've added code to ignore invalid certs, try this version:

    (Should be v3.5)

  4. #4

    Join Date
    Sep 2009
    Posts
    133
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Hi Nick,

    This change seems great, thanks!

    Now on to the next thing: The various 'Logoff' buttons do not seem to work (i.e. a user cannot log themselves off another machine if attempting a multiple logon) nor can the administrator log all users off.

    Is there any other requirement or anything else that needs to be done? I did have a quick look at the code to see how the logoff function was implemented... in api.asmx.cs should not the following two lines

    connoptions.Username = hapConfig.Current.AD.User;
    connoptions.Password = hapConfig.Current.AD.Password;

    also be followed by connoptions.EnablePrivileges=true;

    My bad if I've got this wrong, but when connecting to remote PCs this is turned off by default (EnablePrivileges Property)

    I can't see any other reason why the remote logoff shouldn't work, unless there's some other service needed on the clients (Windows Remote Management and Windows Management Interface services both running).

    Also, as per one of your excellent videos, the logon tracker.exe needs the parameters https://servername/hap/ (with the trailing slash) but in the latest PDF file on the site the trailing slash is missing (a 'File not found' message is reported by the tracker if the slash is missing).

    Sorry for so much hassle & thanks again for your help!

    Regards
    Moby
    &
    Quote Originally Posted by nickbro View Post
    I've added code to ignore invalid certs, try this version:

    (Should be v3.5)

  5. #5
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,561
    Thank Post
    38
    Thanked 507 Times in 437 Posts
    Rep Power
    114
    @mobybrick, I'll add that code to the API, thanks. It always seems to have worked for me at CHS. We don't have Win7 here yet though.

  6. #6

    Join Date
    Sep 2009
    Posts
    133
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    No worries... Any chance of a rebuilt DLL, when you can, that I can re-test with?

    Thanks again,

    Moby

  7. #7

    Join Date
    Sep 2009
    Posts
    133
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Hi Nick,

    Got it working without this change, so not sure it's needed right at the mo. When using Win7, need to make sure that not only is WMI running but also enabled as a firewall exception via GPO. Disabling the firewall service is not enough

    Is it worth considering as a future feature request a button on the admin console that resets the state of the logon tally? i.e. Similar to the "Log all off" button, but doesn't actually log people off - just writes them as logged off in the DB? We have lots of intermittent power failures but can't always guarantee that users will re-use the same room/PCs if a power cut goes over more than one lesson...

    Thanks again!
    Moby

    Quote Originally Posted by mobybrick View Post
    No worries... Any chance of a rebuilt DLL, when you can, that I can re-test with?

    Thanks again,

    Moby

  8. #8
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,561
    Thank Post
    38
    Thanked 507 Times in 437 Posts
    Rep Power
    114
    The logon tracker should clear all logons on that machine when it reboots. I've added a "Set all as Logged Off" button to the tracker

SHARE:
+ Post New Thread

Similar Threads

  1. Transfer User Area's - Permissions Issues ??
    By mac_shinobi in forum Wireless Networks
    Replies: 24
    Last Post: 21st May 2008, 12:36 PM
  2. When do you create a ticket for tracking an issue?
    By pete in forum Network and Classroom Management
    Replies: 9
    Last Post: 19th May 2008, 03:25 PM
  3. fast user logon
    By strawberry in forum Windows
    Replies: 0
    Last Post: 21st November 2007, 09:11 AM
  4. Track user logons?
    By Jon1 in forum Windows
    Replies: 33
    Last Post: 22nd June 2007, 02:44 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •