logo

The ConnectWise Control forum has moved to ConnectWise University! This forum has been locked and is in read-only mode. Click here for instructions on how to access the new forum.

Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
damtechmatt  
#1 Posted : Monday, March 12, 2018 8:47:53 AM(UTC)
damtechmatt


Rank: Newbie

Joined: 2/12/2016(UTC)
Posts: 28
United Kingdom
Location: Sunderland UK

Thanks: 3 times
Hi

Im not sure if this is related to our recent upgrade to 6.5, but our install is no longer authenticating Google 2FA codes.

Even though the code is right, it says its invalid.

Luckily I had an admin user that was still logged in, so I've managed to take it off all the users for now, but thats a pain

Anyone any ideas why that would happen? I don't want to leave it off, but can't put it on until I know its working.

Also.... What happens if everyone was locked out? Is there a way to turn off 2FA in the database somehow?

Matt

Scott  
#2 Posted : Monday, March 12, 2018 11:05:59 AM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,862
United States

Thanks: 3 times
Was thanked: 351 time(s) in 303 post(s)
I'm guessing that you're an On-Premise user, but correct me if I'm wrong.

When 2FA codes stop working the most common cause is an incorrect clock somewhere within the connection (Host user's computer, the server, etc). Can't say this is always the problem but it's certainly a good place to start.

And when a user gets locked out, that data is stored within the User.xml within the App_Data directory in the ScreenConnect server's installation. If you need to reset someone's locked out status, just stop the services on the server, change that user's "IsLockedOut" value to false, and restart the services.

Also, if you need to completely whack a user's 2FA requirement from the server's installation, just delete the 'PasswordQuestion' value within the User.xml for that user (while the services are stopped).
ScreenConnect Team
damtechmatt  
#3 Posted : Monday, March 12, 2018 11:09:05 AM(UTC)
damtechmatt


Rank: Newbie

Joined: 2/12/2016(UTC)
Posts: 28
United Kingdom
Location: Sunderland UK

Thanks: 3 times
That's great thank you so much.

It is on-premise yes.

I'll check the time and date and make sure its correct.

At least I know if it stops working altogether, we can get round it manually.

There was a mild panic when users started reporting their 2FA codes had stopped working.
Scott  
#4 Posted : Monday, March 12, 2018 11:14:22 AM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,862
United States

Thanks: 3 times
Was thanked: 351 time(s) in 303 post(s)
Since it's more than one user I would be sure to check the clock on the server first, if it's a time issue that's where it would be.

Also, another test is to setup 2FA via OTP info here.

This 2FA method is implemented differently and while it's certainly not out of the question that something's wrong with our Google 2FA implementation, I feel like we would've heard more reports of it not working if that were the case.
ScreenConnect Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.