Performance Improvements – How to Troubleshoot and Resolve Issues

From time to time we receive support requests from customers having performance issues with Passwordstate.  In a significant number of cases the issues contributing to, or even the direct cause of the performance issues, are related to configuration or environmental considerations within a customer’s network.

To begin with, let’s recap on a set of very simplified installations.  The following image outlines 2 different Passwordstate installations that are typically encountered by our Technical Support Team;

The top of the image above shows a simple Passwordstate instance, with the webserver and database installed on the same Windows Server.  This could be either a physical or virtual server.  In this example the customers client PCs are connected via Wi-Fi to a simple Switch with in-built Wi-Fi.   

The bottom of the image shows a larger setup, with a dedicated Passwordstate webserver, deployed in High Availability mode and stack of virtual servers.  In this example the webserver and database servers are installed on separate Windows Servers and all members in the example are connected over a traditional ethernet network.  The Passwordstate webservers site behind a load balancer. 

In all instances, when a user has been authenticated and navigates to a screen in Passwordstate, their web browser is rendered based on the HTML for the screen they are accessing on the webserver, validated by the permissions they have been assigned as recorded in the SQL database, and the results of the SQL query for the data they are requesting.  This by necessity requires multiple interactions (queries and responses) between the webserver and SQL database before the results are rendered in the user’s web browser.    

Common Performance Issue Symptoms

Using the 2 typical implementations above, we are on occasion advised that users are experiencing performance issues.  These can typically be broken down into the following types of performance issues;

  • Overall responsiveness in Passwordstate
  • Slowness in navigating through Folders and Password Lists
  • Passwordstate sessions abruptly terminated
  • Features not working correctly or at all

There is some duplication between the underlying causes for the above and a number of these can, when aggregated, result in a significant impact to performance of your Passwordstate implementation.     

Examples of Approach to Issue Identification and Resolution

The following are examples of approaches toward identifying the underlying cause of the performance issues and resolving these. 

Overall Responsiveness:  The overall responsiveness in Passwordstate can depend on a number of factors.  This includes;

  • network connectivity between the client PC, Passwordstate webserver and SQL database
  • it can be affected by the number of Folders and Password Lists on the Passwords Tab and Folders and Nodes on the Hosts Tab
  • misconfiguration of any Load Balancers and Reverse Proxies
  • excessive number of entries in the auditing table

To test and resolve these, it’s recommended to;

  • confirm the issue with responsiveness is widespread or confined to only some users
  • verify there are no inherent network connectivity issues between the clients PC, the Passwordstate webserver and SQL database
  • test local authentication as opposed to Cloud based SAML authentication
  • develop and test a User Account Policy that applies Load on Demand and Node Capping
  • review and remove unnecessary Folders and empty Password Lists
  • reduce the size of your auditing table to less than 500,000 entries by archiving
  • bypass the Load Balancers and/or Reverse Proxies.  If this resolves the issue please liaise with the vendor supporting these

Slow Navigation with Passwordstate:  This is usually affected by the number of Folders and Password Lists on the Passwords Tab and Folders and Nodes on the Hosts Tab.  As an example, on the Passwords Tab you have a folder hierarchy with 1000 Folders and underneath each of these a number of Password Lists.  By default, when you navigate to the Passwords Tab the underlying query will validate your access to view and then retrieve the details of the 1000 folders, along with the Password Lists contained within these folders.  This produces a substantial amount of data that will then need to be rendered within your web browser.  It can also be affected by;

  • setting the password records display grid to a very large number of records
  • poorly behaved Anti-Virus software

To test and resolve these, it’s recommended to;

  • again, confirm if the issue is widespread or confined to some users
  • set your Password Records display grid to no more than 10 records
  • use the Search capability to locate the Password Record rather than browsing through Folders, Password Lists and long display grids
  • use a User Account Policy that applies Load on Demand and Node Capping
  • review and remove unnecessary Folders and empty Password Lists
  • test if your Anti-Virus software is the cause by temporarily setting exclusions on the Passwordstate folder structure on your webserver.  You can also temporarily disable the AV software to test this.  Please note if this resolves the issue you should enable your AV software and remove any exclusions before contacting the vendor for a permanent fix.

Passwordstate sessions abruptly terminated:  This is usually caused by either badly behaved Anti-Virus software or Windows Patching having installed patches that require a subsequent reboot.  Windows patching has in some cases caused Passwordstate sessions to intermittently fail.    Some Anti-Virus Software products are known to kill sessions in IIS with the following types of error being reported in Passwordstate Error Console screen;

  • It appears the user’s session in IIS has been prematurely ended, causing the following error
  • Object variable or With block variable not set
  • Error Code = Incorrect syntax near the keyword ‘DEFAULT’
  • Error Code = Thread was being aborted
  • ApplyScreenCustomisations
  • There was an issue validating both the AuthToken session variable and cookie
  • The parameterized query
  • Specified argument was out of the range of valid values in conjunction with ApplyScreenCustomisations()

Some Reverse Proxies and Load Balancers can also cause these errors.  In order to rule these out please bypass them and monitor the Error Console.

Features not working correctly:  The single biggest cause of Passwordstate features, such as Self-Destruct Messages, Password Reset Portal, API issues, SAML Authentication and HA polling not working correctly is misconfigured Load Balancers and Reverse Proxies.  To determine if these are negatively impacting on the functioning of Passwordstate please bypass them and retest.

By working through some basic troubleshooting steps you can usually find what is causing the underlying performance issues with your instance.  If you are still experiencing issues after having worked through the above, or there are other errors being reported in the Error Console then please send these through to support@clickstudios.com.au for assistance.

Once again if you have feedback, we’d love to hear it via support@clickstudios.com.au.

Mitigating The Need for Internet Access

Mobile Client support, introduced back in Passwordstate 6.2 (2013), enabled access to your password credentials from iOS, Android, Windows Phones and Blackberry devices.  Its primary focus was providing remote access to managed credentials while … [Continue reading]

One Time Passwords and The Browser Extension

This week’s blog almost sounds like a modern take on one of Aesop’s fables, except instead of featuring animals with human attributes we’re using a modern “technology take” on the story.  There’s no moral taught in this story (blog), just … [Continue reading]

Searching in System Settings and Feature Access

There’s no denying that Passwordstate has a significant number of options for configuration and customization.  That can sometimes make it hard to remember exactly where a configuration option lives (or is hiding).  That’s why in V9 we … [Continue reading]

Top Ten Golden Rules for People New to Passwordstate

With the release of Passwordstate V9 we’re seeing a lot of interest from potential customers about the existing and new features that are included in our product.  However, we all sometimes get side-tracked by the “bright shiny objects” and miss … [Continue reading]

Installing Passwordstate on a Windows 10 PC

One of the issues faced by small businesses, especially in today’s Cloud First World, is there is very little in the way of computing infrastructure that is hosted out of a bricks and mortar premises.  A lot of small business utilising SaaS … [Continue reading]

Branding Options for your Passwordstate Instance

Branding within Passwordstate offers customers the ability to configure their Instance to more closely match an organization’s corporate look and feel.  This can be as simple as providing a custom URL (Uniform Resource Locator), making it easier … [Continue reading]

Passwordstate Backup Functionality Explained

You’ll have to indulge me upfront this week. I’ve dusted off my old CTO and Management soapbox and here comes the Backups 101 lecture. Our driving philosophy is Password management should be affordable for everyone. Because it’s … [Continue reading]

Password Strength and Generator Policies in Detail

This week’s blog builds on the entry last week https://blog.clickstudios.com.au/bad-passwords-pwned-accounts-and-prevention/.     Now that you’ve decided to block the use of Bad Passwords in your organization, using the Bad Passwords feature in … [Continue reading]

Bad Passwords, Pwned Accounts and Prevention

As the ongoing industry investigation continues, into what has widely become known as Solarigate, it’s worthwhile going back to some base concepts.     There’s an argument to be had that an organization’s privileged accounts should … [Continue reading]