The Mobile Clients introduced in Passwordstate V9 are purpose-built iOS and Android apps. These authenticate using an independent credential set and allow the secure storing of password records locally on the smartphone, within an encrypted cache.
You can use the biometric capability of your smartphone to access the data within this cache and all authentication / access of credentials is audited and synced with your Passwordstate instance on the next connection. We have some exciting news about upcoming features in these apps…but that’s for a future blog.
In the meantime, if you find you have issues in connecting via the App Server or in Synchronizing entries between Passwordstate and the App we’ve produced this troubleshooting blog article for you.
Ensure there is data to Synchronize…
Interested Passwordstate users have gone to the respective Apple and Google Play stores and downloaded the Apps. Everything seems to be working and then you start getting support calls related to some users being unable to connect or synchronize credentials to devices.
The first thing you may want to check is your Password Lists are enabled for Mobile Access. This is a default setting when you grant a user access to a Password List and is controlled under Administration->System Settings->mobile access options->Mobile App Settings->When adding new permissions to Password Lists, enabled Mobile Access by default being set to Yes.
You can confirm If they have access by viewing the Password List Permissions, and should see a tick under Mobile Access for the user in question,
Note that the default setting can be individually selected or deselected when adding permissions to a Password List. This is done by right clicking on the Password List, selecting View Permissions, and then selecting Grant New Permissions and clicking on the No radio button,
The Mobile Access Permissions on Password Lists can also be modified in bulk by navigating to Administration->Password Lists->Perform Bulk Processing…->Mobile Access Bulk Permissions.
If this all appears to be correct then you may want to check the user has been granted access to use the Mobile Native App feature.
…Check the user has been granted Access…
You can control which Users or Security Groups have access to the Mobile Native App feature by navigating to Administration->Feature Access->mobile and clicking on the Set Permissions button,
This works exactly the same as other permissions screens. If they haven’t been granted access, simply search for and add the appropriate Security Group (preferred) or User with the >> button and click Save,
You’ve now checked they have been granted access to the Mobile Native App and have Data to be Synchronized.
…Generate your APP Server QR Code and Password
If the Users are still unable to connect to the App Server or are unable to synchronize data you can try getting them to clear their existing Master Password, supply a new one and generate a new QR Code.
To do this have the user login to Passwordstate and click on Preferences->Preferences->mobile access options->Mobile App Settings and click on the Clear button. They need to then type in a new Master Password and once done click Save,
This will generate a new QR Code which they’ll need to scan when re-pairing their mobile app. When re-pairing please ensure the username they are supplying is the one specified under Mobile App Username:. If this is a domain account the format will be Domain Name\Mobile App Username. The password is the new Mobile App Master Password they have just set, not their Domain password.
Make sure your URL and Public Key are correct
If you have recently changed your Base URL for the App Server or updated the SSL Certificate, you’ll need to ensure the settings under Administration->System Settings->mobile access options->Mobile App URL and Security have been updated. If either of these have changed, you’ll need to ensure the URL under Specify the URL for your Passwordstate App Server installation is correct, then click on the Generate New App Pairing Secret,click on the Clear and then Query button to obtain the Public Key for the App Server’s SSL Certificate. Once done click Save,
If when clicking Query you receive an error message or the Public Key box doesn’t populate then there is an issue with the App Server URL, your DNS or Firewall settings.
When successful, you’ll now need to have each user regenerate their APP Server QR Code and Master Password and re-pair their mobile app as per the previous section.
IIS, DNS and Port Settings
If you are still having issues with connecting to the App Server then you should also check on the following;
- Check that your HTTPS binding in IIS (Internet Information Services) has the same URL you have set under Administration->System Settings->mobile access options->Mobile App URL and Security
- Make sure your DNS entry is set correctly for the App Server URL, and it is pointing to the correct server. To check this, you can run CMD.exe as an Administrator and type nslookup followed by the FQDN (fully Qualified Domain Name) of the App Server
- Confirm the port you are using for the App Server URL is open. By default it uses port 443 but you should confirm that is the port specified in your IIS binding. If you have a HA implementation, and are using a SQL Listener as part of SQL Replication between database servers, then the port must be open on both SQL Servers
- Ensure the App Server can communicate to the Passwordstate Database. Login to the Server hosting the App Server, Start PowerShell as an Administrator and type Test-NetConnection followed by the FQDN of the server followed by -Port 1433. This will return the IP addresses and a TCPTest Succeeded: True if successful.
- Test that you can reach the App Server URL from your Smartphone. Type the App Server URL into your Smartphone browser and you should see a 200 | Status OK message on the page. This means the Smartphone can successfully reach the App Server. Any other result indicates the App Server URL is not reachable. You may want to try this test via the business WIFI network and via your Smartphone Carrier’s network if the App Server is internet facing.
By working through these steps, you should be able to troubleshoot the reason why users are unable to connect or synchronize data and resolve the issue for them.
Got feedback you want to share? Email it through to support@clickstudios.com.au.