Password manager Pro RDP gateway doesn’t work

Having successfully configured the web portal to use SSL and a certificate issued by my internal CA infrastructure I thought I was home and dry with this product.

The very next issue was getting the RDP gateway working.  PMP uses a web portal sitting on port 7273 to provide an RDP and SSH client to the PMP user.  It’s a great idea but when I tried to use it the tab was closed immediately.  I say immediately what happens is you get a popup message box asking if it’s OK to shut the tab. It doesn’t matter what you click it won’t work.

On the password tab there is a hyperlink “Trouble Shoot Auto Logon Issues” click this and another browser ( with no URL bar ) opens and displays a certificate error.  Unfortunately you can;’t view the cert and the error doesn’t really tell you what the problem is.  THATS USEFUL MICROSOFT!

I used Chrome and that allowed me to see the certificate.  BOOM!  it’s self signed and that’s why it’s not working.

So why oh why doesn’t ManageEngine tell you how to configure the RDP gateway to use the same certificate as the web portal?

The fix ( provided by ManagedEngine by the way ) is to edit the wrapper.conf file in the <PMP Install Directory>conf folder.

(Make a copy first in case you mess this up of course)  You need to locate the following elements and change them to reflect the certificate.

wrapper.java.additional.21=-Djavax.net.ssl.keyStore=../conf/server.keystore  change server.keystore to your .pfx file created in my other post.

wrapper.java.additional.22=-Djavax.net.ssl.keyStorePassword=passtrix  and change passtrix to the password you used to secure the private key in the .pfx file.

wrapper.java.additional.23=-Djavax.net.ssl.keyStoreType=<keyType> change this to PKCS12

Restart PMP and it should all start working.  MAGIC!

Advertisements

4 thoughts on “Password manager Pro RDP gateway doesn’t work

  1. Hi,

    Thanks for the post. You are correct. PMP automatically generates a Self Signed, non trusted certificate during the installation and that will be used for the webserver. You can continue using the same certificate or configure a certificate that is trusted in your network, either using your internal CA or by getting it signed from a third party like GoDaddy or Verisign. Chrome and Firefox will allow you to use the RDP feature, even while using the self signed certificate. You just need to accept the certificate warning and you will see a Green check mark. Based on your security settings, IE may not allow you to accept the certificate and proceed. So to use the RDP feature in IE, you would have to configure the certificate in wrapper.conf file. We will post a separate blog regarding the troubleshooting steps for the RDP feature shortly.

    Hope PMP meets all your requirements. If you need any technical assistance, feel free to write to us at support@passwordmanagerpro.com.

    Ganesh

    • Thanks Bill, as a corollary to this, lots of the PMP online documentation is out of date ( for previous versions of the code ) and some of it just doesn’t quite have enough information in the text to work out how to actually do some of the stuff. I appreciate that keeping up with all the changes in a product and updating the documentation in time for the upgrade realise is a hard task. My bread and butter is documentation as I work in an engineering team.

      Support so far from you guys has been good no complaints really. I always do research before I place a support call with the support teams so posting fixes like this is so important and will reduce support calls hopefully.

  2. Thanks this post really helped.. The Password Manager Pro documentation has a complicated procedure that involves using openssl etc. I didn’t know I could very easily use the existing PFX file from the website SSL certificate that I already generated.

    • thanks for reading the blog! Zohan / ManageEngine are struggling to keep the documentation up to date with the changes they are making to the product. I can’t take credit for the solution as the fix was provided by the app support team but the whole idea of this blog is to promulgate the things I learn in the hope others don’t have to suffer the same pain that I’m going through.

Leave a Reply to clan8blogger Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.