Fixing invalid or expired security content token

Written by William Roush on January 20, 2016 at 12:14 am

Ever get an error like this?

The message could not be processed. This is most likely because the action ‘[URI here]’ is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint’s binding.

And are completely stumped as to what you’ve done wrong?

I spent a few hours to learn that the default wsHttpBinding security configuration is message not none. A commit I made a few weeks ago added this:


<security mode="none" />

To match up with a web transform file for release. When really it should have been:


<security mode="message" />

Additionally I could have just changed the transform to insert instead of replace a called it a day.

 

Sometimes you spend the most time on the silliest of things…

Simplehelp Review – Self-Hosted Remote Support Software

Written by William Roush on October 20, 2015 at 1:50 am

Simplehelp is a self-hosted remote support solution that takes many different approaches to the various methods of administrating your access and server wrapped up in a cost-effective solution.

8866131

Simplehelp is a self-hosted remote support software, similar to the likes of LogMeIn, GoToAssist or ScreenConnect. In the wake of the ScreenConnect pricing issue, I keep hearing about Simplehelp, so I’d figure I’d look into it and give it a go.

Installation

Obtaining a trail license is easy, you can sign up through their website and you’ll get an e-mail with a license as an attachment with instructions on how to set up the application, we’ll of course be using a Debian 8 box (as per my standard setup), and we’ll see how difficult this is…


wget http://backend.simple-help.com/releases/SimpleHelp-linux-amd64.tar.gz
tar zxvf SimpleHelp-linux-amd64.tar.gz
cd SimpleHelp
./serverstart.sh

2015-10-20 01_36_40-Welcome to SimpleHelp

Well shoot, that was easy.

However this isn’t a very good setup, I don’t have it autostarting, and I’ll have to manually set it up with it’s own user account, but to get me running it’s pretty easy.

Administrating your box

One major thing you’ll notice that is different is that the web server is pretty barren, all it provides are downloads to the on-demand system, the administration software and the remote access download. The awesome part is every section comes with code to embed on a website to add the functionality to your own sites. it appears everything is Java (it comes with the Java Runtime Environment 1.6.0U16), so the UI is kind of clunky looking:

2015-10-20 01_40_18-Program Manager

However this application has an almost mad amount of configuration options, it would be a bore for me to go over them all so let me touch on some of the basics. You have a pretty decent user/group management system, where you can grant access to customers via your groups. The only part I don’t like is that you’re building filters for your groups which can be somewhat clunky (you write queries like “customer name is ‘roushtech'” which I’ve never been a big fan of). LDAP auth is available and easy to configure which is always nice.

Security wise you can restrict where techs can connect from via IP address, you can enable a built-in “two tier auth” which will e-mail your tech an authentication code to log in with when they try to log in. You can require customers enter a password (however this is shared).

There is a wide array of branding you can do, you can add your own images, names, etc.

Remote Access (on-demand and always-on)

2015-10-20 01_36_58-SimpleHelp Remote Support - Technician

Customers are presented with this download link to download and run the application, this seems to be the more surefire way most applications are going being as various browser plugins keep getting killed (and rightfully so). The user is prompted for elevation when firing up the application (would rather this happen later), but if they cancel out of it you can request it later.

2015-10-20 01_46_21-Test - Windows 7 x64

Elevate with the admin account or prompt the user on the machine to elevate, sweet.

Multi-monitor support and easy swapping

Multi-monitor support and easy swapping

Lots of options

Lots of options

Lots of good features here (disabled due to keyboard input being disabled), remote commands are easy to run from here, or restarting the machine. A “calling card” allows you to put a shortcut on the user’s desktop to allow them to reconnect to your system easily. You can duplicate sessions allowing other techs to log into the same session with you, and you can easily install/uninstall the always on remote access service. I love the calling card idea, and the ease of installing the remote access service from here is great too.

Connection bandwidth options are quite tweakable

Connection bandwidth options are quite tweakable

You can tweak all different kinds of settings in regards to your connection, no simple “high/medium/low” settings here, which means you can give/take certain trade-offs… willing to have fewer updates but really need more colors? Tweak it! Maybe the ability to save some favorites and make it easily switchable would be nice.

Statistics and tools

Statistics and tools

There is a fairly strong suite of tools for monitoring performance, looking at the registry, running commands, tweaking services, testing ports, it’s pretty feature rich for what it is.

So many connection options

So many connection options

Additionally both the technician and the client have many connection options, they’ll try to UDP directly and circumvent your server entirely for the best connection, if that fails they’ll UDP to the server, if that fails they’ll attempt TCP, if that fails they’ll drop to SSL to the server, and if that fails they’ll drop to HTTP. It really does go all-out in an attempt to make things work and allows you to look at all the details.

Various Issues

Weak Diffie-Hellman key on install

It appears the software ships with using the default DH keys, whoops:

2015-10-20 02_03_31-https____customer failed to load

You can set up your own SSL keys via the administration tools, however it must be uploaded in the form of a Java Keystore ick!! I’m not 100% certain but I’m sure you can tack in your own DH key in there too… If anyone is really curious hit me up and maybe I’ll do a write-up on it.

Scroll wheel not (really) working in app

My scroll wheel barely moves any UI elements in the admin app, this is a common problem I’ve had with various Java apps though…

Final Opinions

Pros

  • Starting at $320/session, it’s a good starter system for many.
  • UI workflow is great (eg: figuring out how to install remote access service, or elevate to admin).
  • Server attempts to connect over various methods and provides details to the tech on method being used.
  • Presenting feature is literally embedded in the browser, a cool idea.
  • I like access management, easy, organized, detailed.
  • Supports Wake-On-Lan (must have another machine on the network powered on AFAIK, never tested it on this application).
  • Small web surface makes it easier to secure vs. other options.

Cons

  • UI look is a bit clunky looking, but for what it is, things are easy to access and find.
  • Default security setup is poor.
  • Presenting being in-browser however lacks some functionality, such as switching presenters.
  • System tray notifications don’t work on WIndows 7
  • Don’t make us play to Java Keystores for SSL certs please.
  • UPNP didn’t appear to fire up, may be a con for some of you other there depending on it.

Overall

I think Simplehelp is an excellent option for people looking for a budget system or something they want to self-host, it’s got a few rough spots but in my opinion much easier to administrate and tweak then ScreenConnect.

ScreenConnect Pricing Changes

Written by William Roush on October 19, 2015 at 5:11 pm

On Friday 10/16/2015 ScreenConnect announced a pricing increase for self-hosted clients, from the $325 entry cost to $2,195, changing my opinion greatly on whether or not ScreenConnect is right for you.

I did a review awhile ago about ScreenConnect boasting how much of a good solution it is for companies that want a cost-effective alternative for remote support, I think it’s time to take that recommendation back.

I will be updating this article as more news arrives.

This is a good start to my week…

What this means for legacy customers

Right now legacy customers are able to put in their old license and get the old licensing deals, while they didn’t have to do this, I’ve had companies go back on their word after the dust had settled, so I’m not hedging any bets that we won’t be next.

I very well may be dropping my license regardless simply because I can’t see this ending well and might as well jump on a product I see as more healthy long-term.

What this means for new customers

New customers have to pay $2,195 for an on-premise license plus $795 for each additional tech. This base license does come with 3 technician seats and up to 10 simultaneous sessions per tech.

Technician Seats

These appear to only be taken when a technician has an open connection, so you should be able to have 5 techs logged into a 3 tech licensed system, with only any 3 of them with open connections at any one time.

Unknowns

10 Concurrent connections

What is with this push for a large number of concurrent connections? If it’s anything like the last setup it means that one person can have 10 windows open to other machines. I’ve sometimes found that two or possibly three would be helpful, but always jumped sessions instead, with old pricing it was cheaper to just buy two licenses! I am curious if there are people out there pushing techs to sit actively connected to 10 machines at once (I’ve worked at an MSP before, I bounced around machines at one time, but there is a limit… I’ve only got one mouse and keyboard, everybody).

My take

I feel like it’s VMware’s VRAM fiasco all over again, pricing makes little sense, this only hurts customers — not helps them, competitors will jump all over this as a way to say “look at ScreenConnect, expensive, fewer features, use our product”, which is exactly what happened to VMware, they made their customers mad and they gave their competitors lots of ammo

What I’m curious about is whether or not there is some reason for the move, is there a high number of support calls coming in and ScreenConnect is having problem servicing them all? The forums have some complaints as to the response time over the past… I wouldn’t know, I’ve never had to call them. Unfortunately ScreenConnect hasn’t communicated any of this out…

Gogs – Self-Hosted Source Code Repository Review

Written by William Roush on June 26, 2015 at 5:14 pm

A review of Gogs – Go Git Service, a new self-hosted website for managing your Git repositories.

 

Gogs is a self-hosted code repository and collaboration platform for the Git distributed version control system. Gogs follows a lot of GitHub’s workflow and design decisions, all built on top of the Go language. The result is a familiar — and fast experience.

Installation

Gogs has repositories for various popular platforms including Debian and Redhat based systems. Installation is pretty easy, with a simple INI file for modifying it’s configuration (I haven’t seen one of those in new software in forever).

I’ve installed mine through the Puppet module Siteminds-gogs which leveraged the Debian 7 packages from Gogs’ own repository, though it has some bugs on it’s configuration templates and could use some love, it’s most of the way there for being version 0.0.3!

First Impression

One word: Fast.

It’s really fast, the website is extremely responsive and push/pulls are faster than anything I’ve experienced using cloud based solutions — I honestly thought Git was just slow at it.

Gogs - Chadev Files

The second thing you’ll notice is it’s pretty much GitHub, organizations work the same, repositories work the same, forking is the same, management is the same. You’ll feel right at home coming from GitHub. It is however currently missing pull request support but that is in the works.

Collaboration

Again — if you’re a GitHub user this will all feel familiar. You can have private repositories like normal, you can add users to these repositories. Additionally you have organizations, organizations can have repositories and teams. Teams can be granted access on all projects under an organization, or you can add users individually to projects under them. The only thing I could see that would be helpful here is the ability to create and reuse teams.

User Experience

Gogs - Activity

Activity page, some private repository information redacted.

We’re missing some key pieces to make Gogs a replacement to something like GitHub, pull requests are one of them, gists are another. Of course Gogs is young and is receiving a lot of help so I expect these to get finished soon.

Other than that, everything is clean and easy to use. There is little functionality I see missing from my day-to-day usage, and a few extra freebies such as 3rd party issue support that I need to investigate (for those of us that don’t like integrated issues in our DVCS hosting platform).

Stability

Gogs - New Repo

Handful of 500 errors aside from doing dumb things, LDAP integration went really screwy when I set a filter incorrectly. So far I’ve moved all of my development to it, and minus the LDAP issue and cloning empty repositories I haven’t seen a 500 error. Solid!

Though I’m sure there are issues here and there, for the age of the project I’m impressed.

The Future

Gogs - Chadev Settings

Gogs is looking to add pull requests relatively soon, I’m personally rooting for Mercurial support (but don’t hold your breath). Their Trello board is available online showing what they’re currently working on and their Github is thriving with pull requests, issues, and discussions. I’m excited for this to continue to mature.

Overall

My experience with Gogs has been so positive that I’ll likely be moving all of my Mercurial repos over to it. RhodeCode was nice but the pricing structure for 10+ users has really killed it (more on that in the RhodeCode review) with Kallithea being the only one I’m seriously looking at anymore (but don’t have high hopes being as the forking point for RhodeCode was when it was still pretty slow, and Gog’s speed has spoiled me).

The main worry I have about Gogs is a somewhat slow development process. Currently the project is lead by Unknwon over on GitHub, and they’re currently very busy — leading to a nearly complete halt on the project, some forks have emerged but this project has thrived under Unknwon and their dedication to this and I’d love to see it continue under them.