Last Active: Feb 21, 2024
Threads: 0
Posts: 1
Reputation:
0
Feb 21, 2024, 15:29 pm
(This post was last modified: Feb 21, 2024, 15:31 pm by creatoris1. Edited 1 time in total.)
[quote pid="393482" dateline="1708540581"]
Clean installation without patch - all services start. As soon as I apply the patch ScreenConnect Security Manager service wont start at all
Similar issue but was an upgrade from 21.5.3025.7772.
After hack stopped all services and blocked SC in my pfSense firewall. I then restored from yesterdays backup, upgraded to 22.8.10013.8329 with your latest patch. Services started and was able to login. Upgraded to 23.9.8.8811 using latest patch and services are failing to start.
[/quote]
Did you follow upgrade pathway?
If you are running a much older version, you may need to upgrade incrementally due to changes in the architecture of the product. The upgrade path is as follows:
Quote:2.1 → 2.5 → 3.1 → 4.4 → 5.4 →19.2→22.8→23.3→ Latest stable release
additionally in web.config replace SessionDatabase line with following:
<add name="SessionDatabase" providerName="SQLite" connectionString="Data Source=|DataDirectory|/Session.db; DateTimeKind=Utc; Foreign Keys=true; Page Size=4096; Journal Mode=WAL; BaseSchemaName=; Cache Size=1000; Memory Mapped Size=10000000000; DateTimeFormat=Ticks" />
and rename/delete license.xml from App_Data
worked for me like a charm
Last Active: Feb 22, 2024
Threads: 0
Posts: 2
Reputation:
0
after we did an upgrade a lot of computers stayed offline any suggestion for this ?
Last Active: Feb 22, 2024
Threads: 0
Posts: 13
Reputation:
0
Feb 21, 2024, 15:50 pm
(This post was last modified: Feb 21, 2024, 17:04 pm by whitewidow. Edited 1 time in total.)
(Feb 21, 2024, 15:29 pm)creatoris1 Wrote: [quote pid="393482" dateline="1708540581"]
Clean installation without patch - all services start. As soon as I apply the patch ScreenConnect Security Manager service wont start at all
Similar issue but was an upgrade from 21.5.3025.7772.
After hack stopped all services and blocked SC in my pfSense firewall. I then restored from yesterdays backup, upgraded to 22.8.10013.8329 with your latest patch. Services started and was able to login. Upgraded to 23.9.8.8811 using latest patch and services are failing to start.
Did you follow upgrade pathway?
If you are running a much older version, you may need to upgrade incrementally due to changes in the architecture of the product. The upgrade path is as follows:
Quote:2.1 → 2.5 → 3.1 → 4.4 → 5.4 →19.2→22.8→23.3→ Latest stable release
additionally in web.config replace SessionDatabase line with following:
<add name="SessionDatabase" providerName="SQLite" connectionString="Data Source=|DataDirectory|/Session.db; DateTimeKind=Utc; Foreign Keys=true; Page Size=4096; Journal Mode=WAL; BaseSchemaName=; Cache Size=1000; Memory Mapped Size=10000000000; DateTimeFormat=Ticks" />
and rename/delete license.xml from App_Data
worked for me like a charm
[/quote]
Went from 21.5.3025.7772 → 22.8.10013.8329 → 23.9.8.8811
Previously I got a warning trying to go from 21.5.3025.7772 → 23.9.8.8811 that I need to go to 22.8 first. 21.5.3025.7772 → 22.8.10013.8329 → 23.9.8.8811 went fine with no warnings.
(Feb 21, 2024, 15:50 pm)whitewidow Wrote: (Feb 21, 2024, 15:29 pm)creatoris1 Wrote: [quote pid="393482" dateline="1708540581"]
Clean installation without patch - all services start. As soon as I apply the patch ScreenConnect Security Manager service wont start at all
Similar issue but was an upgrade from 21.5.3025.7772.
After hack stopped all services and blocked SC in my pfSense firewall. I then restored from yesterdays backup, upgraded to 22.8.10013.8329 with your latest patch. Services started and was able to login. Upgraded to 23.9.8.8811 using latest patch and services are failing to start.
Did you follow upgrade pathway?
If you are running a much older version, you may need to upgrade incrementally due to changes in the architecture of the product. The upgrade path is as follows:
Quote:2.1 → 2.5 → 3.1 → 4.4 → 5.4 →19.2→22.8→23.3→ Latest stable release
additionally in web.config replace SessionDatabase line with following:
<add name="SessionDatabase" providerName="SQLite" connectionString="Data Source=|DataDirectory|/Session.db; DateTimeKind=Utc; Foreign Keys=true; Page Size=4096; Journal Mode=WAL; BaseSchemaName=; Cache Size=1000; Memory Mapped Size=10000000000; DateTimeFormat=Ticks" />
and rename/delete license.xml from App_Data
worked for me like a charm
Went from 21.5.3025.7772 → 22.8.10013.8329 → 23.9.8.8811
Previously I got a warning trying to go from 21.5.3025.7772 → 23.9.8.8811 that I need to go to 22.8 first. 21.5.3025.7772 → 22.8.10013.8329 → 23.9.8.8811 went fine with no warnings.
[/quote]
Just tried to go from 21.5.3025.7772 → 22.8.10013.8329 → 23.3.19.8811. Services started fine and logged in at 22.8.10013.8329. 23.3.19.8811 services failed to start.
![[Image: ABLVV86kubQITeGEcKtZ5xPBs0GllMwFZmYxRNbK...authuser=0]](https://lh3.googleusercontent.com/pw/ABLVV86kubQITeGEcKtZ5xPBs0GllMwFZmYxRNbK_2wvR1TAfCmEDC99Kztb2TIVnG0Fz7mrhmzNGw6EvDwmL4C1XsSBsI-FwGnbaiUX_y51G47A8vu6SVASffrNkQjBCmpADBxfsEVfE31XKrv0yqHkaC9_=w1018-h497-s-no-gm?authuser=0)
Last Active: Jan 10, 2025
Threads: 2
Posts: 293
Reputation:
11
Feb 21, 2024, 17:13 pm
(This post was last modified: Feb 21, 2024, 17:15 pm by Arlecho. Edited 1 time in total.)
(Feb 21, 2024, 15:50 pm)whitewidow Wrote:
Are there any messages in the event log or any other debugging messages?
Not sure what is happening here, could you try a clean install (with a proper backup) and if that doesn't work either post the server specs?
Last Active: Today
Threads: 0
Posts: 89
Reputation:
0
Feb 21, 2024, 17:38 pm
(This post was last modified: Feb 21, 2024, 17:41 pm by Sinauth. Edited 1 time in total.)
You guys are doing the upgrades offline, I assume...
EDIT:
This is the one which I got hit with: https://github.com/W01fh4cker/ScreenConn...Bypass-RCE
Last Active: Feb 22, 2024
Threads: 0
Posts: 13
Reputation:
0
Feb 21, 2024, 17:39 pm
(This post was last modified: Feb 21, 2024, 17:42 pm by whitewidow. Edited 1 time in total.)
(Feb 21, 2024, 17:13 pm)Arlecho Wrote: (Feb 21, 2024, 15:50 pm)whitewidow Wrote:
Are there any messages in the event log or any other debugging messages?
Not sure what is happening here, could you try a clean install (with a proper backup) and if that doesn't work either post the server specs?
I have backups created for version 21.5.3025.7772 by Veeam. I restore the entire C:\Program Files (x86)\ScreenConnect\ directory to a clean install and patched version of 21.5.3025.7772 after uninstalling and removing services from the failed 23.9.8.8811 install. Then upgrade to 22.8.10013.8329, services start after patching, I can log in and verify all my endpoints and configuration is correct. Then when I try to upgrade to either 23.3.19.8811 or 23.9.8.8811 services fail to start after patching.
Is there a way to clean install and patch 23.9.8.8811 then restore just my configuration from the 21.5.3025.7772 backup?
Server Specs
Windows Server 2019
11th Gen Intel® Core™ i5-1135G7 @ 2.40GHz
64GB RAM
Repeating Event viewer logs
Code: A timeout was reached (30000 milliseconds) while waiting for the ScreenConnect Security Manager service to connect.
Code: The ScreenConnect Security Manager service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Code: Application: ScreenConnect.Service.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code e0434352, exception address 00007FFD9B6C49B9
Stack:
Code: Faulting application name: ScreenConnect.Service.exe, version: 23.9.8.8811, time stamp: 0xe4d127ab
Faulting module name: KERNELBASE.dll, version: 10.0.17763.5458, time stamp: 0xac594b25
Exception code: 0xe0434352
Fault offset: 0x00000000000349b9
Faulting process id: 0x40a0
Faulting application start time: 0x01da650c2e504409
Faulting application path: C:\Program Files (x86)\ScreenConnect\Bin\ScreenConnect.Service.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 68b66ee4-bb87-4a04-a84f-bfb5cc76f7fc
Faulting package full name:
Faulting package-relative application ID:
Last Active: Today
Threads: 0
Posts: 89
Reputation:
0
Feb 21, 2024, 17:57 pm
(This post was last modified: Feb 21, 2024, 18:29 pm by Sinauth. Edited 2 times in total.)
Last Active: Feb 22, 2024
Threads: 0
Posts: 5
Reputation:
0
Feb 21, 2024, 17:59 pm
(This post was last modified: Feb 21, 2024, 18:01 pm by fellow26.)
I was hacked and they changed my admin login. Is there a way to reset it before I patch / upgrade ? My backups are old..
(Feb 21, 2024, 17:59 pm)fellow26 Wrote: I was hacked and they changed my admin login. Is there a way to reset it before I patch / upgrade ? My backups are old..
Patching upgrading will retain my clients and settings ?
Last Active: Feb 26, 2024
Threads: 0
Posts: 6
Reputation:
0
Today Both my ScreenConnect Servers:
v. 21.10
v. 21.4.2
Would not let any of us login. It kept saying invalid credentials. I thought that someone had hacked our servers but what's the servers are in completely different IP domains and totally unrelated to each other (one in AWS the other in Azure).
I reloaded from Backup and they worked fine. 2 hours later the exact samething happened!?!?!?
I'm thinking ConnectWise has a backend to disable rogue servers? I do have plugins installed.
Do we have any listing of ConnectWise IP's that I can ACL deny to my servers?
Any idea of what might this be? I'm afraid that in a couple of hours it will happen again.
Last Active: Feb 22, 2024
Threads: 0
Posts: 13
Reputation:
0
(Feb 21, 2024, 18:19 pm)Tosa_Puppy Wrote: Today Both my ScreenConnect Servers:
v. 21.10
v. 21.4.2
Would not let any of us login. It kept saying invalid credentials. I thought that someone had hacked our servers but what's the servers are in completely different IP domains and totally unrelated to each other (one in AWS the other in Azure).
I reloaded from Backup and they worked fine. 2 hours later the exact samething happened!?!?!?
I'm thinking ConnectWise has a backend to disable rogue servers? I do have plugins installed.
Do we have any listing of ConnectWise IP's that I can ACL deny to my servers?
Any idea of what might this be? I'm afraid that in a couple of hours it will happen again.
Have you read anything posted here or by CW today? You got a bit of catching up to do
|
