Arlecho's ScreenConnect 6 releases

[whitewidow]

Wouldn't count on anything but making your life harder.

---

I am using Windows Server 2019 Standard (v1809).

Installed a server 2019 standard in a vm, updated windows, performed a clean install using v23.9.10.8817 and patched it with 3.4.1, works just fine.

There must be some something different about your environment, are you by any chance running an external virus scanner?

Same. Windows Server 2019 Standard (v1809) fully updated. No AV. Hyper-V installed and a couple VM's running.

I was able to install/patch and start services on every version listed on ScreenConnect's release site from 21.5.3025.7772→23.2.10.8811 with 3.4.1 versions of the patch .  When I install and patch any version 23.3.19.8811→23.9.10.8817  ScreenConnect Security Manager  service fails to start.

Currently blocking all connection on version 23.2.10.8811 with my configuration. I believe I tried a clean install and patch on 23.9.8.8811 and it failed to start services. Im running a backup so after I will try another clean install.

Side note ScreenConnect's release site is a mess. They removed all 23.9.x versions and release dates on old versions are from yesterday.

Clean install/patch 23.9.10.8817 on bare metal (where I previously had a working setup) failed to start services. I spun up a fresh server 2019 VM and clean install/patched, services started. I then stopped services and imported my backup, services started back up. Everything is working in the VM so there is a issue with my bare metal 2019 install it seems, but Im going to keep SC running on the VM moving forward.

[olscrm]

Hello Team,

I have an issue where no one is able to login to screenconnect anymore, the services are running we are able to get to the website as well but none of the users can login to start a session or check any of the connected sessions.

The message says " Invalid credentials. Please try again. "

The passwords are correct, we have checked multiple times and there has been no change in 2 years or any updates, the current version is 22.1.11109.8417

Please help on how to restore access to the installation.

Thank you

[zendobi]

Hello Team,

I have an issue where no one is able to login to screenconnect anymore, the services are running we are able to get to the website as well but none of the users can login to start a session or check any of the connected sessions.

The message says " Invalid credentials. Please try again. "

The passwords are correct, we have checked multiple times and there has been no change in 2 years or any updates, the current version is 22.1.11109.8417

Please help on how to restore access to the installation.

Thank you

Read back the last few pages of this thread.... if you cannot login, you have been hacked, and should assume any devices connected may be compromised.

[Tasagore]

I've upgraded from a 22.10 to 23.9.8 modifying the web.config as suggested and has been up and running since yesterday, thanks all for the info in this forum and for the patch. Seems that 23.9.8 patched resists the attack.

Does anybody have any solution for the thousands of bruteforce attacks to the login page? Something like block on IP with X fails in 10 minutes or something like that. I can see the failed logins in SC but they are not stored in the system events where the block tools usually reads and would be fine to be able to block as much as possible those attacks.

Thks

[gr3p]

Hello Team,

I have an issue where no one is able to login to screenconnect anymore, the services are running we are able to get to the website as well but none of the users can login to start a session or check any of the connected sessions.

The message says " Invalid credentials. Please try again. "

The passwords are correct, we have checked multiple times and there has been no change in 2 years or any updates, the current version is 22.1.11109.8417

Please help on how to restore access to the installation.

Thank you

Sounds like you're compromised.

You'll need to restore your C:\Program Files (x86)\ScreenConnect\App_Data\Users.xml file from a backup.  If you don't have a backup, you may be able to use the vulnerability to your advantage by accessing httpx://yourserver/SetupWizard.aspx/ and setting up new credentials for Administrator.  Once done, immediately rename/remove C:\Program Files (x86)\ScreenConnect\SetupWizard.aspx. ETA: At this point, your ScreenConnect _should_ be working, however, you need to review your system and any remote systems for further compromises. It's been 2 days since this was announced, so a lot of damage may have been done on your network/remote systems.

You'll then need to get patched to minimum 23.9.8.8811 version.

See:  https://www.connectwise.com/company/trus...ect-23.9.8

[smile101]

1) I had 21.8.3558.7823 and was hacked. So I restored from backup and was able to login.
2) I then updated to 22.8.20001.8818 (using the 3.4 patch and it upgraded fine. Was seeing all computers properly.
3) Then I updated to 23.3.19.8811 (with 3.4 patch) but I got the spinning wheels... I checked the code and it did have the "DateTimeFormat=Ticks" />" info, i didnt have to add it. also renamed the license.xml file. Still spinning.
4) Despite the spinning i tried updating to the latest version 23.9.10  (as point99trash2011 suggested) with the patch and it is still spinning... can someone please shed some light on how I can proceed to get it up and running again?
Thanks!

[olscrm]

Trying the patch on a new windows install
SC : 23.9.10.8817

On the last step -> Patch System -> getting the following messages :

Message 1 : Could not find: ScreenConnect.LicenseManager/<GetCapabilitiesAsync>::MoveNext( patch might not work!

Message 2 : Could not find: LicenseManager::TryAcquireLicenseAsync patch might not work!

Message 3: Please call <url>/SetupCreateUser.aspx, ensure it has been deleted after calling! This should result in being able to log in with username: Administrator, password: Administrator

Unable to login using the user/pass mentioned in the message

Hope this helps in further troubleshooting this

[rana]

I had to delete the session file under 'ScreenConnect\App_Data' everything works fine but after a reboot it goes back to spinning and circle and then I have to stop the services again delete the session file and start them back up and everything works fine can someone help me fix this please

[n0fx]

So does the latest patcher here work if I upgrade the system to the latest 23.9.10.8817?

---

[quote pid="393482" dateline="1708540581"]
Clean installation without patch - all services start. As soon as I apply the patch ScreenConnect Security Manager service wont start at all
Similar issue but was an upgrade from 21.5.3025.7772.

After hack stopped all services and blocked SC in my pfSense firewall. I then restored from yesterdays backup, upgraded to 22.8.10013.8329 with your latest patch. Services started and was able to login. Upgraded to 23.9.8.8811 using latest patch and services are failing to start.

Did you follow upgrade pathway?
If you are running a much older version, you may need to upgrade incrementally due to changes in the architecture of the product. The upgrade path is as follows:

2.1 → 2.5 → 3.1 → 4.4 → 5.4 →19.2→22.8→23.3→ Latest stable release

additionally in web.config replace SessionDatabase line with following:
<add name="SessionDatabase" providerName="SQLite" connectionString="Data Source=|DataDirectory|/Session.db; DateTimeKind=Utc; Foreign Keys=true; Page Size=4096; Journal Mode=WAL; BaseSchemaName=; Cache Size=1000; Memory Mapped Size=10000000000; DateTimeFormat=Ticks" />
and rename/delete license.xml from App_Data

worked for me like a charm

Went from  21.5.3025.7772 → 22.8.10013.8329 → 23.9.8.8811

Previously I got a warning trying to go from  21.5.3025.7772 →  23.9.8.8811 that I need to go to 22.8 first.  21.5.3025.7772 → 22.8.10013.8329 → 23.9.8.8811 went fine with no warnings.

---

[quote pid="393482" dateline="1708540581"]
Clean installation without patch - all services start. As soon as I apply the patch ScreenConnect Security Manager service wont start at all
Similar issue but was an upgrade from 21.5.3025.7772.

After hack stopped all services and blocked SC in my pfSense firewall. I then restored from yesterdays backup, upgraded to 22.8.10013.8329 with your latest patch. Services started and was able to login. Upgraded to 23.9.8.8811 using latest patch and services are failing to start.

Did you follow upgrade pathway?
If you are running a much older version, you may need to upgrade incrementally due to changes in the architecture of the product. The upgrade path is as follows:

2.1 → 2.5 → 3.1 → 4.4 → 5.4 →19.2→22.8→23.3→ Latest stable release

additionally in web.config replace SessionDatabase line with following:
<add name="SessionDatabase" providerName="SQLite" connectionString="Data Source=|DataDirectory|/Session.db; DateTimeKind=Utc; Foreign Keys=true; Page Size=4096; Journal Mode=WAL; BaseSchemaName=; Cache Size=1000; Memory Mapped Size=10000000000; DateTimeFormat=Ticks" />
and rename/delete license.xml from App_Data

worked for me like a charm

Went from  21.5.3025.7772 → 22.8.10013.8329 → 23.9.8.8811

Previously I got a warning trying to go from  21.5.3025.7772 →  23.9.8.8811 that I need to go to 22.8 first.  21.5.3025.7772 → 22.8.10013.8329 → 23.9.8.8811 went fine with no warnings.
[/quote]

Just tried to go from  21.5.3025.7772 → 22.8.10013.8329 → 23.3.19.8811. Services started fine and logged in at 22.8.10013.8329.  23.3.19.8811 services failed to start.


[/quote]

Did you have to patch it everytime you upgraded or just patched it at the end with the 23.xx stable version?

[roklaw]

Daft question, How do I find out what version I'm running ? Version Check fails. (running on windows)