Common Issues

Use KeePass with Pleasant Password Server

Also see FAQ for basic questions and Troubleshooting for tools to help diagnose problems.

Have Questions? Contact Us!

Getting more detailed log information

Getting more detailed log information

Follow these instructions to get more detailed logging information or to view the log files.

Service did not start up

Please Note:

When Upgrading: There may be a delay in the service startup while the database is converted to the new version.

See more details in Upgrading (sections: "Monitor Install" or "Problems?")

Sometimes the machine may have a lock on a file, and require a reboot. This is especially so in combination with Windows Updates, that where a restart / reboot is required.

Hosting with IIS (extra setup):

If you are hosting the site with IIS, make sure to stop and disable the IISExpress service. This can also be stopped with an End Task, using the Windows Task Manager. Also see IIS Troubleshooting.

Hosting with IISExpress (default):

Please make sure that the IISExpress.exe process is first shutdown (in task manager), before re-starting the service. This task will be automatically started along with the server startup.

Additional Checks:

1) View the file error logging details, which may often show the cause the problem.
- Open these files and scroll to the bottom, looking for any errors: Weblogs.txt and PleasantPasswordServerLog.txt
- You can forward these to Support via email.
2) There may be an error related to Certificates or SSL, which are better resolved in recent versions of Password Server and with Hosting with IIS:
- There may be a problem with the Certificate port association. This may be resolved by simply re-importing the Certificate using the Service Config utility. However, to be thorough, you can follow these steps below.
- Delete the current certificate association on the custom port 10001, run the following command in a command prompt (run as admin):
  
  netsh http delete sslcert ipport=0.0.0.0:10001
- Then re-import your Certificate with the Service Config utility (found in Windows Start menu > Programs > Pleasant Password Server > Service Configuration).
- Double-check that there aren't multiple certificates in the Certificate Store (Local Machine, Personal) with the same name.
- To confirm this port has been associated properly:
  
  netsh http show sslcert ipport=0.0.0.0:10001

3) Please also see the PowerShell / taskkill commands mentioned here:
- Stopping Pleasant Password Service
4) Rarely this could be an issue with IISExpress, a component that is started along with the Pleasant Server.
- Option A) To resolve simply try to repair the IISExpress install.
- Option B) As a last resort, if option A above still does not help:
  - Uninstall both Pleasant Password Server (which will leave your database intact with your admin settings) and
  - Uninstall IISExpress
  - Rename the Password Server program folder
  - Then re-install Pleasant Password Server. This will also install a new version of IISExpress.

If you continue to have trouble, please email Support with your Detailed Logs and a description of your situation.

Antivirus Exceptions

Virus Scans

The software has been reviewed & scanned & audited & tested, etc., is continually scanned by antivirus on multiple machines, and is clear from malware.

Whitelist Exceptions

Our recommendation is to whitelist the following folders to prevent interference from antivirus software. This may happen rarely, with some antivirus software, more than others:

%ProgramData%\Pleasant Solutions
%ProgramFiles(x86)%\Pleasant Solutions
%AppData%\PleasantKeePass

File Integrity Monitoring

Password Server can scan files for modifications with a fairly robust File Integrity Monitoring module (included with the SSO edition of Password Server), which will report if application files have been modified since release.

Digital Signatures and Checksum Hashes

Online Virus Scans

There are helpful sites that allow users to validate software files.

However, please remember that no antivirus solution is perfect, and may give a rare false positive, etc.
Please download the application directly from the Pleasant Solutions download location(s).

Contact Directly

We would encourage you to contact us / the antivirus vendor directly if you notice anything unusual.

Website didn't load

Problems? If the web site won't load,

Check that the installation/upgrade is complete and hasn't reported errors in the logs
Make sure Password Server isn't sharing a port with anything else:
1. Stop the Password Server service.
2. Click Start, type cmd, right-click Command Prompt, then click Run as administrator.
3. From the prompt, run netstat -b -p TCP -q. If you see anything ending in :10001 in the Local Address column, either switch the software using 10001 to another port or switch Password Server itself.

If you continue to have difficulty, please Contact Us!

Troubleshoot Server Certificate Issues

Here are a list of helpful server certificate checks, starting with the most common/easiest.

1) Server Configuration:

Password Server has a Service Configuration utility which helps manage the certificate, port, and database connection. The service config will need to be updated with your new certificate (found in Windows Start menu > Programs > Pleasant Password Server > Service Configuration).

Then restart the service or IIS and try to login using an incognito browser (with a fresh cache).

2) Certificate Caching: Some browsers, clients, or intermediate network devices might cache SSL/TLS certificates for a period of time. For us, clearing the browser cache may resolve the issue.

3) Certificate Binding:

If the issue persists, rarely there may be a problem with the certificate binding / port association.

- if you are hosting with IIS, verify in IIS that the new certificate is correctly bound to the website's port 443 or 10001. Remember to restart your IIS server after making any changes.

- if you are using the default service (which uses IISExpress), in this case, delete the current certificate association on the custom port 10001, by running the following command in a command prompt (as administrator):

netsh http delete sslcert ipport=0.0.0.0:10001

Then re-import your Certificate with the Service Config utility.

To confirm this port has been associated properly:

netsh http show sslcert ipport=0.0.0.0:10001

4) Client Certificate Trust: If the CA isn't trusted, clients will not be able to establish a secure connection.

If the certificate has been purchased, then the new certificate will be signed by a Certificate Authority that is trusted by browsers and devices.

Otherwise if it is a generated certificate from a self-signed or internal Certificate Authority then the public certificate, that does not contain the private key, will need to be distributed to the Certificate Store on the client machines (in the Trusted Roots folder).

5) Certificate Chain Issues: If the new certificate is part of a chain of trust that includes intermediate certificates, all certificates in the chain need to be correctly installed on the server, and/or trusted by the other network machines. If any are missing, clients might not trust the new certificate.

You can see the certificate chain in the certificate properties tab.

6) Multiple Certificates: Double-check that there aren't multiple certificates in the Certificate Store (Local Machine, Personal) with the same name.

7) Check for Connectivity Issues: If there's a URL in the certificate cannot be reached for validation (e.g. CRL/OSCP) it may be blocked by firewalls/filters.

- Recent Network Changes: similarly if the server has been migrated recently or network connections have changed, it could cause issues.

8) Firewall Settings: Ensure that the path is open and check all your firewalls along the way.

9) Port 443: Make sure that port 443 is listening on your server. This is the default port for HTTPS connections, and if it's not properly configured, it could prevent external connections.

10) Check Security Policy: There might be a problem with the security policy.

If you continue to have difficulty, please Contact Us.

Can Only Grant Read-Only Permissions

(versions 7.6.6+)

Relevant only if upgrading from a version previous to 7.6.6.

If your Administrators or users:

Cannot change the User Access except to Read-only, or
Cannot add entries in the mobile client

This change has been caused by a security improvement in version 7.6.6. To resolve:

Please edit your Access Levels: Full, Full + Grant, Full + Grant + Block
Set “Grant” for "View User Access" to True

Alternative method: If your organization has never added new Access levels or changed the existing Access levels:

Click Reset Access Levels, which will also achieve the same results.

Previously this setting was not required for granting/removing permissions, but has been changed for this version (as per Release Notes for 7.6.6).

This will allow as for your expectations.

If you have additional questions or concerns, please Contact Us!

Can Not Grant Access

We use the User Access window to provide the security access to users. This has changed in version 7.9.

Requirement

To open User Access, will need to have been given an Access Level with the View User Access permission.

Basic Steps

Open the User Access window,
Choose "Users" or "Roles" from the "Add Access for" dropdown,
Then in the next field, type or select the User/Role you wish to give access to.

Wiki Guide - Please review the instructions for granting access, examples here:

Problems?

Is scripting disabled in your web browser?
Are you using the IE browser with either Compatibility View (displayed in Address Bar) or Enable Protected Mode (in Tools > Security tab).

If you continue to have difficulty, please Contact Us and provide:

Version #
Screenshots of your User Access screen and Access Level screen.

Restore Access Inheritance

(versions 6.4.13+)

If you block access inheritance on entry/folder X without first ensuring you have the Set Block Inheritance permission set directly on X (rather than inherited from an ancestor), you'll only be able to remove the block by editing your database as follows:

Open your database
- For SQLite
  - Stop the "Pleasant Password Server" service
  - Open your database in SQLiteManager (as administrator)
    - Open SQLiteManager with a right-click, "Run as administrator". This avoids the "Database is read only" error.
Open the SQL tab and run the following command (assumes that the blocked entry/folder is uniquely named; if not, the WHERE clause will need to use rowid or Id rather than Name):

UPDATE "CredentialObject"
SET "PermissionInheritanceBlocked" = 0
WHERE "Name" = '[THE_NAME_OF_THE_BLOCKED_ENTRY_OR_FOLDER]';
Refresh the folder tree visibility:

DELETE from "CredentialObjectVisibilityAccessRow";
DELETE from "CredentialObjectVisibility";
For SQLite
- Start the Password Server service
Re-add the User Access directly to the specific folder (or entry) you just restored.
NOTE: If you notice the Block Access Inheritance button has disappeared you can restore it by:
Right-click the folder (where the block inheritance button is missing) > Click Move > Select the folder it is currently in

Refresh Access Permissions

(versions 7.9.13+)

When Restoring inheritance we refresh the Access data with the steps below.

This may be also helpful is some other rare instances, when: for example, the actual access does not seem to align with the User Access, or folders remain hidden.

Stop the "Pleasant Password Server" service
Open your database in SQLiteManager (as administrator)
- Open SQLiteManager with a right-click, "Run as administrator". This avoids the "Database is read only" error.
Refresh the folder tree visibility:

DELETE from "CredentialObjectVisibilityAccessRow";
DELETE from "CredentialObjectVisibility";
Start the Password Server service

2FA Authenticator App gets Invalid Two-Factor Token error

Error: "Invalid Token"

The Authenticator protocol is time-based. If your Server, Device, or App is out of sync by even by 30 seconds, this will cause problems:

Check the server time
Check the device time

This should be the only problem for users using Authenticator apps.

See Step 5, of the Authenticator configuration steps.
For more info: Google Authenticator help (Android)

Still a problem?

1. Watch the clocks simultaneously count up the minutes and seconds. Set the time.

2. Workarounds -- if your users are still having difficulties with their secret, you can take these actions:

A) Reset their Google Authenticator secret:
- Reset Two-Factor Secret
- This will allow users to enroll again and synchronize to a new secret:
  - Reset 1 user's secret
  - Reset all users simultaneously
B) Temporarily, the policy can be changed so that 2FA is not required for the user(s).
C) Sync the time in the Authenticator App itself.

Additional Notes:

Backup your Google Authenticator secret by saving the QR code / number code
Mobile devices can store multiple Google Authenticator secrets.

Two-Factor Required error

If you enable the option to Require Two Factor Authentication without first configuring a provider, users will be able to log in until this requirement is removed.

Two-Factor Required Two-factor verification is required but has not been configured. Please contact your website administrator.

In this case the administrator should contact us for information to resolve this configuration problem.

Nothing happens with Internet Explorer when clicking delete (or any other button)

The most likely cause of this is an old version of Internet Explorer or Compatibility View being enabled. More information about Compatibility View can be found here:

https://windows.microsoft.com/en-CA/internet-explorer/use-compatibility-view

If disabling Compatibility View doesn't solve your problem and you're running a recent version of Internet Explorer (IE9+), feel free to contact us for support.

NOTE: Internet Explorer may sometimes automatically enable Compatibility View for Intranet.

LDAP Bind Errors

For problems with Bind Errors / Authenticating a Directory user, start here: Unable to Bind to LDAP/AD

LDAP Connection issue on Windows 2019 Domain Controllers

Windows 2019 has provided a couple of patches for a connection bug with their Windows 2019 Domain Controllers. This is not isolated to Password Server, but includes other Microsoft users in general.

This fix is available here:

Windows 10 Update KB4516077

For further information, and to keep updated with the progress of this issue:

https://social.technet.microsoft.com/Forums/windowsserver/en-US/4f14412f-dd81-4b9a-b6b5-aa69100e87d0/intermittent-not-enough-space-errors-when-doing-ldap-queries-against-2019-domain-controller

Active Directroy/LDAP Migration Error

(versions 7.4+)

For problems with a Migration error message at Login screen see: Active Directory/LDAP Migration Error

Error System.Exception: ASP.NET AppDomain is shutting down... Reason:

Change Notification for critical directories.

bin dir change or directory rename

HostingEnvironment initiated shutdown

This is due to a Portable Class Library that requires a .Net patch. Simply install the relevant Windows Update to fix this problem. Details in the following link: https://www.paraesthesia.com/archive/2013/01/21/using-portable-class-libraries-update-net-framework.aspx

Removing Audit Records

For now audit records can be removed as needed.

These can also be filtered out by Username or UserID

- Contact us for any help needed with this technical process and we will respond ASAP

Pleasant Password Server won't install on Windows 8.1 or Server 2012 R2

It is possible that ASP.NET 4.5 is installed but not enabled. To enable it:

Find Windows PowerShell on your system (in Server 2012 R2, it may already be in your taskbar).
Right-click on the PowerShell icon and select "Run as Administrator".
In the PowerShell window, type

& ${env:windir}\syswow64\cmd.exe

Press enter.
Now type:

%windir%\sysnative\dism.exe /Online /Enable-Feature /FeatureName:NetFx4Extended-ASPNET45

Press enter. You should get a message that the command was successful.
Close the PowerShell window and run the Pleasant Password Server installer. It should now install successfully.

Unable to Import

Pleasant.Identity.Mvc.Controllers.IdentityControllerBase Pleasant.Identity.IdentityOperationException: Unable to import 1 users. 0 slots remaining.

The above error message is letting you know that you don't have anymore Users on your License. You must delete a user or upgrade your license (e.g. from 10 to 20) in order to be able to import more users.

Missing tabs or features

Make sure the user is a member of a role that has permission to access those features. Users may need to sign out and sign back in for permission changes to take effect.

Hiding tabs in PPASS Menu

Hiding tabs is possible, however is not available in trial mode. Once the license is activated these can be hidden.

SSO Server tab

Hide the SSO Server menu tab
- Available for Enterprise and higher license keys.

Contracts tab

Settings > Appearance > Show contracts tab > Choose "Selected users"
- Available for Enterprise+ and higher license keys.

Entry does not appear in search

SQLite only understands upper/lower case for ASCII characters by default. The LIKE operator is case sensitive by default for unicode characters that are beyond the ASCII range.

Use IIS instead of IIS Express

Using IIS is possible and is recommended, especially for customers with more advanced environments:

Hosting with IIS

Using IIS as a Reverse Proxy: some customers may wish to know that it is also possible to setup a new IIS site and redirect the incoming TCP requests to the Password Server's IIS Express. This effectively makes IIS a reverse proxy.

Other info: Redirect HTTP Requests to HTTPS

Keyboard not working in Windows Password Reset Client (Windows 8+)

Press CTRL once to fix the keyboard.

Details: Windows 8/8.1/10 will sometimes mistakenly behave as though CTRL is being held down on the login screen. Because the browser opened by the Reset Client ignores any keys pressed while CTRL is held down, this can make it seem like the keyboard has stopped working. Pressing CTRL forces Windows to acknowledge that CTRL is not being held down.

KeePass for Password Server errors

Trust Warnings

"Connecting to a new server for the first time..."

(see the Trust Warning wiki page)

KeePass Export operation is not allowed by the application policy

View sections here to re-enable / restrict exporting passwords:

PassMan Client Connection Error

Version 6.0.1 - 7.1.19:

PassManClient connection error: Could not load type 'System.Collections.Generic.IReadOnlyDictionary`2' from assembly 'mscorlib, Version=4.0.0.0, Culture=neutral, PublicKey Token=b77a5c561934e089'

Verify that you have .NET Framework ≥ 4.5 installed by following these instructions.

KeePass Timeouts do not auto-close Credentials

This is designed this way by KeePass after some consideration, and there is a KeePass explanation for choosing this design (included below).

KeePass client: an open dialog disables vault time-out until user closes it.
Web client: an open dialog does effect the time-out with a save change message, and does not allow the user to save changes or open other entries, etc.

Users can be reminded to close Vault credentials after use.

The KeePass offical FAQ explains this best:

KeePass automatically tries to lock its workspace when Windows is locked, with one exception: when a KeePass sub-dialog (like the 'Edit Entry' window) is currently opened, the workspace is not locked.

To understand why this behavior makes sense, it is first important to know what happens when the workspace is locked. When locking, KeePass completely closes the database and only remembers several view parameters, like the last selected group, the top visible entry, selected entries, etc. From a security point of view, this achieves best security possible: breaking a locked workspace is equal to breaking the database itself.

Now back to the original question. Let's assume an edit dialog is open and the workstation locks. What should KeePass do now? Obviously, it's too late to ask the user what to do (the workstation is locked already and no window can't be displayed), consequently KeePass must make an automatic decision. There are several possibilities:

Do not save the database and lock.
In this case, all unsaved data of the database would be lost. This not only applies to the data entered in the current dialog, but to all other entries that have been modified previously.

Save the database and lock.
In this case, possibly unwanted changes are saved. Often you open files, try something, having in mind that you can just close the file without saving the changes. KeePass has an option 'Automatically save database when KeePass closes or the workspace is locked'. If this option is enabled and no sub-dialog is open, it's clear what to do: try to save the database and if successful: lock the workspace. But what to do with the unsaved changes in the sub-dialog? Should it be saved automatically, taking away the possibility of pressing the 'Cancel' button?

Save to a temporary location and lock.
While this sounds the best alternative at first glance, there are several problems with it, too. First of all, saving to a temporary location could fail (for example there could be too few disk space or some other program like virus scanner could have blocked it). Secondly, saving to a temporary location isn't uncritical from a security point of view. When having to choose such a location, mostly the user's temporary directory on the hard disk is chosen (because it likely has enough free space, required rights for access, etc.). Therefore, KeePass databases could be leaked and accumulated there. It's not clear what should happen if the computer is shutdown or crashes while being locked. When the database is opened the next time, should it use the database stored in the temporary directory instead? What should happen if the 'real' database has been modified in the meanwhile (quite a realistic situation if you're carrying your database on an USB stick)?

Obviously, none of these alternatives is satisfactory. Therefore, KeePass implements the following simple and easy to understand behavior:

When Windows is locked and a KeePass sub-dialog is opened, the KeePass workspace is not locked.

This simple concept avoids all the problems above. The user is responsible for the state of the program.

Security consequence: the database is left open when Windows locks. Normally, you are the only one who can log back in to Windows. When someone else logs in (like administrator), he can't use your programs anyway. By default, KeePass keeps in-memory passwords encrypted, therefore it does not matter if Windows caches the process to disk at some time. So, your passwords are pretty safe anyway.

https://keepass.info/help/base/faq_tech.html#noautolock

KeePass Export Errors

The composite key is invalid! Make sure the composite key is correct and try again

The export password you want to use is:

export_password

For further information about exporting passwords please see our wiki:
https://keepasshub.com/info/keepass-hub/c-backup-export-and-import-your-passwords/2-exporting-passwords-from-keepass-for-pleasant-password-server

RDP SSO Client crashes on launch (v7.5.2 - 7.5.7)

The RDP SSO Client relies on the existence of a default settings file for RDP that will not exist if the user currently logged into the machine has never used Remote Desktop Connection on that machine before. Start up Remote Desktop Connection and connect to another machine to make sure that defaults are established, then try the Launch RDP SSO link again.

SSO Authentication Errors

The most common causes for Access Denied errors when authenticating with Password Server (PPASS) are:

incorrect username or password
incorrect unique identifier
user does not have SSO permission on that credential

Common causes of wrong username or password when authenticating with the target server are:

wrong username or password stored in the PPASS credential

Please check all your settings. If the problem persists, please provide us with screenshots of your settings when contacting us for support and what you are doing in the browser or terminal (confidential info blurred).

After Update, Active Directory/LDAP User Log In/Refresh is Slow (v7+)

Some users have reported that after upgrading from version 6 to 7 their user login times have drastically increased, even when no changes have been made to the AD/LDAP directory settings.
The slowdown is caused by a change in the way Password Server tracks imported users and groups (more details).

Specify an OU

Specifying an OU for Pleasant Password Server users should speed up logins significantly. Only quering the targeted OU is allows the permissions check to occur much faster, speeding up the end-user experience.

User Directory: server.xxx.yyy/accounts/ppass
Group Directory: server/directory/folder/groups/

Users and Roles > Manage Directory > Edit Directory > Import

Base Distinguished Name: DC=server, DC=xxx, DC=yyy
User Relative DN: OU=ppass, OU=accounts
Group Relative DN: OU=groups, OU=folder, OU=directory

Configurations which Improve Application Performance

See this page for factors affecting the speed of Password Server or clients.

After Update, Home screen shows "loading" and stays there

(version 7.5.15 - 7.6.2)

Some users have reported that after upgrading, the Home screen does not finish loading / stays empty.

Clear the browser cache, or refresh the page: CTRL+F5 (PC's) CMD+R (Apple) F5 (Linux)

If this does not resolve the problem:

Try a different browser,
Check that JavaScript is enabled,
Rule out other browser extensions that could be interfering,
Reset the browser settings.

Questions about Session Timeout

To adjust for users to be automatically logged out the user after a specific amount of time.

Web Client - Automatic log out

Navigate to the menu Users and Roles > Manage Policies > Actions > Edit > Login Timeout
Set the timeout to the appropriate amount.
- Note: For Web clients in versions 7.6 and older, you will need to sign out for this policy to take effect.

KeePass / Mobile/ API / etc. - Automatic log out

Navigate to the menu Users and Roles > Manage Policies > Actions > Edit > Application Authentication Timeout
Set the timeout to the appropriate amount.

KeePass (option) - Automatic workspace lock/etc.

An inactivity timeout also exists in the KeePass Client
- Tools menu > Options... > Security tab > "Lock workspace after..." checkboxes (one for KP inactivity, one for global inactivity)

For more information see these sections in the User Policy:

Approval Notification has a Grammar Error

Approval notifications may have a grammar error when granting permanent access, which could confuse some users:

"... has granted you Full access that will expire on with comment:"

Suggested wording could instead be change to display like this:

Approved Request
Your request for Full access to \Root\Departments\Folder has been approved by Approver.

Approver has granted you Full access.

- Expiry Date:
- Comment: Approval granted...

You can access the requested object with the link below:
https://YourServername:10001

Change the notification text here:

Advanced > Email Templates > Click the "Approved Request" template link
Click the </> button (to View HTML)
Copy and paste the following:

<h3>Approved Request</h3>  
<p>Your request for {{ RequestedAccessLevelName }} access to {{ RequestedObjectPath }} <strong>has been approved</strong> by {{ ApprovingUserName }}.</p> 
<p>{{ ApprovingUserName }} has granted you {{ ApprovedAccessLevelName }} access.</p> 
 <ul> 
 <li><strong>Expiry Date:</strong> {{ ExpireDate }} </li>
 <li><strong>Comment:</strong> {{ ApproverComment }}</li> 
 </ul> <p>You can access the requested object with the link below:</p> 
<p><a href="{{ RequestedObjectUrl }}">{{ RequestedObjectUrl }}</a></p>

Click Update

Test Emails - SMTP - Account is not valid Error

Try enabling Trace email logging to get a little more details.

Try manually re-entered the SMTP Username even if it was entered correctly. This has been known to fix the issue.

API v5 StatusCodeError: 500

This error is particular to the version 7.9.28, when using API v5 to integrate with other software. A fix of this issue has been added in 7.10.4.

To resolve in this version, include a "X-Pleasant-Client-Identifier" header that is a valid GUID with one of the following formats:

32 digits: 00000000000000000000000000000000
32 digits separated by hyphens: 00000000-0000-0000-0000-000000000000
32 digits separated by hyphens, enclosed in braces: {00000000-0000-0000-0000-000000000000}
32 digits separated by hyphens, enclosed in parentheses: (00000000-0000-0000-0000-000000000000)

Where the digits are 0-9, A-F.

NLog not properly archiving files with dates

Password Server uses a logging tool called NLog. Currently there is a bug with the nlogger which does not properly archive files with dates in the filename.

Use the following steps to fix. Please not that these changes will be over-written when you upgrade to a new version. So you will have to remember to re-apply these steps (until the problem is fixed).

1) Stop the Pleasant Password Service:
https://keepasshub.com/info/keepass-hub/b-server-configuration#StopStartRestartPasswordServer

2) Open the file NLog.config with administrative access (by default, found here):
C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server

3) Find references to archiveFileName

4) Remove the reference to shortdate ("_${shortdate}") in the archiveFileName. The lines should look like this:
archiveFileName="${PleasantApplicationData}/PleasantPasswordServerLog.{#}.txt"
archiveFileName="${PleasantApplicationData}/PasswordProxyLog.{#}.txt"

5) Save the file, and restart the Pleasant Password Service.

6) Delete or move the old logs.

From now on, the logs:

will be saved with the new filename,
will store 10 files by default, and
will delete anything older.

Common Issues

Startup - Service/Site

Upgrade

Login / Connectivity

Certificates

Access

AD/LDAP

Reset Users

Email

KeePass

Browser

Features

Performance

SSO

Miscellaneous

Getting more detailed log information

Service did not start up

Antivirus Exceptions

Website didn't load

Troubleshoot Server Certificate Issues

Can Only Grant Read-Only Permissions

Can Not Grant Access

Restore Access Inheritance

Refresh Access Permissions

2FA Authenticator App gets Invalid Two-Factor Token error

Still a problem?

Two-Factor Required error

Nothing happens with Internet Explorer when clicking delete (or any other button)

LDAP Bind Errors

LDAP Connection issue on Windows 2019 Domain Controllers

Active Directroy/LDAP Migration Error

Removing Audit Records

Pleasant Password Server won't install on Windows 8.1 or Server 2012 R2

Unable to Import

Missing tabs or features

Hiding tabs in PPASS Menu

Entry does not appear in search

Use IIS instead of IIS Express

Keyboard not working in Windows Password Reset Client (Windows 8+)

KeePass for Password Server errors

Trust Warnings

KeePass Export operation is not allowed by the application policy

PassMan Client Connection Error

KeePass Timeouts do not auto-close Credentials

KeePass Export Errors

The composite key is invalid! Make sure the composite key is correct and try again

RDP SSO Client crashes on launch (v7.5.2 - 7.5.7)

SSO Authentication Errors

After Update, Active Directory/LDAP User Log In/Refresh is Slow (v7+)

Specify an OU

Configurations which Improve Application Performance

After Update, Home screen shows "loading" and stays there

Questions about Session Timeout

Approval Notification has a Grammar Error

Test Emails - SMTP - Account is not valid Error

API v5 StatusCodeError: 500

NLog not properly archiving files with dates