- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-01-22 03:43 PM
Error: Could not connect to '{connection name}'.
SOAP security negotiation with 'http://{appserver}.southernco.com:8187/bpserver' for target 'http:/{appserver}.southernco.com:8187/bpserver' failed. See inner exception for more details.
System.ComponentModel.Win32Exception: Either the client credential was invalid or there was an error collecting the client credentials by the SSPI.
at System.ServiceModel.Security.WindowsSspiNegotiation.GetOutgoingBlob(Byte[] incomingBlob, ChannelBinding channelbinding, ExtendedProtectionPolicy protectionPolicy)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetOutgoingBlobProxy.GetOutgoingBlob(ChannelBinding channelBinding)
at System.ServiceModel.Security.RequestSecurityToken.GetBinaryNegotiation()
at System.ServiceModel.Security.WSTrust.Driver.WriteRequestSecurityToken(RequestSecurityToken rst, XmlWriter xmlWriter)
at System.ServiceModel.Security.RequestSecurityToken.OnWriteTo(XmlWriter writer)
at System.ServiceModel.Security.RequestSecurityToken.WriteTo(XmlWriter writer)
at System.ServiceModel.Security.RequestSecurityToken.OnWriteBodyContents(XmlDictionaryWriter writer)
at System.ServiceModel.Channels.BodyWriterMessage.OnWriteBodyContents(XmlDictionaryWriter writer)
------------------------------
Brenton Westwood
Systems Analyst
Southern Company
------------------------------
Answered! Go to Answer.
Helpful Answers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
20-01-22 06:30 AM
A follow-up regarding this matter, relating to the latest Microsoft Windows security update/patch for 'CVE-2022-21907,' which was released on January 11th, 2022.
Customers using Blue Prism with 'Windows Authentication' have reported that Blue Prism Interactive Clients/Runtimes are triggering an additional prompt for credentials; however, when these credentials are entered, it is resulting in the below error:
- Windows Authentication connection modes: 'SOAP security negotiation with 'http://XXXXXXXX:8199/bpserver' for target 'http://XXXXXXXXX:8199/bpserver' failed. See inner exception for more details. ---> System.ComponentModel.Win32Exception: Either the client credential was invalid or there was an error collecting the client credentials by the SSP'
Blue Prism has released a solution/fix for this issue in the following KB article on our Support Portal:
We highly encourage that you speak to your IT team for assistance in applying this fix/solution, and that you first test this solution in a non-production environment.
The latest article update provides details about the issue, investigation and solution. Please also check the additional information in the article after solution section, including guidance for customers with complex environments.
------------------------------
Paul Anderson
Blue Prism
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-01-22 03:46 PM
Edit: It was update KB5009543
------------------------------
Emma Burns
Ground Control Ltd
Europe/London
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-01-22 04:34 PM
https://dirteam.com/sander/2022/01/11/three-active-directory-vulnerabilities-were-addressed-during-microsofts-january-2022-patch-tuesday/
If anyone identifies the specific KB and can post it here, please do! I'll be sure to do the same as well.
Also, this was from our PC level event viewer log and might also help shed some light. I'm trying to get this over to BP support but, of course, having issues accessing the ticketing pages. Oh, the irony!
The Security System has detected a downgrade attempt when contacting the 3-part SPN
HTTP/[servernameremoved]:8199/BPServer
with error code "The SAM database on the Windows Server does not have a computer account for this workstation trust relationship.
(0xc000018b)". Authentication was denied.
------------------------------
Diane Sanzone
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-01-22 04:37 PM
Our latest updates and guidance for this scenario can be found in our Knowledge Base here: https://help.blueprism.com/Alerts/1784860762/Latest-on-Windows-updates-from-11th-January-2022-causing-authentication-issues-in-Blue-Prism.htm
This page will be continually updated as information about this becomes available.
------------------------------
Steve Boggs
Senior Software Support Engineer
Blue Prism
Austin, TX
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-01-22 04:38 PM
From the Control Panel > Programs > Programs and Features, I removed the KB5009545 Windows Security Update from a desktop that had the issue and after a restart and logging back into the desktop, Blue Prism launched and signed in!
After the uninstall, the KB5008206 Windows Security Update is listed.
------------------------------
Brenton Westwood
Systems Analyst
Southern Company
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-01-22 08:25 PM
We are monitoring the BP Alert on this and they indicated it's related to SSO configurations, so we're contemplating removing the AD authentication/SSO and just manually logging in. Another internal suggestion was to patch the desktops/resource VMs AND the supporting servers (only our desktops were patched last night - servers are still pending).
Has anyone tried this? If your developer/bot workstations are patched AND your BP server is patched AND your BP Database server is patched - does SSO configuration for the login agent work?
We need to coordinate like 4 different teams on our side to test this but we might do it tomorrow - I'll post the results if we do end up testing it but would appreciate any feedback from anyone else that already tried it.
Thanks!
------------------------------
Diane Sanzone
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-01-22 09:55 PM
------------------------------
Brenton Westwood
Systems Analyst
Southern Company
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
13-01-22 05:21 AM
After the patching of our Evaluation and Development servers, I tried to connect to those environments from a desktop that has the new January Windows Security Patch (KB5009545 on the desktop). The connection did not work on the patched desktop. Yet, the connection worked on the desktop for which I had removed the January Windows Security Patch after the servers were patch (as alluded to above).
------------------------------
Brenton Westwood
Systems Analyst
Southern Company
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
13-01-22 12:18 PM
I'll be sure to keep posting any information I have here. Hoping BP gets us all a real fix soon!
------------------------------
Diane Sanzone
------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
14-01-22 08:50 AM
Is it already known when we can expect a hot-fix patch from Blue Prism to be released?
For now we have been able to roll back the Security Windows update, however this is not a sustainable solution.
Thanks in advance!
With kind regards,
------------------------------
Arthur Philippa
RPA Developer
Port of Rotterdam
Europe/Amsterdam
------------------------------
