Page Vault Browser Troubleshooting

When starting a Page Vault secure capture session using Page Vault Launcher, you receive the following error message:

“Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.”

Cause #1

One possible cause of this error is a local or group policy setting that affects how login credentials are negotiated between client and server over RDP. In most security contexts, Page Vault will require RDP clients to use “Send NTLMv2 response only”. For details on this policy see this Microsoft TechNet article:

https://technet.microsoft.com/en-us/library/jj852207.aspx

From the article above:

“In Windows Server 2003, the Default Domain Controllers Policy was Send NTLM response only,which changed to Not defined in later versions.”

This means that in networks whose domain policies originated on Windows Server 2003 or prior, a value will be set for “Send NTLM response only”. The new default is “Not defined”, which allows the server to negotiate a secure session with the client. However, it is not possible to choose “Not defined” in group policy if the setting is already set. Instead you must choose “Send NTLMv2 response only.

Solution #1

Choose the “Send NTLMv2 response only” setting for negotiating security authentication protocols. To set this in Group Policy:

Navigate to the following policy:

  1. Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Network security: LAN Manager authentication level
  2. If the current setting is anything other than “Not defined” or “Send NTLMv2 response only”, choose “Send NTLMv2 response only” for this setting.

If you are deploying this change using a GPO, make sure it is deployed to all client machines that will use Page Vault Launcher to start a new secure capture session.

Cause #2

Your network may have an IDS (Intrustion Detection System) configured to terminate some RDP (Remote Desktop Protocol) sessions.

Solution #2

Contact your network administrator to find out if an IDS is deployed, and if so, if RDP could be a monitored target. An exception might need to be made for traffic to the `page-vault.com` domain, and/or to the following IP addresses:

  • 52.6.200.221
  • 52.7.182.254
  • 52.5.8.50
  • 54.175.14.236

Cause #3

Forcepoint/Websense installations may prevent traffic flowing to Page Vault Browser.

Solution #3

Add a tunnel to the “page-vault.com” in Forcepoint. See their documentation for details:

https://www.websense.com/content/support/library/web/v81/wcg_help/ssl_add_incident.aspx

When attempting to login to Page Vault Browser, you are presented with a Windows authentication dialog similar to this:

After entering your username and password, the dialog re-appears without message or warning.

Solution

Prepend “PAGEVAULT\” before your user name. For example, if your Page Vault username is “contoso-jdoe”, in the Windows dialog enter “PAGEVAULT\contoso-jdoe” for the username.

  • kb/pvb-troubleshooting.txt
  • Last modified: 2019/05/10 10:49
  • by todd