Royal Server 4.01.60622 2023-06-23
Royal Server
New
Updated .Net to version 6.0.411.
Improved
When upgrading the MSI installer will attempt to keep customized service accounts for the Royal Server Windows Service
with falling back to .\LocalSystem if this fails.
Royal Server 4.01.60416 2023-04-16
Royal Server
Improved
Updated .Net to version 6.0.408.
Improved
Added additional configuration options for the experimental SysLog logging feature
Configuration is currently only possible via %AppData%\RoyalServer\appsettings.json.
Full list of available configuration keys:
SysLogEnabled: Enable or disable the syslog logging.SysLogProtocol: The protocol to use.- Allowed values:
Udp,Tcp - The default value is
Udp.
- Allowed values:
SysLogTarget: The hostname or ip of the syslog server.SysLogPort: The port the syslog server is listening on.SysLogFacility: An integer specifying the category of the system generating the log message according to the RFC3164.- Allowed values: 0 - 23.
- The default value is 16 (
Local0).
SysLogLogLevel: The log level to apply.- Allowed values:
Verbose,Debug,Information,Warning,Error,Fatal - The default value is
Information.
- Allowed values:
SysLogFramingType: How to frame i.e. delimit syslog messages on the wire.- Allowed values:
CRLF,CR,LF,NUL,OCTET_COUNTING - The default value is
OCTET_COUNTING(as described in RFC5425 and RFC6587).
- Allowed values:
SysLogFormat- Allowed values:
Local,RFC3164,RFC5424 - The default value is
RFC5424.
- Allowed values:
SysLogSslProtocols: Comma separated list of SSL/TLS protocols used for a secure channel.- Allowed values: see System.Security.Authentication.SslProtocols
- Default value is
Tls12.
- SysLogIgnoreCertificateErrors: If set to
true, all certificate errors will be ignored when using protocolTCP.
Royal Server 4.01.60216 2023-02-16
Royal Server
Improved
Updated .Net to version 6.0.406.
Secure Gateway
Fixed
Addresses issues with interrupted file transfers.
Royal Server 4.01.60113 2023-01-13
Script Module
Fixed
Fixes issues with rendering Ansi sequences in PowerShell scripts
Royal Server 4.01.51214 2022-12-14
Royal Server
Improved
Updated .Net to version 6.0.404.
Fixed
Fixed an issue with Performance Monitoring where Royal Server failed to start because of missing performance counters or access restrictions.
This situation is now handled gracefully and warnings will be written to the log on startup.
Royal Server 4.01.51122 2022-11-22
Royal Server
Improved
Updated .Net to version 6.0.403.
Script Module
Fixed
Fixes a security issue with loopback Powershell Connections using the service account instead of the destination credentials.
Note: The user specified in the credential for Powershell Connections targeting localhost must now be in the group Administrators on the Royal Server machine,
since non admin users are not allowed in this Powershell remoting scenario. (See also CVE-2019-0543)
Royal Server 4.01.51014 2022-10-14
Royal Server
Improved
Updated .Net to version 6.0.402.
Improved
Optimize memory usage for AD users and groups.
New
Added additional logging for Account Service.
Set TRACEFLAG_IS_MEMBER_OF_DEBUGLOG in %AppData%\RoyalServer\appsettings.json to true to activate.
Royal Server 4.01.50624 2022-06-24
Royal Server
New
Added a new setting to skip automatic setup of firewall rule Royal Server Modules.
Set SkipAddingFirewallRule in %AppData%\RoyalServer\appsettings.json to true to skip.
Configuration Tool
Fixed
Addressed an issue with the Timeout configured under SecureGateway > Gateway Configuration not being honoured.
Secure Gateway
New
Added a new setting to skip automatic setup of firewall rule Royal Server Secure Gateway (SSH tunnel).
Set SecureGateway:SkipAddingFirewallRule in %AppData%\RoyalServer\appsettings.json to true to skip.
Improved
Removed obsolete property SecureGateway:GatewayTimeout from configuration, use SecureGateway:MaxIdleDuration instead.
Royal Server 4.01.50505 2022-05-05
Royal Server
Improved
Add additional checks to determine membership to Royal Server groups.
Configuration Tool
Fixed
Handle possible exceptions when assigning a worker account.
Royal Server 4.01.50427 2022-04-27
Royal Server
Improved
Ensure sufficient permissions for worker account on startup.
Configuration Tool
Improved
Improved error handling and UI messages in Permissions view.
Royal Server 4.01.50421 2022-04-21
Royal Server
New
Upgraded to .Net 6.0 framework.
New
Support credentials which use an alternate UPN-Suffix (e.g. username@upn-suffix) instead of the Computer Domain (e.g. [email protected]).
New
Installer sets now the Registry Key Value InstallLocation when writing the uninstall information to Windows Registry.
New
Added experimental support for syslog.
Configuration is currently only possible via %AppData%\RoyalServer\appsettings.json.
The available configuration keys are:
SysLogEnabled: Enable or disable thesysloglogger.SysLogProtocol: The protocol to use. Allowed values:Udp,TcpSysLogTarget: The hostname or ip of thesyslogserver.SysLogPort: The port thesyslogserver is listening on.SysLogFacility: An integer specifying the category of the system generating the log message according to the RFC.
> The default value is16(Local0). Allowed values: 0 - 23.SysLogLogLevel: The log level to apply. Allowed values:Verbose,Debug,Information,Warning,ErrorFatal
Improved
Support credentials in UPN format.
Improved
Improved upgrading experience by restarting the service after installation automatically.
Improved
Refactored account management caching.
The caching behavior for groups and users can be controlled by the following configuration keys in %ProgramData%\appsettings.json:
UserCachingInSeconds: Specifies how long a cached group/user can be inactive (e.g. not accessed) before it will be removed. This will not extend the lifetime beyond the offset specified in UserCachingInSecondsMax.UserCachingInSecondsMax: Specifies when a group/user will be removed regardless of being accessed.RefreshUserGroupsCronInterval: Specifies the minimum interval between successive scans for expired items as a cron expression.
Configuration Tool
Fixed
Addressed issues when checking for version updates.
Document Store
Fixed
Addressed several issues when saving and merging documents.
NOTE: This fix requires also the latest version of Royal TS/X client.
Fixed
Addressed an issue with MFA configurations for DUO.
Configuration Tool
New
Added a new editor for custom headers under Royal Server > General.
New
Added a new editor for viewing effective user permissions under Permissions which allows to update one or all cached users immediately.
New
Added a new editor for managing Ciphers under Secure Gateway > Gateway Security Configuration.
Secure Gateway
Fixed
Fixed logon issues with credentials in UPN format.
Fixed
Addressed an issue where Secure Gateway prevents the Royal Server Windows Service to be started in a timely manner.
Modules
Fixed
Addressed an issue causing VMware connections to fail.
Royal Server 4.00.60124 2022-01-24
Royal Server
Fixed
Addresses an issue when checking version updates
Improved
Avoid blocking when initializing group memberships on startup
Royal Server 4.00.51223 2021-12-23
Royal Server
Fixed
Addresses performance issues when checking group memberships
Improved
Use LogonType.Network for Worker Account instead of LogonType.Batch
Improved
Minor fixes and improvements
Document Store
New
Allow UPN format for credentials
Configuration Tool
New
Allow configuration of the timeout used for requests issued by the Configuration Tool.
The timeout can be configured in %ProgramData%\RoyalServer\appsettings.json under ConfigurationTool:ClientTimeoutInMs.
The default value is 60000 ms (i.e. 1 min).
Fixed
Fixed saving path in Script Interpreter Path Dialog
Royal Server 4.00.51027 2021-10-27
Royal Server
Fixed
Addressing intermittent File is locked by another process errors
Improved
Added a setting to switch the connection type of the database containing access rights from Direct to Shared via configuration key Database:ConnectionType in %programdata%\RoyalServer\appsettings.json.
Direct mode keeps the connection open, while Shared closes the connection after each operation. Default is Direct.
Improved
Minor fixes and improvements
Document Store
Improved
Improve performance of ACL checks when retrieving eligible documents
Royal Server 4.00.50713 2021-07-13
Royal Server
Improved
Change format for full request/response logging to JSON
Fixed
Address an error when accessing domain users which are deleted or disabled
Configuration Tool
Improved
Royal Server >Service Configuration allow to configure certificates which are not marked as exportable.
Note: Secure Gateway > Gateway Configuration still requires the certificate key to be marked as exportable.
Improved
Include config tool log in exported data under Royal Server > General Configuration > Copy Configuration
Fixed
Address failing MFA user management when full request/response logging is enabled
Fixed
Disable unsupported actions when no entry is selected under Document Store > Multi-Factor Authentication > User Management
Secure Gateway
Fixed
Address an error when accessing domain users which are deleted or disabled
Royal Server 4.00.50630 2021-06-30
Royal Server
Fixed
Apply configured file log separator
Improved
Update Net 5 (5.0.7)
Configuration Tool
Fixed
Apply certificates signed by an external CA
Note: Import certificates to Local Computer > Personal and make sure that they are marked as exportable.
Improved
Add button to open Configuration Tool log file
Improved
Load recent log entries as soon as possible
Improved
Reload config tool log on configuration change
Document Store
Improved
Add logging for group membership resolution
Royal Server 4.00.50620 2021-06-20
Royal Server
Fixed
Automatically convert relative paths starting with a dot (e.g. .\path) to valid absolute paths.
Improved
Logging configuration on startup - include Worker Account and Proxy settings
Configuration Tool
Improved
Various minor changes and improvements (e.g. spelling, sorting, etc.)
Improved
Use default log directory if the log directory is set to nothing by the user
Royal Server 4.00.50617 2021-06-17
Royal Server
Fixed
Fix incorrect version information suffix “beta” in About Dialog and Status Bar
Fixed
Fix automatic V3 to V4 migration of settings from to Windows Registry to %ProgramData%\RoyalServer\appsettings.json
Document Store
Fixed
Fix automatic V3 to V4 database migration
Royal Server 4.00.50610 2021-06-10
Royal Server
New
Royal Server V4 has been ported to a .Net 5.0 self-contained application. The
installation contains all components of the app, including the .NET libraries and target runtime.
Please consult the section V3 to V4 Migration Notes below.
New
Upgraded rights database. An existing V3 database will we migrated to a new database file at
%ProgramData%\RoyalServer\royalserverV4.db.
New
Moved to file based JSON configuration stored in
%ProgramData%\RoyalServer\appsettings.json
New
Royal Server IPAddress defaults to 0.0.0.0
New
SecureGateway.GatewayIPAddress defaults to 0.0.0.0
New
Added optional configuration using environment variables pre-fixed with RS_
New
Added customizable headers with configuration section CustomHeaders in
%ProgramData%\RoyalServer\appsettings.json
New
Support for console logging
Improved
Added configurable rolling file behaviour for file logging with configuration key
FileLogRollingInterval in %ProgramData%\RoyalServer\appsettings.json
Possible Values: Infinite (0), Year (1), Month (2),
Day (3), Hour (4), Minute (5). Default Value:
Day (3)
Improved
Changes in log format
Issue
Dropped support for HTTP only mode to improve security
Configuration Tool
New
Save configuration on pressing CTRL+S
New
Update UI on %ProgramData%\RoyalServer\appsettings.json changes
Improved
Modernized look using a vector graphic skin
Document Store
Improved
Disable all input elements on Document Store Configuration while Document Store is disabled
Improved
DUO dialog improvements
Modules
New
Support ignoring certificate errors when using HTTPS in VMWare module
Improved
Update VMware Tools mapping
Licensing
New
Royal Server V4 does not contain a default license anymore, but we will gladly
extend a trial license if needed. Please request trial versions under https://royalapps.com/trial/.
V3 to V4 Migration Notes
Royal Server V4 has been ported to .Net 5.0 and is now a self-contained application
targeting win10-x64 (Windows 10 / Windows Server 2016). The installation contains all
components of the app, including the .NET libraries and target runtime. The app is isolated from other .NET
apps and doesn’t use a locally installed shared runtime. So you do not have to download and install a
specific .NET framework in addition. For this reason the resulting installer is a larger in size (~140MB).
Configuration
Configuration settings are primarily stored in %ProgramData%\RoyalServer\appsettings.json.
However, there are a couple of settings that can only be managed via the Royal Server V4 Configuration Tool to keep them properly protected:
- Worker Account Settings
- Proxy Settings
- MFADuoSecretKey
- MFADuoIntegrationKey
- MFADuoHost
Apart from that you can either use the Royal Server V4 Configuration Tool, or you can just
modify it in the appsettings.json and then restart the Royal Server Service.
If the appsettings.json file is not present on start-up, it will automatically be generated and
your settings from a previous Royal Server V3 installation will be imported. If no previous
Royal Server V3 installation can be detected, default values will apply.
Furthermore, trace flags have been moved from app.config to
%ProgramData%\RoyalServer\appsettings.json. They values can be configured in the section
TraceFlags.
In addition, we added the possibility to optionally set configuration values using environment variables.
Royal Server V4 environment variables have to be prefixed with RS_ followed by
the corresponding key in the appsettings.json. As for hierarchical keys, the separator is a
double underscore (__).
Examples:
set RS_IPAddress="127.0.0.1"
set RS_Port=8888,
set RS_SecureGateway__GatewayEnabled=false
Database Migration
The underlying database used for storing access rules and multi factor authentication has been upgrade to the
latest version which is not compatible with the old format. The database file from a previous Royal Server V3 installation at %ProgramData%\RoyalServer\royalserver.db will not be touched
but migrated to a new database file at %ProgramData%\RoyalServer\royalserverV4.db. This way you
can switch back to the a previous version.
Custom Header
You can add or disable headers using the section CustomHeaders in
%ProgramData%\RoyalServer\appsettings.json if needed.
Example:
{
"CustomHeaders": [
{
"Name": "X-Frame-Option",
"Value": "SAMEORIGIN",
"Disabled": false
}
]
}
File Logging
The file log provider uses a rolling interval and appends the time period between file name and file
extension. The rolling interval is set using FileLogRollingInterval in
%ProgramData%\RoyalServer\appsettings.json and the default is a Day (3).
Allowed values:
| Name | Value | Description |
|---|---|---|
| Infinite | 0 | The log file will never roll. Appends no time period information. |
| Year | 1 | Roll every year. Appends yyyy. |
| Month | 2 | Roll every calendar month. Appends yyyyMM. |
| Day | 3 | Roll every day. Appends yyyyMMdd. |
| Hour | 4 | Roll every hour. Appends yyyyMMddHH. |
| Minute | 5 | Roll every minute. Appends yyyyMMddHHmm. |
Dropped support for HTTP only
The flag UseSSL has been removed from configuration. Royal Server V4 requires
now a certificate at all times to improve security. Please use the Royal Server V4 Configuration Tool to assign certificates.
Console Logging
For debugging purposes you might want to run ** Royal Server V4** directly with console logging enabled.
To do this, add these logging options in %ProgramData%\RoyalServer\appsettings.json:
{
"LoggingOptions": {
"WriteTo": [
{
"Name": "Console",
"Enrich": [
"WithCategory"
],
"Args": {
"restrictedToMinimumLevel": "Debug",
"outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss.fff} [{Level:u3}] [{Category}] {Message:lj} {Exception}{NewLine}"
}
}
]
}
}
Then stop Royal Server, open a console window, navigate to the server’s installation
directory, and execute RoyalServer.exe.