Introduction
- This document is created based on the features of akaBot Platform v2.0.5.5 + and akaBot Center v2.0.4.0 +.
- If you are using the lower platform version, please switch to the relevant page to view the docs for that particular version.
Setup
1. Windows Group Policy (gpedit.msc)
- Group Policy is a Windows feature that contains a variety of advanced settings, particularly for network administrators. However, local Group Policy can also be used to adjust settings on a single computer.
- It’s only available on Windows Professional, Enterprise, and Server.
- Must be "Run with administrator"
Allow service to simulate the Secure Attention Sequence (SAS).
Step 1 - Open Start Menu > type Group Policy or gpedit.msc
Step 2 - Navigate to: Computer Configuration > Administrative Templates > Windows Components > Windows Logon Options => Disable or enable software Secure Attention Sequence = Services or Services and Ease of Access applications.
Remote Desktop Services must limit users to one remote session
Step 1 - Open Start Menu > type Group Policy or gpedit.msc
Step 2 - Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections => Restrict Remote Desktop Services users to a single Remote Desktop Services Session = Not Configured or Enabled
Disable Network Level Authentication
Step 1 - Open Start Menu > type This PC > Properties > Remote settings
Step 2 - In Remote Desktop group: (2 options)
- Check option: “Allow remote connections to this computer”
- Uncheck option: “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”
Allow RDP client to use saved password upon connection
Step 1 - Open Start Menu > type Group Policy or gpedit.msc
Step 2 - Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security => Always prompt for password upon connection = Not Configured or Enabled
2. Registry Keys
Registry key | Type | Name | Value |
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\FPT Software\akaBot Platform | ServicePipeName CredentialProviderFilters MaxClients | REG_SZ REG_SZ REG_DWORD | akaBotCredPipe (any) 0x00000019 |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Authentication\ Credential Providers{4f22cdbe-4949-4567-9941-1aaa46c6b7bd} | (Default) | REG_SZ | akaBotCredentialProvider |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Authentication\ Credential Provider Filters{4f22cdbe-4949-4567-9941-1aaa46c6b7bd} | (Default) | REG_SZ | akaBotCredentialProvider |
HKEY_CLASSES_ROOT\CLSID{4f22cdbe-4949-4567-9941-1aaa46c6b7bd} | (Default) | REG_SZ | akaBotCredentialProvider |
HKEY_CLASSES_ROOT\CLSID{4f22cdbe-4949-4567-9941-1aaa46c6b7bd}\InprocServer32 | (Default) ThreadingModel | REG_SZ REG_SZ | akaBotCredentialProvider Apartment |
HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services | fPromptForPassword | REG_DWORD | 0 (or not exist) |
Files
Make sure the following files are in the right directory.
File name | Target directory | Version |
---|---|---|
akaBotCredentialProvider.dll | C:\Windows\System32\ | Must be equal to akaBot installer version |
Logs
Check the following log files.
File name | Target directory | Descriptions |
---|---|---|
msiexec.log | C:\ProgramData\akaBot\Logs\ | No error relates to Auto-logon |
BotService.log | C:\ProgramData\akaBot\Logs\ | No error relates to Auto-logon |
AutoLogonChecker.log | C:\ProgramData\akaBot\Logs\ | No error relates to Auto-logon |
BotService.log | C:\ProgramData\akaBot\Logs\ | No error relates to Auto-logon |
Configuration
- The two types of configurations (Unattended Agents): Console & RDP. Each type is suited for a different configuration system
CONSOLE
- To use this configuration, the computer running the agent must be the physical one. At that time, there will be always a process called "LogonUI.exe" (Microsoft logon interface) running to ensure that the logon screen appears when the computer restart or locks.
- When there's a request to run a task from Center, akaBot Service will send an unlock request to the LogonUI.exe process to enter the username, and password.
RDP (High-Density Agents)
- For this configuration, it can be used: the physical one and "virtual machine".
- When there's a request to run a task from the Center, Agent will use the RDP client to initiate a new session to serve that user.
- If the screen displays alerts,... which required to press OK button to enter the login screen, kindly type in Others section => /kb:{Enter}.
- If it takes longer than usual to initiate a remote session on the agent machine, please configure the timeout (second) => /unlock-timeout-sec:45 . Default : 30s
- If the unlock fails occasionally, please increase the number of retries to reduce the error rate => /unlock-retries:3. Default : 2 (times)
Capability Matrix
The following table provides the capability matrix of the Auto Logon feature under various OS and scenarios. Results are based on testing done on akaBot v2.0.5.5.
Troubleshooting
Wrong username or password
- If you provide the incorrect username or password, the task will be faulted with the error message that is similar to “Username or password not match”.
- Root cause: Upgrade to the new version of the platform and the installer cannot replace the file "C:\Windows\System32\akaBotCredentialProvider.dll", also LogonUI.exe process is being used by another user.
=> The most common case: Upgrade platform on Windows Server
Solution: Kindly close all the applications and restart Windows. Once the system is rebooted, the console screen of akaBot will appear and notify us about replacing akaBotCredentialProvider.dll file and disabling the auto-logon feature.
- After that, please double click on Agent to open > click Disconnect > Connect > Agent will automatically enable auto logon function
- We can check the auto-logon status by running the command line: AutoLogonChecker.exe status
- If it has not been enabled yet, please run this command line: AutoLogonChecker.exe enable
Auto-logon module is enabled but still unlocks failed
Solution: Please be ensure that you install VC++ Redist x64/x86 v14.16.27029
Multiple sessions of the same user
- akaBot platform only supports 1 session of 1 user at a point.
- Therefore, if there is more than one user session at a time, akaBot service mistakenly identifies that user's state as locked or active.
Solution: To allow 1 session for 1 user, please follow the configuration:
Step 1 - Open Start Menu > type Group Policy or gpedit.msc
Step 2 - Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host> Connections => Restrict Remote Desktop Services users to a single Remote Desktop Services Session = Not Configured or Enabled
Unlock fails because of legal disclaimer enabled
Solution: Please follow these steps:
Step 1 - Switch to RDP mode
Step 2 - Add parameter to Center > Agent > Agent Settings > Others: /kb:{Enter}
After that, the RDP client will automatically send Enter button to enter the login screen and execute unlock Windows.
Unlock failed with error code 8455
This is an error code returned by Remote Desktop Session Host module of Windows.
- Root cause: Windows Policy does not allow us to use of username and password that previously existed, must enter dialog box credentials during initiating the remote desktop connection.
=> Auto logon failed as the image below
Solution: Please follow these steps below:
Step 1 - Open Start Menu > type Group Policy or gpedit.msc
Step 2 - Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security => Always prompt for password upon connection = Not Configured or Enabled