Royal Server Releases

Royal Server 4.01.60927

2023-09-27

Royal Server

New

Upgraded .NET 6.0 to latest version.

Royal Server 4.01.60622

2023-06-23

Royal Server

New

Updated .Net to version 6.0.411.

Improved

When upgrading the MSI installer will attempt to keep customized service accounts for the Royal Server Windows Service with falling back to .\LocalSystem if this fails.

Royal Server 4.01.60416

2023-04-16

Royal Server

Improved

Updated .Net to version 6.0.408.

Improved

Added additional configuration options for the experimental SysLog logging feature

Configuration is currently only possible via %AppData%\RoyalServer\appsettings.json.

Full list of available configuration keys:

  • SysLogEnabled: Enable or disable the syslog logging.
  • SysLogProtocol: The protocol to use.
    • Allowed values: Udp, Tcp
    • The default value is Udp.
  • SysLogTarget: The hostname or ip of the syslog server.
  • SysLogPort: The port the syslog server is listening on.
  • SysLogFacility: An integer specifying the category of the system generating the log message according to the RFC3164.
    • Allowed values: 0 - 23.
    • The default value is 16 (Local0).
  • SysLogLogLevel: The log level to apply.
    • Allowed values: Verbose, Debug, Information, Warning, Error, Fatal
    • The default value is Information.
  • SysLogFramingType: How to frame i.e. delimit syslog messages on the wire.
    • Allowed values: CRLF, CR, LF, NUL, OCTET_COUNTING
    • The default value is OCTET_COUNTING (as described in RFC5425 and RFC6587).
  • SysLogFormat
    • Allowed values: Local, RFC3164, RFC5424
    • The default value is RFC5424.
  • SysLogSslProtocols: Comma separated list of SSL/TLS protocols used for a secure channel.
  • SysLogIgnoreCertificateErrors: If set to true, all certificate errors will be ignored when using protocol TCP.

Royal Server 4.01.60216

2023-02-16

Royal Server

Improved

Updated .Net to version 6.0.406.

Secure Gateway

Fixed

Addresses issues with interrupted file transfers.

Royal Server 4.01.60113

2023-01-13

Script Module

Fixed

Fixes issues with rendering Ansi sequences in PowerShell scripts

Royal Server 4.01.51214

2022-12-14

Royal Server

Improved

Updated .Net to version 6.0.404.

Fixed

Fixed an issue with Performance Monitoring where Royal Server failed to start because of missing performance counters or access restrictions. This situation is now handled gracefully and warnings will be written to the log on startup.

Royal Server 4.01.51122

2022-11-22

Royal Server

Improved

Updated .Net to version 6.0.403.

Script Module

Fixed

Fixes a security issue with loopback Powershell Connections using the service account instead of the destination credentials.

Note: The user specified in the credential for Powershell Connections targeting localhost must now be in the group Administrators on the Royal Server machine, since non admin users are not allowed in this Powershell remoting scenario. (See also CVE-2019-0543)

Royal Server 4.01.51014

2022-10-14

Royal Server

Improved

Updated .Net to version 6.0.402.

Improved

Optimize memory usage for AD users and groups.

New

Added additional logging for Account Service.

Set TRACEFLAG_IS_MEMBER_OF_DEBUGLOG in %AppData%\RoyalServer\appsettings.json to true to activate.

Royal Server 4.01.50624

2022-06-24

Royal Server

New

Added a new setting to skip automatic setup of firewall rule Royal Server Modules.

Set SkipAddingFirewallRule in %AppData%\RoyalServer\appsettings.json to true to skip.

Configuration Tool

Fixed

Addressed an issue with the Timeout configured under SecureGateway > Gateway Configuration not being honoured.

Secure Gateway

New

Added a new setting to skip automatic setup of firewall rule Royal Server Secure Gateway (SSH tunnel).

Set SecureGateway:SkipAddingFirewallRule in %AppData%\RoyalServer\appsettings.json to true to skip.

Improved

Removed obsolete property SecureGateway:GatewayTimeout from configuration, use SecureGateway:MaxIdleDuration instead.

Royal Server 4.01.50505

2022-05-05

Royal Server

Improved

Add additional checks to determine membership to Royal Server groups.

Configuration Tool

Fixed

Handle possible exceptions when assigning a worker account.

Royal Server 4.01.50427

2022-04-27

Royal Server

Improved

Ensure sufficient permissions for worker account on startup.

Configuration Tool

Improved

Improved error handling and UI messages in Permissions view.

Royal Server 4.01.50421

2022-04-21

Royal Server

New

Upgraded to .Net 6.0 framework.

New

Support credentials which use an alternate UPN-Suffix (e.g. username@upn-suffix) instead of the Computer Domain (e.g. username@computer-domain.com).

New

Installer sets now the Registry Key Value InstallLocation when writing the uninstall information to Windows Registry.

New

Added experimental support for syslog. Configuration is currently only possible via %AppData%\RoyalServer\appsettings.json.

The available configuration keys are:

  • SysLogEnabled: Enable or disable the syslog logger.
  • SysLogProtocol: The protocol to use. Allowed values: Udp, Tcp
  • SysLogTarget: The hostname or ip of the syslog server.
  • SysLogPort: The port the syslog server is listening on.
  • SysLogFacility: An integer specifying the category of the system generating the log message according to the RFC. > The default value is 16 (Local0). Allowed values: 0 - 23.
  • SysLogLogLevel: The log level to apply. Allowed values: Verbose, Debug, Information, Warning, Error Fatal
Improved

Support credentials in UPN format.

Improved

Improved upgrading experience by restarting the service after installation automatically.

Improved

Refactored account management caching.

The caching behavior for groups and users can be controlled by the following configuration keys in %ProgramData%\appsettings.json:

  • UserCachingInSeconds: Specifies how long a cached group/user can be inactive (e.g. not accessed) before it will be removed. This will not extend the lifetime beyond the offset specified in UserCachingInSecondsMax.
  • UserCachingInSecondsMax: Specifies when a group/user will be removed regardless of being accessed.
  • RefreshUserGroupsCronInterval: Specifies the minimum interval between successive scans for expired items as a cron expression. Configuration Tool
Fixed

Addressed issues when checking for version updates.

Document Store

Fixed

Addressed several issues when saving and merging documents.

NOTE: This fix requires also the latest version of Royal TS/X client.

Fixed

Addressed an issue with MFA configurations for DUO.

Configuration Tool

New

Added a new editor for custom headers under Royal Server > General.

New

Added a new editor for viewing effective user permissions under Permissions which allows to update one or all cached users immediately.

New

Added a new editor for managing Ciphers under Secure Gateway > Gateway Security Configuration.

Secure Gateway

Fixed

Fixed logon issues with credentials in UPN format.

Fixed

Addressed an issue where Secure Gateway prevents the Royal Server Windows Service to be started in a timely manner.

Modules

Fixed

Addressed an issue causing VMware connections to fail.

Royal Server 4.00.60124

2022-01-24

Royal Server

Fixed

Addresses an issue when checking version updates

Improved

Avoid blocking when initializing group memberships on startup

Royal Server 4.00.51223

2021-12-23

Royal Server

Fixed

Addresses performance issues when checking group memberships

Improved

Use LogonType.Network for Worker Account instead of LogonType.Batch

Improved

Minor fixes and improvements

Document Store

New

Allow UPN format for credentials

Configuration Tool

New

Allow configuration of the timeout used for requests issued by the Configuration Tool.

The timeout can be configured in %ProgramData%\RoyalServer\appsettings.json under ConfigurationTool:ClientTimeoutInMs. The default value is 60000 ms (i.e. 1 min).

Fixed

Fixed saving path in Script Interpreter Path Dialog

Royal Server 4.00.51027

2021-10-27

Royal Server

Fixed

Addressing intermittent File is locked by another process errors

Improved

Added a setting to switch the connection type of the database containing access rights from Direct to Shared via configuration key Database:ConnectionType in %programdata%\RoyalServer\appsettings.json. Direct mode keeps the connection open, while Shared closes the connection after each operation. Default is Direct.

Improved

Minor fixes and improvements

Document Store

Improved

Improve performance of ACL checks when retrieving eligible documents

Royal Server 4.00.50713

2021-07-13

Royal Server

Improved

Change format for full request/response logging to JSON

Fixed

Address an error when accessing domain users which are deleted or disabled

Configuration Tool

Improved

Royal Server >Service Configuration allow to configure certificates which are not marked as exportable.

Note: Secure Gateway > Gateway Configuration still requires the certificate key to be marked as exportable.

Improved

Include config tool log in exported data under Royal Server > General Configuration > Copy Configuration

Fixed

Address failing MFA user management when full request/response logging is enabled

Fixed

Disable unsupported actions when no entry is selected under Document Store > Multi-Factor Authentication > User Management

Secure Gateway

Fixed

Address an error when accessing domain users which are deleted or disabled

Royal Server 4.00.50630

2021-06-30

Royal Server

Fixed

Apply configured file log separator

Improved

Update Net 5 (5.0.7)

Configuration Tool

Fixed

Apply certificates signed by an external CA

Note: Import certificates to Local Computer > Personal and make sure that they are marked as exportable.

Improved

Add button to open Configuration Tool log file

Improved

Load recent log entries as soon as possible

Improved

Reload config tool log on configuration change

Document Store

Improved

Add logging for group membership resolution

Royal Server 4.00.50620

2021-06-20

Royal Server

Fixed

Automatically convert relative paths starting with a dot (e.g. .\path) to valid absolute paths.

Improved

Logging configuration on startup - include Worker Account and Proxy settings

Configuration Tool

Improved

Various minor changes and improvements (e.g. spelling, sorting, etc.)

Improved

Use default log directory if the log directory is set to nothing by the user

Royal Server 4.00.50617

2021-06-17

Royal Server

Fixed

Fix incorrect version information suffix "beta" in About Dialog and Status Bar

Fixed

Fix automatic V3 to V4 migration of settings from to Windows Registry to %ProgramData%\RoyalServer\appsettings.json

Document Store

Fixed

Fix automatic V3 to V4 database migration

Royal Server 4.00.50610

2021-06-10

Royal Server

New

Royal Server V4 has been ported to a .Net 5.0 self-contained application. The installation contains all components of the app, including the .NET libraries and target runtime. Please consult the section V3 to V4 Migration Notes below.

New

Upgraded rights database. An existing V3 database will we migrated to a new database file at %ProgramData%\RoyalServer\royalserverV4.db.

New

Moved to file based JSON configuration stored in %ProgramData%\RoyalServer\appsettings.json

New

Royal Server IPAddress defaults to 0.0.0.0

New

SecureGateway.GatewayIPAddress defaults to 0.0.0.0

New

Added optional configuration using environment variables pre-fixed with RS_

New

Added customizable headers with configuration section CustomHeaders in %ProgramData%\RoyalServer\appsettings.json

New

Support for console logging

Improved

Added configurable rolling file behaviour for file logging with configuration key FileLogRollingInterval in %ProgramData%\RoyalServer\appsettings.json

Possible Values: Infinite (0), Year (1), Month (2), Day (3), Hour (4), Minute (5). Default Value: Day (3)

Improved

Changes in log format

Issue

Dropped support for HTTP only mode to improve security

Configuration Tool

New

Save configuration on pressing CTRL+S

New

Update UI on %ProgramData%\RoyalServer\appsettings.json changes

Improved

Modernized look using a vector graphic skin

Document Store

Improved

Disable all input elements on Document Store Configuration while Document Store is disabled

Improved

DUO dialog improvements

Modules

New

Support ignoring certificate errors when using HTTPS in VMWare module

Improved

Update VMware Tools mapping

Licensing

New

Royal Server V4 does not contain a default license anymore, but we will gladly extend a trial license if needed. Please request trial versions under https://royalapps.com/trial/.

V3 to V4 Migration Notes

Royal Server V4 has been ported to .Net 5.0 and is now a self-contained application targeting win10-x64 (Windows 10 / Windows Server 2016). The installation contains all components of the app, including the .NET libraries and target runtime. The app is isolated from other .NET apps and doesn't use a locally installed shared runtime. So you do not have to download and install a specific .NET framework in addition. For this reason the resulting installer is a larger in size (~140MB).

Configuration

Configuration settings are primarily stored in %ProgramData%\RoyalServer\appsettings.json.

However, there are a couple of settings that can only be managed via the Royal Server V4 Configuration Tool to keep them properly protected:

  • Worker Account Settings
  • Proxy Settings
  • MFADuoSecretKey
  • MFADuoIntegrationKey
  • MFADuoHost

Apart from that you can either use the Royal Server V4 Configuration Tool, or you can just modify it in the appsettings.json and then restart the Royal Server Service.

If the appsettings.json file is not present on start-up, it will automatically be generated and your settings from a previous Royal Server V3 installation will be imported. If no previous Royal Server V3 installation can be detected, default values will apply.

Furthermore, trace flags have been moved from app.config to %ProgramData%\RoyalServer\appsettings.json. They values can be configured in the section TraceFlags.

In addition, we added the possibility to optionally set configuration values using environment variables. Royal Server V4 environment variables have to be prefixed with RS_ followed by the corresponding key in the appsettings.json. As for hierarchical keys, the separator is a double underscore (__).

Examples:

 set RS_IPAddress="127.0.0.1"
     set RS_Port=8888,
     set RS_SecureGateway__GatewayEnabled=false

Database Migration

The underlying database used for storing access rules and multi factor authentication has been upgrade to the latest version which is not compatible with the old format. The database file from a previous Royal Server V3 installation at %ProgramData%\RoyalServer\royalserver.db will not be touched but migrated to a new database file at %ProgramData%\RoyalServer\royalserverV4.db. This way you can switch back to the a previous version.

Custom Header

You can add or disable headers using the section CustomHeaders in %ProgramData%\RoyalServer\appsettings.json if needed.

Example:

{
      "CustomHeaders": [

        {
            "Name": "X-Frame-Option",
            "Value": "SAMEORIGIN",
            "Disabled": false
        }
      ]
    }

File Logging

The file log provider uses a rolling interval and appends the time period between file name and file extension. The rolling interval is set using FileLogRollingInterval in %ProgramData%\RoyalServer\appsettings.json and the default is a Day (3).

Allowed values:

Name Value Description
Infinite 0 The log file will never roll. Appends no time period information.
Year 1 Roll every year. Appends yyyy.
Month 2 Roll every calendar month. Appends yyyyMM.
Day 3 Roll every day. Appends yyyyMMdd.
Hour 4 Roll every hour. Appends yyyyMMddHH.
Minute 5 Roll every minute. Appends yyyyMMddHHmm.

Dropped support for HTTP only

The flag UseSSL has been removed from configuration. Royal Server V4 requires now a certificate at all times to improve security. Please use the Royal Server V4 Configuration Tool to assign certificates.

Console Logging

For debugging purposes you might want to run ** Royal Server V4** directly with console logging enabled.

To do this, add these logging options in %ProgramData%\RoyalServer\appsettings.json:

{
        "LoggingOptions": {
            "WriteTo": [
                {
                    "Name": "Console",
                    "Enrich": [
                        "WithCategory"
                    ],
                    "Args": {
                        "restrictedToMinimumLevel": "Debug",
                        "outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss.fff} [{Level:u3}] [{Category}] {Message:lj} {Exception}{NewLine}"
                    }
                }
            ]
        }
    }

Then stop Royal Server, open a console window, navigate to the server's installation directory, and execute RoyalServer.exe.