Royal Server Releases
Royal Server 4.01.60927
2023-09-27
Royal Server
Upgraded .NET 6.0 to latest version.
Royal Server 4.01.60622
2023-06-23
Royal Server
Updated .Net to version 6.0.411.
When upgrading the MSI installer will attempt to keep customized service accounts for the Royal Server Windows Service
with falling back to .\LocalSystem
if this fails.
Royal Server 4.01.60416
2023-04-16
Royal Server
Updated .Net to version 6.0.408.
Added additional configuration options for the experimental SysLog
logging feature
Configuration is currently only possible via %AppData%\RoyalServer\appsettings.json
.
Full list of available configuration keys:
SysLogEnabled
: Enable or disable the syslog logging.SysLogProtocol
: The protocol to use.- Allowed values:
Udp
,Tcp
- The default value is
Udp
.
- Allowed values:
SysLogTarget
: The hostname or ip of the syslog server.SysLogPort
: The port the syslog server is listening on.SysLogFacility
: An integer specifying the category of the system generating the log message according to the RFC3164.- Allowed values: 0 - 23.
- The default value is 16 (
Local0
).
SysLogLogLevel
: The log level to apply.- Allowed values:
Verbose
,Debug
,Information
,Warning
,Error
,Fatal
- The default value is
Information
.
- Allowed values:
SysLogFramingType
: How to frame i.e. delimit syslog messages on the wire.- Allowed values:
CRLF
,CR
,LF
,NUL
,OCTET_COUNTING
- The default value is
OCTET_COUNTING
(as described in RFC5425 and RFC6587).
- Allowed values:
SysLogFormat
- Allowed values:
Local
,RFC3164
,RFC5424
- The default value is
RFC5424
.
- Allowed values:
SysLogSslProtocols
: Comma separated list of SSL/TLS protocols used for a secure channel.- Allowed values: see System.Security.Authentication.SslProtocols
- Default value is
Tls12
.
- SysLogIgnoreCertificateErrors: If set to
true
, all certificate errors will be ignored when using protocolTCP
.
Royal Server 4.01.60216
2023-02-16
Royal Server
Updated .Net to version 6.0.406.
Secure Gateway
Addresses issues with interrupted file transfers.
Royal Server 4.01.60113
2023-01-13
Script Module
Fixes issues with rendering Ansi sequences in PowerShell scripts
Royal Server 4.01.51214
2022-12-14
Royal Server
Updated .Net to version 6.0.404.
Fixed an issue with Performance Monitoring where Royal Server failed to start because of missing performance counters or access restrictions. This situation is now handled gracefully and warnings will be written to the log on startup.
Royal Server 4.01.51122
2022-11-22
Royal Server
Updated .Net to version 6.0.403.
Script Module
Fixes a security issue with loopback Powershell Connections using the service account instead of the destination credentials.
Note: The user specified in the credential for Powershell Connections targeting localhost
must now be in the group Administrators
on the Royal Server machine,
since non admin users are not allowed in this Powershell remoting scenario. (See also CVE-2019-0543)
Royal Server 4.01.51014
2022-10-14
Royal Server
Updated .Net to version 6.0.402.
Optimize memory usage for AD users and groups.
Added additional logging for Account Service.
Set TRACEFLAG_IS_MEMBER_OF_DEBUGLOG
in %AppData%\RoyalServer\appsettings.json
to true
to activate.
Royal Server 4.01.50624
2022-06-24
Royal Server
Added a new setting to skip automatic setup of firewall rule Royal Server Modules
.
Set SkipAddingFirewallRule
in %AppData%\RoyalServer\appsettings.json
to true
to skip.
Configuration Tool
Addressed an issue with the Timeout
configured under SecureGateway
> Gateway Configuration
not being honoured.
Secure Gateway
Added a new setting to skip automatic setup of firewall rule Royal Server Secure Gateway (SSH tunnel)
.
Set SecureGateway:SkipAddingFirewallRule
in %AppData%\RoyalServer\appsettings.json
to true
to skip.
Removed obsolete property SecureGateway:GatewayTimeout
from configuration, use SecureGateway:MaxIdleDuration
instead.
Royal Server 4.01.50505
2022-05-05
Royal Server
Add additional checks to determine membership to Royal Server groups.
Configuration Tool
Handle possible exceptions when assigning a worker account.
Royal Server 4.01.50427
2022-04-27
Royal Server
Ensure sufficient permissions for worker account on startup.
Configuration Tool
Improved error handling and UI messages in Permissions
view.
Royal Server 4.01.50421
2022-04-21
Royal Server
Upgraded to .Net 6.0 framework.
Support credentials which use an alternate UPN-Suffix (e.g. username@upn-suffix) instead of the Computer Domain (e.g. [email protected]).
Installer sets now the Registry Key Value InstallLocation
when writing the uninstall information to Windows Registry.
Added experimental support for syslog
.
Configuration is currently only possible via %AppData%\RoyalServer\appsettings.json
.
The available configuration keys are:
SysLogEnabled
: Enable or disable thesyslog
logger.SysLogProtocol
: The protocol to use. Allowed values:Udp
,Tcp
SysLogTarget
: The hostname or ip of thesyslog
server.SysLogPort
: The port thesyslog
server is listening on.SysLogFacility
: An integer specifying the category of the system generating the log message according to the RFC. > The default value is16
(Local0). Allowed values: 0 - 23.SysLogLogLevel
: The log level to apply. Allowed values:Verbose
,Debug
,Information
,Warning
,Error
Fatal
Support credentials in UPN format.
Improved upgrading experience by restarting the service after installation automatically.
Refactored account management caching.
The caching behavior for groups and users can be controlled by the following configuration keys in %ProgramData%\appsettings.json
:
UserCachingInSeconds
: Specifies how long a cached group/user can be inactive (e.g. not accessed) before it will be removed. This will not extend the lifetime beyond the offset specified in UserCachingInSecondsMax.UserCachingInSecondsMax
: Specifies when a group/user will be removed regardless of being accessed.RefreshUserGroupsCronInterval
: Specifies the minimum interval between successive scans for expired items as a cron expression. Configuration Tool
Addressed issues when checking for version updates.
Document Store
Addressed several issues when saving and merging documents.
NOTE: This fix requires also the latest version of Royal TS/X client.
Addressed an issue with MFA configurations for DUO.
Configuration Tool
Added a new editor for custom headers under Royal Server
> General
.
Added a new editor for viewing effective user permissions under Permissions
which allows to update one or all cached users immediately.
Added a new editor for managing Ciphers under Secure Gateway
> Gateway Security Configuration
.
Secure Gateway
Fixed logon issues with credentials in UPN format.
Addressed an issue where Secure Gateway
prevents the Royal Server Windows Service
to be started in a timely manner.
Modules
Addressed an issue causing VMware connections to fail.
Royal Server 4.00.60124
2022-01-24
Royal Server
Addresses an issue when checking version updates
Avoid blocking when initializing group memberships on startup
Royal Server 4.00.51223
2021-12-23
Royal Server
Addresses performance issues when checking group memberships
Use LogonType.Network
for Worker Account instead of LogonType.Batch
Minor fixes and improvements
Document Store
Allow UPN format for credentials
Configuration Tool
Allow configuration of the timeout used for requests issued by the Configuration Tool.
The timeout can be configured in %ProgramData%\RoyalServer\appsettings.json
under ConfigurationTool:ClientTimeoutInMs
.
The default value is 60000 ms (i.e. 1 min).
Fixed saving path in Script Interpreter Path Dialog
Royal Server 4.00.51027
2021-10-27
Royal Server
Addressing intermittent File is locked by another process
errors
Added a setting to switch the connection type of the database containing access rights from Direct
to Shared
via configuration key Database:ConnectionType
in %programdata%\RoyalServer\appsettings.json
.
Direct
mode keeps the connection open, while Shared
closes the connection after each operation. Default is Direct
.
Minor fixes and improvements
Document Store
Improve performance of ACL checks when retrieving eligible documents
Royal Server 4.00.50713
2021-07-13
Royal Server
Change format for full request/response logging to JSON
Address an error when accessing domain users which are deleted or disabled
Configuration Tool
Royal Server
>Service Configuration
allow to configure certificates which are not marked as exportable.
Note: Secure Gateway
> Gateway Configuration
still requires the certificate key to be marked as exportable.
Include config tool log in exported data under Royal Server
> General Configuration
> Copy Configuration
Address failing MFA user management when full request/response logging is enabled
Disable unsupported actions when no entry is selected under Document Store
> Multi-Factor Authentication
> User Management
Secure Gateway
Address an error when accessing domain users which are deleted or disabled
Royal Server 4.00.50630
2021-06-30
Royal Server
Apply configured file log separator
Update Net 5 (5.0.7)
Configuration Tool
Apply certificates signed by an external CA
Note: Import certificates to Local Computer
> Personal
and make sure that they are marked as exportable.
Add button to open Configuration Tool log file
Load recent log entries as soon as possible
Reload config tool log on configuration change
Document Store
Add logging for group membership resolution
Royal Server 4.00.50620
2021-06-20
Royal Server
Automatically convert relative paths starting with a dot (e.g. .\path
) to valid absolute paths.
Logging configuration on startup - include Worker Account and Proxy settings
Configuration Tool
Various minor changes and improvements (e.g. spelling, sorting, etc.)
Use default log directory if the log directory is set to nothing by the user
Royal Server 4.00.50617
2021-06-17
Royal Server
Fix incorrect version information suffix "beta" in About Dialog and Status Bar
Fix automatic V3 to V4 migration of settings from to Windows Registry to %ProgramData%\RoyalServer\appsettings.json
Document Store
Fix automatic V3 to V4 database migration
Royal Server 4.00.50610
2021-06-10
Royal Server
Royal Server V4 has been ported to a .Net 5.0 self-contained application. The installation contains all components of the app, including the .NET libraries and target runtime. Please consult the section V3 to V4 Migration Notes below.
Upgraded rights database. An existing V3 database will we migrated to a new database file at
%ProgramData%\RoyalServer\royalserverV4.db
.
Moved to file based JSON configuration stored in
%ProgramData%\RoyalServer\appsettings.json
Royal Server IPAddress
defaults to 0.0.0.0
SecureGateway.GatewayIPAddress
defaults to 0.0.0.0
Added optional configuration using environment variables pre-fixed with RS_
Added customizable headers with configuration section CustomHeaders
in
%ProgramData%\RoyalServer\appsettings.json
Support for console logging
Added configurable rolling file behaviour for file logging with configuration key
FileLogRollingInterval
in %ProgramData%\RoyalServer\appsettings.json
Possible Values: Infinite
(0), Year
(1), Month
(2),
Day
(3), Hour
(4), Minute
(5). Default Value:
Day
(3)
Changes in log format
Dropped support for HTTP only mode to improve security
Configuration Tool
Save configuration on pressing CTRL+S
Update UI on %ProgramData%\RoyalServer\appsettings.json
changes
Modernized look using a vector graphic skin
Document Store
Disable all input elements on Document Store Configuration while Document Store is disabled
DUO dialog improvements
Modules
Support ignoring certificate errors when using HTTPS in VMWare
module
Update VMware Tools mapping
Licensing
Royal Server V4 does not contain a default license anymore, but we will gladly extend a trial license if needed. Please request trial versions under https://royalapps.com/trial/.
V3 to V4 Migration Notes
Royal Server V4 has been ported to .Net 5.0 and is now a self-contained application
targeting win10-x64
(Windows 10 / Windows Server 2016). The installation contains all
components of the app, including the .NET libraries and target runtime. The app is isolated from other .NET
apps and doesn't use a locally installed shared runtime. So you do not have to download and install a
specific .NET framework in addition. For this reason the resulting installer is a larger in size (~140MB).
Configuration
Configuration settings are primarily stored in %ProgramData%\RoyalServer\appsettings.json
.
However, there are a couple of settings that can only be managed via the Royal Server V4 Configuration Tool to keep them properly protected:
- Worker Account Settings
- Proxy Settings
- MFADuoSecretKey
- MFADuoIntegrationKey
- MFADuoHost
Apart from that you can either use the Royal Server V4 Configuration Tool, or you can just
modify it in the appsettings.json
and then restart the Royal Server Service.
If the appsettings.json
file is not present on start-up, it will automatically be generated and
your settings from a previous Royal Server V3 installation will be imported. If no previous
Royal Server V3 installation can be detected, default values will apply.
Furthermore, trace flags have been moved from app.config
to
%ProgramData%\RoyalServer\appsettings.json
. They values can be configured in the section
TraceFlags
.
In addition, we added the possibility to optionally set configuration values using environment variables.
Royal Server V4 environment variables have to be prefixed with RS_
followed by
the corresponding key in the appsettings.json
. As for hierarchical keys, the separator is a
double underscore (__).
Examples:
set RS_IPAddress="127.0.0.1"
set RS_Port=8888,
set RS_SecureGateway__GatewayEnabled=false
Database Migration
The underlying database used for storing access rules and multi factor authentication has been upgrade to the
latest version which is not compatible with the old format. The database file from a previous Royal
Server V3 installation at %ProgramData%\RoyalServer\royalserver.db
will not be touched
but migrated to a new database file at %ProgramData%\RoyalServer\royalserverV4.db
. This way you
can switch back to the a previous version.
Custom Header
You can add or disable headers using the section CustomHeaders
in
%ProgramData%\RoyalServer\appsettings.json
if needed.
Example:
{
"CustomHeaders": [
{
"Name": "X-Frame-Option",
"Value": "SAMEORIGIN",
"Disabled": false
}
]
}
File Logging
The file log provider uses a rolling interval and appends the time period between file name and file
extension. The rolling interval is set using FileLogRollingInterval
in
%ProgramData%\RoyalServer\appsettings.json
and the default is a Day
(3).
Allowed values:
Name | Value | Description |
---|---|---|
Infinite | 0 | The log file will never roll. Appends no time period information. |
Year | 1 | Roll every year. Appends yyyy . |
Month | 2 | Roll every calendar month. Appends yyyyMM . |
Day | 3 | Roll every day. Appends yyyyMMdd . |
Hour | 4 | Roll every hour. Appends yyyyMMddHH . |
Minute | 5 | Roll every minute. Appends yyyyMMddHHmm . |
Dropped support for HTTP only
The flag UseSSL
has been removed from configuration. Royal Server V4 requires
now a certificate at all times to improve security. Please use the Royal Server V4 Configuration
Tool to assign certificates.
Console Logging
For debugging purposes you might want to run ** Royal Server V4** directly with console logging enabled.
To do this, add these logging options in %ProgramData%\RoyalServer\appsettings.json
:
{
"LoggingOptions": {
"WriteTo": [
{
"Name": "Console",
"Enrich": [
"WithCategory"
],
"Args": {
"restrictedToMinimumLevel": "Debug",
"outputTemplate": "{Timestamp:yyyy-MM-dd HH:mm:ss.fff} [{Level:u3}] [{Category}] {Message:lj} {Exception}{NewLine}"
}
}
]
}
}
Then stop Royal Server, open a console window, navigate to the server's installation
directory, and execute RoyalServer.exe
.