KeeFox does not work

[opd]

After today's update keepass not working. Xubuntu 13.04, KeePass 2.24, Firefox 27.0.1

[luckyrat]

Which troubleshooting steps have you tried? What are the symptoms?

KeeFox does work on the platform you've listed so you'll need to provide more information if you want some help working out what's different about your system.

[tbs]

Same problem here, Firefox Nighly + Windows 8 + keepass portable. Checked everything, nothing wrong.

Something is wrong with this version 1.3.1 released yesterday.

It shows the bar all the time.... "Yo are not logged in to your passwords database"

[linum]

Same here. OS ist Windows 7 Home 64bit (with current updates as of 2014-03-23). Firefox ist version 28, KeePass ist 2.25 and KeeFox is 1.3.1. I tried to remove the KeeFox Firefox Addon several time including removing all configuration from "about:config". Also disabled the Windows Firewall to make sure that there's nothing "broken" there. So regardless what I tried the two "one time passwords" dialogs are new appear. And KeeFox insists that I'm not logged in to a keepass Datebase.

If you need more information just leave a message what is needed.

[luckyrat]

So regardless what I tried the two "one time passwords" dialogs are new appear

@linum, please can you clarify this? Do you type the one-time password into the Firefox dialog as mentioned on https://github.com/luckyrat/KeeFox/wiki/en-|-Upgrading-from-KeeFox-1.2

It would be useful to see some logs from all of you (there's no guarantee that the problem is the same for everyone). See this page for information about enabling logging and where to find the output: https://github.com/luckyrat/KeeFox/wiki/en-|-Options-|-Logging

[linum]

I cant get any Dialog to ask for a password. Logs will be created and attached later.

On 23. März 2014 14:46:50 MEZ, luckyrat notifications@github.com wrote:

So regardless what I tried the two "one time passwords" dialogs are new appear

@linum, please can you clarify this? Do you type the one-time password into the Firefox dialog as mentioned on https://github.com/luckyrat/KeeFox/wiki/en-|-Upgrading-from-KeeFox-1.2

It would be useful to see some logs from all of you (there's no guarantee that the problem is the same for everyone). See this page for information about enabling logging and where to find the output: https://github.com/luckyrat/KeeFox/wiki/en-|-Options-|-Logging

---

Reply to this email directly or view it on GitHub: https://github.com/luckyrat/KeeFox/issues/253#issuecomment-38382860

http://www.linum.com mailto:Claas.Hilbrecht@linum.com Linum Software GmbH, Langer Wall 5, 37574 Einbeck, Germany Tel: +49-5561-926730 Fax: +49-5561-926750 Handelsregister Amtsgericht Göttingen HRB 131128 Geschäftsführer Claas-Jörg Hilbrecht

[tbs]

Here is a log http://pastebin.com/pL9pcpMb I just enabled it in options, then opened a single website to test. If you need a more extended one or any other info let me know.

[luckyrat]

@tbs, "DEBUG: Websocket connection error" indicates that KeeFox was unable to connect to the KeePassRPC server, despite the earlier "HTTP checks" determining that the KeePassRPC server is functioning correctly.

Normally that situation would result in a message being displayed that indicates that a firewall or other security software is interfering with KeeFox communication but this case is a little different because the connection to the "old KeePassRPC connection" fails in an unusual way (with a log entry: "ERROR: Transport invalid!").

Can you confirm that you have only one instance of KeePass running on your computer (including other logged on users)?

And also that the version of the KeePassRPC plugin listed in KeePass / Tools / Plugins is 1.3.1?

I suppose that running on Nightly, there might have been a breaking change that coincided with this KeeFox update so if you have a more stable Firefox build available for testing on your system that would also be a useful test.

Thanks for the help diagnosing this problem.

[tbs]

oh, KeePassRPC version is 1.2.7.0, how can I update it?

[dlech]

KeePassRPC version is 1.2.7.0, how can I update it?

You can find the KeePassRPC.plgx file in the KeeFox extension folder.

C:\Users\<user name>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile folder>\extensions\keefox@chris.tomlinson\deps\

Copy this file and replace the existing KeePassRPC.plgx file in your KeePass folder. Probably here:

C:\Program Files (x86)\KeePass Password Safe 2\plugins\

[dlech]

Also, restart KeePass if it was running.

[luckyrat]

Please try the instructions under the "KeeFox is not installed" section of the troubleshooting guide: https://github.com/luckyrat/KeeFox/wiki/en-%7C-Troubleshooting#keefox-toolbar-button-says-install-keefox

It looks like there may be an issue with detecting the old version of KeePassRPC in some cases. Maybe some particular 3rd party software is causing an issue with only that part of the upgrade process.

[luckyrat]

@dlech has essentially given you the manual instructions to follow if the quick setup page described in the link I posted does not work for you. Either approach will work!

[tbs]

Strange, updated the RPC plugin, still not working (same top bar).

Also tested on Firefox release 28 fresh profile, same problem.

I don't use firewall.

[Devices]

It is not working for me either. I have the latest KeePassRPC in keepass (1.3.1.0) and the same version as addon, but it says the TCP port is being blocked (which it isn't)

Oh and I'm running firefox stable (28.0) and only one instance of keepass.

[linum]

As requested I've created a logfile (with severity debug). But these time on Windows 8.1 Pro 64bit with a logged in domain account and FireFox 28. You will find the log at http://pastebin.com/fepyk99P But regardless what I do I never seen the new password dialogs.

What I've tried/done:

a) The KeePassRPC.plgx file was different after automatic installation but before the log was create I copied the 1.3.1 version from my AppData\Roamin\Mozilla... folder to C:\Program Files (x86)... And I make sure I restart keepass and firefox. And I only have these two copies of the KeePassRPC.plgx file on my disk.

b) I followed https://github.com/luckyrat/KeeFox/wiki/en-|-Troubleshooting#keefox-toolbar-button-says-install-keefox

c) The Windows firewall prompted me about the new TCP Port and I allowed access for any network profile (domain, home, private).

Is there anything I can do to create a more specific rpc debug logfile?

[luckyrat]

From your log it appears that the Firewall is not blocking connections to KeePass but the attempt to open a web socket is failing for some reason (unfortunately, the web socket specification prevents us from finding clues about why it failed).

The situation sounds similar to ones where people have had 3rd party software interfering with network communication. The two most notable so far are the "RequestPolicy" addon and the "AdMuncher" system-wide advert blocker but no doubt there are more problem applications out there waiting to be found.

It's possible to create a log file from KeePassRPC but I would look for interfering 3rd party applications or plugins first.

[tbs]

Two observations:

1) when I click in "Load my passwords database (Launch KeePass)" all tray menu item get disabled. 2) Checking KeePassRPC (KeeFox) plugin options, the Authorized clients tab is blank. Check attached screenshot. How to fix that?

[luckyrat]

1) I suspect this is bug #254 which we have a fix ready for the next release. I'll double check that the master key dialog also behaves properly once I've got a chance to test the bug fix.

2) The authorised clients get added once you confirm the connection by typing in the password as per https://github.com/luckyrat/KeeFox/wiki/en-%7C-Upgrading-from-KeeFox-1.2 but it sounds like those dialogs are never appearing for you.

The most likely cause of the problem is a 3rd party application or add-on blocking the communication between KeeFox and KeePass (it could be an application that didn't affect KeeFox 1.2). Can you try temporarily disabling all other Firefox addons and system-level security monitors, ad blockers, etc.?

[tbs]

No firewall/antivirus/addons/adblocker/etc, nothing. Just Firefox release fresh profile.

I installed the previous version 1.2.7, everything is working as expected. I'll keep that until the fix is out.

https://addons.mozilla.org/en-US/firefox/addon/keefox/versions/?page=1#version-1.2.7

[linum]

I've only Ghostery and KeeFox installed and tried the same after disabling Ghostery without sucess. I have no third party adware blocker, no extra firewall (only builtin windows firewall), no extra virus scanner (only the builtin windows 8.1 stuff). So I would like to try to start KeePassRPC with the debug log turned on. But where should I configure the "--KeeRPCDebug=" option? I can't find any place where it could "fit".

And to your question number 2 about the dialog. As I said before I never see the "authorize client" dialog that expects the password.

[luckyrat]

The KPRPCDebug option and the other debug options listed above it need to be entered on the command line when you start KeePass. There is no option within KeeFox to control these settings so just close down KeePass, open a command prompt, "cd" to the folder where you have installed KeePass and then run KeePass.exe with the extra options listed afterwards.

[linum]

Sorry to be so stupid ... But here's the log:

Logger initialised. Client managers started. RPC service started. Starting KPRPCServer Matching certificates from store: 1 Server certificate has private key? True Started KPRPCServer RPC server started. KPRPC startup succeeded. Error while listening for new connections: System.Net.Sockets.SocketException (0x80004005): Ein Blockierungsvorgang wurde durch einen Aufruf von WSACancelBlockingCall unterbrochen bei System.Net.Sockets.Socket.Accept() bei System.Net.Sockets.TcpListener.AcceptTcpClient() bei KeePassRPC.KeePassRPCServer.ListenForClients() Cert store closed

[hillbicks]

Same problem here and same error message as linum. This is on a Windows 7 32bit machine. On my arch 64bit installation the upgrade works just fine and in addition to that the plugin compiles automatically with mono3. Just fyi.

[strasharo]

Same here, Windows 7 Enterprise, 64 bit:

Logger initialised. Client managers started. RPC service started. Starting KPRPCServer Matching certificates from store: 1 Server certificate has private key? True Started KPRPCServer RPC server started. KPRPC startup succeeded. Error while listening for new connections: System.Net.Sockets.SocketException (0x80004005): A blocking operation was interrupted by a call to WSACancelBlockingCall at System.Net.Sockets.Socket.Accept() at System.Net.Sockets.TcpListener.AcceptTcpClient() at KeePassRPC.KeePassRPCServer.ListenForClients() Cert store closed

C:>netstat -ano | findstr 11124 TCP 0.0.0.0:12546 0.0.0.0:0 LISTENING 11124 TCP 127.0.0.1:12536 0.0.0.0:0 LISTENING 11124

C:>

Looks like it's listening.

Tue Mar 25 2014 13:25:28 GMT+0200 (FLE Standard Time):ERROR: No notification box available: TypeError: can't access dead object Tue Mar 25 2014 13:25:47 GMT+0200 (FLE Standard Time):Logging system initialised at Tue Mar 25 2014 13:25:47 GMT+0200 (FLE Standard Time)

The authorization dialog never appears. I have another instance running on Fedora 20 x64, which was updated without any issues, so I think that this is something Windows-specific.

[luckyrat]

@Devices Please can you provide more information about what says the TCP port is blocked and what you've done to verify that the error message is inaccurate in your case?

[luckyrat]

Can you all please double check that you have only one version of the plgx file in your KeePass program folder and subfolders. Renaming the old version or moving it into a backup folder could cause KeePass to load the wrong (or multiple) versions of the plugin. (On a side note, I really should add a version output in that KPRPC debug log!)

The error message about WSACancelBlockingCall is expected - it usually happens when KeePass is closing down (just milliseconds before the "Cert store closed" message appears). Additionally, it is part of the legacy connection system for KeeFox 1.2 so if it were an accurate error message it should have no impact on the ability for KeeFox 1.3 to connect.

Please can you try opening this test web page when KeePass is running and you've verified that the version 1.3.1 of KeePassRPC is listed in the tools / plugins dialog box:

http://jsfiddle.net/awDLc/125/

That will attempt to connect from your local Firefox to the KeePassRPC server. You can click the run button towards the top left of the page if you need to run it more than once.

If it works then in the bottom right panel you'll see a message like: "Keefox returned a json object (this is good)".

Please let me know how you get on.

[tbs]

ok luckyrat I finally found the culprit on my end. I had a bad 127.0.0.1 entry on hosts file. v1.3.1 is working like a charm now, butttttttttttt I have Ad Muncher (never said that because I was testing with it closed), and yes, it is blocking for some reason. I'm unable to find a solution. I'l stick with v1.2.7, curiously it works fine with AM enabled. If you have a workaround let us know, because AM dev is lazy as .... don't expect a fix from their side in next 50 years.

[Devices]

@luckyrat I already found the culprit, I think. I have the addon 'requestpolicy' installed. I am going to include the next stuff just in case it's useful. I made sure by checking for the firewall rule and seeing it allow the connection.

"Keefox / Keepass WebSocket Test CONNECTED SENT: Testing Connection to Keefox... NOTE: If the websocket is listening on the keefox side, we should see an error like: {"protocol":"error","srp":{"securityLevel":0},"version":.... RESPONSE: {"protocol":"error","srp":{"securityLevel":0},"version":66305,"error":{"code":"INVALID_MESSAGE","messageParams":["Contents can't be interpreted as an SRPEncapsulatedMessage"]}} Keefox returned a json object (this is good) We got a JSON Object back from KeepassRPC: 66305 DISCONNECTED" This is the output from the jsfiddle thing.

http://pastebin.com/jhVsx9h3 Here's the logfile from keefox. There's no second plugin file in any folder.

[hillbicks]

Solved also! It was either the use of foxyproxy or requestpolicy. When I visited jsfiddle I suddenly got the popup and it seems to be working. Thanks for your help luckyrat!

[strasharo]

Same here, FoxyProxy was trying to proxify the connections to localhost, so I mad a few exceptions in order to avoid it. Thanks luckyrat! :)

[luckyrat]

@tbs: makes sense, if localhost is not configured correctly I'd expect problems to occur.

Unfortunately, Ad Muncher is breaking a fundamental part of the modern internet (Web sockets) so there is no way for KeeFox to work around their bug. As you note, they have been aware of the problem for a long time and show no visible indication that they will fix it - obviously it's a paid product so you'll feel some investment in it and if I were you I'd definitely stick with KeeFox 1.2.7 for the time being but I can't promise it will keep working as new versions of Firefox and KeePass are released so you may eventually have to look into an alternative ad blocking solution when you get some spare time.

[luckyrat]

I've just updated the troubleshooting guide to include some of the examples of problematic 3rd party software and a couple of extra troubleshooting tips.

https://github.com/luckyrat/KeeFox/wiki/en-%7C-Troubleshooting#keefox-toolbar-button-says-launch-keepass

If you're following this thread and still have a problem, it would be worth reading that section since it summarises the discussion in this thread and various other ones on the support forum.

Both FoxyProxy and RequestPolicy are known to cause problems but both can be configured to work with appropriate rules.

[WillyWichert]

On my private PC i didn't have any problem using the latest KeeFox but in the company's domain it didn't connect to the RPC plugin. Not even the window with the temporary password popped up. I deleted the KeeFox certificate and set the connection security to high in order to get asked for the temp password every time I launch KeePass. It still didn't work. The strange thing is, after i installed the Firefox plugin Passifox, it worked. Passifox seems to enable something inside Firefox which also lets pop up the KeeFox temp password window. This I could reproduce on my colleagues PC as well.

[luckyrat]

There's nothing specific here to fix so I'm closing the issue. Feel free to continue discussion here if you have further advice regarding the solutions proposed above but for generic "KeeFox does not work anymore" requests, please post on the forum, after following the troubleshooting guide of course.

https://github.com/luckyrat/KeeFox/wiki/en-%7C-Troubleshooting#keefox-toolbar-button-says-launch-keepass http://keefox.org/help/forum

[tbs]

Just to inform, the problem was on port used by Keepass (12536 and 12546). This is already whitelisted in last Ad MUncher filter updates.

[g1ps]

In case anyone else has the same issue as me, I'm reporting what I found here. My problem was that I'd changed the names of some groups in Keepass, including Keepass's home group. After trying a number of times over a period of several months, I finally stumbled across a reference to this and reassiged the start-up group. Normal functionality was restored immediately. I knew that Keefox was connecting because I could log in and other factors worked, it was just not staying logged in or matching log-ins. The details of how to correct this situation are here:

https://github.com/luckyrat/KeeFox/wiki/en-|-Using-KeeFox

under "Home group".

Phew.

[navoytak]

Hi I having problem in my Keefox integration with KeePass. Please review my post in askUbuntu as attached: http://askubuntu.com/questions/887790/keepass2-portable-authentication-sent-requests-to-firefox-keefox-after-closing

Thank you.

[navoytak]

@g1ps Thanks for your answer above, it seems to pacify the error from KeeFox for now.

@everyone, the suggestion suggested by @g1ps that is proposed originally by the developer @luckyrat seems to be the solution.

[g1ps]

:thumbsup: