Credential Provider no longer works in standalone Windows install

[mattburris]

Hello,

I've been using MultiOTP and credential provider for a couple of years and on a good number of installs to enhance the security of Remote Desktop Logins.

There seems to be an issue now where the credential provider will not activate. The old credential provider installer used to ask for the location of multiOTP, but now it does not, and as a result, I can no longer use the same installation workflow as before. Previously I would simply:

1. extract the multiotp_5.9.5.1.zip\windows\ contents into c:\ProgramData\multiOTP\
2. run the c:\ProgramData\multiOTP\webservice_install.cmd as admin
3. go to localhost:8112 in Chrome to configure my user and print the QR code from the web interface
4. Install Credential Provider, and during the install it would ask where to install, so I would give it the path of the c:\ProgramData\multiOTP\ I had created in step 1.

and that is all it used to take.

Now I try to install just Credential Provider, which includes the multiOTP exe, using the following proceedure:

1. Start the Install Credential Provider
2. Select option to standalone install, instead of entering URL to remote multiOTP server
3. set option for user credential provider for Remote Login only (sets registry to cpus_logon=1e)
4. after Cred Provider install finishes, I go to the command line and I create my user manually and generate a QR code

but when I connect remotely with RDP I am not getting a prompt for the OTP, it just lets me enter my password and I'm in Windows.

Could you please tell me what the proper setup should be on a standalone Windows install to get MultiOTP credential provider working now with the newer version? Should I just go back to the last version before the credential provider stopped asking where to install?

Thank you for all of the time and hard work on this project.

[multiOTP]

Hello Matt,

It seems that MSVC++ redistribuable are not installed or not up-to-date. As written in the text file, under prerequisites, be sure to have the last x86 AND x64 MSVC++ redistribuable installed (Microsoft Visual C++ Redistributable for Visual Studio 2015, 2017, 2019 and 2022), the very last links are https://aka.ms/vs/17/release/vc_redist.x86.exe and https://aka.ms/vs/17/release/vc_redist.x64.exe

Thanks to keep us in touch

Regards,

If you are happy with this Credential Provider and are looking for future updates, consider supporting this project by making a donation via PayPal

[mattburris]

Here is the list of MSVC's before I installed the specific ones you linked to:

And here is my installed MSVCs afterwards:

After installing those and doing a restart, unfortunately the credential provider is still not coming up when attempting a remote desktop connection. Is there a log file I can access somewhere that would shed some additional light on the situation?

[multiOTP]

Hello Matt, Ok, sure that the correct MSVC redistributables were missing, as currently multiOTP Credential Provider is compiled with VC++ 2019. Unfortunaly, the Windows Credential Provider process is not very verbose. If the alternate Credential Provider cannot be launched, it comes back to the legacy one. During the MSI installation process, what did you choose exactly for the various options ? Could you send us a printscreen of the following registry keys :

• HKCR\CLSID{FCEFDFAB-B0A1-4C4D-8B2B-4FF4E0A3D978}
• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers{FCEFDFAB-B0A1-4C4D-8B2B-4FF4E0A3D978}
• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters{FCEFDFAB-B0A1-4C4D-8B2B-4FF4E0A3D979} Regards,

[mattburris]

Tomorrow I am going to fire up a fresh VM and see if I can reproduce my error. I will report back here and provide the requested reg exports.

[mattburris]

I've replicated the issue on a fresh VM.

Here is a screen capture of my install process: DesktopSession-QBVM-MultiOTP-test-2022-12-19-13-24 (1).webm

and here are the requested reg files:

MultiOTP Requested Reg.zip Here are the screenshots of the registry locations to make it easier:

Thank you

[mattburris]

To add some interesting info to this... when I remote in to the test VM from a Windows PC, I am presented with the MultiOTP credential provider, but when I remote in from a Mac using Microsoft Remote Desktop client Version 10.6.8 (1914) it skips the credential provider and logs right in after the password.

[multiOTP]

Hello Matt, Did you log off completely of the Windows computer before connecting with Microsoft Remote Desktop client Version 10.6.8 (1914) on your Mac ? (because cpus_unlock 3d means that unlock don't ask for 2FA) Regards,

[multiOTP]

Hello Matt, Any news about your issue ? Regards

[multiOTP]

Hello Matt, Not reproductible and no news since 5 weeks, we close the case. Please open it again (or a new one) if it is still an issue. Regards