Pleasant Password MS-MSQL SSO

The MSSQL SSO Server allows users to access SQL Server databases through SQL Server Management Studio without the password ever being on their machine.

Steps in implementing this for MSSQL SSO Server

  • Ensure this function is turned on the Password Server
  • Click on SSO Server
  • Click on SSO Status
  • Switch on the MSSQL SSO Server by click on MSSQL SSO Server and turning it on.

Follow these steps for further setup as documented in the link below. (I did not implement this functionality further as it wasn’t applicable to me because I was using username and password to access our database instances.

This was not resolved because connection seems to work but the authentication method I tried to use is not supported by the database instances and therefore did not work. I was trying to connect using Domain Account and this was not supported.

Microsoft Authenticator Setup

Download and install an authenticator app from your mobile device’s app store. Some options include Google Authenticator, Microsoft Authenticator, and Authy.

Set up a new account using the QR code, verify the configuration by entering the code that the authenticator app provides. Press the Verify button before the code expires

Note: You need to have any of these authenticators already installed to perform this operation. Here are the steps for setting up Microsoft Authenticator. If you already have this setup, kindly skip this part.

- Launch the Microsoft Authentication App
- Tap the three dot menu button and 
- Select Add Account
- Click on Other accounts (google, Facebook, etc.,), 
- Since we do not have the QR code to scan we will have to type this in manually.
- Click on Enter the Code Manually.
- Set the Account name: Here I used PleasantReset
- Enter the “The Secret Key”: This is the value for this user as shown in the image above ExxxxMKxxxxxxxxxx2xxxxxM
- Click on Finish. If successful, this message will be displayed.

Errors associated with Pleasant Password RDP SSO and SSH SSO

Error One:
Wrong username or password when authenticating with the target server are:

I was connected to the password server with a different credential (Administrator) and I wanted to open or initiate an SSO RDP connection with my Username. This did not work as it tried using the default administrator credential

- What I did was to logout the Administrators account
- Logged in with my regular account 
- Tried initiating an RDP connection and this worked

Second error: Claims regeneration because mismatch detected

There are a whole lot of answers to this problem but trust me in this case, they are not applicable.

Explanation: This error means, that on the server you are trying to connect to has NLA activated.
– Unfortunately the RDP protocol version used in PPS is not supporting NLA. So you would need to switch of NLA on the destination server in order to be able to connect.

Solution: I resolved this issue by using the default port of 7070 and not the RDP default port of 3389.
Note: You make to create firewall rules in the VM and also on the firewall to allow this connection.