Skip to content

Troubleshooting Guide Windows Client

1. Where to find the logs for the client

Client has four different log files which are present at following location:

File Name/Location Default Log Level Max Limit (MB) Rollover Remarks
hysecurefilter.log %SYSTEMROOT%/TEMP/ACCOPS 5 MB 5 files This file contains the administrator actions activity logs.
hysecuremanager.log %SYSTEMROOT%/TEMP/ACCOPS 5MB 5 files This is the log file of HySecure Manager Service. The HySecure Manager Service contains the information of the tasks perform by it whenever requested.
uaclog.log %TEMP%/ACCOPS/ 3 5 MB 5 files
eps.log %TEMP%/ACCOPS/ - 5 MB 5 files

2. Log Level Configuration for Uaclog:

The Log level for HySecure Client can be changed from registry settings.
The HySecure client logs i.e. uaclog.log has following different log levels

•   0 = NON

•   3 = INFO

•   7= DEBUG
Location/Key Value Name Default Value Remark
[HKLM]\Software\Accops\HySecureClient HySecureLogLevel 3 Default value is set to 3 mean it generates only info level logs(DISCONTINUED from 5.1.9.9)
[HKCU]\Software\Fortress HySecureLogLevel VALUE NAME IS NOT PRESENT You can use this value name to bump up the log level of client if either user does not have permission to change HKLM settings.

3. Can I change the Log location?

NO

4. Anti-Virus deletes HySecure client after download?

The anti-virus software on end user machine may block download and installation of the HySecure client. Please add the Accops installer in antivirus exception list. Also add following files and directory in exception list:

c:\Program Files (x86)\Accops HySecure Client

c:\Program Files (x86)\Accops HySecure Client\vFVPNClientExe.exe

c:\Program Files (x86)\Accops HySecure Client\pvpnadmmgr.exe

c:\Program Files (x86)\Accops HySecure Client\progateviewer.exe

5. User is not able to access the web application after login into HySecure. How to troubleshoot?

Please follow these steps: 1. See that the application is not using IPv6 address. Accops HySecure client does not support IPv6 at this time. The application may use IPv6 sockets even if the target application server is only using IPv4 address. An example of such application is Java based applications. To solve such application, disable IPv6 completely from network applications. In case the application is a Java based application, refer to another troubleshooting item in this document.

  1. Check if there is a proxy set in Internet explorer. Make sure the domain name of the URL is added in bypass proxy list in Internet explorer. If not add the domain name in bypass proxy list and report this issue to Accops support (support@accops.com).
  2. Make sure the hostname accessed by the application is published in HySecure as an application. Some web applications may start with one URL, say http://intranet.company.com, but then may redirect to http://int2.company.com. In such case, both internet.company.com and int2.company.com must have been published as two applications on HySecure. Otherwise, HySecure client can not resolve int2.company.com and will bypass this URL.
  3. If DNS mode application used please confirm the name of domain and DNS_REDIRECT_LIST matches for redirection if it does not then please add an entry in the DNS_REDIRECT_LIST for the domain name.

  4. Please check if the user is using 64bit version of the browser. Name resolution is not supported for 64bit applications till HySecure client version 5.0.4.0. If yes, follow one of these solutions:

    a. Set the option “Use hosts file for name resolution” in the client preferences on user machine. This machine is specific to this machine and does not roam with the user.

    b. Upgrade client to latest version which has support for name resolution for 64bit applications

    c. Ask user to use 32bit application.

    d. Ask user to use the application using IP Address and not using hostname

6. Java based web application does not work through HySecure?

The latest version of Java based applications are IPv6 enabled by default. Accops HySecure does not support IPv6 enabled client applications. Java may use IPv6 sockets even if the target application server is having on IPv4 network address. To force use of IPv4 socket by Java based application, follow these steps:

  1. On end user machine, Go to control panel
  2. Open Java control panel icon
  3. Go to Java tab
  4. And in options append this line: -Djava.net.preferIPv4Stack=true
  5. In Windows system settings, create environment variable for system as well as user as
_JAVA_OPTIONS="-Djava.net.preferIPv4Stack=true"

Contact Accops support if your Java based application still does not work.

7. What to do when Remote Meeting does not start on end user machine?

On some user machine, remote meeting may fail to start. It is mainly because of Anti-virus. AV sometimes block remote meeting executable (%PROGRAMFILES_x86%\ Accops HySecure Client \progateviewer.exe). Please add this progate viewer exe on exception list.

8. Message: “Your session has expired”. What does this message means?

At time of application access sometimes HySecure session expired message will pop up. This is because on HySecure server user session has been expired. It may be due to idle time out setting or may be administrator force log out user session from gateway.

9. Error: “Failed to connect to HySecure gateway”. How to troubleshoot this error?

When user tries to login into HySecure gateway, the user may receive error “Failed to connect to HySecure gateway”. The reasons are: 1. The user does not have network connectivity. Ask the user to check Internet connectivity. 2. The anti-virus on user machine might be blocking access to HySecure gateway. Ask the user to browser https://hysecurehostname in browser and check if user can access the web page. If the user can access the web page, that means the local anti-virus is blocking the HySecure client. In this case, add the HySecure client in exception list. The HySecure directories and files details are provided in this document to be added to exception list. 3. The proxy set in user’s Internet explorer is blocking access to HySecure gateway: If there is a proxy set in Internet explorer, disable it and then restart HySecure client. Test the access. If it works with proxy disabled, then contact the proxy administrator. 4. In some scenarios, outgoing port 443 might be blocked for the end user. In this case, contact the local firewall administrator to allow port 443 (HTTPS) traffic access to HySecure gateway. 5. Check the Proxy Settings on the Users PC.

10. Which error messages indicates access problem in Accops HySecure gateway:

If user gets following error, please report the same to HySecure administrator:

•   “login fail due to network connection”
•   “incorrect XML data format”

11. Error: “HySecure license has expired.” Why license expiry message is showing at the time of login?

If HySecure gateway license is expired, then HySecure client will pop up message like license is expired and user will not be able to login. If users are getting this message, please contact HySecure administrator.

12. Error: “HySecure license is full”. Why license full message is showing at the time of login?

If HySecure gateway license is full, then HySecure client will pop up message like license is full and user will not be able to login. If users are getting this message, please contact HySecure administrator.

13. Error: “You are not authorized to login from this device” or “Your device is waiting for approval, contact your administrator”. What to do in this case?

These messages mean the HySecure gateway is enabled with device fingerprint checks and manual approval of the device registration is enabled. When user logs in first time in HySecure, the device gets registered with HySecure gateway and is set for approval by the HySecure admin before the user can start accessing services via HySecure. If the admin has set automatic approval, the device will get automatically approved. In case automatic approval is not set, the HySecure admin will have to review the device registration and approve the device. Contact HySecure admin for more information.

14. Error: “You do not have access to any application, please choose correct organization”

If the user does not have access to any application in HySecure, user may receive such message. Ask HySecure administrator to check if the user or user’s group is assigned any applications. This error can also come if there are multiple organizations (realms) created in HySecure and user is trying to login into invalid organization, in which the user does not have access to any application.

15. Error: “Failed to start filtering modules” during login, what should I do?

When user logs into HySecure client for first time, the user may receive error: Reported Error: "Failed to start HySecure filtering modules. If you have recently upgraded to HySecure client, please try after rebooting the machine." Steps to troubleshoot based on user machine:

1.  Windows 7 32bit
Please install following Microsoft update patch: <https://www.microsoft.com/en-in/download/details.aspx?id=46078>

2.  Windows 7 64 bit
<https://www.microsoft.com/en-in/download/details.aspx?id=46148>

3.  All Other OS
Start the client with local administrative rights one time and then login with the user credentials

4.  Windows 10 OS with Secure boot enabled or any other operating system
Enable LSP module from client preference settings and then login again.

![](./media/use_nsp.png)

16. How to get HySecure Clients Logs on User machine?

  • HySecure UAC log will create User's "Temp\Accops" directory.
  • Path : C:\Users\User1\AppData\Local\Temp\Accops.

17. What is purpose and how to reset network adapter socket using winsock?

Sometime due to Ethernet/network card socket issues, not able to connect to HySecure Server.

  • Use below command for reset socket and able to connect to HySecure Server.
  • Open "cmd" and run "netsh winsock reset" command.

18. How to set HySecure Client launch default browser which is set on user machine?

In HySecure client click on menu options, Click on Options->Web Application Setting. Select “use default browser to open web application” check box. If this option is unchecked, then web application will open in IE browser.

19. How to resolve Antivirus not detecting for EPS policy, hence user not able to login in HySecure Client even antivirus is installed?

  • Open "Windows Powershell" and run below commands:

    1. "Get-WmiObject -Namespace Root\SecurityCenter2 -Class AntivirusProduct"
    2. " Get-WmiObject -Namespace Root\SecurityCenter2 -Class AntiSpywareProduct" these commands will fetch and show Installed Antivirus list which is detected by HySecure Client.

  • It will detect following points regards installed Antivirus.

    1. Product name
    2. Version
    3. Antivirus is enabled or not
    4. Last Updated Date

20. How to enable debug log for HySecure Full Client (Admin Client)?

Debug log for HySecure Full (Admin) Client will be enable from Local machine Registry Settings:

  • Open "Run"-->"regedit" press enter.
  • Go to "HKEY_LOCAL_MACHINE\SOFTWARE\Accops\Hysecure Client"
  • Modify "HySecureLogLevel" and set Value data as "7".

21. How to enable debug log for HySecure On-Demand (Non-Admin) Client?

Debug log for On-Demand (Non-admin) Client will be enable from Local User Registry Settings:

  • Open "Run"-->"regedit" press enter.
  • Go to "HKEY_CURRENT_USER\SOFTWARE\Fortress"
  • Modify "HySecureLogLevel" and set value as "7"

22. How to run HySecure Windows Client in Service mode?

HySecure Admin must enable some options from Client Interface Setting on HySecure Server. - Login into HySecure Server using Security Officer User. - Go to "Host Configuration"-->"Client Setting". - Here must disable some option from Client Interface Setting as below

  • And some option must be enable from Client Interface Setting as below:

  • Specify password to stop HySecure Client in Service mode from HySecure Client Interface Settings:

  • HySecure administrator can specify the service stop/exit password. So that end user cannot stop/exit from HySecure Client until knows the exit password.

  • If service exit password is specified then administrator can stop the HySecure Client service by entering exit password.

23. How to reset HySecure Client service permission, if HySecure Client is running in service mode and without set exit password?

If you have enabled the client in service mode without setting exit password. Then logically you are struck. You cannot stop the HySecure service without reset service permission: Use below command to reset service permission:

  • Open command prompt as admin. If your system is 64-bit then cd to syswow64 and run below command:

  • PsExec.exe /s cmd /C sc sdset "hysecure service" D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCLCSWRPLOCRRC;;;LS)(A;;CCSWWPLORC;;;LS)(A;;CCDCLCSWRPWPDTLOCRSDRC;;;BU)

  • Above command will reset the HySecure service permission and now you can stop the service from Task Manager and login with SO user and add exit password from HySecure Management Console.

24. How to Bypass Clipboard (Copy-Paste) access for particular users, if Clipboard Block Policy is Enable on HySecure Server?

  • If Clipboard Block Policy is enabling from Network Profile Detection on HySecure Server, then any user should not able to use clipboard (Copy-Paste) after login into HySecure Client.
  • If admin want to bypass some users from Clipboard Policy, hence specified users should able to use clipboard access.
  • HySecure Administrator can Bypass Users from Block Clipboard Policy using below steps:
  • Take SSH of HySecure Server.
  • Run below command #vi /home/fes/public/verinfo.js
  • Then Specify the user list in SECUREDESKTOPBYPASSUSERLIST= tag and save the veeinfo.js file.

  • Then specified users should able to use clipboard.

25 . Error “Its seems the essential services to run this application are not still ready”?

  • HySecure Client uses WMI (Windows Management Instrumentation) Windows Service for Capturing Device Details.
  • WMI Service must be Enable and Running on Windows Machine from where user login into HySecure Client.

  • If WMI service is Stopped/Disabled on Windows Machine then User should get the above error while login into HySecure Windows Client.

26. How to set a browser as default browser for web application from backend, SO web application will launch only in specified browser instead of machine's default browser?

There are two tags in verinfo.js file, based on that HySecure Administrator can set default browser for Web Application.

  1. If ISSECURECHROMEONLYCLIENT=true then Web application should launch only in Chrome browser even if any other browser (Internet Explorere,Microsoft Edge and Mozilla Firefox) is set as default browser on user machine.

  2. HySecure Administrator can set particular browser (Internet Explorer,Microsoft Edge,Chrome and Firefox) as default browser from back end , Hence Web application should launch only in specified browser, instead of default browser which is set on user machine. Example. ISSECURECHROMEONLYCLIENT=true ALLOWED_BROWSER=iexplore.exe

Then Web application will launch only in Internet Explorere browser even if chrome browser is set as default browser on user machine.

27. How to allow Internet access for process if Internet is blocked?

  • HySecure Administrator can allow Internet access to single or multiple process (Teamviewer.exe, AA_v3.exe and AnyDesk.exe etc..) , If Internet Block policy is enable .
  • Login into HySecure Client using Security Office.
  • Go to Host Configuration -> Client Settings ->Advance Settings.

  • Specify comma separated process name(case-insensitive format) in “Specify comma separated list of process to allow internet if internet is blocked. (like TeamViewer.exe, AA_v3.exe)” section.

28. How to block Printing from HySecure Management Console?

  • There are Two different options for block Printing.
    1. Block Printing for Office Profile.
    2. Block Printing for Roaming Profile.
  • HySecure Server Admin (Security officer) can disable Printing for both Profile from below steps:
  • Login into HySecure Server Management Console using HySecure Admin User (Security Officer).
  • Go to “Host Configuration -> Client Settings -> Profiles Setting.

  • If admin selected “Block Printing” from Office Profile then Printing get block for VPN users who are login from Office (Intranet) network.

  • If admin selected “Block Printing” from Roaming Profile then Printing get block for VPN users who are login from external (Internet) network.

29. How to block Clipboard (Copy-paste) from HySecure Management Console?

  • There are Two options for block Clipboard. 1- Block Clipboard for Office Profile. 2- Block Clipboard for Roaming Profile.
  • HySecure Server Admin (Security officer) can disable Clipboard for both Profile from below steps:
  • Login into HySecure Server Management Console using HySecure Admin User (Security Officer).
  • Go to “Host Configuration -> Client Settings -> Profiles Setting.
  • If admin selected “Block Clipboard” from Office Profile then Clipboard get block for VPN users who are login from Office (Intranet) network.

  • If admin selected “Block Clipboard” from Roaming Profile then Clipboard get block for VPN users who are login from external (Internet) network.

30. How to block USB Connection from HySecure Management Console?

  • There are Two options for USB blocking 1- Block USB for Office Profile. 2- Block USB for Roaming Profile
  • HySecure Server Admin (Security officer) can block USB Connection for both Profile from below
    Steps:
  • Login into HySecure Server Management Console using HySecure Admin User (Security Officer).
  • Go to “Host Configuration -> Client Settings -> Profiles Setting.

  • If admin selected “Block USB” from Office Profile then USB get block for VPN users who are login
    from Office (Intranet) network.

  • If admin selected “Block USB” from Roaming Profile then Clipboard get block for VPN users who are login from external (Internet) network.

31. How to Enable only SO(Security Officer) User Can Give Remote Meeting Support (Join Remote Meeting)?

Prerequisite: - Application ACL must be created for Security officer Users/Group. - It is required “REMOTESUPPORT_ONLYSO” tag must be added or true in HySecure Server“verinfo.js”. - HySecure Admin (Security Officer) user need to take SSH of HySecure Server. - Go to /home/fes/public directory. - Open “Verinfo.js” file and Add/Set REMOTESUPPORT_ONLYSO=True . - Then Only Security officer can Give Support using Remote Meeting.

32. How to enable Particular AD/Native user can Give Support using Remote Meeting (Join Remote Session)?

  • The REMOTESUPPORT_ONLYSO and REMOTESUPPORTADMINUSERLIST Tag must be added to the “verinfo.js” file.
  • REMOTESUPPORT_ONLYSO tag must be true/false.
  • HySecure Admin can specify particular AD/Native user id comma separated list in REMOTESUPPORTADMINUSERLIST tag.
  • HySecure Admin (Security Officer) user need to take SSH of HySecure Server.
  • Go to /home/fes/public directory.

  • Open “Verinfo.js” file and Add/Set “REMOTESUPPORT_ONLYSO=true” and specify the user id list in “REMOTESUPPORTADMINUSERLIST=user id list” and save the verinfo.js file.

    • Example: REMOTESUPPORT_ONLYSO=true/false REMOTESUPPORTADMINUSERLIST=user1,ajay,Rahul,21650

  • Then only specified user list can Give Remote Meeting Support(Join Remote Meeting).

  • If “REMOTESUPPORT_ONLYSO=true” then both SO and specified user list can Give Remote Support Using Remote Meeting .

34. How to troubleshoot if Clipboard, Printing and USB is disable from HySecure Server still user able to use clipboard, Printing and USB from HySecure Client?

HySecure Admin can disable clipboard for two different Profiles.

 1. Office Profile.
 2. Roaming Profile.

  1. If disable clipboard, Printing and USB for “Office Profile” then need to verify below steps: 1.1. Firstly verify from HySecure Server that “Enable Network Profile Detection” option must be enable. 1.2. “Network Profile Detection Interval(In Second)” must be set as “120”. 1.3. Verify OFFICECLIPBOARDBLOCK,OFFICEPTINTBLOCK and OFFICEUSBBLOK tag must be true .

  2. If true from HySecure Server then have to verify uaclog.log file from user local machine.

    • Go to Local machine and Press “Windows+R” then Run prompt will appear on screen.
    • Enter “%temp%\accops” in Run Prompt and press Enter Key.
    • then open “uaclog” file .

    • Verify from uaclog file that “Office clipboard Block”,”Office Print Block” and “Office USB Block”
      tags must be true only.

35. How to get Captured Device Details logs on User Machine?

  • HySecure Client’s captured Device Details log file will create in User Profile “Temp” folder location.

    • Example: C:\Users\admin\AppData\Local\Temp\Accops\epslib

36. Error “Invalid User Credentials “while login into HySecure Client?

  • If Device ID ACL Policy is enable on HySecure Server and If HySecure client didn’t capture device details
    while login into HySecure Client or any device parameter got blank then HySecure Client will pop-up
    error as “Invalid Credentials “, even if user entering correct Username and Password.

  • Using “cpuld.vbs” script user can verify device parameters details if any device parameter getting blank
    data Or any parameter getting garbage data then user should get above error.

*Resolution:* - Issue has been fixed in Latest GA Release HySecure Client-5.1.6.5. - Upgrade Older HySecure Client with latest release 5.1.6.5.

37. How to Capture and check LSP logs from User machine?

  • Using “DbgView” application user can capture and check LSP logs on User machine.
  • Run “DbgView” application.
  • Go to “Capture and Enable “Capture Win32 and Capture Global Win32” Option .

  • Then set Filter as “[LSP]” in Filter Option as below.

  • Then Enable “Use LSP Mode” from HySecure Client “Preference” settings and login into HySecure Client.

  • Then after login into HySecure Client all LSP network traffic should appear in “DbgView” application.

38. How to Capture and check NSP logs from User machine?

  • Using “DbgView” application user can capture and check LSP logs on User machine.
  • Run “DbgView” application.
  • Go to “Capture and Enable “Capture Win32,Capture Global Win32 “ Option from Capture Option.

  • Then Set Filter as “[NSP]” in filter option.

  • Then Enable “Use NSP for Name resolution” from HySecure Client “Preference” settings and login into HySecure Client.

39. How to capture the Driver logs?

  • Using “DbgView” application user can capture and check LSP logs on User machine.
  • Run “DbgView” with administrator privileges.

  • Go to “Capture and Enable “Capture Kernel,Capture Verbose kernel output“ Option from Capture Option

40. How can I identify the reason for login failure?

Please check the Response code in the log file against the login request. Login Response Error code:

    0 = Invalid credentials  
    1 = Success 
    2 = License is reused. Or License failed on the gateway
    5 = 2nd factor authentication is required. 
    7= EPS policy failed for the user. 
    -5= Account is disabled 
    -6 = Password is expired
    -7 = No Such User exists
    -8 = Authorization failure. 
    -9 = No Application assigned to the user.

41. How to detect NSP mode is enabled or not

Please check the Menu Options->Preferences and under the Name resolution method NSP mode is selected after login.

Also You can check logs for following entry

[TID-24532] : [ Date:02-07-2020 Time:14:57:12 ] : Using the Name resolution method : [2], (1==NSP,2==DNSServer, 3==HostFile)