Chrome extension not working

I'm a new user, on a trial, and have not even been able to use 1Password yet. I'm hanging by the thinnest of threads.

The desktop application is showing, under "Refused Connection Attempts":

chrome by unidentified publisher

Which is strange, since the chrome.exe binary is very clearly legitimate and is digitally signed.

Also, in the diagnostic report, I'm seeing:

AgileBits.OnePassword.Browsers.WebSocketClientsWhitelist Refusing helper connection from "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" from port XXXXX and origin chrome-extension://aomjjhallfgjeglblehebfpbcfeobpgk, because of untrusted certificate.

I see that other users have been seeing this issue on-and-off for months. But I'm already on the latest Chrome. I was on 57.0.2987.110 when I first had this issue, and just updated to 57.0.2987.133.

I'm using Avira Antivirus Pro, but I have "Web Protection" disabled. I'm not running any local or remote proxy, so whitelisting is pointless. Please advise.


1Password Version: 6.7.377d
Extension Version: 4.6.3.90
OS Version: Windows 10 Pro x64
Sync Type: N/A

Comments

  • Greg
    Greg
    1Password Alumni

    Hi there @Aggravated,

    Thank you for contacting us and giving us a chance to help! :+1:

    Please check the firewall settings of your anti-malware software and make sure that they are configured correctly. Here is the guide on our website about it:

    How to configure your firewall, proxy, or other network software for 1Password (Windows)

    We are also testing the new Native Messaging protocol, instead of Websocket. It enables the 1Password extension to communicate directly to 1Password. It is available in the latest beta, so please check this thread if you are interested.

    Let us know if it helps. Thanks in advance!

    Cheers,
    Greg

  • Aggravated
    Aggravated
    Community Member
    edited March 2017

    The only software firewall I am using is Windows Firewall. This issue occurs even with Windows Firewall completely disabled, and also if Avira's "Web Protection" is disabled.

    The error also explicitly states that it is not connecting due to a supposed "untrusted certificate". This would not seem to be a firewall issue, unless the error text is misleading.

    So now I have to uninstall everything, sign up for some other "HockeyApp" account, install beta versions of the extension and the desktop app, and ... do you really think I am optimistic that this will work then?

    And even if it does, I have to install a Perl interpreter and a bunch of other garbage, and rely on code developed not by YOU but by your users, in order to convert my data from LastPass? Can you see how disheartening that is to a new user, being told "To import data from LastPass into 1Password for Windows, you’ll need to use the community-created 1Password utilities."? It's [removed by moderator] at its finest, and I think I'm done here.

  • Aggravated
    Aggravated
    Community Member

    Fine, don't approve my comment. Whatever. Thanks for ignoring my email and for wasting hours of my life for absolutely nothing. Your site has conflicting and clearly incorrect information, and I can't get anything to work. And yet you can't answer a simple question. I love it.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited March 2017

    Fine, don't approve my comment. Whatever. Thanks for ignoring my email and for wasting hours of my life for absolutely nothing. Your site has conflicting and clearly incorrect information, and I can't get anything to work. And yet you can't answer a simple question. I love it.

    @Aggravated: I'm sorry for the confusion. You didn't ask any questions in your original post, so I'm not sure how Greg could have answered them. I'm seeing your comments here, so I'm not sure what might have happened. Sometimes the spam filter triggers, but verifying your account from the email your received when you signed up for the forums can help. I'm not seeing any emails under this address in our system though, so it isn't that you're being ignored. If you'll post the Support ID you received here, I'll take a look at get back to you as soon as possible. But it does sound like we're on the right track.

    The only software firewall I am using is Windows Firewall. This issue occurs even with Windows Firewall completely disabled, and also if Avira's "Web Protection" is disabled.

    If I'm not mistaken, "web protection" is SSL/TLS "scanning", so that shouldn't come into play with the 1Password browser extension (though having "security" software perform a person-in-the-middle attack on your secure connections is certainly a concern). It may also be that the certificate check is failing because they're installing a self-signed root certificate on your machine.

    The error also explicitly states that it is not connecting due to a supposed "untrusted certificate". This would not seem to be a firewall issue, unless the error text is misleading.

    In your case, it's more likely the antivirus. I know you said you disabled "web protection", but your software may simply be blocking the connection to the browser, making it impossible for 1Password to verify its identity. As you can imagine, we don't want to take any chances with anyone's most important data by sending it to an unknown app. Setting up an exception for 1Password itself may help. For example C:\Users\[your username]\AppData\Local\1Password\app\6\AgileBits.OnePassword.Desktop.exe

    So now I have to uninstall everything, sign up for some other "HockeyApp" account, install beta versions of the extension and the desktop app, and ... do you really think I am optimistic that this will work then?

    I don't know. I don't believe you should have to uninstall anything. Please try my suggestion above to prevent the antivirus from blocking 1Password when it tries to connect to the browser. Certainly you can use the beta, but that's not necessarily the only option. HockeyApp is owned by Microsoft, so you can use your existing Microsoft/Live account there instead of signing up for a new one.

    And even if it does, I have to install a Perl interpreter and a bunch of other garbage, and rely on code developed not by YOU but by your users, in order to convert my data from LastPass? Can you see how disheartening that is to a new user, being told "To import data from LastPass into 1Password for Windows, you’ll need to use the community-created 1Password utilities."?

    Indeed, only you control your data. That's a good thing. But the flip side of that is we don't have any control over the state it's in if you bring it from somewhere else. So the converter can help get it into a usable state for import into 1Password. It's not as hard as it seems, and it's much easier than entering things manually. Also, I'm sorry you're frustrated, but using inappropriate language isn't going to help anything, and isn't respectful of others who visit this public forum. Please keep that in mind in the future.

  • MajorHavoc
    MajorHavoc
    Community Member

    I am also having this problem, and not buying Firewall or Antivirus as the problem, as even with my Antivirus software and firewall running, it works fine for quite some time before it fails. And if it comes to stopping the firewall or antivirus software to make 1Password work, 1Password looses in my book. I am using Avira and an external Firewall that has NOT changed in the last 8 months. It is not the fault of them.

    In my case, I launch Chrome and everything works fine for hours, but after some time (several hours to days) it just stops working, instead opening up that annoying new tab = that says looking for helper, and then failing. I find typically this has happened when returning the next day, or anytime after the machine has brought up the screen saver and locked the desktop. After that, Chrome is usually screwed for 1Password working. This sounds like a 1Password bug to me.

    The Helper IS running (confirmed), and I have tired restarting it with no joy. Deleting and reinstalling the helper does not change anything (i have tired both beta and regular versions.) 1Password App is working just fine, and is updating just fine from Dropbox, so no problems with the App. The only way I can get 1Password to work inside Chrome again is to quit and re-launch Chrome.

    I am finding this VERY annoying, rendering the utility of this software very low.

    System: Windows 7 Ultimate 64-bit, 8 GB memory, Terabytes of disk space
    Virus Software: Avira Pro
    Firewall: Linksys 16885 WiFi router

    I am open to suggestions other than being told my anti-virus or firewall are the problem. If they were the problem, why would it work sometimes just fine?

    Thanks,
    MajorHavoc

  • MajorHavoc
    MajorHavoc
    Community Member

    FYI: You want 10 ports open for 1Password? That is ridiculous and a big security hold. Can you please explain why I need that many holes in my firewall for 1Password? Thank you.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I am open to suggestions other than being told my anti-virus or firewall are the problem. If they were the problem, why would it work sometimes just fine?

    @MajorHavoc: Since you haven't mentioned anything about the 1Password setup you're using, only software and hardware we don't have any control over, it's hard to say definitively. But if something else inconsistently interfering with 1Password, you'd have to ask its vendor. It would make more sense to either block it or not, but it's not our call. That's just a matter of curiosity though. And it sounds like restarting the browser helps at least.

    It would really be simplest to set an exception for 1Password though, to allow it to work the way you want it to. Have you tried that? I think you're misunderstanding the function of ports. These aren't "open ports" over the public internet; this is locally on your machine. If you can't trust your own machine, that's another problem entirely, and quite separate from 1Password. So this isn't a security hole. If it was, we wouldn't be having this conversation, because 1Password would simply allow anything on your machine to connect to it. This isn't the case. 1Password validates the code signature of known trusted browsers before allowing them to connect. The fact that the Chrome extension isn't working for you tells us that 1Password is doing its job, security-wise: since it is not able to verify the identity of your browser, it's refusing the connection. We use 10 different ports for a couple reasons: they may already be in use by something else, and often people use more than one browser at a time.

    If you haven't updated your other software in 8 months, you should probably start by doing so. 1Password has been using the same extension protocols since 2012, but we're working on a new setup in the new 1Password 6 Windows desktop app (currently in beta) using NativeMessaging rather than WebSockets, which will prevent "security" software from interfering (along with allowing support for Edge and other improvements). Let me know what you find!

  • joehobo
    joehobo
    Community Member

    @brenty , I have just had a replacement laptop and reinstalled all software, including 1Password. 1Password is working fine with Firefox, but I am getting refused connection attempts with the message "AgileBits.OnePassword.Browsers.NativeMessagingBrowserListener Refusing helper connection from "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe", because of untrusted certificate."

    Chrome Version 57.0.2987.133, 32-bit

  • AGAlumB
    AGAlumB
    1Password Alumni

    I've already replied to your similar comments in another thread, so let's continue the discussion there to avoid confusion. :)

This discussion has been closed.