authentification error message when I immediatly lock 1pw after first login

I sometimes get this error when I login to 1pw (Family account) after a reboot and immediatly lock it with the Win-Shift-L keyboard command. Anyone else seeing this?


1Password Version: 7.3.657
Extension Version: Not Provided
OS Version: Windows 10x64 Pro Insider 18317
Sync Type: Not Provided
Referrer: forum-search:authentification error

Comments

  • Greg
    Greg
    1Password Alumni

    Hi @sniem,

    Thank you for getting in touch!

    Did you change the Master Password for your 1Password account recently? If so, you'll need to finish changing your password in the app. Open and unlock 1Password 7 using your old Master Password, click the red authentication error banner, and sign in with your new Master Password.

    If you haven't changed your Master Password, please create a Diagnostics Report from 1Password 7, where you see this issue:

    Sending Diagnostics Reports

    Attach the Diagnostics Report to an email message addressed to support+windows@agilebits.com. Please do include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we see your report in our inbox.

    Cheers,
    Greg

  • sniem
    sniem
    Community Member
    edited January 2019

    Hi Greg, sorry for the delay, this has just happened again, I've created a diagnostic file and sent it to the address, support ID is [#THP-23986-567] .

  • Thanks for the diagnostics, @sniem! I see Neil has been in touch, so I'll leave you in his capable hands. :chuffed:

    ref: THP-23986-567

  • sniem
    sniem
    Community Member

    Has happened again, I sent a new diagnostic file.

  • Thanks!

  • sniem
    sniem
    Community Member

    FYI, I've received info from the support team:
    "We've just figured out the issue, this will be fixed in a future update. If you lock the app or sleep while 1Password is syncing, it'll cause this authentication banner to show up. If you do it before or after the sync, it doesn't show up.

    "Basically, the authentication process was interrupted since it is part of the sync process but we did not intend this to show up if the interruptions were normal user actions like lock or computer sleep.

    "We'll improve the app to narrow this for remote issues, not local issues."

  • Thanks for taking the time to share the conclusion you came to with the team, @sniem! I hope it helps others that encounter similar issues down the road. :chuffed:

  • sniem
    sniem
    Community Member

    Appears to be fixed with latest 7.3 Beta. Cheerio!

  • Glad to hear it, @sniem! Thanks again for your help tracking this down and we appreciate hearing it seems fixed. :chuffed:

  • JasonD1
    JasonD1
    Community Member

    I have this error also.
    7.3.684 (build #684) – released 2019-04-22

    Authentication error for your account, xxxx.
    If you have recently changed your account details, click here to sign in again.

    I am behind a firewall on this particular system, so there is probably a configuration that must be causing this.
    I decided to reset the account and try again.
    Could not connect behind the firewall, so did the reset of the account while connected to a public wifi.
    That worked. Even prompting me for the 2FA that I recently setup for 1Password.
    However, when using 1Password after the reset, I have the same red error displayed at the bottom of my system.

    Ideas?

  • If you're behind a firewall that's blocking 1Password's connection to the server, @JasonD1, then this is probably not something you'll be able to resolve. What's happening is that 1Password is failing to authenticate when syncing. In reality, it's failing because the server can't be reached, but your app doesn't know the exact reason so it's showing this generic error. Are you able to access your account in your browser when behind this firewall? Are you able to whitelist 1Password yourself for ask for it to be whitelisted?

  • JasonD1
    JasonD1
    Community Member

    Yes, no issues from the web browser. But the web browser lacks certain functionality such as "type in window" that 1Password client has so that the passwords are not saved to the clipboard.

    I can always open a ticket for the firewall. Just need to have the information regarding 1Password and what ports are being used.
    If everything is done on HTTPS port 443, there wouldn't be a problem, of course.

    Do we know what ports are used by 1Password's Windows client? If the Mac client is different, I would like to list those also in the ticket.

    Appreciate the help. Thank you.

  • We've got a list of ports and domains used right here, @JasonD1:

    https://support.1password.com/ports-domains/

    As that article notes, however, all of this traffic does go over 443. Are you actually seeing a sync issue here – items getting stuck in offline changes or new items not appearing in your desktop app? This error can also be something of a red herring if your network takes a longer time to get ready and if things seem to be syncing well it may be the problem is less of an actual problem and more 1Password not understanding that everything will be okay if it just waits a bit. That's something we do see at times and are working on improving.

    Also, since you mentioned the more limited functionality in-browser, 1Password X actually allows drag and drop to fill. I find it works as well as type in window for my purposes, but they are different workflows. If it turns out the you may need to get away from the desktop app, though, you may find 1Password X is a good option. You can learn about here, if you'd like:

    https://support.1password.com/getting-started-1password-x/

    And, of course, if I can do anything more to help on the firewall front or you suspect the firewall may not be the problem, let me know. :+1:

  • JasonD1
    JasonD1
    Community Member

    Ahh.. All great information.... I will try the web version drag and drop of the text. Thank you very much!

    You are right.... I have a synchronization problem with the desktop version.
    If I change a password on this laptop, onsite - at the company, it doesn't show up on my iPhone.
    Let me have them check this ports-domains link you provided and I will see if we can get it corrected so everybody can use 1Password.
    I'll be back with the results...

    Thanks again.

  • Greg
    Greg
    1Password Alumni

    @JasonD1: On behalf of Kate you are very welcome! Please let us know what you find, we are always ready to lend you a hand. Thanks!

    ++
    Greg

  • JasonD1
    JasonD1
    Community Member

    Hi Guys,

    Actually still waiting on the ticket. I am wondering, however, because I have seen it in other software for corporate environments, if 1Password would be able to provide a troubleshooting tool that creates a nice report of all the stuff that works/doesn't work. And if there are more than one way to open a port or site, if 1Password can sort of run through a loop of possible tests and calibrate itself to make it work and if it cannot get a connection it can produce a nice report for the firewall/proxy team to do the necessary work to open things.

    Also would like to be notified if there are any problems with man in the middle situations or other things regarding certificates generated by the enterprise...

    Thanks!

  • You can always run a diagnostics report and take a look, @JasonD1, but there are a few things I think make it not terribly friendly for end-users (or their IT people). Most come down to the fact that it's designed for us to look at so it can make some assumptions about what the person reading it does and doesn't know. It's fine to take a look around, but I'd caution against making any assumptions based on that alone. It definitely helps and can give you some clues, but it won't give you the whole story. With that said, the ports and domains article should cover everything that needs to be open for full functionality.

    As for man in the middle and certificate issues, that should show up quite explicitly in the diagnostics as TLS failure and will also show you a warning, if my memory isn't failing me. Given your experience thus far, I'm inclined to believe that's unlikely to play a role or you'd have noticed, but if your IT team finds they're stumped we can always take a look at some diagnostics from you and work with them to get things sorted out. :+1:

  • JasonD1
    JasonD1
    Community Member

    Well, we have it working now. Thank you for your help!

    Resolution in case anybody else runs into it:

    SSL authentication bypass of below sites :

    *.1password.com
    *.1password.eu
    *.1password.ca
    a.1passwordusercontent.com
    c.1password.com
    c.1password.com
    f.1passwordusercontent.com
    a.1passwordusercontent.eu
    a.1passwordusercontent.ca
    f.1passwordusercontent.eu
    f.1passwordusercontent.ca

  • AGAlumB
    AGAlumB
    1Password Alumni

    That's very thorough. Thanks for the update! I think in most cases not all of those will be needed (e.g. many will only be using 1password.com, etc., not the European or Canadian servers), but that will avoid the need to make additions. Cheers! :)

  • JasonD1
    JasonD1
    Community Member

    One more thing...
    This is caused by Websense.
    If you try the links above from a web browser and you open the certificate and you see "Websense Public Primary Certificate Authority" then it will require an SSL authentication bypass. I don't know the details of the setup, but a Websense administrator will be able to take it from there...

  • Thanks for sharing the extra detail, @JasonD1! Any sort of corporate environment is always more of a challenge since companies will usually go to far greater lengths to improve network security than the average home user, so it's really useful to know what helps in what scenarios. I'm glad you've got things up and running and thanks again for sharing the outcome. :chuffed:

This discussion has been closed.