cancel
Showing results for 
Search instead for 
Did you mean: 

Windows Client Timeout Configuration

05 Base Camper

Windows Client Timeout Configuration

Where can we find the timeout setting or configuration file for the Windows Client?

Tags (1)
4 REPLIES 4
Community Manager

Re: Windows Client Timeout Configuration

In \Prognosis\User Interface\irgui.ini

 

And search Online Help for irgui.ini should find articles about various settings in this .ini file.

 

However there are no timeout type settings in there. If you are getting a timeout error when attempting to start a configuration it usually means that the collector process is not running or some other issue on the server, and the wvlog.txt should help to identify the cause.

 

What kind of timeout errors are you getting in the GUI?

HTH

05 Base Camper

Re: Windows Client Timeout Configuration

I may have misstated my question. It's not a timeout when starting a configuration but the timeout of the GUI/Windows Client itself. We have an audit question regarding how long our UI sessions last before being timed out and the user being automatically logged out. Is there a setting somewhere for this?

 

Ex: We found the setting for the Web UI in Prognosis\WebUI\IIS\web.config

We are looking for the equivalent setting for the Windows Client. 

Re: Windows Client Timeout Configuration

The irgui.exe (Windows Client) doesn't have a timeout setting similar to the Web UI. The connection will stay active until something acts on the connection (i.e. client is closed, network connection drops, Prognosis service is stopped...).

 

There are options to request a Windows Client timeout setting is added, but it is not part of Prognosis today.

Re: Windows Client Timeout Configuration

@maryu 

To clarify; there are a few settings on the WebUI vs the one I believe you already found..  as well since this is not in our official help in our Security Guide (https://help.prognosis.com/prognosis/116/security) though I know its been requested to be added a time or two.   (FYI @Chris ) 

How can I set the maximum session time limit (not an idle timeout)?

The Prognosis WebUI will leave a user logged in, if their browser is left logged in, by default for up to 48 hours. To adjust this open the Web.Config modifying or adding the highlighted sections to the CookieName section. Though this is NOT a user inactivity timeout, but a maximum session length timeout. Prognosis does not provide at this time true inactivity timeout periods; a work around for lack of user inactivity timers is reducing the user session timeout and / or using Application Pool Recycling.

 

<sessionState cookieName="Prognosis" mode="InProc" timeout="120"/>


Note: The timeout parameters are in minutes.

How can I set the maximum time to complete the login form?


The Prognosis WebUI uses the default .NET application timer to complete a login form, which is 20 minutes. To reduce this modify the following in the web.config.  

....

<authentication mode="Forms">

<forms loginUrl="~/Login" timeout="15" cookieless="UseCookies" requireSSL="true" slidingExpiration="false" />

</authentication>

<pages enableSessionState="false">

How can I set a Prognosis User Inactivity Timeout?

The Prognosis WebUI (nor the desktop client) have a user inactivity timeout. 

The setting available in the IIS 8.5 forward Application Pool Settings does not invoke a idle timeout because Prognosis on the display intervals refresh will generate the activity that resets this timer. All Prognosis screens in the View Systems mode and the Admin screen have such a refresh interval.

So setting the setting the PrognosisAppPool Idle Time-out(minutes) setting will not have the desired result from our testing.

AppPoolIdleTimeoutAction.jpg

How can I can I force a reset / disconnect of all sessions at a particular interval or time?

 Application Pool Recycling:

Prognosis can be configured to terminate all WebUI connections on a set interval no matter how long the session is active (1 second to 5 hours) by performing the following. Generally this should not be done for most customer and more than every 8 hours to allow staff to login and stay logged in over the course of the day unless there is a specific requirement to do so which does not align with most uses cases of Prognosis.

 

This can be done via the PrognosisApplication Pool within Microsoft IIS:

ApplicationPoolRecycling.png

 

Most of our IRGUI.ini settings are not documented in Public Facing help but I have gone through and documented most of them and can confirm @SCOTT_BALDWIN statement that there is no inactivity timer in there.

 

Though in terms of applicability and what you are trying to accomplish, and being you mentioned Audit, this question has come up many times before and I've researched it extensively and if this is in terms of PCI DSS 's "12.3.8 Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity".... 

We are not a Payments Application under the definition of PCI (see Help section on PCI Implications) and the way we deploy Prognosis with the tiered architecture and Route-To statements exclude us from the PCI in-scope area except for the administrative users in addition to we do not actually process / are exposed to PCI data outside of the CDE.

 

The IRTSVCOL.ini does have a "TRAWLER-MAX-IDLE-TIME-IN-MINUTES = 5" set so if we do not see activity from the Payments switch for 5 minutes.. we do disconnect the transaction feed to Prognosis (but Prognosis continues to run). 

 

 


If my answer helped you today, please be sure to mark the resolved button to assist others.

Christopher R Souser - Sr. Services Solution Engineer, Payments & Infrastructure – MSci. PA, CISSP, ITIL.
Webinar: The Journey to Microsoft Teams - Readiness Phase (part 2)

Having looked at the planning phase in session one of this series, we will turn our focus to the readiness phase. The all important technical capabilities assessment, ensuring the network, endpoints and users are adequately prepared for the move.

Hear first hand from IR's Global Head of Information Systems and Technology, Jason Schwendinger, on how he has been tackling these issues.

Join webinar