LAPS Portal maintenance

LAPS Portal restarting

To restart LAPS portal you can use:

  • on unix systems:

    service laps restart
  • on windows systems:

    open services.msc and restart laps service
  • via LAPS Portal GUI. Go to Administration -> System -> Service and press “Restart” button

Log files

LAPS portal creates following log files:

  • logs/laps*.log
  • logs/wrapper.log

You can view logs of LAPS Portal in Administration -> System ->Log(File), select log file and press “Search” button


engine.conf file

File conf/engine.conf is JSON file which contains basic configuration options

Option Value type Description
basepath string path to directory where LAPS portal is located. This parameter is automatically filled by LAPS Portal itself
init_completed boolean flag which is set to true after first launching when default settings are configured
sslport int port used by LAPS Portal to serve TLS connection
keystore_pass string password for java ket storage file
jetty_cert_alias string alias of certificate which will be used by TLS engine
jdbc_driver string jdbc driver wor database management system used by LASP Portal
db_host string databse host
db_port int databse port
db string database name
db_username string database user
db_password string database password

LAPS Portal backup

To restore LAPS portal you should backup following files:

  • conf/engine.conf (in case you modified default network port)
  • conf/confdb.db – internal sqlite database which contains settings and event logs
  • conf/license.txt - license activation file
  • keystore/keystore.jks – certificate store
  • backups/laps/* - backup files with passwords of computers managed by LAPS
  • wrapper/conf/wrapper.conf – service/daemon configuration
  • bin/ – log level properties

Admin password reset

If you forget admin password you can reset it in following way:

  • on windows systems::
    wrapper/bat runConsole.bat resetpass
  • on unix systems::
    wrapper/sh ./ resetpass



AcceptSecurityContext error can appear during establishing connection to ActiveDirectory:

[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1

For error code 49 reason of error shown in data field

data field code description
525 User not found
52e Wrong password
530 not allowed to login at this time
531 no access right to login to this computer
532 password expired
533 user account disabled
701 user account expired
773 password reset is required
775 user account is locked


javax.naming.CommunicationException indicates that LAPS Portal could not validate certificate chain during SSL/TLS hadshake. In case of following errors:

javax.naming.CommunicationException: simple bind failed: server.local:636 [Root exception is PKIX path building failed: unable to find valid certification path to requested target]

You should check whether all certificate chain imported into LAPS Portal. After importing certificates do not forget to restart LAPS Portal service.

In case this error appears during communication with AD Controllers you should also check how many certificates domain controller has with Server Authentication purpose. In normal situation AD Controller should have one personal certificate with Server Authentication purposes . According to “You should be planning on having only one certificate on each LDAP server (i.e. domain controller or AD LDS computer) with the purpose of Server Authentication. If you have legitimate reasons for using more than one, you may end up having certificate selection issues, which is discussed further in the Active Directory Domain Services Certificate Storage. As workaround import all certificates with Server Authentication purposes to LAPS Portal

SocketException indicates that there is LAPS Portal unable to establish TCP connection to domain controller. It could be caused by local or network firewall, problems in DNS resolition or that LDAPS is not configured on domain controller. In case of following error

Error connectiong to LDAP javax.naming.CommunicationException: [Root exception is Connection reset]

please check that you can connect on port 636 from host where WebLAPS is installed to domain controller. You can do it with telnet command:

telnet 636

where is a domain controller FQDN. Please check following article to be sure that LDAP over SSL is porperly configured at your domain controller

Unable to start service

WebLAPS service crashes, log/wrapper.log contains following lines:

INFO|wrapper|Service laps|20-05-21 17:58:41|could not start process 57 INFO|wrapper|Service laps|20-05-21 17:58:41|The parameter is incorrect. INFO|wrapper|Service laps|20-05-21 17:58:41|null/null/null SEVERE|wrapper|Service laps|20-05-21 17:58:41|failed to spawn wrapped process

Please check that java.exe file is on system path. In case if there are more than one JRE edit wrapperconfwrapper.conf, find follwing line = ${ if (“${}”.toLowerCase().startsWith(“windows”)) “java.exe”; else “java”}

and comment it with ‘#’. Next set to right path to java.exe file like this (replace with correct path to java.exe) = c:/Program Files/Java/jre1.8.0_251/bin/java.exe