General

The following articles were published last week. New Knowledge Base Articles: KB0021820 - How to restrict access to /appliance KB0021831 - Receiving error DNS_PROBE_FINISHED_NXDOMAIN when accessing Public Portal KB0022976 - Jump Client features do not work as expected when laptop lid is closed KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute" KB0023028 - Unable to save entries typed in the Available Groups for OIDC providers KB0023032 - Support Buttons shows "Prompt Customer" instead of requesting representatives' credentials when elevating after upgrading to 25.2.1 KB0023076 - Connection lost after elevation attempt intermittently - Error: execution of the elevated process failed -- 5" KB0023077 - How to find the hash of a RS PRA Jump Client or Console KB0023083 - How to deploy support buttons in Remote S

The screen recording allowance for BeyondTrust Remote Support has been popping up multiple times a day for myself and all test users that I’ve had update to macOS 15 Sequoia.Clicking “Allow for One Month” does not seem to function - as the pop ups continue. 

The following articles were published last week. New Knowledge Base Articles: KB0021732 - How to collect logs for support buttons in Remote Support KB0021737 - How to use group policies and session policies to apply permissions in Secure Remote Access KB0021848 - Remote Support glossary of terms and concepts KB0021943 - Not able to login with LDAPS Security Provider - Failed to test the provider KB0022936 - All sessions failing to elevate after upgrade. "Execution of the elevated proccess failed" KB0023050 - Does the Jump Client need to be uninstalled before a new version is installed? KB0023059 - LDAP security provider sync failed after upgrading to 25.2.1 or above "failed to test provider" KB0023062 - Does Remote Support and Privileged Remote Access support self signed certificates for ACME?

I have a user that launches the representative console, successfully authenticates with SSO and is redirected to the desktop application which then prompts with “The Representative Console appears to be running already, but the existing instance failed to activate.”  I have seen this before and a reboot fixes it, but not with this user.This issue persists through reboots as well as a full uninstall/reinstall of the representative console for this user. The web console works for this user. If they sign in as a local Remote Support user (different than the SSO account) it will work through the desktop application.  I see in the debug logs it says, “Failed to obtain singleton lock”, but not much else for details. We are running version 24.2.3. Has anyone else experienced this before or have a solution?  

We have been using Remote Support for around two years. Usually the Rep Console auto-runs at startup, but I’ve noticed recently that stopped happening. I think I traced the issue down to a change in the autorun entry (and what looks like a change to the whole directory structure for the software) during updates to Remote Support this year. The old entry pointed to bomgar-rep.exe I believe, where it looks like the Bomgar references were all removed at some point in the timeline.After installing 25.2.2 didn’t help, I uninstalled the Rep Console from my laptop completely, and reinstalled it, and it looks like the autorun entry has been replaced with the proper path. Starting the console after updating the server and letting it download the new console app did not take care of this; it needed a full uninstall/reinstall to generate the new autorun.Anyway, I didn’t see this mentioned anywhere so I wanted to post the solution.

The following articles were published last week. New Knowledge Base Articles: KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0023031 - Can a Jump Client use daisy-chained Jumpoints as a proxy?

25.2.2 trying to assign a direct queue for the jump client button does not seem to like this “JC_SUPPORT_BUTTON_DIRECT_QUEUE=team:blah_tc”. This is the syntax provided in the docs. Has anyone else see this? Other similar options are working “JC_JUMP_GROUP=jumpgroup:blah_jg”.

So, I’ve attempted this multiple times and took a short break to clear my head. Cannot seem to get this wrapped up, and it’s a necessity. Hi, I’m Robert and I’m a Security Engineer for my company. Part of my portfolio is Enterprise Software Management via Intune. I manage all software deployments for the company on a tenant level, using assignment groups to make certain apps available to pertinent groups. Over the past 3 years, I’ve learned a lot where Intune deployments and the Windows OS intersect. I’m still on the learning path, but I’m figuring out the nuances, the lowest common denominators and getting better at troubleshooting issues. This is where things get complicated: 100% of my experience in this arena is Windows 10 / Windows 11 based. And we now have a very small fleet (<10 devices) of Mac devices for our Marketing team. Now, I’ve tried everything I can find online, but the documentation on how to pull this off via Intune is scarce and incomplete. Reddit has been the mos

The following articles were published last week. New Knowledge Base Articles: KB0023001 - Let's Encrypt certificate shows expired. Clicked Force Renew button but it does not work. KB0023013 - Can tags be assigned to Jump Clients automatically? KB0023017 - How to gather ping and diagnostic stats via the Access or Representative Console

I saw a post on Reddit this morning and it reminded me of what I noticed when we performed an upgrade yesterday. When attending a Remote Support session with a customer and elevating the session, the only option is for the customer/end user to provide admin credentials - there is no option for the support engineer to provide their own credentials - is this expected behaviour? 

Installing the Linux Remote Support jumpclient in system mode breaks our GDM authentication configuration by installing the file /etc/dconf/profile/gdm with the contents:user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaultsRedHat systems configure gdm by default via the dconf site database. RedHat expects a confguration like:user-db:user system-db:local system-db:site system-db:distro By removing the local, site, and distro DBs you are completely breaking the standard RedHat configuration. This is completely irresponsible on your part to be modifying such a critical system configuration. This took most of my day to resolve and locked a couple of users out of their machines for a few hours.I had actually just decided to enable your automatic updating of Remote Support - but that is out the window now if you are going to be releasing stuff like this.

The following articles were published last week. New Knowledge Base Articles: KB0021693 - Jump Client screen share graphic issue (artifacting) when no monitor is connected to the machine (headless) - Not refreshing screen KB0021780 - SEC_ERROR_EXPIRED_CERTIFICATE error when accessing appliance through Firefox browser KB0022133 - Unable to create new Jump Client. Error - The total number of deployable Jump Clients for this site has been reached KB0022749 - Remote Support for Android devices not functioning since ONE UI update Android 15 KB0022784 - Privileged Remote Access and Remote Support 25.2 operating system certification matrix KB0022958 - Multiple warnings appear during Jump Client installation on Linux machines "Failed to start transient service unit" KB0022964 - Certain features are not working during session when using BeyondTrust Support app on Android KB0022966 - Annotations

I’m in the process of re-doing some Jump Client installers (previously team configured it all) and I’ve got some questions burning a hole in my brain.What are the primary benefits / drawbacks of using a Windows MSI vs EXE installer for persistent connections? In my testing, I’ve had far more install success with EXE’s than MSI’s in Configuration Manager deployments. Are the Jump Client installers tied to the user that created it in any way? We seem to run into weird issues with clients failing to install when the user that created it has left the organization. As a result, a BT support rep suggested creating the Jump Clients as the local admin. Is there any way, whatsoever, to view/edit all the settings created for a Jump Client after hitting Create? All I can see is Delete/Extend/Download. Do you have any reasons for using installation Overrides in your organization? Do you have any other useful nuggets of wisdom around Jump Client installers?Again, I’ve gone through all the documenta

I am attempting to uninstall the Remote Support Jump Client en-masse across my Windows environment.  Attempting to uninstall via my RMM (NinjaOne)’s software inventory returns an error that says the program is not capable of silent uninstall.  I have attempted to create a batch script to uninstall, but because the installation location of the Client is inconsistent, this has been a struggle.Has anyone found an effective, repeatable method to uninstall the BeyondTrust Remote Support Jump Client (as well as Privilege Management)?I know you can uninstall from the representative console, but many of my devices have stopped communicating to the console.Any help would be greatly appreciated!

The following articles were published last week. New Knowledge Base Articles: KB0021345 - RS or PRA SAML errors "Authentication failed " "NameID format does not match the recommended settings of the service provider" KB0022960 - Vulnerability report for RS or PRA returns misconfigured CORS policy

The following articles were published last week. New Knowledge Base Articles: KB0022428 - RDP Jumps failing when using xRDP or FreeRDP "Unknown connection error. 2001C" KB0022939 - Does Remote Support utilize SMB for its product or functionalities, such as file sharing during remote sessions? KB0022941 - Elevation failing on macOS. Error ""The elevation attempt failed." KB0022944 - Does BeyondTrust need to be involved with updating or upgrading RS or PRA Cloud Appliances?

The following articles were published last week. New Knowledge Base Articles: KB0022232 - Unable to re-establish failover. Error - The remote appliance blocked the request KB0022876 - How are nested groups created through the Desktop Console? KB0022922 - How to configure SMTP via Oauth2 for Office 365 mail in Entra ID KB0022923 - Jump Items exceeding 50 not updating for associated Vault account when deleted KB0022925 - Unable to login to Rep Console on iOS. Error "the site address given is not valid" KB0022933 - Option missing in Representative Console to deploy support buttons after upgrade KB0022936 - Sessions failing to elevate after upgrade. "Execution of the elevated proccess failed" KB0022939 - Does Beyond Trust Remote Support utilize SMB for its product or functionalities, such as file sharing during remote sessions?

I have set up another public portal and template for one of our companies to remote support, but when attempting to access the portal, we are getting DNS_PROBE_FINISHED_NXDOMAIN. Is this something I need to resolve on my side or does BeyondTrust need to set this up for us to have functioning? What are my next steps?We have also tried to add the certificate for the domain in the Appliance section, but it does not appear to “stick” after adding. Is this why we are having issues? How can I get this portal working?I have been trying to get a response from BeyondTrust support for 2 weeks now, and with no response, hoping someone on here can assist. Thanks!  

The following articles were published last week. New Knowledge Base Articles: KB0021556 - Missing command shell tab KB0021561 - How to enable virtual smart card logging KB0022292 - How to add or modify a tag and create or update nested sub-groups for Jump Items KB0022560 - All fields greyed out when creating a new remote jump shortcut or using the Jump to option KB0022888 - After upgrade, RS and PRA triggering security warnings regarding Content-Security-Policy headers KB0022893 - Unable to remove other users from session as an Administrator KB0022897 - Does Vault support AWS secrets?

Hello!I wanted to ask the community how long the average time is to establish a session in Remote Support in your environments. From clicking on jump to getting a session window (not just the entry in the queue, but the real window).What things can influence this establishing time except virus scan?Thank you in advance.

The following articles were published last week. New Knowledge Base Articles: KB0021581 - How to capture ACH logs for Remote Support and Privileged Remote Access KB0022274 - Cannot jump to certain computers. Location for endpoints leverages a Jumpoint Proxy. Error - The operation timed out KB0022848 - Can NTLMv2 be turned off for RS or PRA? KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0022861 - Desktop Console keeps crashing

The following articles were published last week. New Knowledge Base Articles: KB0021414 - Sign-in loops and shows an unexpected error occurred with SAML authentication due to UPN mismatch KB0021540 - Where to download the customer client using curl, wget and btapi KB0022784 - Privileged Remote Access and Remote Support 25.2 operating system certification matrix KB0022822 - Newly deployed Jump Clients show disconnected KB0022844 - Why do some jump items continue to show an online status when the machine is switched off?