General

So, I’ve attempted this multiple times and took a short break to clear my head. Cannot seem to get this wrapped up, and it’s a necessity. Hi, I’m Robert and I’m a Security Engineer for my company. Part of my portfolio is Enterprise Software Management via Intune. I manage all software deployments for the company on a tenant level, using assignment groups to make certain apps available to pertinent groups. Over the past 3 years, I’ve learned a lot where Intune deployments and the Windows OS intersect. I’m still on the learning path, but I’m figuring out the nuances, the lowest common denominators and getting better at troubleshooting issues. This is where things get complicated: 100% of my experience in this arena is Windows 10 / Windows 11 based. And we now have a very small fleet (<10 devices) of Mac devices for our Marketing team. Now, I’ve tried everything I can find online, but the documentation on how to pull this off via Intune is scarce and inco

I would like to connect to a specific computer by hostname to perform queries via API. The problem I’m running into is the API requires the jump client ID, not the host name. And there is no server side filtering for the hosts to find the jump client ID. I then tried to pull a list of all hosts and jump client IDs to filter on my end, but the maximum number of results I get is 13. I have extensively consulted with chatgpt and it came to this conclusion:Ah — that clarifies things. The reason your earlier scripts didn’t work is the Command API only supports listing all connected clients; it does not support a server-side filter by hostname. That’s why trying to query a single host returns nothing — the API only gives batches of connected clients, and without paging through, your host might not be in the first page.Ah — now it’s clear why you’re still only seeing 13 Jump Clients: the BeyondTrust Cloud Command API get_connected_client_

The following articles were published last week. New Knowledge Base Articles: KB0023138 - Vault Password Safe discovery stuck in running status KB0023173 - Can canned scripts be run as the logged in user? KB0023183 - Can TLS 1.0 and 1.1 be disabled on the SRA appliance?

The following articles were published last week. New Knowledge Base Articles: KB0021907 - Remote Support presentation feature missing from Rep Console

The following articles were published last week. New Knowledge Base Articles: KB0021938 - API script containing start_session.ns call fails KB0022125 - Is Remote Support and Privileged Remote Access Affected by CVE-2025-27636 ? KB0022377 - Windows Clients going offline after upgrade from RS and PRA 22.1 or earlier

The following articles were published last week. New Knowledge Base Articles: KB0022643 - Jump client add button is missing for administrators KB0023083 - How to deploy support buttons in Remote Support 25.1.2+ KB0023158 - Are video recordings of sessions included with Remote Support licensing?

Hello all!After numerous attempts, I finally managed to successfully deploy the BeyondTrust Jump Client (MSI x64) via Intune. To save others time and frustration, I’ve put together a step-by-step guide (attached) outlining the exact process I followed to get the Jump Client installed on managed devices through Intune.I hope this helps—feel free to reach out with any questions!

The following articles were published last week. New Knowledge Base Articles: KB0022556 - Linux Debian 11 Jumpoint down after update - error while loading shared libraries KB0022857 - Representatives cannot see Remote RDP jump assigned to them KB0022963 - What version of RS and PRA supports the Password Safe connection for Vault discoveries?

The following articles were published last week. New Knowledge Base Articles: KB0022933 - Option missing in Representative Console to deploy support buttons after upgrade KB0023084 - Unable to Jump to the unattended machine. Error "failed to lock session singleton... exiting" KB0023094 - Users can see other team reports despite "View their teams' sessions" policy bein

The following articles were published last week. New Knowledge Base Articles: KB0023090 - What does Patch HELP-11956 do? KB0023092 - Unable to deploy Jump Clients through Zone Proxies error "HTTP: Failed response code: 403" KB0023098 - Can OpenID Connect be used for authenticating Jump Items in a session?

The following articles were published last week. New Knowledge Base Articles: KB0021820 - How to restrict access to /appliance KB0021831 - Receiving error DNS_PROBE_FINISHED_NXDOMAIN when accessing Public Portal KB0022976 - Jump Client features do not work as expected when laptop lid is closed

The screen recording allowance for BeyondTrust Remote Support has been popping up multiple times a day for myself and all test users that I’ve had update to macOS 15 Sequoia.Clicking “Allow for One Month” does not seem to function - as the pop ups continue. 

The following articles were published last week. New Knowledge Base Articles: KB0021732 - How to collect logs for support buttons in Remote Support KB0021737 - How to use group policies and session policies to apply permissions in Secure Remote Access KB0021848 - Remote Support glossary of terms and concepts

I have a user that launches the representative console, successfully authenticates with SSO and is redirected to the desktop application which then prompts with “The Representative Console appears to be running already, but the existing instance failed to activate.”  I have seen this before and a reboot fixes it, but not with this user.This issue persists through reboots as well as a full uninstall/reinstall of the representative console for this user. The web console works for this user. If they sign in as a local Remote Support user (different than the SSO account) it will work through the desktop application.  I see in the debug logs it says, “Failed to obtain singleton lock”, but not much else for details. We are running version 24.2.3. Has anyone else experienced this before or have a solution? 

We have been using Remote Support for around two years. Usually the Rep Console auto-runs at startup, but I’ve noticed recently that stopped happening. I think I traced the issue down to a change in the autorun entry (and what looks like a change to the whole directory structure for the software) during updates to Remote Support this year. The old entry pointed to bomgar-rep.exe I believe, where it looks like the Bomgar references were all removed at some point in the timeline.After installing 25.2.2 didn’t help, I uninstalled the Rep Console from my laptop completely, and reinstalled it, and it looks like the autorun entry has been replaced with the proper path. Starting the console after updating the server and letting it download the new console app did not take care of this; it needed a full uninstall/reinstall to generate the new autorun.Anyway, I didn’t see this mentioned anywhere so I wanted to post the solution.

The following articles were published last week. New Knowledge Base Articles: KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0023031 - Can a Jump Client use daisy-chained Jumpoints as a proxy?

25.2.2 trying to assign a direct queue for the jump client button does not seem to like this “JC_SUPPORT_BUTTON_DIRECT_QUEUE=team:blah_tc”. This is the syntax provided in the docs. Has anyone else see this? Other similar options are working “JC_JUMP_GROUP=jumpgroup:blah_jg”.

The following articles were published last week. New Knowledge Base Articles: KB0023001 - Let's Encrypt certificate shows expired. Clicked Force Renew button but it does not work. KB0023013 - Can tags be assigned to Jump Clients automatically? KB0023017 - How to gather ping and diagnostic stats via the Access or Representative Console

I saw a post on Reddit this morning and it reminded me of what I noticed when we performed an upgrade yesterday. When attending a Remote Support session with a customer and elevating the session, the only option is for the customer/end user to provide admin credentials - there is no option for the support engineer to provide their own credentials - is this expected behaviour? 

Installing the Linux Remote Support jumpclient in system mode breaks our GDM authentication configuration by installing the file /etc/dconf/profile/gdm with the contents:user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaultsRedHat systems configure gdm by default via the dconf site database. RedHat expects a confguration like:user-db:user system-db:local system-db:site system-db:distro By removing the local, site, and distro DBs you are completely breaking the standard RedHat configuration. This is completely irresponsible on your part to be modifying such a critical system configuration. This took most of my day to resolve and locked a couple of users out of their machines for a few hours.I had actually just decided to enable your automatic updating of Remote Support - but that is out the window now if you

The following articles were published last week. New Knowledge Base Articles: KB0021693 - Jump Client screen share graphic issue (artifacting) when no monitor is connected to the machine (headless) - Not refreshing screen KB0021780 - SEC_ERROR_EXPIRED_CERTIFICATE error when accessing appliance through Firefox browser KB0022133 - Unable to create new Jump Client. Erro

I’m in the process of re-doing some Jump Client installers (previously team configured it all) and I’ve got some questions burning a hole in my brain.What are the primary benefits / drawbacks of using a Windows MSI vs EXE installer for persistent connections? In my testing, I’ve had far more install success with EXE’s than MSI’s in Configuration Manager deployments. Are the Jump Client installers tied to the user that created it in any way? We seem to run into weird issues with clients failing to install when the user that created it has left the organization. As a result, a BT support rep suggested creating the Jump Clients as the local admin. Is there any way, whatsoever, to view/edit all the settings created for a Jump Client after hitting Create? All I can see is Delete/Extend/Download. Do you have any reasons for using installation Overrides in your organization? Do you have any other useful nuggets of wisdom around Jump

I am attempting to uninstall the Remote Support Jump Client en-masse across my Windows environment.  Attempting to uninstall via my RMM (NinjaOne)’s software inventory returns an error that says the program is not capable of silent uninstall.  I have attempted to create a batch script to uninstall, but because the installation location of the Client is inconsistent, this has been a struggle.Has anyone found an effective, repeatable method to uninstall the BeyondTrust Remote Support Jump Client (as well as Privilege Management)?I know you can uninstall from the representative console, but many of my devices have stopped communicating to the console.Any help would be greatly appreciated!