General

The following articles were published last week. New Knowledge Base Articles: KB0022556 - Linux Debian 11 Jumpoint down after update - error while loading shared libraries KB0022857 - Representatives cannot see Remote RDP jump assigned to them KB0022963 - What version of RS and PRA supports the Password Safe connection for Vault discoveries?

The following articles were published last week. New Knowledge Base Articles: KB0022933 - Option missing in Representative Console to deploy support buttons after upgrade KB0023084 - Unable to Jump to the unattended machine. Error "failed to lock session singleton... exiting" KB0023094 - Users can see other team reports despite "View their teams' sessions" policy bein

So, I’ve attempted this multiple times and took a short break to clear my head. Cannot seem to get this wrapped up, and it’s a necessity. Hi, I’m Robert and I’m a Security Engineer for my company. Part of my portfolio is Enterprise Software Management via Intune. I manage all software deployments for the company on a tenant level, using assignment groups to make certain apps available to pertinent groups. Over the past 3 years, I’ve learned a lot where Intune deployments and the Windows OS intersect. I’m still on the learning path, but I’m figuring out the nuances, the lowest common denominators and getting better at troubleshooting issues. This is where things get complicated: 100% of my experience in this arena is Windows 10 / Windows 11 based. And we now have a very small fleet (<10 devices) of Mac devices for our Marketing team. Now, I’ve tried everything I can find online, but the documentation on how to pull this off via Intune is scarce and inco

The following articles were published last week. New Knowledge Base Articles: KB0023090 - What does Patch HELP-11956 do? KB0023092 - Unable to deploy Jump Clients through Zone Proxies error "HTTP: Failed response code: 403" KB0023098 - Can OpenID Connect be used for authenticating Jump Items in a session?

The following articles were published last week. New Knowledge Base Articles: KB0021820 - How to restrict access to /appliance KB0021831 - Receiving error DNS_PROBE_FINISHED_NXDOMAIN when accessing Public Portal KB0022976 - Jump Client features do not work as expected when laptop lid is closed

The screen recording allowance for BeyondTrust Remote Support has been popping up multiple times a day for myself and all test users that I’ve had update to macOS 15 Sequoia.Clicking “Allow for One Month” does not seem to function - as the pop ups continue. 

The following articles were published last week. New Knowledge Base Articles: KB0021732 - How to collect logs for support buttons in Remote Support KB0021737 - How to use group policies and session policies to apply permissions in Secure Remote Access KB0021848 - Remote Support glossary of terms and concepts

I have a user that launches the representative console, successfully authenticates with SSO and is redirected to the desktop application which then prompts with “The Representative Console appears to be running already, but the existing instance failed to activate.”  I have seen this before and a reboot fixes it, but not with this user.This issue persists through reboots as well as a full uninstall/reinstall of the representative console for this user. The web console works for this user. If they sign in as a local Remote Support user (different than the SSO account) it will work through the desktop application.  I see in the debug logs it says, “Failed to obtain singleton lock”, but not much else for details. We are running version 24.2.3. Has anyone else experienced this before or have a solution? 

We have been using Remote Support for around two years. Usually the Rep Console auto-runs at startup, but I’ve noticed recently that stopped happening. I think I traced the issue down to a change in the autorun entry (and what looks like a change to the whole directory structure for the software) during updates to Remote Support this year. The old entry pointed to bomgar-rep.exe I believe, where it looks like the Bomgar references were all removed at some point in the timeline.After installing 25.2.2 didn’t help, I uninstalled the Rep Console from my laptop completely, and reinstalled it, and it looks like the autorun entry has been replaced with the proper path. Starting the console after updating the server and letting it download the new console app did not take care of this; it needed a full uninstall/reinstall to generate the new autorun.Anyway, I didn’t see this mentioned anywhere so I wanted to post the solution.

The following articles were published last week. New Knowledge Base Articles: KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0023031 - Can a Jump Client use daisy-chained Jumpoints as a proxy?

25.2.2 trying to assign a direct queue for the jump client button does not seem to like this “JC_SUPPORT_BUTTON_DIRECT_QUEUE=team:blah_tc”. This is the syntax provided in the docs. Has anyone else see this? Other similar options are working “JC_JUMP_GROUP=jumpgroup:blah_jg”.

The following articles were published last week. New Knowledge Base Articles: KB0023001 - Let's Encrypt certificate shows expired. Clicked Force Renew button but it does not work. KB0023013 - Can tags be assigned to Jump Clients automatically? KB0023017 - How to gather ping and diagnostic stats via the Access or Representative Console

I saw a post on Reddit this morning and it reminded me of what I noticed when we performed an upgrade yesterday. When attending a Remote Support session with a customer and elevating the session, the only option is for the customer/end user to provide admin credentials - there is no option for the support engineer to provide their own credentials - is this expected behaviour? 

Installing the Linux Remote Support jumpclient in system mode breaks our GDM authentication configuration by installing the file /etc/dconf/profile/gdm with the contents:user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaultsRedHat systems configure gdm by default via the dconf site database. RedHat expects a confguration like:user-db:user system-db:local system-db:site system-db:distro By removing the local, site, and distro DBs you are completely breaking the standard RedHat configuration. This is completely irresponsible on your part to be modifying such a critical system configuration. This took most of my day to resolve and locked a couple of users out of their machines for a few hours.I had actually just decided to enable your automatic updating of Remote Support - but that is out the window now if you

The following articles were published last week. New Knowledge Base Articles: KB0021693 - Jump Client screen share graphic issue (artifacting) when no monitor is connected to the machine (headless) - Not refreshing screen KB0021780 - SEC_ERROR_EXPIRED_CERTIFICATE error when accessing appliance through Firefox browser KB0022133 - Unable to create new Jump Client. Erro

I’m in the process of re-doing some Jump Client installers (previously team configured it all) and I’ve got some questions burning a hole in my brain.What are the primary benefits / drawbacks of using a Windows MSI vs EXE installer for persistent connections? In my testing, I’ve had far more install success with EXE’s than MSI’s in Configuration Manager deployments. Are the Jump Client installers tied to the user that created it in any way? We seem to run into weird issues with clients failing to install when the user that created it has left the organization. As a result, a BT support rep suggested creating the Jump Clients as the local admin. Is there any way, whatsoever, to view/edit all the settings created for a Jump Client after hitting Create? All I can see is Delete/Extend/Download. Do you have any reasons for using installation Overrides in your organization? Do you have any other useful nuggets of wisdom around Jump

I am attempting to uninstall the Remote Support Jump Client en-masse across my Windows environment.  Attempting to uninstall via my RMM (NinjaOne)’s software inventory returns an error that says the program is not capable of silent uninstall.  I have attempted to create a batch script to uninstall, but because the installation location of the Client is inconsistent, this has been a struggle.Has anyone found an effective, repeatable method to uninstall the BeyondTrust Remote Support Jump Client (as well as Privilege Management)?I know you can uninstall from the representative console, but many of my devices have stopped communicating to the console.Any help would be greatly appreciated!

The following articles were published last week. New Knowledge Base Articles: KB0021345 - RS or PRA SAML errors "Authentication failed " "NameID format does not match the recommended settings of the service provider" KB0022960 - Vulnerability report for RS or PRA returns misconfigured CORS policy

The following articles were published last week. New Knowledge Base Articles: KB0022428 - RDP Jumps failing when using xRDP or FreeRDP "Unknown connection error. 2001C" KB0022939 - Does Remote Support utilize SMB for its product or functionalities, such as file sharing during remote sessions? KB0022941 - Elevation failing on macOS. Error ""The elevation attempt failed

The following articles were published last week. New Knowledge Base Articles: KB0022232 - Unable to re-establish failover. Error - The remote appliance blocked the request KB0022876 - How are nested groups created through the Desktop Console? KB0022922 - How to configure SMTP via Oauth2 for Office 365 mail in Entra ID

I have set up another public portal and template for one of our companies to remote support, but when attempting to access the portal, we are getting DNS_PROBE_FINISHED_NXDOMAIN. Is this something I need to resolve on my side or does BeyondTrust need to set this up for us to have functioning? What are my next steps?We have also tried to add the certificate for the domain in the Appliance section, but it does not appear to “stick” after adding. Is this why we are having issues? How can I get this portal working?I have been trying to get a response from BeyondTrust support for 2 weeks now, and with no response, hoping someone on here can assist. Thanks!