General

The following articles were published last week. New Knowledge Base Articles: KB0020807 - Remote Support security scanner CSP directive issue - missing reporting-objective and form-action-objective KB0022221 - Privileged Remote Access and Remote Support with VDIs performance delays KB0022246 - Missing Login Prompt on Headless Linux System with Jump Client

The following articles were published last week. New Knowledge Base Articles: KB0022194 - How to create a registered app for Remote Support and Privileged Remote Access Vault KB0022195 - Error: This account has expired when trying to log into the administrative interface KB0022251 - Vault account fails to check in post-use, becomes unusable

The following articles were published last week. New Knowledge Base Articles: KB0022225 - User not appearing in Remote Support after syncing the Active Directory group KB0023436 - Can Jumpoints be installed on macOS ?

I saw a post on Reddit this morning and it reminded me of what I noticed when we performed an upgrade yesterday. When attending a Remote Support session with a customer and elevating the session, the only option is for the customer/end user to provide admin credentials - there is no option for the support engineer to provide their own credentials - is this expected behaviour? 

Does anyone know how to get BeyondTrust Jump Client or Customer Client working with interactivity on Intune Multi-App Kiosk machines? We have our Jump Client installed but there’s no interactivity in Kiosk mode. And Customer Client simply gets blocked. Part of the issue with whitelisting apps with AssignedAccess seems to be the multiple EXEs to whitelist and not allowing dynamic paths. E.g. I think bomgar-scc.exe needs to be whitelisted but it lives in C:\Program Files\BeyondTrust\bomgar-scc\*\ bomgar-scc.exe 

The following articles were published last week. New Knowledge Base Articles: KB0022235 - Representative Console opens in Windows mode despite last use in full screen KB0023394 - Representative console times out early ignoring Log Out Idle Representative After time setting KB0023437 - How to sync an Atlas cluster

Hi everyone,we would like to raise a concern regarding the Command Shell behavior introduced in Remote Support 25.3.1.The fact that the shell now starts in the context of the logged-in user by default (without requiring user credentials or consent) is, from our perspective, a significant security regression.In previous versions, this behavior was not possible — access to the user context required explicit authentication. Now, support staff can directly access user-level resources such as OneDrive, network shares, or SharePoint without the user being aware.In regulated environments (e.g., banking), this is a serious issue:- it breaks the separation between user and system privileges- it introduces potential audit and compliance risks- it allows unintended access to sensitive user dataAt the same time, our operational requirement remains:- we must be able to perform support actions without user interaction- but strictly

Hello, we recently started using BeyondTrust for our Intune-managed MacOS devices, and we have run into an issue with several of our users. They get 10-15 popups a day, saying "Remote Support Customer Client" is requesting to bypass the system private window picker and directly access your screen and audio. Screenshot here:  Here are the details.Device:MacBook Pro (16-inch, 2024) MacOS Tahoe 26.3.2 BeyondTrust Remote Support 25.3.1Symptoms:Pop-ups happen all throughout the day, approximately 10-15 times daily, with no specific trigger. Even after pressing "Allow", the pop-ups continue to reappear. The Pop-ups have the following text: "Remote Support Customer Client" is requesting to bypass the system private window picker and directly access y

I am opening this post to discuss solutions for upgrading Remote Support in an enterprise environment where all software, including the Representative Console, must be distributed via Microsoft Intune. Users cannot install or upgrade software themselves directly from the Download Console page, which often leads to downtime during upgrades.Our current approach is:Upgrade the backup appliance first to obtain the latest software and prepare the Intune package in advance. On rollout day, ensure the new version is available in Intune, then temporarily switch the backup appliance to primary so users experience minimal interruption. Behind the scenes, we will upgrade the original primary appliance, then revert to the normal setup.However, this method has limitations: during the backup/primary appliance upgrade, there is no failover, and data synchronization

We have seen an issue where in some scenarios, it may be possible to connect to a user’s screen without requiring their acceptance. When you initially establish a jump session and perform Shell work to fix an issue, users may have their screen locked or logged out.  Unfortunately, the session policies do not appear to re-evaluate, so whatever the status of the device was when you established the jump session is held throughout the session. A workaround would be to disconnect the jump session and establish a fresh session before you use the screenshare function, which would then pick up the user is logged on and present the prompt.For example:User reports an issue on desktop, walks away.The machine is connected to (Shell, System etc but not screen sharing).User returns and unlocks the machine.Screen sharing is started from the Rep Console.Due to the existing session already established (using Shell and System Information), no prompt f

Installing the Linux Remote Support jumpclient in system mode breaks our GDM authentication configuration by installing the file /etc/dconf/profile/gdm with the contents:user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaultsRedHat systems configure gdm by default via the dconf site database. RedHat expects a confguration like:user-db:user system-db:local system-db:site system-db:distro By removing the local, site, and distro DBs you are completely breaking the standard RedHat configuration. This is completely irresponsible on your part to be modifying such a critical system configuration. This took most of my day to resolve and locked a couple of users out of their machines for a few hours.I had actually just decided to enable your automatic updating of Remote Support - but that is out the window now if you

The following articles were published last week. New Knowledge Base Articles: KB0022065 - Unable to install Jumpoint on Debian 11 OS. Error - PUSH_AGENT:ERROR exception occurred while connecting to gateway

Hi all! Hope you are doing well.I’ve encountered an issue regarding installation of BT RS. Currently I have about 60 users that have the Jump Client installed on their device. I wanted to update the clients, and it seems like the .dmg file now says sra-scc-<uid>.dmg, and not bomgar-scc-<uid>.dmg (I believe this is not the issue though).Right now, when I prepared the package to be deployed from Jamf Pro (our MDM), the package installs, it shows the BT RS icon on the top-menu bar for a split second (it’s crossed), and then disappears. I can’t see the newly installed jump client in my representative console, so basically it’s like it installed for a moment, then uninstalled or is not present on the machine. I’ve followed the ‘mass deploy on macOS’ instruction, so have all the PPPC settings as well. I have also included the xattr command into the deployment script, but it looks like it does not matter whether it is included or not, the same situation

One of the laptop our company recent setup had error: BeyondTrust Jump Client disconnected from xxxxxxxxxBeyondTrust representative can not even find the computer name or ip address. Reconnect doesn't work at all and Enabled was ticked. 

The following articles were published last week. New Knowledge Base Articles: KB0022055 - Domain discovery error - Failed to get information about discovery account KB0022427 - Unable to update. Error: An error occurred installing this update KB0023316 - Unable to install BT26-02-RS or BT26-02-PRA patch - Error: An error occurred installing this update.

I am trying to move us away from the deprecated support button. My understanding is that the standby jump client should provide a user driven support request similar to support button. My question is what does the user do to initiate a support chat from the jump client? I have it installed on my computer, I can see my jump client in standby in the rep console. From the client my only options are to disable/uninstall or check-in. I was expecting an option to start a support chat.

The following articles were published last week. New Knowledge Base Articles: KB0022041 - After upgrade to RS or PRA version 24, outbound events for Service Now integration receive error: Maximum file exceeded KB0023270 - Are automatic product upgrades supported if appliances are configured in a failover pair or Atlas configuration? KB0023280 - What is the Activate K

So, I’ve attempted this multiple times and took a short break to clear my head. Cannot seem to get this wrapped up, and it’s a necessity. Hi, I’m Robert and I’m a Security Engineer for my company. Part of my portfolio is Enterprise Software Management via Intune. I manage all software deployments for the company on a tenant level, using assignment groups to make certain apps available to pertinent groups. Over the past 3 years, I’ve learned a lot where Intune deployments and the Windows OS intersect. I’m still on the learning path, but I’m figuring out the nuances, the lowest common denominators and getting better at troubleshooting issues. This is where things get complicated: 100% of my experience in this arena is Windows 10 / Windows 11 based. And we now have a very small fleet (<10 devices) of Mac devices for our Marketing team. Now, I’ve tried everything I can find online, but the documentation on how to pull this off via Intune is scarce and inco

The following articles were published last week. New Knowledge Base Articles: KB0022051 - /login interface page times out after 10 minutes

We often hear from our techs that Jump Clients stay offline even though the PC is only and reachable.Trying to restart the sra-pin Service or the whole PC does nothing.The only way you get this client back online is with the user clicking onto “Reconnect now”.As soon as you click reconnect now the client comes back online.Does anyone else have this problem or has an idea how we can get around this?Another problem is that after a reboot the Jump Client often takes more than 10 minutes to get back online. 

The following articles were published last week. New Knowledge Base Articles: KB0021974 - Why is there scheduled maintenance stating - "Your SRA Cloud site is not appropriately sized for its usage level"? KB0023125 - Vault Password Safe Discovery connection fails - Failed to connect to Password Safe Client KB0023205 - macOS screen and audio popup request messages appe

Is there is a way to adjust the name of the client or customize the pop up to say, "COMPANY NAME - TECH SUPPORT" or something other than "Remote Support Customer Client" as it sounds incredibly suspicious. 

The following articles were published last week. New Knowledge Base Articles: KB0021991 - Email alert "No Data Syncs Are Being Pulled" KB0022022 - Password reset emails are not sending receive error: Reset password email not sent. The SMTP server responded with: connection timed out. KB0022034 - Error - "Invalid Session Key" when starting session through issue submis