ARD 3 Kills LDAP and NetHome Users

Similar Messages

• Essbase 9.3.1 fails login the first time for both LDAP and Native users

  Hi,
  Whenever I try to login into Essbase server using AAS or Maxl, it fails for the first time but when I try the second time it works.
  Essbase Logs at the time of the error shows:
  Local ESSBASE0 Info (1051001) Received client request: Get Log File (from user hadmin )
  Local ESSBASE0 Info (1051001) Received client request: Get Server Locale Description (from user hadmin )
  Local ESSBASE0 Info (1051164) Received login request from xxx.xxx.xxx.x
  Local ESSBASE0 Error (1051293) Login fails due to invalid login credentials
  Local ESSBASE0 Warning (1051003) Error 1051293 ~processing request Login - disconnecting
  SharedServices9\SystemErr.log
  SystemErr R com.hyperion.interop.AuthenticationException: Could not authenticate user 'CSSToken'. Please ensure the username and password is correct.
  SystemErr R at com.hyperion.interop.webservices.Security.slideAuthenticate(Unknown Source)
  SystemErr R Caused by: java.lang.Exception: Interop Security: Unauthorized
  SystemErr R at com.hyperion.interop.webservices.Security.authenticate(Unknown Source)
  SystemErr R 1282785593 [WebContainer : 0] WARN security.SecurityFacade - Error Executing cssAuthenticate()
  Error Code: -1
  com.hyperion.css.CSSTokenNotAcceptedException: Token is invalid. Error Code: 11
  And we are using SSL? Help please... Thanks.

  I know this wont help but we had the same issue in 9.3.1 and decide to reinstall without SSL as we could not get to the bottom of it.
  I suspect there s something wrong with the SSL config but not sure what it is...
  Seb

• Different user IDs in LDAP and R/3

  Hi,
  EP EP 6.0 SP20
  We have configured Single sign on from protal to R/3. Works great... Then we started out to use LDAP for Portal user maangement. PErformed the configuration in portal and this works fine as well.
  My main issue is that the LDAP user ID and the R/3 user ID are not the same and hence we would not be able to perform Single sign on.
  For example the LDAP user ID name of an employee is "peterc" where as the LDAP user id name of that employee is "peter.cuddihy". Hence the single sign on does not work. We want to use LDAP as the user database as we also intend to cnfigure SPNego for windows based authentication.
  Is ther any way that I can create the portal user id to be "peter.cuddihy" and map this user to "peterc".
  NOTE : We do not want to use the User mapping functionality. IT is too to do the user mapping for the the number of users we have and also the security invloved in this method.
  Any help
  gogol
  null

  Hi gurus,
  i am not sure if i am missing something, but it looks like the Login tickets would not work if LDAP user ID and the R/3 user ID are the same. Is user mapping the only way to go if the LDAP user ID and the R/3 user are different. Cant we still in some way use logon tickets from portal ( with LDAP as user data source) to R/3 ???
  please advise
  regards
  Raj

• Posixaccount and posixgroup user provisioning in sun LDAP through sunIDM 7

  Hi folk
  I am trying to do userprovisioning in LDAP for posixaccount and posixgroup.
  From authorative datasource I am getting role,rolestatus,uidNumber,cn etc.
  Based on role user will be placed in posixgoup.
  Role to group mapping is
  one-to-many
  Anybady can tell me how can i do it.
  User provisioning is automatically so i have make some changes in workflow and writea rule for role to group mapping and i need to call that rule in workflow.
  But how i will make changes in workflow and what chnages are required for posixaccount and posixgroup prov.
  please help if anybody has done or give me some idea how can i do it.
  Thanks

  Hello All,
  Thank you for your time and valuable replies.
  I got rid of the "Missing" error and now I am one step away from the solution.
  Now I am at a stage where: (for a user with initial password on LDAP)
  1. In AD if "User needs to change password on next logon" flag is NOT set - user can successfully logon to portal. (without being prompted for password change)
  2. In AD if "User needs to change password on next logon" flag is set - then user cannot logon to portal - I get User authentication failed error.
  I have went through a lot of discussions around this topic on SDN and different SAP Notes. I have tried to maintain UME Security policy as close as possible to LDAP (I cannot make it exactly same due to some differences in LDAP and UME).
  However, when and administrator can change passwords from UME successfully without any problem - it means that:
  - Security policy is being met
  - Service user used to communicate to LDAP has all the required access
  The only missing piece of the puzzle is how to enable the users to be able to change their passwords (with initial or expired passwords).
  According to Note 865399 - the default value for The property ume.ldap.access.set_pwd is TRUE.
  Also the property ume.ldap.access.pwd.via.usercontext can only be TRUE when ume.ldap.access.set_pwd is set to FALSE.
  So, I have tried setting the following without any success:
  <ume.ldap.access.pwd.via.usercontext>true</ume.ldap.access.pwd.via.usercontext>
  <ume.ldap.access.set_pwd>false</ume.ldap.access.set_pwd>
  Thanks,
  Shanti

• Very Urgent (Unique user Id scenario with Oracle LDAP and SSO)

  Unique user Id scenario.
  Our oracle LDAP repository is setup for customers to login from different companies. We have a requirement to integrate Oracle LDAP users with Oracle 9iAS portal 3.0.9 Single Sign On. I have two userid with same name on the LDAP from different company. For example userid jsmith from company A and jsmith from company B. Both userid do not exist on Portal Login Server. However, both userids will be created automatically in Login server when LDAP and Portal synchronize user list.
  1. How oracle portal will handle such scenario when portal requires unique userid?
  2. Can I customize portal login screen? For example when they login they can provide userid, passwd and domain name. Where domain name could be company name.
  Let me know if you need more information. Feel free to send direct e-mail also.

  Unique user Id scenario.
  Our oracle LDAP repository is setup for customers to login from different companies. We have a requirement to integrate Oracle LDAP users with Oracle 9iAS portal 3.0.9 Single Sign On. I have two userid with same name on the LDAP from different company. For example userid jsmith from company A and jsmith from company B. Both userid do not exist on Portal Login Server. However, both userids will be created automatically in Login server when LDAP and Portal synchronize user list.
  1. How oracle portal will handle such scenario when portal requires unique userid?
  2. Can I customize portal login screen? For example when they login they can provide userid, passwd and domain name. Where domain name could be company name.
  Let me know if you need more information. Feel free to send direct e-mail also. The scenario you describe is one addressed by Oracle9iAS Portal Release 2's capability to support multi-company hosting. In that scenario, each company has a separate branch of users represented in the directory information tree, as you describe. In this case, both users may have cn=jsmith, but the rest of the DN provides the distinguishing domain, e.g., cn=jsmith,dc=oracle,dc=com and cn=jsmith,dc=microsoft,dc=com.
  Version 3.0.9 also supported multi-company hosting, but it was only an internally used feature and one leveraged by a few early adopters. http://portal.oracle.com is one of our hosted examples of multi-company hosting on 3.0.9.
  In 'hosting' mode, the login screen displays a third entry field, as you describe, allowing the company name to be specified.
  For a supportable configuration, you should use Oracle9iAS Release 2 if you want to employ hosting mode. However, if you need some solution in 3.0.9, you can probably achieve something acceptable by making a slight modification to ssoxoid.pkb. I'm not entirely sure about this, because I'd have to dig into the code (which should be unwrapped, for customization such as this), but you could have users enter their names like 'jsmith@oracle' or 'jsmith@microsoft'. Then, within the ssoxldap.pkb authenticate_user function, you'd need to have the company name added to the base search base before doing the search. Then, once authenticated, the SSO server and Portal would create shadow entries which are unique 'jsmith@oracle', 'jsmith@microsoft'.
  Like I say, I'm not sure if the structure of the ssoxldap.pkb file will entirely support this, but that's your best bet until you get Release 2. There will be a 'Multi-Company Hosting Cookbook' provided with Release 2 that will provide the necessary supplemental information to activate hosting mode. You should understand that setting up hosting mode takes a bit more administration than the default single company mode.
  If your portal has already been running a while without the @company names then there will also be the issue of getting all the accounts already created moved over to the @company names.

• Changes to ldap made w/ ldap and/or dscl commands are not saved

  driving me completely buggy.
  Currently running 10.6.5 build 10H575
  dscl syntax was a little .. annoying. but now that's sorted. I connect to ldap master using either ssh or dscl in from my terminal on my client. Issue command to delete user. All goes perfectly, I poll for the user - no such user exists. Awesome. I exit out, then read ldap db and user still exists. Not awesome.
  I cannot interact with user account using WGM gui as my boss already removed that user using WGM, but user exists on the backend - I need to re-enable the user's account because he was mistakenly deleted. And yes, I tried ldapmodify, ldapdelete, dscl - it always "works" but then I go and check and the user persists.
  So I've gone from trying to set disable/enable user switch to attempting to delete outright and add user back. I have searched through all data stores to remove him, checked through all groups. I authenticate w/ dscl command so I have the proper permissions to do a deletion.
  /LDAPv3/127.0.0.1/Users > read tmartin
  <dscl_cmd> DS Error: -14136 (eDSRecordNotFound)
  This is what I want. If I exit out of the interactive dscl session, and go back in, user exists. If I open another connection to that ldap master w/out exiting, user exists. If I try to reuse the short or long name through WGM - user exists error pops up.
  What am I missing? How do I get this change to stick? Any change? I cannot even get a character appended to the long name (it works but only for that current connection to the ldap master - checking from another session or another client shows old long name in use).
  Let me know if this is as clear as mud.
  Thank you in advance for any help.
  Sincerely,
  struggling n00b

  I found the answer: OD master #2 that was being moved to the colo, and therefore would have been kept from writing back to OD master 1, was still on the office LAN and accessible from the OD master 1. So all modified records on OD1 were being modified and restored to their original state by OD2 and pretty **** near instantaneously as well. Good to know replication is working so well. So basically, I am ******** and did not notice that of all the OD servers 2 masters were present w/ read-write access to the records. All is fixed and working now.

• Pulseaudio and systemd --user: DBus scope issues?

  Hi,
  I have a multi-seat setup, so I need user-wide pulseaudio and whatnot. I'm trying to setup my boot through systemd --user.
  Testing audio working apps are firefox, mpv, and mpd. The problem is:
  - If I start pulseaudio and mpd manually everything is fine (no use of systemd)
  - If I start pulseaudio through systemd no application has sound.
  - If I start pulseaudio and mpd through systemd only mpd has sound.
  raimundoyamtech~$ cat .config/systemd/user/pulseaudio.service
  [Unit]
  Description=PulseAudio Sound System
  After=sound.target
  [Service]
  ExecStart=/usr/bin/pulseaudio
  [Install]
  WantedBy=multi-user.target
  raimundoyamtech~$ cat .config/systemd/user/mpd.service
  [Unit]
  Description=Music Player Daemon
  After=network.target sound.target
  [Service]
  ExecStart=/usr/bin/mpd %h/.config/mpd/mpd.conf --no-daemon
  ExecStop=/usr/bin/mpd %h/.config/mpd/mpd.conf --kill
  Restart=always
  [Install]
  WantedBy=multi-user.target
  If I add BusName=org.pulseaudio.Server to the pulseaudio.service nothing changes.
  Using pulseaudio's autospawn=yes leads to what seems to be same behaviour: mpd by systemd starts pulseaudio and is the only app with sound.
  ./config/pulse/client.conf only contains default-sink. Everything else is default.
  Using alsa alone is not an option because of firefox.
  Any thoughts?
  EDIT:
  raimundoyamtech~$ systemctl --version
  systemd 208
  +PAM -LIBWRAP -AUDIT -SELINUX -IMA -SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ
  raimundoyamtech~$ pulseaudio --version
  pulseaudio 4.0
  Last edited by Raimundo (2013-10-23 10:08:13)

  ewaller wrote:
  Please do not bump.   I understand the frustration; really, I do.  But, these are very active forums with some very good technical people lurking about.  I guarantee your post had been read.  I read it.  I did not have an answer, as I have never seen that behavior afore.   I am certain that was true for many other regulars.
  In the future, you can bring focus to a thread by providing more information..  Tell us what you have tried, what you have read since the last post, etc.  At least it gives the impression that you are working the problem rather than merely waiting for a response.
  I don't know almost anything about systemd, especially because it changes so rapidly and documention is so scarce and outdated that either I read the whole documentantion for my version in hopes of finding my problem (something for which I do not have time) or post a topic.
  I posted everything I touched regarding systemd since the installation of my system, that's all the relevant information I know I can give, so at this point I had no more info to give.
  Actually posting a topic is really my last resort, it usually means that I have already tried everything I knew and I'm hopeless already.
  raimundoyamtech~$ loginctl list-sessions
  SESSION UID USER SEAT
  2 1002 carla seat0
  1 1000 raimundo seat0
  2 sessions listed.
  raimundoyamtech~$ loginctl show-session 1
  Id=1
  Timestamp=Tue 2013-10-29 12:33:47 WET
  TimestampMonotonic=6670234
  VTNr=1
  TTY=tty1
  Remote=no
  Service=login
  Scope=session-1.scope
  Leader=1456
  Audit=1
  Type=tty
  Class=user
  Active=no <----- Is this what you are talking about?
  State=online
  IdleHint=yes
  IdleSinceHint=1383050072367636
  IdleSinceHintMonotonic=0
  Name=raimundo
  raimundoyamtech~$ loginctl show-session 2
  Id=2
  Timestamp=Tue 2013-10-29 12:33:47 WET
  TimestampMonotonic=6667439
  VTNr=2
  TTY=tty2
  Remote=no
  Service=login
  Scope=session-2.scope
  Leader=1453
  Audit=2
  Type=tty
  Class=user
  Active=no <----- Is this what you are talking about?
  State=online
  IdleHint=yes
  IdleSinceHint=1383050025387636
  IdleSinceHintMonotonic=0
  Name=carla
  raimundoyamtech~$ loginctl show-session 3
  Failed to issue method call: No such file or directory
  What is an active session? Oo Never heard of it
  I could start things. Pulseaudio started, so did mpd. I also have a /usr/lib/systemd/systemd --user process started for each user. I assumed this would be it since this
  raimundoyamtech~$ systemctl --user
  Failed to issue method call: Process /bin/false exited with status 1
  always happens and I've read that systemctl --user is no longer required.
  [EDIT]
  Fixed it. Don't remember where I read that it wasn't required, just that it was in the same place I found someone else complaining about getting this error.
  For anyone else encountering this: sed -i s/system-auth/system-login/g /etc/pam.d/systemd-user
  and systemctl --user will work. Insults fly out to the one who wrote it wasn't required!
  Still am not able to get an active session though
  [/EDIT]
  Why would there be a need for anything else? I'm gonna check on that. Thanks!
  See, the bump worked ^^ but ok I'll try to refrain from doing that next time. Sorry.
  Last edited by Raimundo (2013-10-29 16:27:55)

• 10.6.6 Server Combo Update Crashes LDAP and Kerberos Services

  Just updated apple server from 10.6.4 to 10.6.6 with combo server overnight.
  Everything was working fine under 10.6.4
  All users can no longer authenticate to server via mail or ldap logins
  LDAP and Kerberos Services stopped.
  Will downgrade from an open directory master to standalone then back to master again and post status...

  I think there is something with LDAP on 10.6.6
  I was forced to make clean install in combo from 10.6.0 to 10.6.6 and today LDAP crashed.
  It seems to be an issue on ldap ACL.
  Message was edited by: Xalio

• Difference between emergency state and single user mode ?

  Hi,
  I want to know the difference between emergency state which we normally use in suspect mode database and single user mode.
  Navakanth

  Emergency/suspect mode is tells you the state of the database and database is not available for user action but where as single user mode tells the user action preference. Database is active and available for the user action.
  You can refer 
  http://msdn.microsoft.com/en-us/library/bb522682.aspx
  EMERGENCY
  The database is marked READ_ONLY, logging is disabled, and access is limited to members of the sysadmin fixed server role. EMERGENCY is primarily used for troubleshooting purposes. For example, a database marked as suspect due to a corrupted log file can be
  set to the EMERGENCY state. This could enable the system administrator read-only access to the database. Only members of the sysadmin fixed server role can set a database to the EMERGENCY state.
  SINGLE_USER
  Specifies that only one user at a time can access the database. If SINGLE_USER is specified and there are other users connected to the database the ALTER DATABASE statement will be blocked until all users disconnect from the specified database. To override
  this behavior, see the WITH <termination> clause.
  The database remains in SINGLE_USER mode even if the user that set the option logs off. At that point, a different user, but only one, can connect to the database.
  Before you set the database to SINGLE_USER, verify the AUTO_UPDATE_STATISTICS_ASYNC option is set to OFF. When set to ON, the background thread used to update statistics takes a connection against the database, and you will be unable to access the database
  in single-user mode. To view the status of this option, query the is_auto_update_stats_async_on column in the sys.databases catalog view.
  If the option is set to ON, perform the following tasks:
  Set AUTO_UPDATE_STATISTICS_ASYNC to OFF.
  Check for active asynchronous statistics jobs by querying the sys.dm_exec_background_job_queue dynamic management view.
  If there are active jobs, either allow the jobs to complete or manually terminate them by using KILL STATS JOB.
  --Prashanth

• LDAP and OID

  FYI: I am new to Oracle (<1 month), and new to APEX (<3 weeks) so forgive me if I am asking the obvious.
  I would like to have APEX authenticate against LDAP (active directory), and went about trying to set that up. Got all AD settings from our sys admin, and then tried them in the LDAP test tool. I kept getting " Authentication failed!" no matter what I did. Due to the detailed nature of that error message, I started trying to track down every possible avenue so I talked to one of our DBA's about DBMS_LDAP.SIMPLE_BIND_S. The answer I got back was that we don't have access to it because it is part of OIN which we would have to pay outrageous amounts of money for if we wanted to use it. Not likely to happen, so I was hoping that there was another way to authenticate APEX via LDAP.
  Any suggestions would be most helpful.

  John - DBMS_LDAP is not part of OID so you can use it as part of your existing database product installation. Search this forum for LDAP and AD and you'll find lots of discussions about what you are trying to do.
  Also, just to clarify, you're not trying to authenticate Application Express using AD, you'll be authenticating users to your application (essentially a PL/SQL application in the database) using account information stored in AD. The authentication code that gets executed will belong to your application.
  Scott

• ISE and AD Password Expiration Notification and allow user to change

  We are almost ready to go live with ISE for our VPN users.
  One last thing that has been asked is, how can we make ISE prompt a user when their AD password is about to expire, and allow them the opportunity to change it at that time?
  I know the ASA has the ability if it is authenticating directly against AD, but that functionality goes away with IPN. So what settings are there to prompt users connecting via Anyconnect to the ASA VPN through ISE?
  We do not have ISE setup for internal users/systems yet, this is strictly a VPN only setup for now.
  Thanks,
  Dirk

  Since we are using radius protocol so password expiration notification will not occur. The user will be prompted when password would expire. With ldap over ssl, user will be notified that "your password will be expired in x number of days" but we can't pick that method as it shoud be ASA integrated directly with AD/LDAP.
  Since we have ISE in between acting as a radius server so we have to live with the option where user will not be notified but password can be changed by end-user.
  Procedure for Configuring RADIUS Password Management
  Requires tha tthe Radius server/ISE  be integrated with an Active Directory MS-AD server.
  1. Enable "password-management" in tunnel-group/Connection Profile.
  Note: "password-management password-expire-in-days X" will not work, use just "password-management"
  2. Ensure that MSCHAPv1/MSCHAPv2 is enabled on the RADIUS/ISE server.
  Jatin Katyal
  - Do rate helpful posts -

• Multi forest LDAP and Extension mobility

  hello,
  We want to support the following configuration:
  MultiForest LDAP integration with CUCM 10.5.
  So we want to set the "LDAP Attribute for User ID" on UserPrincipalName (UPN). > [email protected]
  We also want to support Extension Mobility.
  Is there a way to make te login proces easier than logging in with [email protected] and the PIN code?

  Unfortunately no, the EM process uses whatever you chose for userID for the login.

• LDAP and SAP integration

  Hi,
  As a part of a project requirement, we are trying to integrate Solution manager with LDAP (Lightweight Directory Access Protocol).
  Using the directory service, we are trying to synchronize the CUA (Central user administration within Solution manager) with Active directory of LDAP so that we can maintain the User data centrally from a single point in LDAP.
  Problem description:
  Currently, Client has implemented the LDAP and CUA integration and when a new user is added in LDAP, it is automatically getting copied in all SAP systems and at real time, when the useru2019s u201CLASTNAMEu201D field is updated in LDAP, it is automatically getting synchronized in all SAP systems.
  But, If any attribute other than u201CLASTNAMEu201D is changed (i.e. The expiry /validity date of the User in LDAP, GLTGB in SAP), then the field value is not getting synchronized in the SAP Central User Adm.
  Our Findings:
  We have checked the configurations and imported mappings in SAP Solution Manager and everything looks fine. We have debugged the standard program RSLDAPSYNC_USER extensively and found out that an RFC call to function module LDAPRFC_SEARCH is not returning the expected values.
  Thanks
  Deb

  Hi Deb,
  It would be really nice if you can elaborate on the configurations that need to be done as part of this integration. I hope, you have been successfull by now.
  Actually, I too need to perform the same as part of a project.
  Thanks in advance.

• ARD will not authenticate OD users in ard_admin group

  I can successfully control a client with a local account using ARD 3.0, but not with an OD account added to the WGM group ard_admin, ard_reports, etc. I have been successful at times with both OD and Active Directory accounts, but cannot get consistant results and need to add hundreds of macs to ARD for management.
  I have confirmed the client and server are talking via WGM as I can move the client's dock around using Group/Prefs and changing the Dock display.
  I can even login at the client using the OD user's credentials, but again, from ARD, access is denied using the OD user's credentials.
  ARD simply will not let me manage/generate reports of clients using the OD user credentials, I get 'Authentication failed to "client name"' when I click on Control or Observe. The Client Status column reports Access Denied.
  All clients are running 10.4.6 or better.
  Ultimately, my intent is to use AD users as members of the ard_admin, etc. groups and have successfully done so a few times, but not consistantly.
  Am desperate for some guidance and Apple Tech support has recreated the problem once, but can no longer recreate in order to continue working the issue.
  I am wondering if there is a random Kerberos authentication issue going on, but I have even used KB300765 to prevent clients from getting conflicting sources.
  Ideas/

  Here's the fix.
  First from the Remote Desktop application you must create a Client installer (from the ARD File menu). When building the installer be sure to answer the following questions...
  Customized installer. YES
  Remote Desktop Startup; YES
  Show ARD Menu: Your choice
  Create Users?: No
  Enable directory-based Administration: YES (what was necessary for me to get working)
  Specify access privileges: Your choice
  Other settings are your option...
  Save the new Client installer.
  Secondly, move it to your clients and run it. If necessary, this will upgrade your clients' ARD client software and open the door for AD/OD Administration access.
  I couldn't find this documented anywhere. I would have thought the necessary "Enable Directory-Base Administration" would have been in the client's ARD Access Priviliges screen somewhere.
  G5 Xserve   ARD 3.0 Mac OS X (10.4.7)  

• ARD 3.7 and VoiceOver

  Hi all.
  OK here's my background. I'm a blind IT engineer / tech admin and support a list supporting blind mac users. My server is a 2010 customised mbp 2.66 i7 with 8gb ram and 2x 512gb SSD drives (drive 2 replaces superdrive bay)
  I'm now using Mavericks with Server 3, Deploy Studio and ARD 3.7
  Here's the problem.
  For me to work with a blind client's mac relying on voiceover, I cannot grab system audio from the client, nor can I use Voiceover keys, etc to control the client's mac to conduct training, repairs and management.
  I was hoping that ARD 3.7 would cover my needs but it isn't. the only use it can prove useful for is catalogueing networked systems, setting up routines that don't require direct UI interaction, etc. this is a real disappointment for me.
  I've emailed apple accessibility and sent a bug report to apple feedback. heard nothing.
  I have road tested and researched various products besides ARD 3.7 and either companies want yearly subscriptions  which in some cases require pro licenses to be purchased. in one particular developer's pack you have to purchase the pro app and central to administer client management, reports, etc. without that, the features needed including full keyboard control and audio interfacing make my work extremely difficult.
  in cases where I'm supporting a user who is blind / visually impaired and also has learning difficulties, instructions and detailed settings are of no use because the client cannot fully understand the processes involved, in cases where voiceover isn't playing ball for the client, I could step in to resolve the issue, use terminal within their system, conduct in-depth repairs, set up policies, etc.
  If there's any apple Admins here, apple developers reading this forum, please can you integrate voiceover support to client level as well as audio support? there are many blind It techs, developers, engineers, admins, tutors and trainers across the world and this product would make a change. After all, we blind mac users represent apple marketing your products in a way that changes other peoples lives for the better. Any support on this would be much appreciated.
  Ed

  Not sure how that would happen but you should be able to revert to the Mac App Store version with the following steps:
  1. Launch the App Store app
  2. Go to the Purchases secton and verify that Apple Remote Desktop is showing in your list
  3. Assuming it's in your list, delete Remote Desktop.app from /Applications
  4. Verify that Remote Desktop.app is not installed on any other mounted volumes using Spotlight
  5. If it is installed then either unmount those volumes or delete the app from those other locations
  6. Go back to the Purchases section of the App Store app
  7. If Apple Remote Desktop is shown as "Installed" then select "Reload Page" from the "Store" menu
  8. The entry for Apple Remote Desktop should now give you the option to "Install"
  9. Click "Install"
  After installation you should have the correct Mac App Store version that does not prompt for a serial number.