User Initiated Remote Control - Behind NAT

Similar Messages

• Unable to allow remote control and deny transfer files in RM

  Hi, we're running ZCM 11 SP1 and I have a question about assiging rights to non-Helpdesk users for remote control only for user application support. It looks like if I deny transfer files that the button for remote control automatically changes from allow to deny. I couldn't find anything in the forums, KB, or docs to see if this is working as intended or a bug of some sort? If intended, do you know why remote control and transfer files go together, just curious? In ConsoleOne versions of remote management we had always limited non-Helpdesk remote operators and were hoping to do exactly the same with ZCM11. Thanks.

  Originally Posted by spond
  Newellt,
  I can't see why it would be necessary, I suggest you open a Service
  Request and complain!
  Shaun Pond
  Was there ever a workaround for this? I'm seeing the same behavior in 11.2.3 and we have a need to block file transfer but allow remote management.

• Problems with remote control and user accounts - error 1759?

  We're running:
  -XP Pro SP2 clients with Zen SP1 IR3a agent, 4.91 SP2 Netware client.
  -We are NOT running Middle Tier.
  -Novell servers are running Netware 6.5 SP7, E-directory 8.7.3.10b or 8.8.
  -Zen server is also SP1 IR3a.
  We have no problem using remote control on workstation objects. We are having intermittent issues with remote controlling user objects. When the issue occurs, we receive the following error, "Error 1759: The selected user is not logged in on any workstations" even though the user is in fact logged in. After some more research, it appears that the "networkAddress" attribute of the user object is blank so we feel that this is the root cause. My question is what would cause the networkAddress attribute to randomly not update? For instance we had a user (verified his login) who we could not remote via the user object (workstation object worked). We checked his networkAddress attribute and found that it was empty. User rebooted and logged in again and his networkAddress attribute populated, and then we could remote control him via the user object. Now this isn't always the case after a reboot. There doesn't appear to be any pattern to when the networkAddress attribute does or does not update. In fact, this particular user has a laptop so he boots it up fresh every morning yet he was not showing a network address when he logged in initially today.
  We've followed the troubleshooting steps in Novell Documentation without any success. Is there anything else that we might be missing, especially with respect to getting the networkAddress attribute to update? We ran a DSreport on that attribute and found about 500 out of a total of 1500 users had no networkAddress. Some of those are sure to be legitimate but that number is much too high for the number of people that should be in the office.
  I've read some older threads on the subject but none of them really provide a firm solution. Also most of the older threads reference Middle Tier which we are not using.
  Thanks in advance.

  > 4.91 SP2 Netware client.
  You could try this TID:
  "A user will no longer have an entry in their "Network Address" attribute
  even though they are logged into the eDirectory Tree."
  http://www.novell.com/support/viewCo...1262&sliceId=1
  "Resolution"
  "This was fixed in the 4.91 SP3 client. NWFS.SYS was modified so that it
  will check the monitor connection on a reconnect and if it is not connected
  close the connection and try and get a new monitor connection to the tree.
  Prior to the 4.91 SP3 client, the solution is to have the user login again
  so that it issues the NDS Finish Login request again that will populate
  Network Address again."
  Regards
  Rolf Lidvall
  Swedish Radio (Ltd)

• Middletier RC Outside Users Behind NAT

  I recently setup the middletier server so that I could begin remote
  controlling our outside users. I have zfd 4 running on my home pc and it
  is able to login to the middletier and I have successfully imported the
  workstation into the tree. However, I have not been able to remote
  control the pc. I have a cable router setup at home with NAT enabled.
  The imported workstation shows the ip address of the internal network and
  not the public address. Is this the problem? Am I only able to remote
  control workstations with public addresses?
  Also, pc's at the office connect to the middletier and are remote
  controlled with no problems.
  I am using Novell 6.5 with Zen 4 (the Zen server is on a Novell 6.5
  server, while the middletier is on a Windows 2000 server).
  Thanks for your help,
  Brad Pierce

  Marcus,
  How do users request a remote control session in Zfd4? I have found the
  rclistener.exe program for Zen 6.5 and 7, but Novell Support doesn't seem
  to mention much about requesting from Zfd4.
  Thanks.
  > On Wed, 21 Sep 2005 17:59:13 GMT, [email protected] wrote:
  >
  > > Am I only able to remote
  > > control workstations with public addresses?
  >
  > in general yes...
  >
  > you could let the user request a remote control session..
  >
  > or you could create a port mapping on your firewall.. which would still
  > require some hacking of the edir object as you would have to put the
  public
  > ip of the firewall into it..
  > --
  >
  > Marcus Breiden
  >
  > Please change -- to - to mail me.
  > The content of this mail is my private and personal opinion.
  > http://www.edu-magic.net

• How do I remote control a user in remote desktop services in Windows Server 2012?

  Hello,
  we currently operate in a 2008 R2 environment with the majority of clients connecting to our terminal servers.  We use the remote control feature in terminal services manager to connect to a users session when a user phones our helpdesk with
  a question / issue.
  Just today I've installed 2012 server on a hyper-v virtual machine to have a play with it.  I've installed the Remote Desktop Services and noticed this remote control feature is gone.  I can still log off or send a message to a user, but I can
  no longer remote control their session.
  I've seen one or two other posts stating this feature has been removed completely.
  So, a couple of questions:
  1. How on earth do I "shadow" or connect to a users session now?
  2. If I have to go third party to get this functionality back, what's the best software on the market for this and does it support remote connecting of users who have their RDP session span multiple monitors? (2008 R2 doesn't)
  3. Will Microsoft ever bring this feature back? as at this stage I doubt we would move to 2012.  This is the one feature that is crucial to the day-to-day running of our helpdesk.
  Cheers.

  A large percentage of our IT support business is through remote management. Most of our large enterprise customers are Terminal Server environment (now called Remote Desktop - why does Microsoft have to change EVERYTHING - how would they feel if I changed
  the colour of the sky from blue to red just because I could?).
  Last week, after much expense to the customer (and realising that there WOULD be some cosmetic headaches to contend with Server Management) we installed a new "Remote Desktop Server" for them and shifting them from 2003 - a big leap so we discovered.
  During deployment it came as a HORRIFIC surprise that we could not remote control user's sessions!
  Yes, we ARE to blame for not fully realising the cock-up Microsoft has made for us. We should have fully researched every detail of what changes they made and what they have robbed us of.
  Firstly, the removal of the ability to fully manage user's sessions came as a HUGE blow!
  The remaining multiple issues that followed (including the hugely cumbersome and SLOW way of accessing user's sessions and the false information that the console was reporting users logged in when they had already logged out) suddenly resulted in us decommissioning
  the new 2012 installation in favour of a 2008 R2 installation.
  Some may ask; Why not use "Third Party" apps to counteract the issue? Firstly; why spend MORE and why use a third party app that "is as" cumbersome to use just because of a freaking feature that Microsoft deemed a "security risk" - for G.D sake!
  We have now been directed by management to convince customers that a move to 2012 is NOT recommended - good choice boss, I love you!
  The question is; will Microsoft re-implement this feature and fix Server Management performance/accessibility in a future release before 2008 R2 is no longer available? Probably not - it looks like their stubbornness to forge ahead with their craze mind-set
  of transforming their products into something that is now annoying millions (including their bloody push towards everything-cloud which NONE of our customers want anything to do with).
  Microsoft! Get us back on to your side and take a step back, take a deep breath and listen to consumers!

• Remote control kicks you out when trying to change the logged in user by clicking on the red N

  I'm running Zen 6.5 with the latest updates and the latest agents... I can
  successfully remote control a workstation through ConsoleOne but I have 2
  issues:
  1. If I'm in the middle of a remote session and I right click on the red
  N icon and change the user, it kicks me out and says "operation is
  currently disabled for the logged in user".
  2. Whenever I log in it changes the desktop background to blank (it's
  actually a blue background) and it doesn't change it back after I close
  the remote session. If I physically go that workstation and logout and
  log back in, it still keeps that same blue background.

  Gilbert,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Cannot "Remote Control" Users in a RDP (TS) server.

  So, I have a few Terminal servers (now called Remote Desktop Servers) setup and running, various Operating systems, but all 2008r2 and above.
  All of them are having an issue that has cropped up over the last few months. Either in Task manger, or in the Remote Desktop Manger, I cannot right click and select "Remote Control" to see what a user sees. 
  As you can see the, connect and Remote control are Grayed out. Although on some of the servers, I can connect, that disconnects the user from the system.
  I cannot find a setting that allows me to unlock this ability. 
  I am an admin, and I can provide any information that you need.
  Thanks!
  Rule your day, you never know when it might be your last.

  I am remoted into the server, and running the manager from the remote session.
  I see the same behaviour from the console session of the server.
  Rule your day, you never know when it might be your last.

• How to use the *new* "per-user remote control"?

  Per the ARD discription page at:  http://itunes.apple.com/us/app/apple-remote-desktop/id409907375?mt=12
  It says under "Whats New in 3.5.1":
  "Per-user remote control
  You can remotely log in to a Mac with any user account on that computer and control it, without interrupting someone else who might be using the computer under a different login.
  How can I do this?  I can't seem to find the ability.  If I use ARD in it's "normal" mode, I am on the user's console at the same time they are.... I want to be "underneath" the console without affecting them.

  That capability is only available if your client systems are running Mac OS X 10.7 Lion. See:
  http://support.apple.com/kb/HT4715
  Regards.

• Allowing the domain users Group to SCCM 2012 Remote Control

  Hi There,
  been working on this issue for the last few days now and its frustrating the crap out of me. My company has requested for all Domain users to be allowed to Remote Control to everyone's computer. This is so that users will be able to show each other how to
  use in house application. In SCCM 2012 console, I've added the Domain users to the Premitted viewer tab. I've also added the domain user group to the administrative user section, added the Remote operator role and assigned the
  ALL security scope to it. On another machine, i run the CMRCviewer to this machine and it prompts for username advising me the one i provided isn't authorized. when i check on the targeted machine, i can see domain users populated in the ConfigMgr
  remote control user group
  It seems only domain admins have rights to Remote control in. i've only got one client setting defined (default policy).
  the interesting thing is the following layout
  WINDOWS XP ---> WINDOWS 7      prompts for username
  WINDOWS 7 -----> WINDOWS XP  works
  WINDOWS XP -----> WINDOWS XP  works
  WINDOWS 7 ------> WINDOWS 7     prompts for username

  Hi Dave,
  1) yes domain users is part of the configMgr remote control users". CMRCSERVICE.log shows the following
  === Starting security handshake ===
  CmRcService
  11/03/2013 10:44:29 AM
  4808 (0x12C8)
  HandshakeWorker failed.. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Security filter server: DoHandshake failed.. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  m_pSecFilter DoHandshake() failed. CmRcService
  11/03/2013 10:44:29 AM 4808 (0x12C8)
  DoHandshake failed on server side. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Failed to do Handshake in Server. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Failed to create security context.. Security Handshake failed.
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Failed to validate Security requirement.. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  Failed to complete the RDP connection.. 
  The logon attempt failed (Error: 8009030C; Source: Windows)
  CmRcService 11/03/2013 10:44:29 AM
  4808 (0x12C8)
  i've confirmed this user is part of domain users as well.

• Remote control user object fail

  I have ZDM7 SP1 with hot patch 6 on Win2003 (eDir 8.8.1).
  I config remote management Policy to User & Workstation Objects.
  But I try to test Remote Control functtionalty,find Remote Control
  Workstation is successful But User object is fail....
  I try to install TID 2974098 to replace xtaddr.dll but the problem still
  occur......
  Anyone know how to fix it ??
  wyldkao

  wyldkao,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• How to setup Remote Control for a user

  We have Zen 4, eDir 8.7.3, NW 6.5 and I have a regular user (no admin
  rights) that I want to allow to remote control into all our
  workstations that are spread out over 40 OUs.
  1. What rights does this person need to do be able to Remote in to the
  workstations?
  2. What is a good solution to set this up?
  Thanks

  Port,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Remote controll wipes out user's desktop wallpaper

  I have a issue that I hope someone can help with. I have a user that has ZCM client 10.2 installed and whenever I remote her desktop, her wallpaper is removed, and is NOT restored after releasing the remote session. Has anyone experienced this problem?

  Originally Posted by patrickhopkins
  I have a issue that I hope someone can help with. I have a user that has ZCM client 10.2 installed and whenever I remote her desktop, her wallpaper is removed, and is NOT restored after releasing the remote session. Has anyone experienced this problem?
  This is fixed in ZCM 10.2.1.
  Bug 417963 Remote Control doesn't put the right wallpaper back if set through Policy
  Thomas

• Remote control users = screen goes crazy

  Whenever I try to remote control some users not all. It causes my remote
  control screen to do funny things like it will turn all white and I can't
  see anything. But when I remote control them by their workstation
  everything works just fine. What could cause such a thing? I don't
  understand why it goes all crazy when I select a user but everythings fine
  when I select the users workstation.
  Thanks

  joe,
  It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com/ to search the knowledgebase and check the other support options available on that page under "Self Support" and "Support Programs".
  - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
  If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Remote control issue with only some users

  I'm having an issue that I can't seem to find any reference to anywhere.
  Our client has two servers. One is Server 2003 and is running AD, the other is 2008R2 and is running terminal services.
  When I create a new user in AD, if I set the option in AD to allow remote control, do not require permission and interact and I set these options before the first time the user logs into the terminal then I can remote control that user's session without
  a problem.
  However, if I leave the defaults in AD to allow remote control but require the user's permission and the user logs into the terminal the first time with permissions set like that then forever more I can never remote into that user's sessions. Changing the
  options in AD later to not require user's permission no longer helps. When I try to remote into that user's session the user does not get a pop-up requesting permission, rather I just get an Access Denied message. If I try to shadow via an elevated command
  prompt I get error 317. I haven't been able to find any differences in GP or the registry between users that I can shadow and those I can't. Some setting specific to each user is getting set on first login that can't seem to be undone by changing the settings
  in AD. Where might I find this?
  Thanks!

  Hi,
  Thank you for posting in Windows Server Forum.
  Please check that you have added user under “Remote Desktop User” local group. In addition they are
  added under GPO setting “Allow logon through Remote Desktop Services” and
  not added under “Deny logon through Remote Desktop Services”.
  You can check the setting under below mention path.
  GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
  More information:
  Allow log on through Remote Desktop Services
  http://technet.microsoft.com/en-us/library/dn221985.aspx
  In addition please check that you are not limiting in number of users who can connect simultaneously and also verify Remote Desktop Services Logon rights. Please check beneath article for additional details.
  Remote Desktop disconnected or can’t connect to remote computer or to Remote Desktop server (Terminal Server) that is running Windows Server 2008 R2
  http://support.microsoft.com/kb/2477176
  Hope it helps!
  Thanks, 
  Dharmesh

• User Remote Control during a Task Sequence?

  Hi!
  Have just created a boot image that uses Dart 8.1 so i can connect to a computer during a computer installation but this only works when the computer is booted in winpe. Is it possible to use SCCMs Remote Control feature to connect to the computer after
  winpe? I have tried with no success.
  The Agent is running so it should be working right?
  Has anyone tried this and got it to work?
  Thanks!

  Yeah, it would be nice if there was a way. I've managed to get by without it for the time being through some creative training and remote onsite techs. I have the desktop techs here pretty well versed in parsing the logs. I also created a custom HTA for
  failures and successes that allow the guys to launch the cmtrace tool and look through the logs without having to know how to hit F8 and then type in cmtrace. So, fortunately, with that much at their fingertips I only have to get involved when there is really
  something wrong on the server side. Also, having a window that states failure or success and telling them that they should only consider the image a success if they see the green window takes some of the "Watch it constantly so you can catch the error message
  before it times out and goes to the logon screen" issue.
  Dustin Estes - MCP | www.dustinestes.com