Description
With the release of LANDesk Management Suite 2016.3 SU3, and Ivanti Endpoint Manager 2017.x, we have upgraded our hash encryption algorithms to use SHA-256 hashes for the pass-through Authentication Token. This change to the algorithm prevents older agents from being able to decrypt the token, causing the following errors for both HTML and Legacy remote control.
Error when using HTML Remote Control:
Authentication Failed.
Invalid Credentials or No rights to Remote Control.
Error when using Legacy Remote Control:
The signed rights document was not valid. Authentication failed.
Receive Failed: 0.
You do not have rights to access the remote computer.
Resolution
Updating the agent to match the core version will resolve the issue, as the newer agent will be able to decrypt the authentication token. Be sure that you click on rebuild all underneath Tools>Configuration>Agent Configuration before deploying the agent.
It has always been the position of Ivanti Support that Agents should be updated as quickly as possible after the core server has been upgraded. Although this is an inconvenience, it is working as designed and is expected Ivanti admins will work to upgrade their agents as quickly as possible to return to full functionality.
You may also be able to get this to work if you add your configured COM+ user to the local "LANDesk Management Suite" Group and give that group access to C:\Program Files\LANDesk\Shared Files\keys.
This should allow agents on 2017.1 and above to function, however, we would still recommend updating the agent as mentioned above. All other agent versions will need to be upgraded for remote control to function properly.
Workaround
- Issue: Unable to remote control to any clients after upgrading to 2017.x
- For HTML Remote Control When presented with the authentication error, click OK, and you will be prompted for your credentials. Enter your credentials in manually and, provided you have the necessary access, it will successfully initiate the remote control session.
