Messages posted by: Bethesdaadk
We are an on-premise installation. Our serverConf.xml file has no "RC" section in it. Moreover, your port suggestions don't seem to jibe with others I've received. I thought RC was done over 4228.

In the case that led me to post the original question, I uninstalled the SysAid agent and reinstalled the agent via the SysAid deploy program.

SysAid now reports the workstation as being "Online."

However, most of the SysAid Deploy Program still reports that it cannot determine what version of SysAid agent is installed on the workstation - even after uninstalling it and reinstalling it - and then rescanning the network.

I may have to open up a ticket because either the deploy agent is too buggy or I'm doing something wrong.
My GPO appears to be applied, but again, I'm not sure if what's being applied is correct. Here is a Wizard result. It indicates it's an inbound rule. Does there need to be anything else?

Inbound Ruleshide
Name Description Winning GPO
SysAid Agent Version Verification UDP Port 8193 Allows SysAid Remote Discovery to report on the version of the SysAid Agent running on a workstation behind the local Windows Firewall Firewall Exceptions
This rule may contain some elements that cannot be interpreted by current version of GPMC reporting module
Enabled True
Program Any
Action Allow
Security Require authentication
Authorized computers
Authorized users
Protocol 17
Local port 8193
Remote port Any
ICMP settings Any
Local scope Any
Remote scope Any
Profile Domain
Network interface type All
Service All programs and services
Allow edge traversal False

I recently tried to perform a remote control session with an internal desktop that had the SysAid RC Client installed and was in my list of assets. But it wouldn't work. When I looked in my Deploy SysAid program, it reported back with the "see if it's running" message - even though it was running. Looking back on earlier posts, I realized the UDP 8193 needed to be open. However, I checked that I had indeed created a GPO for just that purpose.

However, I don't think that GPO works correctly. It was applied, but when I ran portqry on the machine in question, I did not find 8193 open.

C:\PortQryV2>portqry -n optiplex

Querying target system called:


Attempting to resolve name to IP address...

Name resolved to


TCP port 80 (http service): FILTERED


Can someone point to the correct GPO settings - in a Windows 7 environment - for opening up this port? I think there is more than one location in GPO to achieve this.


Adam in DC
Perfectly acceptable answer. Glad to know that you can reproduce it.
Any update on the 404 error?
I'm deploying a fleet of Dell Ultrabooks - E7440s. They come with vPro and I'm turning vPro on.

My last batch of Dell's also had vPro and I was able to connect to them via SysAid - at a basic level. Power up, down, etc. But no RC. RC had to be done via the SysAid client.

However, with the new Dells, I'm getting the following error when attempting to talk to their vPro:

vPro connection error (Transport error: 404 Error: Not Found).

I know that vPro is indeed working because I was just able to do a KVM session to a new machine via Real VNC.

Another question:

Since SysAid leverages RealVNC in it's remote control AND RealVNC is also a usable remote client for leveraging vPro, it would seem that SysAid should not only talk to vPro, but also offer optional remote control via vPro rather than the SysAid client.

I'm not sure if this is technically feasible, or it's a licensing issue, or just a bad idea, but it would be interesting to hear more about this.


Adam in DC

We're running v9.1.02 b71 with a sql express back end.

I have a user who is properly enrolled in the self service section of SysAid and discovered that she cannot unlock her account because the option no longer exists on the login screen.

There is a password reset option, but not an unlock option. This was an important feature. Where did it go?


Adam in DC
SqlExpress 2008 R2 Issues. Could not get SysAid to connect to a new blank DB.

My SQL DB person finally figured out to go into the "Sql Server Configuration Manager" as opposed to the studio.

"Protocols for SQLEXPRESS" (or whatever you named your instance.

TCP/IP properties need to be enabled

IPALL Section of IP Addresses tab

Set TCP Port to 1433

Then we were able to connect SysAid to SQLExpress on the same machine.

I tried the right-click trick with move and then arrow keys. It's a little better, in that you can actually move a box. But you don't get to see the movement until after you hit RETURN, so it's kind of a blind movement, for lack of a better term.

I suppose I could make a firewall rule for 4228 directly to my machine. Will have to think about it. is probably the nirvana in what I'm looking for. Not sure if that's fair or not.

But thanks for the tips. I still love SysAid.

I have not tested RC (remote control) outside of our LAN. Inside of the lan, I can establish an RC session using either RCG or Direct Connect. Direct Connect seems to perform much better than RCG. The biggest issues I have with RCG is that I cannot click and drag a window remotely.

For instance, I can execute Word. I can type in Word. But I cannot move a Word Window to another part of the screen.

Also, the zoom feature only seems to give me the choice between too big and too small. When it is too big, I cannot scroll down to see the bottom of the screen, so I have to shrink the screen to see the whole screen.

Has anyone else noticed these issues? Does Direct Connect work with agents outside of the lan?

Also, I think the Deploy SysAid separate console is a big improvement! Thanks for that. I think it's much easier to deploy sysaid agents using this tool rather than GPO or scripting or transform files. Since we're a Windows 7 shop, I was able to use a GPO to open the appropriate port and actually see the version of the existing agent on the desired workstation.

I don't think you can backup to a network location. Only local.

For network location, you'll probably have to use ntbackup or whatever it's called nowadays.
Changing Listener className="org.apache.catalina.core.AprLifecycleListener" from on to off made no difference for me. It still sees the selfsigned cert rather than the godaddy cert.
I've learned more about keystore than I care to the last two days. But still no success.

I think this shows that I've successfully imported the certificates into my keystore:

C:\Program Files\SysAidServer\jre\bin>keytool -list -keystore "c:\program files\
Enter keystore password:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

root, Apr 4, 2012, trustedCertEntry,
Certificate fingerprint (MD5): D5F:85:B7:9A:52:871:8C5:0F:90:23:2D:B5:34
helpdesk2012, Apr 4, 2012, trustedCertEntry,
Certificate fingerprint (MD5): DF:AD:9E:FE:13:7E:6E:12:8D:0F:55:1A:2A:4D7:6A
xxxx2012, Apr 4, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): D5:5A:FF:9B:64:66:0F:1C:18:92:FD:C3:4D:38:07:A8

The relevant server.xml text is this:

<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
<Connector port="80" protocol="HTTP/1.1"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
redirectPort="8443" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->

<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files\SysAidServer\tomcat.keystore"

as you can see, I'm testing using the keyAlias statement. The one shown references the selfsigned portion of the keystore file. If I delete the keyAlias, the result is the only shows the self signed certificate thus causing an error with the browser.

If I reference the keyAlias helpdesk2012 which is a godaddy certificate running from 2012 to 2013 the site practically goes dark.

So, I cannot seem to get a purchased certificate to work. But I can get a self-signed one to work. But it's only good for 90 days and still causes an error in the browser...the one thing I was trying to eliminate.



Adam in Washington, DC

We are testing the password reset feature and I had a user who could not enroll in the system. He sent me his password and I enrolled him fine. Since he was a Mac user and I had just used IE, I asked him to retry setting his security questions using Firefox. It worked. Then I had him try and change his security question in Safari. It told him he didn't have rights.

Not sure if this is well known, or if I'm the first.

Adam in DC

I have successfully changed the name of the URL in our serverconf.xml file.

I have approximately 65 workstations (laptops and desktops) that have older sysaid agents on them. Assuming I have a good way to deploy the agent, am I required to UNinstall the old agent first? Or can I install the new agent on top of the old agent and will the new server URL overwrite the old server URL ?


Adam in Washington, DC