Kaseya Community

Session Security Timeout since .26

  • Has anyone been seeing this message since upgrading to .26 ?

    This is the first time we are seeing it, is this a setting we can change somewhere?

    Thanks

  • Yeah, so we have too. And there's no point in clicking on Extend Session. I also do not understand what the extension of 5 minutes should. Then the session is simply ended without asking.



    -
    [edited by: exitsys at 8:32 AM (GMT -7) on Mar 31, 2020]
  • Is this just expiring the Live Connect session to the server, or the session to the VSA itself?

    We've had an issue with 9.5.0.25 and a mandatory 2 hour timeout on logins to the VSA....

  • Its only live connect, and it kills all the live connect sessions you have open regardless of time

    Once one of the Live Connect sessions reaches the 3 hours, you can extend that one twice for 5 minutes, then it closes all your sessions off

    You remain logged into he VSA no problem

  • You can also just close the pop up and it still works had one up for 3:35. However if you open a new session while the pop up is up it locks up all the sessions. I can not find a setting anywhere to turn this thing off. I think I am going to turn the timers off and see if it still happens. I like the timers but if that fixes it I'll gladly give them up. I also posted about this on the sticky for .26 update but have gotten no reply to it save for a mention of this post as well.

  • Seems as though there is no setting, unfortunately, I opened a support case and this is what they have said so far:

    ------

    Hi Michael,

    Thank you for contacting the Kaseya Support; My name is Niranjan S A and I will be glad to assist with this.

    As per the recent update this an additional feature added to fix a session not timing out even when the user is logged from VSA. By default, a session timeout of 3hrs is hardcoded. At this time I do not see an option to turn this off. I will have this tested on my end and update you shortly on the outcome.

    I appreciate your patience and cooperation on this.

    Thank you,

    ------

    a bit disappointing they did not mention this in the notes unless I missed it. Told them I need some type of solution, waiting to hear back

  • I went through the release notes few times more since running into this problem and I can't find any mention of this. I just had to reopen a bunch of them because i hit the time again.

  • Who in their right mind thought that was a good idea? And especially now. A sizable portion of our client base is now working from home. Most through Kaseya. We have fielded a lot of calls on this.

    Even for us. Most of us work from our home computers, but establish a LiveConnet session to our office computer because they have tools not available at hoe. The time out is getting annoying.

  • Totally Agree, sergea.  We have over 50 users that are working from home and I am getting calls from everyone of them that they are getting disconnected.  This need to be rolled back immediately since a large portion of the world is working from home and using Kaseya to connect into their on-site machines.  I also don't remember seeing this in the Release Notes.  Kaseya, please roll this back until you have a way for us to shut it off on certain machine, users, or all together.  Be Safe Everyone!

  • this is exactly the point I made to them, their last response:

    -----

    Hi Michael,

    Our Product Team is currently evaluating this feature. We will either revert it or enhance it with a configuration setting. We are looking to make this change soon, so we will keep you updated.

    -----

    hopefully, they will have something very soon to undo/extend this timeout

    I also asked not he release notes, their response:

    -----

    Hi Michael

    This is what triggered the change:

    • Fixed an issue when Remote Control could still be running after a user was logged out of the VSA.

    -----

    The description hardly describes to the MSP that there KLC sessions are now limited to only 3 hours despite being actively logged in and working in the system

  • Well I can tell you that they did not fix that. I left my sessions running last night and now have four sessions 2 over 10 hours and 2 over 9:30 hours. Our timeout is set to longer than 3 hours so that does not control this 3 hour timer they put in. If you just close the pop up they keep working like normal. I really don't like this "feature" set and uncontrollable.

  • Hey Community,

    Just to update.  Product team is aware of this and looking to revert this behavior and deploy the update as soon as possible.  We will address this.

    We are already discussing around allowing this feature to be configured in the future.

    Updates will be provided as they become available.

  • I just received a Scheduled Maintenance email scheduled for tomorrow.  Is this to roll this back?



    I reached out to Cesar directly and the update that is scheduled for today is to fix an issue with the VSA Backups, nothing to do with any of the VSA modules.
    [edited by: sedie01 at 6:10 AM (GMT -7) on Apr 4, 2020]
  • It is clearly in the release notes.

    "Fixed an issue when Remote Control could still be running after a user was logged out of the VSA. Remote Control sessions now have a maximum connection period of 180 minutes with an option to extend the session twice, for a maximum extension of ten minutes."

    And yes Its the dumbest implementation of a supposed security 'fix'.

    The disconmect timeout should be based around user inactivity, not a fixed time, if anything.

  • Honestly... With what they say the "issue" is, the correct fix would be to have LiveConnect/Remote Control send regular heartbeat packets back to the VSA, and the VSA in return could send a "logout" packet back in response if/when the VSA logout occurs...