Kaseya Community Patch Release - 5 November 2019

  • Hello Community,

    Below are the important announcements, guides, and release notes with our VSA version.

    ----------------------------------------------------------------------------------------------------------- Patch Release - 5 November 2019

    You may view the latest notes published here.


    With the release of, HTTP cannot be used and is no longer supported in VSA. If you are currently using HTTP with a previous version of VSA, we strongly recommend switching to HTTPS.

    If you need help configuring HTTPS and setting up a security certificate, you can find more information on SSL Certificates here: Using Security Certificates. VSA supports self-signed, and trusted CA SSL certificates.

    This release requires agent version Be sure to update your Windows, Mac, and Linux agents after installing this release. For requirements, see Agent minimum requirements.


    Consistent with Microsoft’s Product Lifecycle Policy and End of Extended Support Dates, Kaseya VSA no longer provides support for the following products:

    • Microsoft SQL Server 2008 (all editions and service packs)
    • Microsoft SQL Server 2012 (all editions and service packs other than R2 SP4; support will continue for Microsoft SQL Server 2012 R2 SP4)

    Consistent with Microsoft’s Product Lifecycle Policy and End of Extended Support Dates, Kaseya VSA will no longer provide support for the following products on the dates indicated:

    • Microsoft Windows Server 2008 (all editions and service packs): January 14, 2020
    • Microsoft Windows 7 (all editions and service packs): January 14, 2020
    • Microsoft Internet Explorer 10: January 31, 2020

    The following VSA functionality will no longer be available or supported on the date indicated:

    • Classic VSA User Interface (System > Server Management > Default Settings > Enable the Classic User Interface): January 31, 2020

    Agent minimum requirements

    The following resources are required for each managed machine:

    • 333 MHz CPU or greater
    • 128 MB of RAM
    • 100 MB of free disk space
    • Network Interface Card (NIC) or modem

    The following operating systems and versions are supported:


    Support is provided for the operating systems and versions listed below. Although the installation and operation of the Kaseya VSA agent may work with other operating systems and versions, Kaseya does not guarantee functionality or provide support for any operating system or version that is not in the list below. This includes, but is not limited to, newer OS versions that have not been explicitly identified.

    • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
    • Microsoft Windows 7, 8, 8.1, 10
    • Apple Mac OS X 10.7, 10.8, 10.9, 10.10, 10.11; macOS 10.12, 10.13 and 10.14


    macOS Catalina (aka macOS 10.15) - Kaseya is currently working to provide support for Catalina. However, please note that the Kaseya VSA agent will not currently operate on macOS Catalina and is not currently supported for macOS Catalina.

    • The Linux agent only supports Intel-based machines. SUSE Linux Enterprise (11, 12), OpenSUSE Leap 42.3, CentOS (6, 7), Red Hat Enterprise Linux (6, 7), and Ubuntu (12.04 LTS, 14.04 LTS, 16.04 LTS, 18.04 LTS) are supported as headless agents. User interface based agent procedures will not work.

    The following ports are required:

    • TCP/IP Outbound Port 5721. Agents connect to the Kaseya Server on port 5721. This port assignment may be changed by the administrator.
    • UDP/TCP Outbound Port 3478 to stun.kaseya.com to optimize Kaseya Remote Control performance and leverage P2P for file deployments. Enable Consistent NAT, if it is an option in firewall configurations, especially SonicWall.


    During a peer-to-peer (P2P) Remote Control session or file transfer, agents may attempt to communicate using mapped TCP and/or UDP ports (typically in range 50000 and above) as per STUN protocol.

    • No Inbound Ports

    For complete system requirements, see the Kaseya R95 System Requirements guide.


    • Agent - Windows - Added support for Windows Server 2019.
    • Authenticator application for 2 Factor Authentication (2FA) - To log in to VSA using 2FA, the user must enter their username/password credentials and a Time-based, One-Time Password (TOTP). TOTP is an authorization code generated by an Authenticator application and is valid for a limited time. This release adds these Authenticator applications:

    –        Google Authenticator

    –        Microsoft Authenticator

    –        Authenticator extension in Chrome browser

    For details on using these Authenticators, see the VSA 2 Factor Authentication User Manual.

    • Content Pack - Added support for Windows Server 2019.
    • Database & Schema - Added a routine to remove older records from the Endpoint.EndpointDownloadProgress table.
    • IT Complete - Completed support for Windows Server 2019.
    • Kaseya Views - Improved view logic to enable dynamic classification of operating system versions, eliminating the need to hard code these versions as they are released.

    Bug Fixes


    • Fixed an issue where certain Microsoft Office licenses were not included in agent audits. With this fix, Office 2010, Office 2016, and Office 365 licenses are now detected during audits.


    • Latest Audit - Fixed an issue with Mac machines where newly installed applications were not being detected by Latest Audits.

    AuthAnvil Integration

    • AuthAnvil > Two Factor Auth - Fixed an issue that caused data from the wrong AuthAnvil tenant to display. BMS Integration
    • Fixed an issue with VSA returning incorrect Machine Group IDs when sending asset data to BMS.
    • Fixed an issue where auto-close was not working in BMS on Service Desk-enabled SaaS servers.
    • Fixed an issue with the Sync Configuration Deduplicate matching tickets within X hours rule where alerts were being added to the original ticket after X hours had elapsed.
    • BMS passwords that contain special characters can now be used for BMS-VSA integration.

    Database & Schema

    • Fixed an internal SQL Incorrect syntax error found in SaaS installations.
    • Ctrl + V can now be used to paste text into the Command Prompt and PowerShell. Live Connect & Remote Control
    • A warning message now displays when connecting to an outdated agent.
    • The tooltip on the Recording button now reads Stop recording while recording is in progress.
    • Keyboard and mouse functionality -

    Live Connect

    • Ctrl + V can now be used to paste text into the Command Prompt and PowerShell.
    • A warning message now displays when connecting to an outdated agent.

    Remote Control

    • The tooltip on the Recording button now reads Stop recording while recording is in progress.
    • Keyboard and mouse functionality

    –        The Shift key on the right side of the keyboard now works properly in Hyper-V Manager and RDP Client applications run through Remote Control                  sessions.

    –        Fixed an issue where key press and release events were sending too many keys to the endpoint.

    –        Fixed an issue where some keys had to be clicked twice to be detected in the Remote Control session.


    • The update user API call PUT /system/users/{userId} can now be used to change the user's password.
    • The /system/orgs/{orgId}/machinegroups API has been changed to no longer allow special characters in machine group names. If a user attempts to create a machine group name that contains special characters, the UI displays a message similar to: MachineGroupName cannot contain the following special characters: %$&.
    • Updated the automation/servicedesks REST endpoint to return only the service desks defined in the administrator's scope.
    • Fixed an issue where GET alarms calls were returning the wrong values for MachineGroup and agentName. Security Vulnerability
    • Fixed a SQL injection vulnerability found in file upload operations.
    • Fixed an unauthenticated arbitrary file read vulnerability.
    • Fixed a user security issue that enabled access to the Service Desk module for users with the KBAdmin role. With this fix, KBAdmin users now have access to the Service Billing module (and can no longer access the Service Desk module).
    • Fixed an issue in new VSA installations where the Service Billing and Service Desk modules were empty (no folders and features displayed under these modules).

    Service Billing & Service Desk

    Service Desk

    • Non-admin users can now change their passwords.

    Service Desk, Time Tracking, REST API, & VSA UI

    • Fixed the following issues encountered when using the Add Timer icon in the main toolbar of the new UI:

    –        Adding a new timer - Fixed an issue where the new timer did not display until the page was refreshed manually.

    –        Adding a new Admin Task Ticket timer - Tasks are now ordered alphabetically in the Task Name drop-down.

    –        Adding a new Service Desk Ticket timer - Fixed the following error that prevented users from creating Service Desk Ticket timers: Error getting list of                      service desks.

    –        Submitting a timer - Added an Apply and Reset Timer option, which submits the time and restarts the timer.

    –        Submitting a timer - Added the option to modify the timer's Task Name and Reference information when submitting time.

    –        Filter tickets - Added the ability to filter by My Tickets.

    –        Selecting a ticket - Added the ticket number to each description in the Ticket drop-down list.

    –        Active timers - In progress timers are now paused upon adding a new timer.

    Software Management Module

    • Fixed an issue that prevented installation of Adobe Reader. Installation would fail with this message: Software not supported on this machine - Adobe Systems, Inc Reader.
    • Management > Patch Approval - Fixed an issue where column filtering interfered with patch approval operations. In these cases, approvals and rejections were not processed properly and the associated patches remained in the Patch Approval list.
    • Management > Patch Approval - Fixed an issue where column filtering on the Machines tab was applied instead to the Profiles tab.

    VSA Core and VSA UI

    VSA Core, Service Billing, & Service Desk

    • Reapply Schema - Fixed an issue where Reapply Schema would fail in new VSA installations.
    • Agent views - Fixed an issue that caused UI elements to be misaligned.
    • Login page - Fixed an issue where the classic Login page would display in smaller browser windows (rather than the Login page for the new UI).
    • Machine Network Status - Fixed an issue where Machine IDs would not display upon launching the Machine Network Status page if the page had already been opened previously in the current user session.
    • Main toolbar -

    –        Add Timer icon - Fixed an issue where the Add Timer icon would no longer display after adding several timers.

    –        Adding a timer by using the Add Timer icon - Fixed a formatting issue encountered when choosing a color for a new timer.

    –        Fixed the following error encountered when using the Search for machines field to search for a suspended machine:                                                                        An unexpected error occurred. Please refresh your browser.

    –        Removed the extra spacing before and after the username.

    –        Added tooltips to these buttons and menus in the main toolbar:

    • Module Selector menu -

    –        Folders and functions under each module no longer display in bold type.

    –        Fixed an issue where VSA modules did not display in cases where the SQL KApps database was unavailable. The KApps database is used for TAP              3rd-party integrations. This issue could also occur when upgrading from an older VSA version that does not support TAP.

    • System > User Settings > Preferences - The Use Compact Navigation setting now works as expected in the new UI.
    • System Notifications -

    –        Fixed an issue where an Error getting notifications message would display for users who were not authorized to receive notifications.

    –        Fixed a formatting issue where the System Notification window was too large if there were no notifications to display.

    –        Clicking a notification's Go button now expands the destination module and highlights the selected folder or function in the Module Selector menu.

    • Fixed an issue where Live Connect and Remote Control could not be launched from the machine search results.

    Updated link
    [edited by: Oscar Romero at 9:39 AM (GMT -8) on Nov 7, 2019]
  • What happened to the plan to get rid of flash in this release?   We're quickly running out of time before flash is completely deprecated. community.kaseya.com/.../24531.aspx

  • We got the information that agent procedure editor will be available without flash with the next release.

    This should be released in December.


    AP Editor has been developed and is currently under controlled Technical Preview (Beta) with the release of .24.

    We are targeting the first half of 2020 for the general release of Agent Procedure Editor 2.0 - it will be worth the wait!

    [edited by: Oscar Romero at 8:12 AM (GMT -8) on Nov 7, 2019]
  • Two points at my end.

    1. I'm unable to turn on MFA to test it on our test server.  The check-box to enable/disable it on a tenant basis is greyed out.

    2.  I'd like to get in on testing the new editor, considering the 100000K+ lines of procedures I'm working with on a daily basis you'd be hard-pressed to find anyone who'll put a load on the new editor like I will.

  • Thanks for the update about the Agent Procedure Editor 2.0.

    Here are some important dates for others who read this to keep in mind:

    January 2020

    Early 2020 (no specific date)

    December 2020

    Also IE may likely never be fully removed from Windows 10, so there is always that fallback.

    It sounds like anyone using IE, Edge, or Chrome should all be in the clear with Kaseya's current planned release schedule. Anyone using FireFox may need to consider another browser for use with Kaseya depending on Mozilla's "early 2020" release timeline.

  • The new Edge gives me a warning every time I open it that Flash support is going away, but I've yet to find a hard date for it.

    A planned feature of the new Edge is full IE compatibility support in order to do away with IE entirely. It will be removed, but no word on when.

  • System->ServerManagement->Configure->Require Two-Factor Authentication for the server (otherwise 2FA is optional for tenants).

  • If I check a user in LogonPolicy if required and then log off and log on again, I will not be asked to configure 2fa. This is at least how it is described in the manual.

  • That does not work either

  • ich weiss, das ist ja auch mein Problem.

    I know, that's my problem, too.

  • We have upgraded and followed the 2FA document, if we enable for a user or full server we dont get asked to setup the 2FA

  • I opened ticket with Kaseya Support.

    "2FA not prompting to setup after VSA account is configured to do so "

  • Updated dev to .24 and tested the long-awaited ability to change password via API. It works, but only if I define the role/scope values as "2" (Master/System)!! Any other value specified results in an invalid Role/Scope message. This has been escalated to engineering with code examples.

    <tease>Had a preview of the non-flash editor last week and now have it on our dev server. Still needs some interface polish, but generally works well. Some "cool effect" stuff seemed overboard, but better to see what's possible and say no then always keep dreaming! We're going to be doing a lot of testing in the next couple of weeks. Just know it won't be long now! </tease>


  • Kaseya support provided me with a fix which now has it working for us on our test server.

    Apparently, if you have (or had) an AuthAnvil configuration it blocks the new MFA.  See below:


    Have you used Authanvil earlier or using it right now? If so you need to disable it, just change the SAS URL to https://localhost/AuthAnvil/SAS.asmx and make sure the Disable Two Factor option is selected inside the Authanvil module within VSA.

    Once done enable the 2fa for the user account in the Logon Policy and click on Update. After this have the user login and they should be asked to scan the QR code.