Kaseya Community Patch Release - 11 May 2019

  • Hey Guys,

    Here are the notes from our latest release.  It's a big one!


    The VSA release includes new features, enhancements, and bug fixes. See the topics below for details.

    IMPORTANT! This release requires agent version Be sure to update your Windows, Mac, and Linux agents after installing this release.

    New VSA User Interface

    This release introduces a new VSA User Interface. These requirements must be met to use this feature:

    • VSA must be running release or later.
    • The VSA server must be HTTPS capable.

    For On-premise customers, the installer confirms whether the VSA is HTTPS ready and, if so, displays the new UI by default.

    For SaaS customers, the new UI is the default if your browser is set to support HTTPS.

    The following considerations apply to the new UI:

    • Custom logos – In release only, custom logos on Partition 1 (Master) are replaced with the VSA logo. Tenant logos remain the same.
    • UI templates – There is a known issue where templates created in the classic UI do not sort correctly. To fix this, recreate the template from the base template in the new UI.

    To check whether HTTPS is enabled, launch a browser and connect to the VSA UI. If you see Not secure, HTTPS is not enabled:

    How to enable the new UI if you’re HTTPS capable

    1. Go to System > Server Management > Default settings > Enable the Classic User Interface and edit your preference:


    1. Log out and back in to the VSA UI to display the new UI.

    1-Click Access for Live Connect & Remote Control

    This release introduces a new 1-Click Access feature that enables administrators and other authorized users to log in to a Windows agent right from the Live Connect > Remote Control menu or from the Quick View window. (VSA-4380)

    See the topics below to get started with 1-Click Access.

    How it works

    The 1-Click Access feature attempts to run when the 1-Click Access button is clicked (either from the Live Connect > Remote Control menu or from the Quick View window) to any authorized Windows agent. An agent or a user role can be authorized from the VSA, under Remote Control > Policy Settings > User Role Policy/Machine Policy. Once the machine or user role has been authorized, the 1-Click feature becomes enabled in Quick View and Live Connect.

    The feature starts by checking whether or not the KaseyaAdmin account exists. If the account does not exist, then it is created with a randomized password. For additional security, the password for the account is then randomized during each subsequent login onto the 1-Click Access session and every time the session is disconnected.

    Note: If a KaseyaAdmin account exists on your system prior to activating 1-Click, your KaseyaAdmin account password will be changed and it will become inaccessible.

    Next, KaseyaRemoteControlHost verifies that the account is part of the Administrators group and the Remote Desktop Users group and, if needed, moves the account into these groups. Once these steps have been completed, the account name and password are given to the RDP remote control process so that the KaseyaAdmin account is automatically used to log in. If another user is logged into the machine, there may be a message indicating that the other user will be disconnected from their session if the 1-Click user continues. If there isn’t another user logged in, this does not happen and the session begins immediately.

    At this point, the private 1-Click session has been successfully connected. In the event that any of the above steps fail, 1-Click Access is aborted and a private session is used instead. If the private session fails, the user has the option to fall back to a shared remote control session. Once the session is connected, it is logged to the Agent Remote Control logs located in Agent > Agent Logs > Technician Logs > Remote Control. This information, like other remote control sessions, can be included in reports (Logs > Kaseya Remote Control Log report).

    Note: Connecting two 1-Click sessions to the same machine is not supported. If two people attempt to open 1-Click sessions to the same machine, one or the other may be kicked off of the machine, or both sessions may fail entirely.

    1-Click Access requirements

    The following requirements must be met to use the 1-Click Access feature:

    • VSA – The VSA must be running version or higher.
    • Windows machine –

      Note: We do not recommend 1-Click Access be allowed on a domain controller.

      • Operating system – The following operating systems are supported: Windows 7, 8, 8.1, 10, Server 2008 R2, Server 2012 R2, Server 2016, and Server 2019.
      • Remote access – The Windows machine must have remote access enabled and must not have network level authentication enabled, as shown here:

    • Windows agent –

      Note: Mac and Linux agents are not yet supported.

      • The Windows machine must be running an authorized agent that is version or higher. Agents are not authorized for 1-Click Access by default. To authorize an agent for 1-Click Access, see To authorize an agent below.
      • Remote Control must be enabled for the agent.
    • VSA user – 1-Click is available to administrators by default and can be enabled for other user roles. To enable 1-Click Access for a user, see To authorize a user below.

    To authorize an agent

    Use these steps to enable 1-Click Access for an agent:

    1. Log in to the VSA user interface as a master or system user.
    2. Navigate to Remote Control > Policy Settings > Machine Policy.
    3. Select a user notification type from the list.
    4. Check the 1-Click Access box.
    5. (Optional) Check Require admin note... and Record all remote control session....
    6. Select one or more Machine.Group IDs. Click Apply.

    To authorize a user

    Use these steps to enable 1-Click Access for a user:

    1. Log in to the VSA user interface as a master or system user.
    2. Navigate to Remote Control > Policy Settings > User Role Policy.
    3. Select a user notification type from the list.
    4. Check the 1-Click Access box.
    5. (Optional) Check Require admin note... and Record all remote control session....
    6. Select one or more Role Names. Click Apply.

    To run a 1-Click session from Live Connect

    In Live Connect, you can run a 1-Click session from the Asset Summary tab or from the Remote Control menu.

    • Asset Summary tab - Click the agent's   icon and select 1-Click Session:

    • Remote Control menu - Click 1-Click Session:

    To run a 1-Click session from the Quick View window

    To run a 1-Click session from the Quick View window, click 1-Click Access:

    Reporting for 1-Click

    1-Click session activity is included in these reports:

    • Agents > Agent Logs - 1-Click activity displays under Technical Logs on the Remote Control tab:

    • Info Center > Reporting > Reports > Logs - Remote Control - The Remote Control report definition generates a report of remote control sessions, by machine ID.

    Handling 1-Click connection failures

    If 1-Click cannot connect to an agent, this message displays:

    Connection couldn't be established. Please verify that Windows Remote Desktop is enabled on the remote machine. Do you want to connect to a console session instead?

    Do one of the following:

    • Click Yes to initiate a console session.
    • Click No. This message displays: Connection couldn't be established.... Click Okay to close the message and return to Quick View or Live Connect.

    Account Security Notifications

    There is a new User Interface for account security notifications. The new menu item is only visible to master- and system-level users running version or higher. (VSA-5490)

    When sending out email notifications, there is now an option to deliver the message to ‘all admins’ or define specific email addresses. When specifying addresses, a user can add up to 5 email addresses (comma or semi-colon separated) with a maximum limit of 1000 characters in total.

    The notification features in the new UI include:

    • Notify when an admin is created-as or promoted-to Master/System
    • Notify when an admin is Enabled/Disabled
    • Notify when an admin is Modified
    • Notify when an admin is Locked-Out

    The number of lockouts is set by the administrator on the System > Server Management > Logon Policy page.


    BMS Integration

    • Fixed an issue where VSA could return incorrect machine groups when sending asset data to BMS. (VSA-165)

    Security Audit

    • Added the option to configure a security alert that is sent to Admin when a VSA user account has been locked because of too many consecutive failed logon attempts. This alert must be configured (it is not enabled by default). (VSA-5426)

    Software Management Module

    • Enhanced download performance by adding more peer options for optimal load distribution. When downloading files, an endpoint will now have a list of peers to download blocks of files and, if there is more than one peer available, a random peer will be chosen. If there are no blocks available from peers, the endpoint gets the block from the VSA. Note that users may still see a spike in bandwidth network traffic during the initial download of files to the VSA. (VSA-3702)

    VSA UI

    • The VSA Login page has been updated for integration of Kaseya's IT Complete suite of IT solutions: (VSA-5298)

    • The VSA Navigation Panel and Site Header have been updated with a clean new look: (VSA-4519)

    Bug Fixes

    Agent - Windows

    • Fixed an issue where certain Windows operating systems were being reported incorrectly and a '<' prefix would display in the Operating System column in the VSA UI. This fix requires an agent update. (VSA-5537)
    • Fixed an issue where silent installs could fail due to the first command line parameter being ignored on some Windows systems. (VSA-4895)

    Anti-Malware Module

    • Corrected a misspelling in the By Organization Anti-Malware Audit report template. (VSA-874)

    Antivirus Module

    • Made improvements to the way old endpoint packages are removed so that the latest package is the only one that is used. This ensures that duplicate packages are removed consistently and that the updated code is running on the endpoints. (VSA-5296)

    Audit Module & REST API

    • Added a database index to fix a performance issue that could cause errors to display on the Server Management > System Log page. (VSA-3770)

    Cloud Backup Module

    • Fixed a Mac backup client install issue that prevented VSA from detecting the installed client. (VSA-5661)
    • Fixed an issue where the Mac backup client could not be installed due to changes introduced in Acronis 7.7. With the upgrade to Acronis Cloud Backup version 7.7, changes were made to how the Acronis Backup Client performs its automatic registration to Acronis. The Acronis Backup Client installation script has been updated to handle this change. Acronis has documented this issue in this article: https://kb.acronis.com/content/55244#OS_X6. (VSA-4003)

    Database & Schema

    • Database cleanup routines have been optimized for increased efficiency. (VSA-5499)

    Remote Control Module

    • Corrected the message text that displays if a user attempts to modify options on the User Role Policy page without first selecting a role type. The message has been changed from No machines selected to No role types selected. (VSA-5593)
    • Fixed the following issues on these Remote Control > Notification Policy pages: (VSA-5623)
      • Machine Policy – The following error displayed upon accessing this page: Oops. Something went wrong.
      • User Role Policy – The following error displayed after selecting a role, clicking 1-Click Access, then clicking ApplyOops. Something went wrong.

    Service Desk Module

    • Fixed an issue where links to attachments in Service Desk ticket notes did not persist after adding a subsequent note through email. Links were no longer present in the email reply. (VSA-3174)

    System Module

    • Fixed an issue where clicking Check Latest Patch Level on Configure > Server Management > Configure resulted in a SQL error. (VSA-3293)

    Security Vulnerability & Software Management Module

    • Enhanced security to ensure that private deployment profiles in Software Management do not display to unauthorized users. (VSA-4812)

    Software Management Module

    • Fixed an issue where approved patches were being installed during the blackout window. (VSA-3723)

    VSA Core

    • Corrected an issue in which third-party applications could not be uninstalled or upgraded after patching. (VSA-4554)

  • When does this drop for On-prem? I am not seeing it available for download yet.

  • We attended Kaseya Connect this year and I believe they said this weds.

  • Set for Wednesday, May 15

  • EOB Wednesday and not a peep for the ONP release as of yet .... looking forward to this one .... where's the beef?

  • Any update on this?  It's now almost 8PM CST on the 15th and I don't see the patch available for on prem.

  • When is this due to hit on-premise users? I thought it was coming yesterday?

  • Well Oscar, my Kaseya VSA doesn't see the latest patch as available. So, was there a last minute hitch? As  has been the case most of the time....

    It's also a bit 'special' to see if I use "Check Latest Patch Level" my VSA still insists the last time I checked it was 4 weeks ago and that has been an issue earlier. So, maybe that is what's going wrong? So many options...

  • Not seeing it shown as available for On-Prem today (May 16th).  Would be interested in getting it on my Test server to check out the new UI in One-Click connections.

  • Same here. Only show version available.

  • same here, new patch still not showing, even tried to download and run the latest kinstall but to no avail :-(

    Any information on when it will become available??

  • You can create a ticket with support and they will confirm the requirements on your dev server and see it through.

  • I don't have it available either.  Just commenting so I make sure to get updates.

  • I put in a ticket and got a reply of "The latest patch for the VSA is not yet available for On-Premise customers."

  • We got the patch, but had to use a custom switch sent to us from Support ... apparently the patch is being control released ... which just means have to wait until they turn it on for each of us ...