Kaseya Community

OnPrem Authanvil and upgrade to Kaseya 9.4 Broken.

  • I've run into this in the past (in fact with just about every version upgrade I've done since AuthAnvil was rolled into the main product.), and didn't realize until today that I was running into it yet again.  I'm just curious if anyone else has had this same issue. 

    What happens is that after the upgrade if I don't touch anything, then everything works just fine and AuthAnvil continues to work exactly as it always has.  However if I actually need to make a change to something (IP whitelist, user whitelist, etc) and I go to the Authanvil tab, it wants me to run back through the wizard.  Running through the wizard never works.  I always get to the end, click submit, it asks me to log back in and takes me to the login screen, and I'm right back at the beginning of the wizard again. At this point my Authanvil integration is broken.  It doesn't require Authanvil for anyone from anywhere... 

    Additionally I just found out that it also broke KLC.  Since doing this KLC gives an access denied error, so no one can use KLC.  Really frustrating.

    In the past they had sent me an XML file that I could replace on the system which would basically "fool" the system into believing that the wizard had run and everything was fully configured.  I dug that file up and tried that again, however this time it didn't work. 

    Anyone else seen this and have a good work around while I wait for support to get back with me? (ticket #190441) for any support guys out there watching

  • Between the time I posted this (and got moderated) and the time the post was approved, I finally managed to fix this.  I ran through the wizard one more time, this time only trying to setup the Two-Factor Auth, even though I'm using both it and password manager, and this time it worked, including for Password manager...  Odd.

  • Just further info for anyone running into this again in the future.  My guys were complaining this morning that KLC was still broken.  It would give an Access Denied error trying to launch it separately, and only show the "Asset Info" and Logout buttons if launched from a machine in the VSA.  

    We were able to work around that by simply clicking the "logout" button once you could get to that point by launching from a machine in the VSA.  It seems that LiveConnect was caching credentials and couldn't use them properly once Auth Anvil was "fixed".  

    It seems like there ought to be a better way to flush those cached credentials from LiveConnect, and I've reached out to support in my previous ticket to find out that answer.

  • Hello Jonathan,

    Thanks for the headup we use Auth Anvil to and was planning to upgrade soon to 9.4 I will see if we get the same issue.

    Regards,

    P.

  •  - We are on 9.4.0.21 and have AuthAnvil On-prem utilizing 2FA/Password server and have not run into the AuthAnvil issues that you mentioned.  We have run into individuals that receive the Access Denied message with Live Connect.  The issue was permission related and had to be reset via 3 SQL scripts from support.

  • I found out later that the live connect thing specifically is not an issue with AuthAnvil it was just coincidental timing.  That is an issue with 9.4.0.21 and a lot of people are having that issue.

    helpdesk.kaseya.com/.../115009218967-Live-Connect-does-not-display-all-icons-after-9-4-0-21-patch

    The Authanvil issue that I saw is not limited to 9.4, it's an issue I've had for a long time going back to 6.5 or so.  Every major update when I go in and look at the AuthAnvil tab it looks like it's never been configured and wants me to run through the wizard again, but running through the wizard doesn't actually "configure" it.  In the past support provided me with an XML file to replace on the server and that corrected it, but it didn't this time.  

    This time around however I was finally able to get the wizard to properly complete by specifically skipping the password manager setup.

  • Running through the wizard is something we've had to do for each upgrade as well, with having On-Prem (same server actually) AuthAnvil / Kaseya. Something that I've usually done is run the wizard from either localhost or 127.0.0.1 on the Kaseya Server as I've had better luck with the settings sticking that way.

    It's sad that the On Demand version has entirely replaced On-Prem AA with the critical feature of 'Grouped Users' removed and replaced with their version of JIT accounts that is not a one-for-one replacement.

  • We just purchased the AuthAnvil On-Demand because On-Prem is not being developed anymore. We use Domain Watch to sync our AD accounts into VSA and it seems there is no way to use these accounts with On-Demand so we have to manually create our VSA users and delete the Domain Watch synced users.

    Other thing is that On-Demand does not have a client for Windows 10 Mobile which is strange since the On-Prem still supports it.

  • We're still utilizing the On-Prem, and likely will until its no longer supported.   As you point out there are a few too many use cases where the On-Demand doesn't really fit.  Plus so far they really aren't doing anything that would motivate me to "Upgrade" to the On-Demand.  I've checked into a couple of times, and even if you are currently running the On-Prem solution with the full VSA integration, you are still expected to purchase the entire "Suite" for On-Demand.  They don't offer any kind of a "trade-in" for your existing investment or licensing.  

    I'm rather disappointed that they basically ignore those of us who have been loyal customers of AuthAnvil in the past.

  • Actually our domain watch synced VSA users work with on-demand, our support partner gave us false information :) So my only gripe is the missing W10M client at the moment.