Kaseya Community

LAN Cache and SBS 2008 / Server 2008

This question is answered

We have started setting up LAN Cache for our clients.

It is working fine in workgroup environments and Server 2003 / SBS 2003 environments.

However when we deploy the LAN Cache to a SBS 2008 server it's not working.  I'm not sure if this is SBS specific or if this affects all Domain Controllers running on Server 2008.

The problem is that it just does not work.

The FSAadminXXXX... account is created and the LAN Cache folder is created and shared.  However no files ever appear in the folder.  In a working setup if you look into the LAN Cache folder you will see files appear in the folder as agents execute procedures that are supposed to benefit from the LAN Cache.

I have checked - the LAN Cache is assigned to the Agents.

Agents and the LAN Cache Agent are all in the same network - subnet and domain.

I am unable to find any errors in the agent logs.

I have logged a ticket with Kaseya support but have not (yet) received a resolution from them.

Has anyone else experienced this problem and if so have you any insight into fixing it?

Verified Answer
  • Hi All,

    Thx Craig. Indeed, yes, yesterday the LAN Cache hotfixes were released via ticket #: CS155409. The main features included this batch of hotfixes are:

    • • Support for Domain-based credentials (This means DC's can now properly be used w/ LAN Cache).
    • • The ability to choose automatic LAN Cache account generation or manual setting of credentials done via the System > Default Settings page.
    • • The ability to test the generated/set LAN Cache credential on the LAN Cache host & client/assigned agent machines.

    For On-Premise users, you can retrieve these hotfixes via the System > Configure page and SaaS users will have these fixes applied to their system in the upcoming 9am ET maintenance cycle on Jul-6-2013.

    Any issues from here, please file a ticket with Kaseya Support and reference this forum post link indeed.

    [edited by: Dylan M. Lagi at 5:39 AM (GMT -7) on Jul 3, 2013]
  • Hi All,

    FYI - The hotfixes that resolve this issue have been released. If you are an On-Premise user experiencing this issue, simply get latest hotfixes in your VSA via the System > Configure page to retrieve them and retry the intended functionality from there.

    Note - If you are a SaaS user, these hotfixes will be applied in the Saturday, Aug-3 maintenance window (check http://status.kaseya.com for when the maintenance window has completed).

All Replies
  • @samct - I believe this is ticket #: CS140856 from you? This ticket is now escalated to myself and Engineering. Thank you for just recently replying a bit ago - I will have further information and resolve the problem with you from there in the ticket.

    Note - If there is anything beneficial (in terms of a hotfix to be released, etc...), I will update this forum thread for all to see too.

    [edited by: Dylan M. Lagi at 12:39 PM (GMT -7) on Apr 2, 2013] -
  • @Dylan - CS140856 is indeed my ticket.  Thank you for your assistance.

    I will be very glad when we find a solution and we should definitely keep this thread updated if others can benefit from it.

  • Just in case anyone else is also following this thread...

    It's been a couple of weeks now and the problem is still not resolved.

    LAN Cache works fine in a workgroup environment, but has some issues with credentials in a domain environment.

    I have been informed by Kaseya support that this issue is now in hand with the developers and that this is a *bug* in LAN Cache.

    I will do some testing of my own and post back here if I find any viable workaround.

    Kaseya support did not provide an ETA.

  • Ok - I just did a quick test and changed my LAN Cache machine from the Domain Controller to a member server and it worked perfectly.

    I assume the issue relates to the fact that you cannot connect to the same resource multiple times with different credentials.

    So using a member server instead of the DC resolves this problem.  Quite possibly it will also not work if you assign the LAN Cache to a member server to which the user has an active connection to a files share or mapped drive.  My recommendation would be to use a server that has no file share that users access.  I assume using a workstation on the network will also work.  Just use a workstation that is always on, or available when procedures or patch management is scheduled to run.  I also assume that the LAN Cache would also work fine on a workstation if the workstation setup as the LAN Cache is not a domain member.

    The developers *should* configure LAN Cache to try authentication with the agent credential before falling back on to the automatically created FSAdminXXXX user account it creates.

    Just my 2cents worth... Hope this helps someone.

  • any update from Kaseya on this?

  • Hello All,

    FYI - Kaseya Engineering has informed us that will now restrict DC agent machines to be configured as LAN Cache hosts. A hotfix will be released to implement that as such. Also, they are working on LAN Cache assignment credential testing too, though no direct ETA has been given to us on the latter.

    [edited by: Dylan M. Lagi at 12:38 PM (GMT -7) on Apr 2, 2013] -
  • Hello All,

    FYI - Update to this - Kaseya Engineering is now working to fully support DC-based agents in LAN Cache as both LAN Cache hosts and assigned agents. The changes will eventually be hotfixed and I will update this thread once they are.

    [edited by: Dylan M. Lagi at 12:38 PM (GMT -7) on Apr 2, 2013] -
  • Awating as well an update on this...

  • Hi All,

    Update to this - Engineering is now testing candidate hotfix components for these earlier mentioned changes. I will update further from here when applicable, thanks.

  • Is there an early release of this available Dylan?

    I'm just testing LAN Cache today and it's pretty clear the problem straight away. LAN Cache creates a local account on each device, including the LAN Cache server and each client assigned to that particular LAN Cache added to the local admin group- the problem is, domain controllers do not have a local SAM database, the FSAdminXXXXXXXX account is created on the _domain_ and added to the domain based built-in administrators group.

    You can see the problem very clearly in the security event logs, event 4625;

    Account For Which Logon Failed:

    Security ID: S-1-0-0

    Account Name: FSAdminXXXXXXXXX

    Account Domain: <DC Hostname>

    Failure Information:

    Failure Reason: Unknown user name or bad password.

    Status: 0xc000006d

    Sub Status: 0xc0000064

    Because the FSAdminXXXXXXXX account is domain based using the NT4 name of hostname\username fails on a DC.

    Essentially what Kaseya need to do is detect when the LAN Cache is on a DC and instead authenticate with the NT4 name of domain_netbios\username

    I presume this is what the hotfix does.

    Dylan any update when we can expect to see this pushed out?



  • Don't  know why Kaseya decided to create their own user for LanCache. We are already setting a security credential on the agents so why not just configure it to use that!  Or at least provide an option to use the credential already entered.


  • Credentials work within a single agent - in a non-domain scenario, however, a valid credential on agent A doesn't necessarily allow access to a share on agent B.

    I can see how Kaseya are trying to work around the issue, and it's a valid approach for some scenarios; however it isn't perhaps the best way to do it within the domain model.

  • @Craig, so you're suggesting an complete breach in security in an AD-controlled environment? I hope not.

    Kaseya Agents have, within our network, a specificly designed Network-Account to work for Kaseya. In this case i added LAN-Cache just last week, and im shocked that this is happening.

    This way of working is totally out of the question for companies who use AD. Even without AD, just go for the Kaseya Agent credentials, who always have the necessary rights to peform actions. Or make an WORKGROUP and AD LAN-Cache.

    The Eventlogs are just filled with warnings...

  • Does anyone know if this we can setup LANCache on a DC?  We have lots of small clients who have only the one server, which of course is a DC.

  • Hi Eddy,

    It is not yet available, however I will reply once this functionality is released by Engineering/QA.