Community

Unable to login to host, since updating viewer & host (Access denied)

Page:
Links used in this discussion

Conrad Sallian, Support (Posts: 2371)

Jan 18, 2019 3:07:24 am EST

Hello Jason,

No offense, but... absolutely not. I don't allow anyone to remote view, or access any of my systems, unless I know, and trust them. If you want to see how I logon to the host, I can create a short YouTube video that will show you how I logon, and use the Host with the viewer.

That's no problem, I understand. A video is even better.

EDIT: Here is the video I promised that shows my settings, and how I login to the server from the client.

Much clearer :)

First, I can see that you are using RU Server which is a piece of software optional for Internet-ID connection type and isn't needed at all for direct connection. Apart from acting as an intermediary for Internet-ID connection (relay role) the server can also perform address book synchronization and act as authorization hub (sync and auth roles respectively).

The authorization through the server (Custom Server Security) is what you enabled on the Host together with the default single password authorization:



When there is just one authorization method selected - usually Single password - Viewer simply connects using that method, i.e. it prompts you for password or connects right away if you saved the password previously.

However, when multiple authorization systems are enabled on the Host the Viewer must somehow decide which one to use when you log in on the Host (see comments on the yellow background here ). This is defined by the "Authorization method" dropdown in connection properties:



The default setting here is "Auto". This means that if multiple authorization methods are enabled on the Host, Viewer will follow this order of priority:

Custom Server Security (CSS)
Windows Security
Remote Utilities Security
Single password

This is what happened in your case. You had both single password and CSS enabled as authorization methods for that specific Host. You clicked "Log in" and Viewer used CSS (since you had "Auto" in connection properties) thinking that it's the method that you want to use first.

If you expect Viewer to use Single password, you should either disable CSS in the Host authorization methods or explicitly select Single password in connection properties dropdown list (such selection is meant to let the tech override the default auth sequence for specific Hosts if needed).

Or, if you really wanted to use the CSS you must make sure that you set the rights properly for the server account with which you sign in, because "access denied" says that you didn't set permissions for that server account for accessing the Host in question. This is not your Windows account , this is the account in RU Server that you create yourself on the server and then set permissions for in Host "CSS" authorization settings (the CSS system in this respect resembles Active Directory). Finally, if you want to use Windows accounts to authorize on the Host, just enable the Windows Security method.  

Please, note that Remote Utilities can perfectly be used with default out-of-the-box settings. Both RU Server and the CSS authorization method are advanced features. You don't have to use the server unless you really need the features that the Server provides. If you install/enable it as well as enable the supporting features in Viewer and Host modules please be sure that you look through our documentation to avoid possible misconfigurations and pitfalls.

jasoncollege24, User (Posts: 7)

Jan 18, 2019 4:12:55 am EST

CSS was part of the setup when I had RU server installed on the server. More registry settings that weren't removed during the uninstall.

On the client, I did stop the automatic attempt to logon to the RU server (relay), because during the clean uninstall/reinstall, I also removed RU server from the server.

I disabled CSS in the server's host settings, and left auth as automatic. hopefully, this will prevent this in the future.
When I had the RU server installed, I was primarily using it for address book sync

Conrad Sallian, Support (Posts: 2371)

Jan 18, 2019 4:29:59 am EST

Hello Jason,

No problem. The server roles can work independently and you might want to use just one role without necessarily enabling another. For example, you can use the server for address book sync only while connecting to remote Hosts using direct connection.

Let me know if you need further assistance.
Page:

* Website time zone: America/New_York (UTC -4)

This website uses cookies to improve user experience. By using this website you agree to our Terms of Service and Privacy Policy.