Jamf Nation Community

d_wilkins · ‎06-05-2017

I am trying to resolve an ongoing issue we have been having for some time where casper remote is not working in our environment. We are running JSS 9.96 and are experiencing this issue on all clients.

When launching a Casper Remote session 9 times out of 10 our support staff are receiving an error stating "Authentication failed to "127.0.0.1:5901"" (port changes depending on times tried)

Screen sharing is not enabled as default in our environment and I am experimenting on enabling this via a self service policy that runs a script:

#!/bin/bash

privs="-DeleteFiles -ControlObserve -TextMessages -OpenQuitApps -GenerateReports -RestartShutDown -SendFiles -ChangeSettings"
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -allowAccessFor -specifiedUsers
/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -access -on -privs $privs -users $4 -restart

I have analysed the way that Casper Remote works and have seen the casperscreensharing account being created and removed as required but my assumption is that something is going on with the password for the account which causes the error.

I have also noted that each time a session is created, the casperscreensharing account is added to the com.apple.access_screensharing group but never removed so there are many entries. cleaning this up manually has no affect on the issue.

Any assistance would be greatly appreciated.

Cornoir · ‎06-06-2017

I have had this issue before and have not had much help from JAMF (matter of fact I find fixes for them mostly). I tried updating the Management Account in Inventory, manually verify casperservice account works and the password is correct, et al.
The only thing I found that works 100% as a fix is to run the following command after using the Quickadd.pkg to enroll the Mac;

sudo defaults write /var/db/launch.db/com.apple.launchd/overrides.plist com.apple.screensharing -dict Disabled -bool false
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate -configure -access -off
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

d_wilkins · ‎06-29-2017

A quick update on this in case anyone runs into similar issues.

After logging a ticket with JAMF support, they have advised that this issue is caused when you have a Passcode Profile applied to computers, which I have.

I learned a bit about how Casper Remote works and it makes sense to me now. What I didn't realise is that Casper Remote actually creates the Screen Sharing account on the fly when the Remote session is initiated. It generates a random password but there is no mechanism in place to ensure that the password complies with the password rules set in the Profile so the account can't be created.

Unfortunately at the moment there is no workaround except to remove the Password Profile which isn't an option for me.

It seems like a simple fix for this would be that there is an option somewhere to predefine the password used for Casper Remote. As the account is only there during the actual remote session, I can't see that this would create any real security risk?

Anyone got any thoughts on this?

brodjieski · ‎12-11-2017

Has there been any update on this situation? We require a passcode configuration profile, and we are seeing the authentication failure when using Casper Remote as well. If there isn't one already, there should be a feature request to support his configuration.

Jamf Nation Community

Casper Remote "Authentication failed"