Casper Remote - Screen Sharing Error

rmaldon
New Contributor III

Hey All,

Ive been noticing an error that seems to be popping up more and more lately in our environment with screen-sharing through Casper Remote.

Over the last week, Ive had a handful of clients I've tried to screen-share and get all the way through up to the users clicking "Allow", after which I receive the following error upon "screen-sharing starting".

external image link

I've checked the machines, and verified screen-sharing and remote login are both enabled, but I still receive this error. I'm not really sure what it could be, I can still SSH to the users via terminal, and run commands from there.

Im kind of stumped, and wanted to see if anyone else has seen a similar issue with screen sharing as of late?

Thanks again

30 REPLIES 30

mm2270
Legendary Contributor III

Seems there are some Screen Sharing issues with Yosemite, at least in relation to how it works with Casper Remote. Search here for some other threads on it, where its being discussed.
You say the Screen Sharing or Remote Management options are enabled in System Preferences > Sharing?

WatchtowerCaspe
New Contributor

We recently had this issue. Have you used two different quickadd packages in the past? We found that machines that had a different ADMIN account name than what JSS was using to communicate with. If you have changed the ADMIN account name that JSS uses recently, this could be your issue. To quickly check this, add in your inventory search the admin accounts field, and see if the JSS Admin accounts are all the same. Hope this helps! Let me know..

rmaldon
New Contributor III

@mm2270 - I was wondering if maybe it had something to do with Yosemite in relation to Casper Remote. Now that I think about it, I am almost certain I never came across this error prior to our uplift. Also, yes they were enabled, which is what I thought was rather odd, since in the past it was usually because someone disabled it manually(a lot of our users are admins). Ill continue to search the forums and investigate, and post back if I find anything substantial.

@WatchtowerCasper - We havent changed the admin accounts, but I did check this anyway to see if I could find a mismatch, but sadly they all checked out. Thanks for the suggestion though!

m_entholzner
Contributor III
Contributor III

Does anyone know if this is a OS X only error or has this to be fixed by JAMF too?

Edit: Here's an workaround for that:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -off -restart -agent -privs -all -allowAccessFor -allUsers

cvgs
Contributor II

This is something JAMF has to fix, they fail to properly start their own screen sharing session. As posted by entholzner, you can work around this bug by manually enabling Remote Desktop, then Casper Remote will also be able to connect.

davidacland
Honored Contributor II
Honored Contributor II

On a side note, if Remote Management is set to allow all users, any user that Mac knows about (including all directory users) can use ARD to send remote commands as the root user.

I've seen this issue in schools before where a student (non-admin AD account) had a copy on a USB stick and used it to send remote root commands to other Macs on the network.

I would use ```
-allowAccessFor -specifiedUsers
``` and then

-configure -access -on -users localadmin -privs -all

to specify which user is allowed to access the Mac using ARD.

cvgs
Contributor II

It even seems to be enough to assign "-none" privileges for the localadmin, so ARD is just running, but not accepting any actual connections:

kickstart -activate -configure -access -on -users localadmin -privs -none 
          -allowAccessFor -specifiedUsers

chriscollins
Valued Contributor

That is what we do to get around this too. Turn remote management on but set to only allow specific people but leave it blank so it's running but nobody can use it.

spotter
New Contributor III

When enabling this I noticed, the user no longer gets a prompt asking for permission to screen share.

Is it possible to make it prompt for users approval?

chriscollins
Valued Contributor

@Potter Change the Casper Remote permissions in the JSS so that "Screen Share with Remote Computers Without Asking" is unchecked.

spotter
New Contributor III

@chriscollins - I double checked and that setting is unchecked however when i issue a screen share through Casper Remote i get connected without it prompting the user on the remote mac. This works fine on a Mavericks device.

dgreening
Valued Contributor II

If Screen Sharing (not Remote Management) is enabled for your management user it will prompt you as expected if you have the "ask for permission" enabled in the JSS. I have not found a way to script enabling Screen Sharing and not Remote Management. Anyone?

mm2270
Legendary Contributor III

@dgreening
Use the following commands after you've disabled Remote Management using kickstart or whatever method you like (that needs to happen first)

sudo defaults write /var/db/launchd.db/com.apple.launchd/overrides.plist com.apple.screensharing -dict Disabled -bool false
sudo launchctl load /System/Library/LaunchDaemons/com.apple.screensharing.plist

That will enable ScreenSharing and get it started and working.
To flip it back off just change the false after -bool to true, and also change load to unload in the launchctl command.

chriscollins
Valued Contributor

That is odd @Potter. This is from a 10.10.2 machine and it prompts just fine:
https://dl.dropboxusercontent.com/u/519077/sshare.png

dgreening
Valued Contributor II

@mm2270][/url

Fantastic! Thanks!

Edit - hmmm this is what I am getting when loading that launchdaemon:

/System/Library/LaunchDaemons/com.apple.screensharing.plist: Service is disabled

mm2270
Legendary Contributor III

@dgreening -hmm, not sure why. Are you sure Remote Management is disabled? Wondering if that's something you'd see if it was still on since the Screen Sharing process can't be enabled when ARD management is on at the same time.

I can try the commands on one of our 10.10.2 Macs to see if I get the same issue. I'll let you know.

mm2270
Legendary Contributor III

@dgreening - I got the same error on a 10.10.2 box after first disabling Remote Management with kickstart and rebooting and then writing the bool value into the overrides.plist and finally trying to enable the LaunchDaemon. After some investigating, its because the plist has a Disabled - true key in it. It seems to ignore the overrides file for some reason, so....

try running the launchctl command like this instead:

sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist

That seemed to work for me.

dgreening
Valued Contributor II

Yep that worked for me as well! Thanks!

I hope JAMF can address this soon.

cvgs
Contributor II

@mm2270 cool, that also worked for me.

To just enable the daemon without actually loading it, you could also use the following statement:

launchctl enable system/com.apple.screensharing

spotter
New Contributor III

mine is now behaving as it should, prompting users when issuing a screen share through casper remote. i'm not certain what the fix truly was since i unchecked the "screen share without prompting" setting and then bounced the JSS. the good news is i'm back in business...

thanks to all for the suggestions...

adhuston
Contributor

Is this still an issue for you guys? I'm seeing the same behavior on 10.10.2 with the latest update for the ARD Client. Doesn't seem consistent though.

tinsun
New Contributor II

@adhuston We've just started installing 10.10s and I've noticed the same problem. Casper 9.7 here.

jrserapio
Contributor

Is anyone still having this issue? Its pretty hit or miss. Version 9.92 of the Casper Suite.

Meesterroboto
New Contributor

Yes, I am still having to manually engage screen sharing for casper remote to work.

Macmacmark
New Contributor III

@cvgs Just enabling the daemon without loading it worked for me, thanks :)

mscheffler
New Contributor III

We've been having problems with Casper Remote also failing to connect in the last step of Screen Sharing ever since going to casper 9.9x. We are running Mac OS El Capitan on our machines. We are also having the problem with our Apple Remote Desktop. We have discovered that if we attempt screen sharing with ARD and then try to screen share the same machine via Casper Remote, at the same time, that it will usually start to successfully screen share via one of the programs. We haven't verified, but it appears that each attempt at screen sharing will up the port number by one, and eventually will get to a port number it likes and screen sharing starts.

mohlmag
New Contributor II

For anyone still experiencing this issue. I am seeing that upon disconnect the casperscreensharing user is not being removed from the system. rm -rf /var/casperscreensharing ; dscl . -delete "/Users/casperscreensharing" followed by the enableARD.sh script.

Seems to restore functionality

john_sheldon
New Contributor

Today is July 9, 2018 and I am using JSS 10.5 and Jamf apps 10.5. I am having the very same problems. I am working with jamf support who escalated my case to the next level. We still haven't gotten to the bottom of it.

BCPeteo
Contributor II
Today is July 9, 2018 and I am using JSS 10.5 and Jamf apps 10.5. I am having the very same problems. I am working with jamf support who escalated my case to the next level. We still haven't gotten to the bottom of it.

Same issue here. Any fix? we are on 10.5

Cornoir
Contributor II

Check out my post for Terminal commands needed to be run after installing the QuickAdd.pkg in order to lock down only JAMF Remote user from being able to Screen share.

https://www.jamf.com/jamf-nation/feature-requests/7463/request-to-enable-remote-access-in-the-quickadd-pkg

Also be aware that JSS v10.50 the jamf binary symlink is broken (sudo jamf ..... in Terminal will not work) so that might be also causing issues.

For screen sharing not presenting a prompt to access I have found that if the User Privilege is set to not prompt for screen sharing you are unable to uncheck that box for existing users (at least if cloning an account).