Control Machine

Remote Ctrl > Control Machine

The Control Machine page establishes a remote control session between the administrator's local machine and a selected machine ID. Select the type of package to remote control a managed machine using Select Type. Set parameters for remote control sessions using Set Parameters.

Note: Use Video Streaming to remote control a target machine that does not have an agent.

Automatic Installation

If WinVNC, K-VNC or RAdmin are not installed on a machine and a remote control session is initiated using Control Machine or Video Streaming, then these packages are automatically installed. Installation does not require a reboot. Automatic installation takes up to an extra minute. To eliminate this delay during first time use, you can pre-install WinVNC, K-VNC or RAdmin on any managed machine using Preinstall RC.

Note: Uninstalling an agent does not remove the installed remote control package. Before you delete the agent, use Remote Control > Uninstall RC to uninstall remote control on the managed machine.

Initiating Remote Control

Initiate remote control by clicking the name of the target machine. Icons next to the managed machine ID indicate the current connection status for that machine. Only machine IDs with an or icon can be connected to target machines and have live links; all others will be inactive.

Agent has checked in

Agent has checked in and user is logged on. Tool tip lists the logon name.

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

The agent has been suspended

Note: Users can disable remote control and FTP sessions by right-clicking the icon on their managed machine and selecting Disable Remote Control. You can deny users this ability by removing Disable Remote Control using Agent > Agent Menu.

ActiveX Control

An ActiveX control automatically configures and runs the remote control or FTP package for you. The first time you use any remote control or FTP package on a new machine, your browser may ask if it is OK to download and install this ActiveX control. Click yes when asked. If the ActiveX control is blocked by the browser from running, the administrator or user is presented with a link to manually download and run the remote control package manually.

Helper Applications

In setting up a remote control or FTP session, gateway and port blocking problems are eliminated by always initiating outbound connections from both the target machine and the administrator machine. Helper applications, unique to each supported remote control or FTP package, automatically determine the optimal routing path between the administrator machine and the target machine. If a direct connection is not possible then the helper applications route the remote control traffic through the KServer on the same port used by agents to check-in (default 5721).

Enable verbose relay

Remote control or FTP of machines behind firewalls and NAT gateways may be relayed through the VSA server using a helper application. Checking this box displays a popup window with status information about the normally hidden helper application.

Remote Controlling the KServer

Clicking the KServer link starts a remote control session to the KServer itself. Use this feature to remotely manage your own KServer. Only master administrators can remote control the KServer.

Remote Control and FTP for Users

Administrators can provide users with the same remote control and FTP access that administrators have using Agent > User Access.

Remote Control Malfunctions

Some reasons for remote control failure—for both target machines with and without an agent—are:

• The administrator machine is blocking outbound traffic on the agent check-in port (default 5721). The firewall may need to be reconfigured.
• The target machine is on a slow connection. Let the applications run longer than the timeout period and see if that works.
• Anti-virus software on the target machine may block the connection. This problem is eliminated if KES Security protection is installed on the target machine.
• Wrong primary KServer address - Remote control can only connect through the primary KServer address. Machines with an agent can connect through either the primary or secondary address. Verify the remote machine can see the primary KServer address using Agent > Check-in Control.
• XP supports only one RDP/Terminal Service session on the target machine and logs off other users. Starting a remote logon session from a second machine logs off the first remote logon session. The VSA uses the port relay to get through firewalls and gateways. To Windows XP, it appears as if the Terminal Server session is connecting from the localhost.

  Warning: Using the credential of a currently logged on user confuses XP. It can not determine if the user is reactivating the existing session locally or remotely initiating a new connection. As a result Window XP may hang, requiring a reboot to recover. The VSA can not protect you from this. Do not log on using the user name of an already logged on account.

• Your pcAnywhere viewer is connecting to your administrator machine, not the target machine. The KServer relay is telling the viewer to connect to localhost. If you have a pcAnywhere host running on the machine you are viewing from, then the viewer connects to it and not the VSA relay. Right click the pcAnywhere icon in the system tray and select Cancel Host.
• pcAnywhere presents an error dialog saying Cannot find callhost file: C:\Document and Settings\All Users\Application Data\Symantec\pcAnywhere\Network.CHF. There is no Network remote control item configured in pcAnywhere.

1. Open the pcAnywhere application and click on the Remote Control function.
2. Click Add Remote Control Item.
3. Create an item named Network.
4. Select TCP/IP as the connection device.
5. Leave the host name blank.
6. Close pcAnywhere.

Check-in status

These icons indicate the agent check-in status of each managed machine:

Agent has checked in

Agent has checked in and user is logged on. Tool tip lists the logon name.

Agent has not recently checked in

Agent has never checked in

Online but waiting for first audit to complete

The agent is online but remote control is disabled

The agent has been suspended

Remote Control Package

The remote control package assigned to this machine ID. Select the type of package to remote control a managed machine using Select Type.

WinVNC

K-VNC

Remote Administrator

pcAnywhere

RDP/Terminal Server

Machine.Group ID

The list of Machine ID.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the administrator is authorized to see using System > Group Access. Only machine IDs with an icon can be remote controlled and have live links; all others will be inactive.

Current User

The user currently logged into the managed machine.

Active Admin

The administrator currently conducting a remote control session to this machine ID.

Topic 443: Send Feedback. Download a PDF of this online book from the first topic in the table of contents.