Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SMAConnectAgent - admin permissions needed

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

how do you handle that the SMAConnectAgent needs administrative rights to be installed?

Having Device Management enabled on the SMA needs the SMAConnectAgent to be deployed, but it's usual that on employer-provided systems the user does not have any admin permissions.

With the firmware update from 10.2.0.0 to 10.2.0.1 the user got prompted to install a newer version, but can't install because of the missing rights. The prompt can be canceled, but causes confusion on the user side. The endpoints (Notebooks) are located in Home-Offices and will probably not return into the HQ for a while to get refueled via GPO etc. The Home-Offices just connect to the browser-based VirtualOffice, no VPN.

Any help highly appreciated.

--Michael@BWC

Category: Secure Mobile Access Appliances
Reply

Answers

  • Hi,

    once connect agent is installed and when they upgrade to 10.2.0.1 but it should work fine, if GPO is not causing here..

    Admin rights are needed for NX for first time and subsequent upgrades not needed.

    Vijay Kumar KV

    Enterprise Tech Support Consultant | SME

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Vijay_Kumar_KV

    if I get you right, you're saying admin rights are not needed for upgrades? This does not seem to be the case, after logging into the SMA I'am greeted with an option to upgrade the SMAConnectAgent because there is a newer version available, when I'am hitting yes to upgrade I'am asked for Admin credentials.

    That was the point of my initial question, is this a bug and admin rights shouldn't be needed for upgrades like you elaborated?

    --Michael@BWC

  • @BWC .

    Admin rights needed while we install SMAConnectAgent is required to upgrade, admin permission will be required again because we need to update registry settings each installation. so admin is needed for every time..

    Vijay Kumar KV

    Enterprise Tech Support Consultant | SME

  • admin permission is needed for every time..

    Vijay Kumar KV

    Enterprise Tech Support Consultant | SME

  • BWCBWC Cybersecurity Overlord ✭✭✭

    I need to come back about this, actually in retrospect, my question isn't answered. The question was: "How do you handle that the SMAConnectAgent needs administrative rights to be installed?"

    What I mean here, how should we upgrade the SMAConnectAgent in the field on machines where the enduser does not have administrative rights? Should the SMAConnectAgent pre-deployed with some form of software-distribution (GPO, etc.) prior to an upgrade of the SMA to avoid this confusing upgrade messages, which cannot be fullfilled without the admin rights anyhow?

    Whats a common way?

    --Michael@BWC

  • I got it, but since this needs to registered in Registry so admin nights are needed, I agree with your points for subsequent upgrades I don't think we need admin rights..we'll check with engineering and if possible to do without rights.

    We can file an RFE?

    Vijay Kumar KV

    Enterprise Tech Support Consultant | SME

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Vijay_Kumar_KV

    the problem could be solved if upgrades would not need admin rights, but I'am not sure if this is technically possible.

    For some "HTML Portal-only" deployments I don't even have a chance to deploy the newer Agent manually, because of the lack of a VPN connection. The whole process needs to be as simple as possible, because there a mainly no IT-people sitting in the Home-Offices at the moment.

    --Michael@BWC

  • @BWC I got it, we'll check on ourside how to fix this going forward.

    Vijay Kumar KV

    Enterprise Tech Support Consultant | SME

  • This is also an issue for many of our clients. As a best practice, users are not given local admin rights. After upgrading SMA firmware, we receive several calls from clients that can’t connect due to not having local admin rights to update the SMA Connect Agent, NetExtender, EPC software, etc. Can you provide an update on this?
  • ThKThK Enthusiast ✭✭
    edited February 24

    @BWC @Arthur @Vijay_Kumar_KV

    got this issue that the EPC should be updated after the Patch 10.2.0.6-32sv. Clicked download in the Window and then it failed with an notification in the Browserwindow.

    I tried to download the agent from the download section under the User Icon in the upper right corner. But there is no EPC agent available. (Netextender is available.)

    Checked this on other SMAs and finally found one where I could download the agent from. No change to find it in MYSWL.

    Installed it on the client and login was ok for now.

    Did you see this "lost" agent in your instances too?

    --Thomas

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @ThK

    I checked on my SMA 500v and I was able to download them via VirtualOffice.

    You having problems on SMA 2x0/4x0 or 500v? On hardware appliance there seems to be a case a while back:

    --Michael@BWC

  • ThKThK Enthusiast ✭✭

    @BWC all are 500v. the post exatly describes what i have.

    and it does not depend on user. so same as admin or user and LocalDomain or Portal

  • BWCBWC Cybersecurity Overlord ✭✭✭

    I double checked, SMA 500v deployed from 10.2.0.5 OVA and SMA 500v updated to 10.2.0.5 via .sig both having the Files downloadable via VirtualOffice.

    Is it a VMware or Hyper-V deployment, maybe thats the difference? Mine are on ESXi.

    --Michael@BWC

  • ThKThK Enthusiast ✭✭

    @BWC yes on ESXi.

  • ArthurArthur Newbie
    edited 3:35AM
    We upgraded our SMA 410 to 10.2.0.6 this evening and had the same issue with SMA Connect Agent and NetExtender saying Not Available in the SMA downloads. The files finally became available after 45 minutes. TSR clientdownload log file had the following errors.

    Mon Mar 1 20:45:57 2021 target file(/usr/src/EasyAccess/www/htdocs/NXSetupU.exe) doesn't exist
    -Mon Mar 1 20:45:57 2021 backup file(/usr/src/EasyAccess/var/clients/NXSetupU-10.2.309.exe) doesn't exist

    Local admin rights are still required to update SMA Connect Agent, EPC/NAC Agent, etc. This is a nightmare for most environments as users don’t have local admin rights. At the very least, SMA Connect Agent and EPC/NAC Agent need to be made available for download on MySonicwall.com to allow apps to be deployed/updated via RMM or other means prior to upgrading SMA firmware. EPC/NAC Agent cannot be downloaded manually on SMA as well, only SMA Connect Agent and NetExtender.
Sign In or Register to comment.