CTX111046
EdgeSight
EdgeSight for Endpoints 5_4,EdgeSight for XenApp 5_4
Configuration,Connectivity
2016-04-15
2014-04-09
While using the Remote reports,you receive the following error message: "Access denied: You do not have permission to access this resource".

Symptoms or Error

While using the Real Time reports, the following error message is displayed:

"Error occurred connecting to <device name>

Error: -2147217843
Access denied: You do not have permission to access this resource"

User-added image


    Solution

    Caution! Refer to the Disclaimer at the end of this article before using Registry Editor.??

    Citrix recommends leaving the RemoteSecurity registry key set to 1 and defining a RemoteSecurityGroup. This allows the most flexible and secure configuration allowing a specific group of users access to the EdgeSight remote functions. These two Agent settings are found in the following registry keys:

    HKEY_LOCAL_MACHINE\Software\Citrix\System Monitoring\Agent\Core\4.00\RemoteSecurity

    HKEY_LOCAL_MACHINE\Software\Citrix\System Monitoring\Agent\Core\4.00\RemoteSecurityGroup

    These settings can be changed manually on the Agent device to override the install time settings. Any changes to these settings take effect immediately after you change them and no process restart is required. If you have multiple systems that require this change, you might want to distribute an automated job or policy to change it on all your devices.

    Following are the possible combinations for using these settings:

    • RemoteSecurity=1, RemoteSecurityGroup=<blank or not set>

      This is the most secure and restrictive setting and allows only a local administrator to the device access to use the real-time remote functions. In order to “remote” into a device, the EdgeSight console user must be a local administrator on the actual device.

    • RemoteSecurity=1, RemoteSecurityGroup=<set to an Active Directory group>

      To enable this setting, an actual Active Directory group must exist or be set up. The second step is to add any and all EdgeSight users to this group who need or want access to the real-time remote functions. The users of this function can be carefully managed using this approach.

    • RemoteSecurity=0, RemoteSecurityGroup=<any value>

      This is the least secure setting. This gives all EdgeSight console users the ability to use the real-time remote functions. This setting is generally not recommended.



    Problem Cause

    The remote connection is being rejected by design and is caused by a default setting on the remote EdgeSight Agent you are trying to connect to.

    The RemoteSecurity setting defines who can and cannot use the real-time reports to connect to the Agent.

    The default setting is one (1), which ONLY allows a local administrator of the device to connect. However, most EdgeSight users are not a local administrator on all of the devices they are trying to connect to.

    The RemoteSecurity setting is configurable and can be set at the Agent installation time or adjusted post-installation by editing the EdgeSight Agent registry settings.


    Additional Resources

    The following screen shot shows the most secure setting with the value data of the RemoteSecurity key set to 1. This setting is the default and most likely results in an “Access Denied” error message for your EdgeSight users when trying to use the Real Time Remote reports.

    User-added image

    The following screen shot shows the least secure setting with the value data of the RemoteSecurity key set to 0. This allows any EdgeSight user the ability to use the remote functions to connect to the Agent.

    User-added image


     

    Join the conversation

    Citrix Discussions

    Open a case

    Citrix Support

    特别说明


    本文来源为Citrix.com所有,翻译后版权归翻译者所有.如需转载请注明出处.

    文档版本


    .

    广告招租


    最新留言


    .

    广告招租


    .