Orphaned data files
Hi All Backstory: Couldn't get ManageEngine Netflow to start this morning (running on Windows) after many failed attempts. I ended up uninstalling v11 and installing v12 and what ever the issue was went away and app is running as expected. Question: Can I import the data files from the old installation example (C:\Program Files\ManageEngine\OpManager\data\Router_50001\20191126141558398_5000001.txt) into the new installation? Thanks for any help offered. HR
API REST - Access is denied for the operation [read]
'm trying to use the REST API to query a request, but I'm having problems. I'm using PHP. I generated the API key for the user. When trying to query a ticket, but is returning the following error: "3015 Access is denied. Access is denied for the operation [read]." Are there any releases that I need to assign to the user before consulting a request? I didn't find anything about it in the documentation.
Define accesss to Assets & Tasks Group
Ability add permission to Tech. to view their group tasks and group assets. Roles\Permistion\All in group & Assigned to Technician [Requests and Changes & Assets & Tasks ]
FOS service heartbeat/ping interval
Hi, community. I am curious on how does the FOS heartbeat checking works. I know that SDP is using ICMP for the checking of the availability of the server. But the question is, is it continuous or does it have a 360 seconds interval per ping sent. Thank you in advance.
Audible alert upon notification in SDP?
I was wondering if it is possible to get an audible alert on my workstation in SDP? Thanks, Adam
Use of load balanced RDS farm address for connections through pmp rdp gateway
Hey guys, we currently setup a new RDS Farm (RD Connection Broker, License Server and two RD Session Hosts all on Windows Server 2019 Standard) We use AD Authentication to let users from outside of our domain connect to specific ressources (computer accounts) through rdp gateway using pmp pro. We also record their work. Now we built a rds farm for those users. Users can use a defined .rdp file to successfully connect loadbalanced into the RDS farm -> the syntax in the .rdp file looks like this: loadbalanceinfo:s:tsv://MS
Mac OS Catalina installer fails to download
I'm trying to upgrade MacOS to Catalina. The link that DesktopCentral is using to download the file "installCatalina.tar.gz" is https://updates.cdn-apple.com/2018/091-99991-20181030-10052238-C103-11E8-A480-9257C82E983B/installCatalina.tar.gz. But that link just has a Access Denied page. (I'm on DC version 10.0.475) Thanks
"Invalid CSRF Token" error when picking up or assigning a ticket
Hello When we try to pick up or assign a ticket, we get error "INVALID_CSRF_TOKEN". This seems to be happening when we access servicedesk site from outside our work network. We can pick up and assign a ticket within our network. We recently upgraded, and are at latest version (11.1, Build 11105). It was a long time coming, we were at 10.5 Build 10510. The INVALID_CSRF_TOKEN is a new error AFTER the upgrade. This was NOT an issue BEFORE upgrade. Seems that this issue was caused by the upgrade. Any
March 2020 Patch Tuesday forecast
Look out for a more stable fix this Patch Tuesday for the botched Windows 10 updates 4524244 and 4502496 Microsoft pulled last month. With a huge number of CVEs fixed by Microsoft and a good deal of updates for Reader and Acrobat issued by Adobe last month, we hope March Patch Tuesday will spare us with a lighter set of updates. To save yourself the trouble of sorting them out, catch an early analysis on March Patch Tuesday updates and strategies on safe testing and stable rolling out of patches
[RHEL 8] [SDP v11000] Claims port 80/443 are occupied but they are not
Upon running netstat nothing is occuping port 80/443. When changing it from the Web UI it says port 80/443 is occupied. Running the "changeWebServerPort.sh" script results in the same error.
March 2020 Patch Tuesday forecast
Look out for a more stable fix this Patch Tuesday for the botched Windows 10 updates 4524244 and 4502496 Microsoft pulled last month. With a huge number of CVEs fixed by Microsoft and a good deal of updates for Reader and Acrobat issued by Adobe last month, we hope March Patch Tuesday will spare us with a lighter set of updates. To save yourself the trouble of sorting them out, catch an early analysis on March Patch Tuesday updates and strategies on safe testing and stable rolling out of patches
March 2020 Patch Tuesday forecast
Look out for a more stable fix this Patch Tuesday for the botched Windows 10 updates 4524244 and 4502496 Microsoft pulled last month. With a huge numbers of CVEs fixed by Microsoft and a good deal of updates for Reader and Acrobat issued by Adobe last month, we hope March Patch Tuesday will spare us with a lighter set of updates. To save yourself the trouble of sorting them out, catch an early analysis on March Patch Tuesday updates and strategies on safe testing and stable rolling out of patches
[SDF-27213] Custom views for requests - using "and" & "or" in the same view
Hi Community, Is it possible to use the logical operations "and" & "or" together in the same custom view? Here is an example for a better understanding: I'd like to create a custom view with the following parameters: - Ticket is assigned to Tech xx or - Ticket is not assigned to a Support Group and - Ticket Request Status is not 'Closed' or 'Resolved' As of right now it is not possible to configure it as seen above, because you can only use "or" or "and" twice or none. Thanks for the help! Best Regards,
DataSecurity Plus Agent - Silent installation
Hello there, How does one go about doing a silent installation of the DataSecurity Plus agent? I haven't been able to find clear instructions on this topic. The idea is to deploy it via script using an RMM solution. Thanks.
[SDF - 85361] Custom Trigger to add Announcment
I'm trying to find a way to list all Onboarding/Offboarding request in a place Users who submit those forms can see them. These users are from different Departments and they don't need to be able to see other request from their Department or other Departments. Without giving them that access, the only way I can think of is to list the subject of each Onboarding/Offboarding request on Announcements. That way they can go out there and see if one has been submitted already for a user in their department.
Dynamic field in incident/service template
Hi, I need some field that add dynamically. Like my attachment I want to add this type of field to my incident/service template. What should I do? Do you have a workaround?
Populate additional requester details in request fields using Field and Form Rules
Greetings Portal Version 10.5 I am trying to fill out an additional field in the request with information from the additional field of the requestor. I follow the instructions, nothing happens. https://pitstop.manageengine.com/portal/kb/articles/how-to-populate-additional-requester-details-in-request-fields-using-field-and-form-rules My script works when loading a form, it looks like this. //-----------------------Inputs Required--------------------// var requestAdditionalFieldID = 'WorkOrder_Fields_UDF_CHAR2';
[SDF - 84265] Requests Color Settings
Hi Community, We'd like to use the color settings in the requests tab to differiate between two different things: - Group is not assigned = red - Group is assigned but no technician = orange The first term is working without any problems, but we can't configure the second. It is also looks like it's not possible to use two different terms together, as you can only differiate between the same terms - for an example you can't use the following color scheme: - Group is not assigned = red - Status is
Database Query Request - Technician Logon History
Would it be possible to query the database to find out when a technician last logged onto SDP and also how many times they've logged into the system? I'm trying to create a report that will show people who are assigned technician licenses who are not using or rarely use the system and should be removed as technicians. ServiceDesk Plus (On Premise) Build: 11105 Database: MSSQL
Manage Engine Desktop Central agent enforcing specific type of browser only (silently Uninstall all non SOE)
My company has purchased Manage Engine Desktop central and deployed the agent in the production environment. In my previous experience with Microsoft SCCM, the agent can enforce only a specific list of browser that is allowed installed and running in the users PC like: Mozilla Firefox, Google Chrome, IE & Edge. Other than those white-listed browser, the agent will Uninstall it silently. is there any way in DesktopCentral v10 to enforce it that way? I look forward to your reply. Thanks.
Security Update - Ghostcat Vulnerability prevention for Desktop Central
A vulnerability with the name Ghostcat in Apache Tomcat (CVE 2020-1938), which is a third-party component used by Desktop Central was discovered by external security researchers of Chaitin Tech. This Ghostcat Vulnerability has been mitigated and has been released for ManageEngine Desktop Central. Follow the below given steps to prevent this vulnerability in Desktop Central Servers. Log in to your Desktop Central console, click on your current build number on the top right corner. You can find the
SNMP Traps not received by OpManager
Hello, I have issues with receiving traps in OpManager as no traps are currently displayed in OpManager v12.2. OpManager is installed on a Linux Centos 7 server. The following debugging steps has been taken: 1) A tcpdump on port 162 on the server running OpManager shows that the traps are being received correctly through the port so no issues with Firewalls 2) All devices are set with the correct credentials. 3) Trap definitions has been loaded through the mib files and enabled through the GUI.
CSV file to import assets
Dear All can you please share the CSV file to import assets. Regards
Failed to assign technician
I'm seeing something really weird here and I can't find any commonality. Occasionally, a ticket will simply fail to assign a technician. Here's an example. This is the ticket as it exists. I click on technician to assign it. Click the check mark to save it. I get the pop up that says it updated But the ticket remains unassigned: Help.
What's the value of Business View in CMDB?
We just upgraded to the latest build of SDP and I discovered Business View in CMDB. How does it work? What value your organization got from this feature?
ServiceDesk plus - Custom script
Hi, In the ServiceCatalogue you when you choose "Form and Fields" , is it possible to write a custom script that add a the requester to a Active Directory group when the form is submitted? kr Thomas
Security fix for CVE-2020-10189 - Remote Code Execution has been released!
Remote Access Plus was reported with a vulnerability that lets unauthenticated attackers execute arbitrary code on Remote Access Plus instances. This issue was reported by Steeven Seeley of Source Incite and is now been fixed. The security fix is released in build #10.0.452 and you can download the latest build from here. (or) 1. From your Remote Access Plus web console, click on your current build number in the top right corner. 2. You can find the latest build applicable to you. You can download
How to remove certificates
Hello, I have been trying for the last few days to get openssl working with untangle firewall openssl vpn server. Initially i uploaded some certs but i believe i had to upload all three certs: client, key and ca cert. So i was looking to upload a pk12 cert but i am now getting an error saying cert already exist. How do i delete the certs i have already uploaded and also is there a document on how we should setup openssl vpn? We are looking to deploy this to 500+ devices and now trying to get this
Unauthenticated remote code execution vulnerability fixed
Hello Everyone, The fix for Remote Code Execution vulnerability in Patch Manager Plus has been released in the build 100426 This hotfix is available at https://www.manageengine.com/patch-management/service-packs.html For more information, please visit here In case of queries or technical assistance contact support. Regards, Team ManageEngine
Unauthenticated Remote Code Execution Vulnerability has been fixed!
Hello everyone, Fix for the Remote Code Execution vulnerability in Device Control Plus has been released in the build 100356. This hotfix is available at https://www.manageengine.com/device-control/service-packs.html For more information, refer this link. In case of queries or for technical assistance please contact support. Best Regards, Team ManageEngine
Security Update | ManageEngine Application Control Plus
Hello Everyone, Fix for the Remote Code Execution vulnerability in Application Control Plus has been released in the build 100504. This hotfix is available at https://www.manageengine.com/application-control/service-packs.html For more information, please visit here. In case of queries or technical assistance contact support Regards, Team ManageEngine
Unauthenticated remote code execution vulnerability fixed
Hello Everyone, Fix for the Remote Code Execution vulnerability in Vulnerability Manager Plus has been released in the build 100346 This hotfix is available at https://www.manageengine.com/vulnerability-management/service-packs.html For more information, please visit here In case of queries or technical assistance contact support Regards, Team ManageEngine
Fix for Security Issue in Mobile Device Manager Plus MSP
Mobile Device Manager Plus MSP has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at msp-mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager Plus
Fix for Security Issue in Mobile Device Manager Plus
Mobile Device Manager Plus has fixed an arbitrary file upload vulnerability which would have otherwise allowed users with malicious intent to upload any file without validation using the log upload functionality. The security fix is available in build #92684 and above. You can download the latest build from here. For any queries or assistance, please reach to our support team at mdm-support@manageengine.com. Follow #mdm-security for all security related updates in Mobile Device Manager Plus
Desktop Central is still desperately lacking in patch/configuration job targeting...
This has been an issue for a good number of years now and, whilst DC appear to have made some changes (and even some improvements) to the way in which you are able to target jobs, there are still some pretty serious limitations and even some down-right failures in the way in which job targeting is handled. Here are a couple of posts, over at least the last six years, of examples where very specific requests for improvement have been made, with repeated "looking into it" and other non-committal responses:
Security Update - ManageEngine Desktop Central (Remote Code Execution - Fixed)
Hello Everyone, The remote code execution vulnerability in Desktop Central (CVE-2020-10189) has been fixed in build 10.0.479. The new hotfix is available at https://www.manageengine.com/products/desktop-central/service-packs.html For more information about the vulnerability, please visit https://www.manageengine.com/products/desktop-central/remote-code-execution-vulnerability.html Please contact support for any clarification or the assistance. Thank you.
Zero-Day Vulnerability - Desktop Central - March 6th, 2020
Is there any information regarding the zero-day vulnerability for Desktop Central that was announced today via the article: https://www.zdnet.com/article/zoho-zero-day-published-on-twitter/ ? Any guidance yet?
Tomcat Vulnerability?
Good morning, is the OPManager software vulnerable to the Tomcat exploit in the link below? https://www.cisecurity.org/advisory/a-vulnerability-in-apache-tomcat-could-allow-for-arbitrary-file-reading-cve-2020-1938_2020-028/
Are any ManageEngine products (like ServicedeskPlus) vulnerable to recent "Ghostcat" exploit?
i see referenced in this previous post https://pitstop.manageengine.com/portal/community/topic/java-standalone-application-any-servler-container-like-apache-tomcat-behind that some manageengine products are based on Apache Tomcat. given the most recent "ghostcat" exploit that was discovered, what is the eta for updates to use a version of tomcat which has this patched? Exploit details: https://www.cisecurity.org/advisory/a-vulnerability-in-apache-tomcat-could-allow-for-arbitrary-file-reading-cve-2020-1938_2020-028/
Self-signed SSL Certificate
Good Day If we want to access ServiceDesk Plus via our intranet we get the "Connection to this site is not secure" warning. Therefore, we tried to install a self-signed SSL-certificate. Whilst importing the certificate ServiceDesk Plus throws an error. In the Support-File we found the error "Exception occurred when importing the SSL certificate! : Self signed certificate cannot be imported from UI|". Is there any other way to import the certificate or to get rid of the warning?
Next Page