Follow

Two Factor Auth Addin for Kaseya (Installation Guide) (Legacy)

Requirements

  • Kaseya 6.2.0.0 (This document can also be used for the previous addin for Kaseya 6.1)
  • A working AuthAnvil Two Factor Auth Server that has already been configured as per the AuthAnvil Two Factor Auth Installation Guide.

NOTE: AuthAnvil 4.0 and later cannot be installed on the same web site as Kaseya if you plan to use the Kaseya Addin or logon agent. AuthAnvil Two Factor Auth will need to be moved to a separate IIS web site on the same server, or on a completely different server. See the AuthAnvil Two Factor Auth Installation Guide for details on backing up your AuthAnvil 2FA server and restoring your data to a new server installation.

Introduction

Kaseya offers a powerful and flexible system of network management tools, and is extendable through a plug-in architecture. The 2FA Addin for Kaseya 2 takes advantage of this plug-in architecture to add the ability to monitor AuthAnvil Two Factor Auth servers and manage, monitor and deploy AuthAnvil Windows Logon Agents directly into the Kaseya interface.

The rest of this document will step through the process to accomplish the implementation and configuration of AuthAnvil Two Factor Auth support on a server running Kaseya 6.2.0.0. (This process is the same for the addin compatible with 6.1). This document assumes that the AuthAnvil Two Factor Auth Server has already been configured as per the AuthAnvil Two Factor Auth Installation Guide.

NOTE: This installer initiates a Kaseya Schema Rebuild as part of the installation process, so please keep this in mind deciding when to install the Addin. We recommend that you make sure that the fewest number of users will be affected when you do the install.

Installing the Two Factor Auth (2FA) Addin for Kaseya 2

Step 1: Contact Support to receive the Kaseya Addin files.

Step 2: Launch the Addin installer. (2FA_KaseyaAddin.exe)

Step 3: The installer will ask to enable the Kaseya 2 Web Services. Click Yes to continue. These web services are required in order for the Addin to be able to communicate with Kaseya.

image

Step 4: Click Next on the opening installer screen, then accept the license agreement and click Next again.

Step 5: If you would like to use the AuthAnvil Kaseya Logon Agent to protect your Kaseya Server, fill in your 2FA server information, along with a user that you would like to whitelist in Kaseya (if you want). You can whitelist additional users in the Addin after the install is complete. Click Next to continue.

NOTE: If you don’t wish to enable AuthAnvil authentication at logon, you can enable it at any time by logging onto the Kaseya server and renaming the incBackup folder located in C:KaseyaWebPagesAuthAnvil to inc.

image

Step 6: Click Next again to start the install.

Step 7: When the install is complete, you will be presented with the final screen. Click Finish to launch the Kaseya Schema update so that Kaseya can load the 2FA Addin.

image

Step 8: Log into Kaseya. If you enabled AuthAnvil authentication at logon, you will see a screen that resembles this.

image

Step 9: Click on the Two Factor Auth tab on the left hand navigation bar, and make sure that your Kaseya login settings are correct, then click Save Settings when complete.

  1. The Whitelisted Users list is a comma separated list of usernames (with no spaces) that needs to match the users’ Kaseya usernames.
  2. The Whitelisted IP List is a comma separated list of IP subnets in CIDR format. ie: 192.168.1.0/24. This feature will only work if the computers are communicating with the Kaseya server via IPv4. It does not recognize IPv6 addresses.

NOTE: Don’t change the default Kaseya web service URL of http://127.0.0.1/vsaws/kaseyaws.asmx unless you are having problems with the Addin, or know that URL is unreachable from the Kaseya server.

image

Step 10: Click on the Training Videos link to learn more about how to use the AuthAnvil Addin, and the Documentation link to learn more about what you can do with AuthAnvil and how to use all of the different agents. If you want to watch the videos before you install the Addin, you can find them at: /docs/aak2/

Requiring Whitelisted Users to Log On With a Token

The Kaseya Addin can be configured to require two-factor authentication from all users except those in the whitelist, or to require two-factor authentication from ONLY the users in the whitelist. By default, the Addin will require 2FA from all users except those in the whitelist, but this can be changed by modifying a setting in the database.

You may either your favorite SQL management tool, or the SQLCMD command line utility that ships with SQL Server 2005 and later. To use SQLCMD:

  1. Open a Command Prompt
  2. Run the command sqlcmd -s KASEYA2SQLEXPRESS (where KASEYA2SQLEXPRESS is the path to your SQL server).
  3. Once connected, you will see a 1> prompt. Run the command: UPDATE ksubscribers.dbo.AA_Settings SET Data = 1 WHERE Setting = ‘userWhiteListRequires2FA’
  4. Next, you will see a 2> prompt. Type GO and hit enter.
  5. You should see the result: (1 rows affected). Type exit and hit enter.

The whole process will look something like this:

Prompt

To reverse the setting to not require 2FA from the Whitelisted Users list, use the same process, running the SQL command UPDATE ksubscribers.dbo.AA_Settings SET Data = 0 WHERE Setting = ‘userWhiteListRequires2FA’ instead.

Known Issues

The “Monitor Against AuthAnvil Agent Tampering” scripts will only run once, when the Save Settings button is pressed on the Configure Agent Alert Settings page. We do not currently have a mechanism to schedule a script to run on a recurring basis.

Troubleshooting

Issue: When the Kaseya schema rebuild is launched, you get a HTTP 403 or 404 error.

Cause: 127.0.0.1 is not reachable on port 80. You are using a different http port, host headers, or requiring HTTPS access to the Kaseya server.

Resolution: Change the URL in the address bar to reflect a correct internal URL for the server and reload the page.

—————————-

Issue: When navigating to any page in the addin, you get an “Invalid Session ID: wsSessionId is an invalid length” error.

Resolution:  This error is caused by one of two scenarios:

  1. The Kaseya Web Service URL is wrong, check it under the “Configure Kaseya Logon” section of the addin. The default is http://127.0.0.1/vsaws/kaseyaws.asmx, and will work in most situations unless you are using a different http port, host headers, or requiring HTTPS access to the Kaseya server.
  2. The session IDs are not properly synchronized. Log out of any of your Kaseya sessions and close all of your browser windows, then try again.

—————————-

Issue: After upgrading Kaseya, the AuthAnvil icon disappears from the addin tab.

Resolution:  This is caused by Kaseya overwriting one of the CSS files that defines where the tab icons are stored during the upgrade. To get the icon back, open the C:kaseyavsaPresxmlThemeTemplatecsskaseyamodules.css file in your favorite text editor and add the following line to the bottom of the file and save it:

.module-AuthAnvil{background-image: url(${imageFinder.findCssImage(${theme},"SIZE24/Modules/AuthAnvil.png")}) !important;height: 24px;width: 24px;}

 

Questions?

If you have any questions or need some help, we would be happy to assist. Open a case at help.scorpionsoft.com or send an email to support@scorpionsoft.com.

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk