Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Wyse Shadow Message

Status
Not open for further replies.

sevi

IS-IT--Management
Jan 29, 2002
64
GB
We use Wyse thin client boxes on our network to connect to W2k3 TS.

I keep getting users ring the help desk with the message on their screen saying 'Someone wants to shadow your session. Do you want to accept it?'

Now this is not a windows message, it appears to be coming from the Wyse boxes themselves. Anyone any ideas??
 
SEVI, have you found a solution to this issue yet?
 
no, have you any ideas
 
I was having the exact same problem here. I ran WireShark (formerly Ethereal) and noticed a lot of connection attempts on TCP port 5900, from several computers on the subnet. One of the things these computers had in common was our McAfee Total Protection Enterprise (and more specifically Rogue System Detection 2.0).

I have spent hours on the phone with McAfee and have been told repeatedly that none of their products use TCP Port 5900. I ran a port scan against one of our Wyse thin clients and found the following open ports: 80, 4000, 5800 and 5900. I attempted to connect on all ports, but only noticed the "Someone wants to shadow..." popup on 5900.

I removed all McAfee products from my computer and noticed that the connection attempts from my computer on port 5900 have stopped. I then used ePO to remove RSD 2.0 from my subnet, and all computers on my subnet stopped attempting their connections as well. I have since removed RSD from all computers in the organization and have not seen the popup since.

I hope this info helps, as I know it was driving me crazy!
 
Thats very interesting.

We are also a McAfee customer and also use Total Protection and Rogue System Detection.

I shall look into it more.

Thanks for your help.

Regards
 
Here is the official word from McAfee on the subject:

"This is due to the 'port scan' like behaviour of the RSD sensor when 'Device details detection' is turned on via policy. Add the machines/networks in question to the exception list for this feature, or disable the feature all together.

This is located in the RSD 2.0 General policy in the Detection tab -> 'Device details detection' tab -> 'Do not run NetBios calls against devices on these networks'.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top