Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Wyse Shadow Message

Status
Not open for further replies.
sevi

sevi

IS-IT--Management
Jan 29, 2002
64
GB
We use Wyse thin client boxes on our network to connect to W2k3 TS.

I keep getting users ring the help desk with the message on their screen saying 'Someone wants to shadow your session. Do you want to accept it?'

Now this is not a windows message, it appears to be coming from the Wyse boxes themselves. Anyone any ideas??
 
Sort by date Sort by votes
SEVI, have you found a solution to this issue yet?
 
Upvote 0 Downvote
no, have you any ideas
 
Upvote 0 Downvote
I was having the exact same problem here. I ran WireShark (formerly Ethereal) and noticed a lot of connection attempts on TCP port 5900, from several computers on the subnet. One of the things these computers had in common was our McAfee Total Protection Enterprise (and more specifically Rogue System Detection 2.0).

I have spent hours on the phone with McAfee and have been told repeatedly that none of their products use TCP Port 5900. I ran a port scan against one of our Wyse thin clients and found the following open ports: 80, 4000, 5800 and 5900. I attempted to connect on all ports, but only noticed the "Someone wants to shadow..." popup on 5900.

I removed all McAfee products from my computer and noticed that the connection attempts from my computer on port 5900 have stopped. I then used ePO to remove RSD 2.0 from my subnet, and all computers on my subnet stopped attempting their connections as well. I have since removed RSD from all computers in the organization and have not seen the popup since.

I hope this info helps, as I know it was driving me crazy!
 
Upvote 0 Downvote
Thats very interesting.

We are also a McAfee customer and also use Total Protection and Rogue System Detection.

I shall look into it more.

Thanks for your help.

Regards
 
Upvote 0 Downvote
Here is the official word from McAfee on the subject:

"This is due to the 'port scan' like behaviour of the RSD sensor when 'Device details detection' is turned on via policy. Add the machines/networks in question to the exception list for this feature, or disable the feature all together.

This is located in the RSD 2.0 General policy in the Detection tab -> 'Device details detection' tab -> 'Do not run NetBios calls against devices on these networks'.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

docmgr
  • Locked
  • Question
Wyse terminal session
Replies
0
Views
35
docmgr
docmgr
TravTrav
  • Locked
  • Question
WYSE S30 RDP sound not working
Replies
0
Views
58
TravTrav
TravTrav
jonabond
  • Locked
  • Question
Wyse Thin Client and Windows 2008 Terminal Services
Replies
0
Views
38
jonabond
jonabond
robert201
  • Locked
  • Question
Installation failed during web setup- error message
Replies
0
Views
35
robert201
robert201
Techgoober
  • Locked
  • Question
Volume Shadow Copy Timing out - 2003 server
Replies
1
Views
34
mbourne2006
mbourne2006

Part and Inventory Search

Sponsor

Back
Top