Automated account assignment not working with SCP (ServiceConnectionPoint)

SIR
SIR Posts: 24
edited May 2023 in General questions

Hi everyone,

I followed the official Teamviewer documentation about the rollout of the TeamViewer 12 Host MSI and using a SCP (service connection point) for the automated account assignment.

So i created manually the SCP as mentioned in the documentation:

1) Created the container CN "TeamViewer" at the root (DC=<mydomain>,DC=<myTLD>)

2) Created the service connection point CN "TrustConfigIDs" in the container "TeamViewer" (CN=TrustConfigIDs,CN=TeamViewer,DC=<mydomain>,DC=<myTLD>)

3) Edited the "keywords" properties of the SCP "TrustedConfigIDs" and add the attributes values as mentionned in the documentation: "TeamViewer" and "B15CB251-377F-46FB-81E9-4B6F12D6A15F"

4) Applied everything

5) Edited the "serviceBindingInformation" properties of the SCP "TrustedConfigIDs" and add the attributes value of my ConfigurationID of my customized host (without the "-idc" ): d7xxxxx.

6) Apply and close the windows.

7) Then i deployed my customized host on a virtual test machine by GPO  (TeamViewer_Host-idcd7xxxxx.msi)

The product installed itself on the machine successfully but when i open the settings of the host, none account is added. The computer is also not showing up in the management console.

I am missing something ?

Thanks in advance for your help.

 

Tagged:

Best Answer

Answers

  • DomLan
    DomLan Posts: 490 ⭐Star⭐

    Hi SIR (nice nickname),

    I think the topic is discussed in this thread https://community.teamviewer.com/t5/API-and-Scripting/Auto-account-assign-doesn-t-work-on-TV12-Host-MSI/td-p/1173/page/3.


    It is long enough to read, but carry the third page would be useful to look at the comments provided by @RogerH

    Some elements related to the occurrence of the problem may be caused by previous versions already installed on the client that must be removed before proceeding (also via Regedit)

    Regards.

    Domenico Langone

    MCSD: App Builder

  • SIR
    SIR Posts: 24

    Hello @DomLan,

    Thank you for your answer, indeed this is the best nickname ;)

    Okay i will check what @RogerH wrote and see if that can help...

    I already tried to install Teamviewer 12 while uninstalling oldest versions first and also delete the differents trees in various registrie's hives created by Teamviewer (my test machine is 64 bit) :

    HKLM\SOFTWARE\Wow6432Node\Teamviewer

    HKCU\Software\TeamViewer

    but that didn't help... I wonder also which account he will try to put automatically because it's specified nowhere (email address of an existing Teamviewer account, or anything else...)

    Anyway, i will read first the comments and get back to you !

  • SIR
    SIR Posts: 24

    Dear @DomLan,

    I read carefully and tried some instructions of @RogerH but that didn't solve my issue. He is more speaking about the Assignment Tool and not really about how to configure the SCP..

    I had the version 8 of TV installed on my test computer but i never had a SCP made in my Active Directory for Teamviewer because i didn't need in the past.

    I uninstall completely the TV 8 of my test machine (deleted registry keys, folder in C:\Program files..., etc...)  and redeploy trought GPO but that still not working.

    Any further ideas ?

  • RogerH
    RogerH Posts: 12

    Hi @SIR

    Did you create a TeamViewer_Settings.reg file on a test computer, and include that with the correctly named MSI file ? The way i understand it, the MSI file (named with -idcprofileID) installs the host and will only apply the profile and add to the TV Account the profile is in If you have the following in place -

    • Properly configured SCP
    • Properly configured and named TeamViewer_Settings.reg in same folder as the MSI file

    When I originally setup TV11 using SCCM, and an SCP in AD to auto assign the profile and account, I needed both SCP AND the .REG file. Also, when I first logged in, after host was installed -

    • If I logged in with a LOCAL account that had Admin rights, it would prompt me to allow the host to be assigned to the TV account (when you login with a local account immediately after TV is installed, it 'ignores' the SCP
    • If I logged in with an AD account, then TV would read the SCP and auto assign the profile and assign to the TV account

    Hopw this information helps

  • SIR
    SIR Posts: 24

    Hi @RogerH

    Thank you for the update,

    1)

    Did you create a TeamViewer_Settings.reg file on a test computer, and include that with the correctly named MSI file ?

    Yes i  exported  a .REG file from a TV Host with my basic parameters that i want to set to all my future clients. I did configure:

    • Administrator password for editing the settings of the TeamViewer Host
    • Personal password for unattended access.

    For all the other options, i want to apply them using the Teamviewer's policies that you can create in the TV Management Console.

    Yes i did, i named my .MSI file with the correct configuration ID i have in my  TV Mangement Console: "TeamViewer_Host-idc<myConfigID>.msi"

    2)

    • Properly configured SCP

    I used the Teamviewer official documentation to creat at first manually the SCP with all the mentionned parameters. Seeing that wasn't working, i ran secondly the "TrustConfigID.ps1" with a domain admin account. The script worked and created  the SCP in the location as expected (CN=System, DC=domain, DC=com,)

    I tried also to add the SCP at the root (DC=domain, DC=com,) but that didnt worked either.

    I  added my configuration ID in the SCP without the "-idc" of course.

    3)

    • Properly configured and named TeamViewer_Settings.reg in same folder as the MSI file

    Yes i put the .MSI and the .REG file in the same folder. The name of my REG file is exaclty the same as you mentionned, because if you change it, the file won't be read by the .MSI when it's installing.

    The MSI is deployed and installed correctly as well as the .REG file(i am sure because the TV Host prompts me the password i set in the .REG file when i try to access the configuration options).

    4)

    • If I logged in with a LOCAL account that had Admin rights, it would prompt me to allow the host to be assigned to the TV account (when you login with a local account immediately after TV is installed, it 'ignores' the SCP
    • If I logged in with an AD account, then TV would read the SCP and auto assign the profile and assign to the TV account

    I always did connect with a domain account on my test machine. I never made any connections with local accounts. I connected with a non-admin account and admin account but that didn't changed anything.

    It's really annoying because i can't see where i made a mistake.. :/

  • RogerH
    RogerH Posts: 12

    Hmmmm - it seems that you did everything correctly from what you describe, so I can't think of what is not working. I assume that after installing the host with the .REG file, the host IS launching automatically? If so, and you go into Options on the host, does it show that it has been added to the relevant TV account ?

  • SIR
    SIR Posts: 24

    Yes the program starts automatically but none account are added.

    I verified in my TeamViewer Management Console and i didn't found the trace of any old record for this machine who where maybe still hanging there or so..

    That's really blowing my mind... :(

    I will open a ticket at the Teamviewer support i guess, because i have tried everything and i can't see what is wrong ! Thank you for your time @RogerH and @DomLan

  • RogerH
    RogerH Posts: 12

    Best of luck @SIR - Please keep us updated on what hte solution turns out to be

  • SIR
    SIR Posts: 24

    A ticket has been openend at the support.

    I will keep the topic up to date when a fix will be found

  • RogerH
    RogerH Posts: 12

    I'm glad that you got your issue resolved. I'm not 100% convinced on the solution though.

    I have the option "Allow account assignment without confirmation" checked, and I am NOT using the Assignment Tool (because it doesn't work reliably, plain and simple). However, when logging in with an AD account after installing the Host, SCP automatically adds the machine to the correct account, and all that is required is that an admin needs to login and allow Easy Access.

  • SIR
    SIR Posts: 24

    Mmmh that's curious because the only parameter that the teamviewer's support technician asked me to change was this checkbox and then everything worked as intended. He also verified all the other parameters (SCP, custom host module, ...) and everything was correct.

    I never used the SCP before, so maybe if you have already added machines using the SCP, a parameter is maybe written in the registry somewhere and then the "Assignment tool checkbox" has no more effects even you let the checkbox ticked in your host's customizations..

    Did you try to install it on a fresh install of Windows who never had a custom Teamviewer Host installed ?

  • RogerH
    RogerH Posts: 12

    SCP is working find in my environment for new and old machines alike.

  • SIR
    SIR Posts: 24

    :smileyfrustrated:

    Okay then i don't know why it wasn't working for me, despite it's certain that the uncheck of the checkbox fixed somehow my issue... The Teamviewer's support told me that i had to uncheck this checkbox if i use SCP and it fixed my case.

    I don't know every parameters in your environnment for TV and maybe you have some differences that make work the SCP even with the checkbox ticked ?

Trustpilot

Categories

This Week's Leaders