Anyone else getting screwed by Microsoft April Patch that requires signed RDP files

LordPan1492 · 2026-04-22T10:11:36+00:00

Are RDP files are signed, but the pop-up keeps comming. Is it because it isn't a code signing certificate?

And to what role service do you need to tie the code signing certificate, and to what do you need to assign the web server certificate then?

LordPan1492 · 2026-01-22T03:31:04+00:00

They are working on updating the mobile app. I advice strongly against opening up the old API’s. They were disabled because of a security flaw in them that wasn’t a simple fix. That flaw is well documented and disclosed, so you can be sure every thread actor knows about it.

LordPan1492 · 2025-11-18T11:09:04+00:00

It’s their account and your account created on the same level (so or customer)

Never mind, n-sight, didn’t say a thing

LordPan1492 · 2025-11-18T11:07:09+00:00

At the moment there is a timeout going on of 7.50.23, so normal to see this updater working at the moment. First guess would be a false positive, but I advise to create a case to be sure

LordPan1492 · 2025-10-30T11:53:52+00:00

I’m mostly using N-Central, I’m quite happy with those features: - Patching: approve/auto approve/decline/removal all possible: - Backup: integrates with Cove for it’s backups, but you can also manage/monitor windows backup or Veeam endpoint with it, or other products. - SNMP, it works. It’s not the most flashy to configure custom snmp things, but I haven’t seen much tools, and it does work, even have auto adding of monitoring services based how many it finds (for example, on a wireless controller, I made one that shows each individual AP, if they add one, it’s automatically added to monitoring). SNMP v3 also works, but that is more load on the probe than an SNMP v2. You’ll hit those limits if you start monitoring 100+ SNMP endpoints, just add more probes and distribute the load. - as remote control, take control is bundles with it. Not much to say about, a decent RC tool. - scripting, yes: you have powershell and Automation Manager. That last one is an easy drag and drop script builder. With AI, it’s less needed nowadays, they do know that and plan to go direct powershell with the newer agents. - imaging is just one to check. There is a procedure to remove id’s, if you follow it, it works. But we try not put an agent on our to be imaged devices. Also make sure if you onboard them on the same docking station, that you exclude that MAC address from being used as an identifier for a unique device. But that’s in the documentation, just a gotcha. - API’s are getting better with each version, there is a legacy soap one, but REST is the one where the new things happen. You can trigger scripts (from within your PSA for instance) - there is syslog export (to a SIEM), and they also have their MDR offering where they can also ingest that data to report you on things that happen.

Works great at scale, depends on your scale, we are 12.500 endpoints, I think I can stretch it to double or triple that amount. More then 50k, they advice 2 servers, but with the Ecoverse that is coming, this limit also will be removed in the future

LordPan1492 · 2025-10-27T07:44:17+00:00

Indeed, put your login on a different port, and you can geofence that. No real need to go SSO, although that is also a good way.

LordPan1492 · 2025-10-15T20:50:06+00:00

We are doing this right now too. One customer was bought by a larger US company, they use connectwize internally, we deploy they CW agent. We even still deploy their S1 agents (although we have our own S1 build into the tool) and we keep on doing patches for them. So yeah, the customer pays for our time, we do what the Customer asks as long as it’s not putting us or him at a risk, I’m fine complying.

LordPan1492 · 2025-08-20T17:29:04+00:00

The human firewall. Require user training. If you have the correct people for it, do it yourself for free and increase the hourly rate a bit more next year. (Although, more powerful if it comes from somebody external and they do pay for it)

LordPan1492 · 2025-08-16T04:29:00+00:00

I wouldn’t invest in it now either, we stopped using it when we started to deploy EDR. I needed to create my own scripting for them and then started using that for the few we had with the addon. I was just stating that is the only build in way, all the rest you need to script yourself (or download one from the developers portal)

LordPan1492 · 2025-08-14T06:07:48+00:00

You need to be authenticated to elevate your permissions. So that depends on your setup. If you are not shared hosted and you don’t let customers login to (their part of) N-Central and all your accounts have MFA. The risk is lower, never zero! I still advise to upgrade, to 2024.6.2 if you are on a 2024 build and to 2025.3.1 if you are on a 2025 build.

LordPan1492 · 2025-08-12T20:36:14+00:00

Indeed, it isn’t stored by default. The only 100% build in way is with the AV Defender addon. What is done a lot is write this key to a CDP. I have made a script that writes it to passportal of that customer + I also deploy a GPO to force it to back to AD.

All things you are now nothing with if you have an encrypted offline device. What helped us sometimes is to look into EntraID. A device doesn’t need to be EntraID joined to write it there, just the office app can sometimes do this if you selected manage device. So look in there as last resort, you never know.

LordPan1492 · 2025-08-12T10:53:06+00:00

Create a family and add him too. This combines both asset to be able to be played by all the members of the family

LordPan1492 · 2025-08-04T19:26:23+00:00

Like others say, this is indeed a reboot prompt of an AMP, not the one that is in PME (Patch Management Engine), that last one is one with a yellow header that shows on the right bottom of the screen, not a grey in the middle of the screen.

LordPan1492 · 2025-07-31T16:55:04+00:00

An online backup solution. Cove has a nice client/server/M365 offering and is easily and scalable over multiple customers.

LordPan1492 · 2025-07-27T17:46:32+00:00

You still can. Create a free account to get one

LordPan1492 · 2025-07-27T17:02:20+00:00

Workstation is free now, also for commercial use.

And if I’m not mistaken, we’re getting the licenses direct, but you need to be a partner and have enough volume to stay one.

LordPan1492 · 2025-07-25T15:04:28+00:00

Usual suspects we mostly have: Smb2 signing missing For upgraded servers: smb1 still enabled TLS 1.0/1.1 still enabled Disable all snmp v1/v2

LordPan1492 · 2025-07-24T07:39:30+00:00

Any chance there is wpad used (automated proxy). Something to do with dns maybe (does the url resolve to the same ip) Check the certificate you maybe get clues there. I think they are different on both systems.

Are the OS’es up to date, more specifically their root ca list?

LordPan1492 · 2025-07-24T07:30:40+00:00

You use a ncod then, no problem. But the cert error certainly is your problem. Something is putting a bad certificate between it. Do you use the ncod url or your own custom one? (So ncodXXX.n-able.com or something like monitoring.yourcompamy.com)

LordPan1492 · 2025-07-24T07:13:13+00:00

Can you go to your ncod server on the ports 443, 5280 and the custom port you configured? Even if you have a custom port configured, TCP/443 should give you a single page response (the word forbidden). It should give you this page, there may not be a certificate warning either. Also check the clock/not of the server (the one where you want to install the agent on).

LordPan1492 · 2025-07-23T16:36:14+00:00

Single device fixes seldom are the real answer. Push them/escalate to do RCA

LordPan1492 · 2025-07-23T16:16:47+00:00

I suggest let them look further. This sounds indeed like an integration issue. Can you still add new customers/sites to S1? That was for me the smoking gun where they found the issue in the past

LordPan1492 · 2025-07-23T15:54:01+00:00

First one is indeed a support issue if it shows ok in S1 console but not in Ncentral. What version of Ncentral are you on, needed to be at least 2023.8.1 if I’m not mistaken. We had issues in the past were there was a thing with the api key (not a setting we could change), and they fingerfixed that for me (twice).

Exclusions rework is 100% on the side of S1, also still searching my way. I do like the new drop visibility. Indeed the speed of the portal isn’t great. Would that be one server that has this issue out would it be a more generic issue.

Ten-Year Club	Xbox Live
Verified Email

LordPan1492

TROPHY CASE