cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
plausability
Engaged Sweeper

Hi, I  have a curious problem that for the life of me I can not solve:

Our Company recently deployed a ZeroTrust Solution (End-2-End Encryption) which only allows Client to Server Communication which is fine as LSAgent and LSPush is generally working as designed. Only the Rescan of a Client Asset started from Serverside is not possible anymore. But overall this is not an issue.

This ZeroTrust Solution has a Client Connector installed on our Clients and activates the encrypted tunnel based on the user that is logged on. The software then updates 3 registry values with the tunnel status:

  • Computer\HKEY_CURRENT_USER\SOFTWARE\Zscaler\App > REG_SZ > ZNW_State
  • Computer\HKEY_CURRENT_USER\SOFTWARE\Zscaler\App > REG_SZ > ZPA_State
  • Computer\HKEY_CURRENT_USER\SOFTWARE\Zscaler\App > REG_SZ > ZWS_State

Now I wanted to check which users are using this End-2-End tunnel by adding a Custom Registry Scan.scheuchenegger_0-1668598150805.png

The Scan Interval settings are set accordingly:
scheuchenegger_1-1668598219991.png

All clients have the latest LSAgent version installed (10.0.1.1) and are generally sending scan information every 4 hours (default setting). I made a chart report to check the percentage of users that are using the tunnel:scheuchenegger_2-1668598962958.png
The LSAgent on the client is generally able to contact the Lansweeper Server over LAN as well as via the Tunnel interface so I can rule out network connectivity issues.

The LSAgent Service on the clients is reporting those custom registry scan values just fine but every now and then some clients are missing those registry values on their asset page even if the values are set on the client (which I verified on site):

scheuchenegger_5-1668599218287.png

scheuchenegger_6-1668599568847.png

scheuchenegger_7-1668599683424.png
When forcing a client rescan using the LSPush.exe as the logged on user on the client the registry key values are updated in Lansweeper immediately.

It looks to me as if the LSAgent Service (Which is running as local System) sometimes can not read the User Registry.

Is it possible that if the client is locked (lunchbreak etc.) the LSAgent Scan is not able to read the logged on User Registry.

My main problem is that I would need a relatively current status of the registry key and therefore I set the custom registry interval to "0" (update on every scan) which now causes the registry value to vanish on the asset page when the LSAgent on the client can not read the logged on User Registry.

Any help would be greatly appreciated

 

2 REPLIES 2
j_diaz
Lansweeper Tech Support
Lansweeper Tech Support

Hello @plausability, the error you are getting might be related to accessing the HKEY_CURRENT_USER while running the scanning agent as a local system since it might not have access to the same keys.

rom
Champion Sweeper II

I agree with j_diaz - i think its due to the service running as SYSTEM.  If you want to see if it works when a user is logged on, you can follow these instructions:  https://community.lansweeper.com/t5/forum/lsagent-force-a-scan/m-p/42431#:~:text=If%20you%20want%20t....

just dont forget to revert the file change.