Release Notes® V9.1.4 Fix Pack 1

What’s new

New and changed features available in BigFix® Remote Control V9.1.4 Fix Pack 1

• The behavior of file transfer sessions in peer-to-peer mode has changed for Windows and Linux targets

  Up to V9.1.4, when a file transfer session was established in peer-to-peer mode, the permissions used to access the target file system where set to System access on Windows and root access on Linux. With this Fix Pack, the permissions used on the target file system are those of the logged on user.

• New target configuration option for peer-to-peer File Transfer session authorizations
  BigFix® Remote Control V9.1.4 Fix Pack 1 introduces a new target configuration option to implement the new behavior during file transfer sessions in peer-to-peer mode. When you upgrade to Fix Pack 1, the new EnableFileTransferSystemAccess target configuration option is automatically set to No on the target, and the permissions used during the sessions are those of the logged on user. To restore the old behavior on one or more targets, you can change the value to Yes in one of the following ways:

  • By setting the option using the target configuration wizard
  • By running Fixlet 102 on Linux, or Fixlet 103 on Windows (Define File Transfer Access to system Files for IBM BigFix Remote Control Targets) on the selected targets.
  • By changing the property manually on one or more targets.

  The options that you set in the target configuration can be displayed by activating the Remote Control installation and Security Options analysis.

Known limitations in BigFix® Remote Control V9.1.4 Fix Pack 1

Features that are introduced in BigFix® Remote Control V9.1.4 GA

• Controller and target component for Mac OS X El Capitan 10.11 and Sierra 10.12

  BigFix® Remote Control V9.1.4 introduces support for controller and target users who are using macOS devices. Currently, the BigFix® Remote Control Target for macOS can participate in non-managed sessions only. That is, peer-to-peer sessions, on-demand sessions and sessions that are started by using a broker, where the target is configured with a brokerlist and the Managed property is set to No. For more information about the BigFix® Remote Control Target for macOS features, see BigFix Remote Control Target for macOS.

• Secure target registration

  To prevent unauthorized targets from registering with the BigFix® Remote Control server, you can use secure tokens to authenticate the target. The secure registration feature is enabled on the BigFix® Remote Control server. Create a secure registration token on the server and distribute it when you install the target. The token is used to restrict new target registrations, or restrict updates to existing target details when you reinstall a target. After the target registers, the server sends a secure endpoint token to the target to replace the token that was used when it registered. The target uses the secure endpoint token to authenticate with the server each time it contacts the server.

• Local controller configuration

  When you install the controller component, you can configure properties that are saved to the trc_controller.cfg file in the controller installation directory. The properties in this file are used each time the controller starts and are the same for all users. You can now also create a user-specific configuration after installation by using the Configure controller option in the controller UI.

• Controller mouse is visible on the target screen during a session

  Use the Mouse Tool option to display the controller user's mouse cursor on the target system during a guidance session. The target user can see the position of the mouse cursor as it moves around the target desktop. The Mouse Tool option is available only in guidance mode. For more information, see Displaying the controller mouse cursor on the target system.

• New launch method for the on-demand target

  New properties are introduced in the ondemand.properties file that you can configure to determine which installation method is used for the on-demand target. The properties are, ondemand.enable.plugins, ondemand.enable.jnlp, and ondemand.enable.executable. For more information about the properties, see OnDemand properties file. When the ondemand.enable.executable property is enabled, the on-demand target can be installed and started automatically by using an executable file. For more information, see Downloading the on-demand target by using the executable file.

• Additional setup utility, content changes
  For the introduction of the components for macOS and to remove earlier content, the following changes are made to the additional setup utility Image 3 file.

  • The option to run the additional setup on AIX® is removed.
  • The option to run the additional setup on Solaris is removed.
  • The option to extract SPB packages is removed.

  The additional setup can be run only on Windows™ and Linux™ systems. To extract the installation files for macOS components, run one of the trc_additional_setup files to extract the installation files, then copy the .pkg files to the macOS system. For more information about the additional setup utility, see Extract the installation files by using the additional setup utility.

Previous limitations and issues that are no longer applicable in BigFix® Remote Control V9.1.4.

The following issues have been fixed in V9.1.4 FP1..

Adding new users, groups, and other entities into the remote control server might fail with a 500 Internal Server error

When new entities are added to the server, for example, users and groups, the server might return a 500 internal server error. The issue occurs if any of the fields in the user or group data is larger than the size of the column in the database. The column is resized after the error occurs, therefore if you try to insert the user or group into the database again, no error is displayed.

The LDAP Configuration Utility saves a password incorrectly if it contains the + symbol

If you choose to store a password unencrypted when you use the LDAP configuration Utility, do not use a password that contains a + symbol. If you encrypt the password, you must press the Encrypt button until the generated encrypted password does not contain a + symbol. Symptoms of the issue are reported in the log. A BadPaddingException is reported in the log at the LDAP synchronization. The exception causes the LDAP connection to fail, and the users or groups are not imported. The limitation will be resolved in a future fixpack or next release.

An error page is displayed when a password that contains a $ symbol is used on the BigFix® Remote Control server

When you change your own or another user's password to a password that contains the $ symbol a 500 Internal server error is displayed, and the password is not changed. An exception is also reported in the server log. Therefore, passwords must not contain the $ symbol until the issue is fixed.

The following issues have been fixed in V9.1.4..

The All screens view is corrupted in a multi-screen exported recording

With the introduction of the toggle multiple screens feature, you can view all of the target screens when you select the All screens option. When you export and play a recording of a session in which the All screens option is used, the All screens part of the recording is corrupted. The screen 1 part of the view is initially displayed as a black. However, during the recording, if the user moves the mouse in the screen 1 part, the area where the mouse is moved, is displayed. This issue is seen only in an exported recording.

Controller screen is corrupted when the screen saver ends

During a session in which the Stop screen saver updates when screen saver is active property is set to Yes, the controller screen fails to update correctly when the screen saver is dismissed. When the mouse is moved, the controller screen partially updates. Maximize the controller window to force a full screen update.

The following limitations and issues are no longer applicable because Java™ Web Start is deprecated as the launch method. The new launch method fixes the issues.

Java™ Web Start does not support FIPS mode and might prevent the controller and player from enforcing compliance with FIPS 140-2 requirements.

At time of publication, Java™ Web Start does not support FIPS mode and might prevent the controller and player from enforcing compliance with FIPS 140-2 requirements. When FIPS 140-2 compliance is enabled and the controller or player are started by using Java™ Web Start, compliance with the FIPS 140-2 requirements might not be fully enforced for all HTTPS encrypted communications.

Java™ Web Start does not support NIST mode and might prevent the controller and player from enforcing compliance with SP800-131a requirements.

At time of publication, Java™ Web Start does not support NIST mode and might prevent the controller and player from enforcing compliance with SP800-131A requirements. When NIST SP800-131A compliance is enabled and the controller or player are started by using Java™ Web Start, compliance with the SP800-131A requirements is not fully enforced. Full compliance with the SP800-131A requirements in this scenario is enforced when the other remote control components are already configured for SP800-131A.

Running the Controller in NIST mode might display a previous version of remote control banner.

When you run the controller in FIPS or NIST mode, an old JNLP banner splash screen might be displayed instead of the BigFix® Remote Control banner. Java™ caches the splash image and stores the banner. Therefore, if there is a previous run of the controller, Java™ Web Start does not check to see whether the new image is newer or different. It uses the existing banner. A workaround for this issue is to clear the java cache, which can be done in the Java control panel so that the old banner is no longer used.

The following limitation is no longer applicable because the remote installation feature is deprecated in V9.1.4.

Remote installation of the target does not work on Windows™ 10 operating system

Using the remote target installation feature from the server or controller component does not work for a target that has Windows™ 10 operating system installed.

Known issues in BigFix® Remote Control V9.1.4

On the BigFix® Remote Control Controller for macOS UI, the show help option fails with error message Unable to show help contents.

Start the controller from /Applications. Close the connection window. Click the question mark icon in the toolbar, then click Help. The error message, Unable to show help contents is displayed.

As a workaround, you can run the following command, which requires Administrator authority.

sudo chmod +x "/Applications/Remote Control Controller.app/Contents/Plugins/Java.runtime/Contents/Home/jre/lib/jspawnhelper"

The controller might block all input on a macOS system if a key is held down for more than 3 seconds.

If the ApplePressAndHold feature is enabled on macOS, the controller might block all keyboard input if a key on the keyboard is pressed and held for more than 3 seconds. You must restart the controller to regain keyboard input to the controller.

As a workaround you can disable the feature for the controller application by using the following command:

defaults write com.ibm.bigfix.remotecontrol.controller ApplePressAndHoldEnabled -bool false

The behavior is prevented when you use the controller in a peer-to-peer session, or when you use the preinstalled controller in a managed session. The workaround has no effect on a controller that is started with a .jnlp file. To use the workaround for a .jnlp file, the ApplePressAndHold feature must be disabled for all applications for the current user. Type the following command to disable all applications.

defaults write -g ApplePressAndHoldEnabled -bool false

To re-enable the ApplePressAndHold feature, you can rerun the commands and replace false with true.

Issue when you start the controller from a Safari browser on a macOS system.

The issue is seen when the always.use.preinstalled.controller property is set to true in the trc.properties file. When you use Apple's Safari browser on a macOS system to access the server's web interface and start or join a remote control session or play back a session recording, the application does not open automatically. Instead, a file with a Remote Control icon and the extension .trcjws is automatically saved to the Downloads folder. To open the application, click on the Downloads icon on the right hand side of the Dock and then click the downloaded .trcjws file. Alternatively, use a different browser such as Firefox.

Controllers that are using Java™ 1.6 fail to connect to the server

Although Java™ 1.6 is not officially supported since V9.1.2, controllers that run this version of Java™ fail to connect to the BigFix® Remote Control server when HTTPS mode is configured.

Log distribution task can cause java out of memory errors

The log distribution task exports session audit history from the database to log files on the file system. However, the task can cause java out of memory errors when the query it runs returns a large result set. The log distribution task is enabled by default in older versions of remote control. In the new version of remote control, it is disabled by default for new installations. However, when you upgrade from an older version of remote control, the current setting remains in force. Therefore, it is recommended to turn off this feature if you do not require it. It can cause high memory usage and might cause the server to run out of memory. Especially on servers that have numerous session audit logs in the session history. Also, if you do not process and clean up the exported audit logs, they can use up free disk space. For more information about the setting the values, see Audit log distribution.

The on-demand target can fail to run in Internet Explorer 11.

If you are using the current version of Internet Explorer 11, the ActiveX control might fail to install when you try to run the on-demand target. For more information, see the following technote http://www-01.ibm.com/support/docview.wss?uid=swg21969742. Alternatively, you can choose to use Firefox where this limitation does not exist.

The chat and collaboration windows remain active and accessible when the target loses the connection

During a session, if the controller has the chat window or collaboration windows open when the target loses the connection to the network, the chat and collaboration windows remain active and accessible. However, any action that is taken within the windows has no effect.

The Num lock icon might not be available to the new master controller after a collaboration session handover.

During a collaboration session, the num lock icon might not be available to the new master controller after a session handover. The previous master controller still has access to the icon but nothing happens when they click the icon.

Participants limit in collaboration is not enforced when participant loses network connection and other participants join

During a collaboration session, if a participant loses network connection and then reconnects to the session, the participant limit is not enforced when they reconnect. For example, the participant limit is one and UserA is connected to the session. UserA loses network connection. UserB requests to join the session and is accepted. UserA reconnects to the network and because of the session resilience feature, reconnects to the remote control session. Two participants are now in the session although the limit is set to one.

The Retry button has no effect when you select to create the database and a database exists.

During a server installation that uses the installer, if you select to create the database, and a database exists with the same name, an error is reported. The message window provides two options, Retry and Continue. When you click Retry, nothing happens. When you click Continue, the installation proceeds and the existing database is used.

Broker support not available in the accessible GUI

On Microsoft™ Windows™ systems, when you use the accessible user interface, the Enter connection code option is not available, preventing you from starting a session through a broker. To enable the option, disable the accessible UI by setting Accessibility=no in the target configuration.

Target installer exits and does not install the device driver for the IBM® virtual smart card reader

On 64-bit versions of Windows™, during an attended installation of the device driver for the IBM® virtual smart card reader, the installer can exit without installing the device driver. This issue occurs if the installation of the Microsoft™ Visual C++ 2015 Redistributable Package prompts to restart the system and you select No.

Complete one of the following steps to avoid this issue.

• During the installation, select Yes instead of No. The system restarts. After you log on, the installation of the device driver resumes automatically.
• If you do select No, restart the system and rerun the target installation.

Known limitations in BigFix® Remote Control V9.1.4

At time of publication, the following limitations were known.

Support for compliance with FIPS 140-2 or NIST SP800-131a is not supported in the macOS components

In the first phase of macOS support for BigFix® Remote Control, compliance with FIPS 140-2 or NIST SP800-131a is not supported. The remote control target uses OpenSSL. However, OpenSSL does not have FIPS 140-2 certification and validation for OS X El Capitan (10.11) or macOS Sierra (10.12). The BigFix® Remote Control Target for macOS cannot be configured to run in FIPS mode.

The BigFix® Remote Control Controller for macOS is bundled with the Oracle Java SE Runtime Environment, which does not have a FIPS certified cryptographic provider. If the controller is configured for FIPS or NIST compliance mode, or it is launched from a remote control server in which FIPS or NIST compliance is configured, the connection to the target fails with the following error message: Error initializing the local FIPS certified cryptographic provider. The session cannot be established.

Fast user switching and logging off limitation in the BigFix® Remote Control Target for macOS

The BigFix® Remote Control Target for macOS does not support Fast User Switching during a remote control session. Also, when you switch to a different user account, no message is displayed on the controller to indicate that the session is temporarily interrupted.

When a user logs out, all the applications that are running in the user's session are terminated. Therefore, because the BigFix® Remote Control Target for macOS runs as an application, it is terminated too.

These limitations also apply to the BigFix® Remote Control Target for macOS in an on-demand session.

Some policies for unregistered targets are not supported on the BigFix® Remote Control Target for macOS

The following session policies that are available for unregistered targets, are not supported on the BigFix® Remote Control Target for macOS. For more information about the session policies, see Session policies for unregistered targets

• Reboot
• Enable On-screen Session Notification
• Chat
• Guidance
• Allow input lock
• Set target locked
• Display screen on locked target
• Allow input lock with visible screen
• Disable Panic Key
• Remove desktop background
• Hide windows
• Stop screen updates when screen saver is active
• Allow chat in session
• Allow automatic session handover

The JNLP file that is started from the controller is prevented from running on macOS because it is unsigned.

When a .jnlp file is started from the server to run the controller or player, macOS might block it from running. A message reports an unsigned application. No option is available to continue, instead you must go to the control panel, and in the Security & Privacy panel, select the option to allow the application to run anyway. User authentication is requested before you can continue.

To prevent the message from being displayed, enable the always.use.preinstalled.controller property on the server. Also, ensure that the controller is installed on the macOS system before you start a session.

The BigFix® Remote Control Target for macOS application cannot listen on port 888

As macOS is UNIX™ based, it prevents applications from listening on port 1024 and lower. These ports require root privileges, but in this release, the target runs with the privileges of the current user. Therefore, the default port is 8787.

The standalone player must be installed separately on a macOS system

The standalone player, which is used to play back local session recordings, must be installed separately on macOS systems. On Windows™ and Linux™ systems, this application is installed by the controller package. On macOS systems, install trc_player.pkg separately. You can obtain the trc_player.pkg file from Passport Advantage® or from the IBM® BigFix® Remote Control server UI. For more information, see Obtain the installation files.

The BigFix® Remote Control Target for macOS adds audit events to a log file in the user's home directory.

When the AuditToSystem property is enabled, the installed BigFix® Remote Control Target for macOS target adds audit events to a file in the user's home directory, rather than to the system event log. The file is trcaudit_[date]_[time].log file, where [date]_[time] is the date and time that the session took place.

BigFix® Remote Control Target for macOS does not support tools

You can use the Run Tools tab in the controller configuration window to enter tools that can be run on the target. However, running tools on the BigFix® Remote Control Target for macOS is not implemented.

Chat, Guidance, and File Transfer session modes are not available.

Chat, Guidance, and File Transfer session modes are not yet implemented on the BigFix® Remote Control Target for macOS. The target refuses the session when a session is started in one of these session modes.

Some options in the controller UI are not supported.

The following options in the Perform Action in Target menu in the controller UI are not supported: Drawing Tool, Highlighting Tool, Clear Instructions, and Lock Workstation.

Global configuration is not available in the installed BigFix® Remote Control Controller for macOS in peer-to-peer mode.

The trc_controller.cfg file is contained in the Remote Control Target.app. The files and content within the application are signed. If an administrator changes values in the .cfg file, the controller might fail to start. Therefore, the default values cannot be changed in the installed product, nor can the administrator enforce any global configuration settings by using the mandatory options. You can create a local configuration when you run the controller by using the Configure controller option in the controller UI.

Unable to inject Force Quit on pre-Sierra macOS targets

A controller user cannot inject Force Quit against a BigFix® Remote Control Target for macOS that is running OS X El Capitan 10.11.

There might be compatibility issues with earlier versions.

The following limitation is not an issue when you upgrade from version 9.0.0, 9.0.1, or 9.1.0 to BigFix® Remote Control.

In Endpoint Manager for Remote Control version 9.0.0, new capabilities were introduced that can cause compatibility issues with earlier versions. The issues occur if the different components are not upgraded in the correct order.

The limitation applies only to environments where the gateway and broker components are deployed. In these environments, the broker and gateway must be updated before the server or the target components. After they are upgraded, the targets and server can be upgraded in the order that best suits your environment because there are no dependencies between them.

Always back up any properties files. You must back up your properties files for a controller upgrade in this release because any existing properties are lost.

Older versions of Remote Control controllers, earlier that V9.1.4, cannot connect to V9.1.4 targets that by default refuse AES and MARS encryption. Upgrade the controller components to the latest version to avoid this incompatibility.

For more information, see the BigFix® Remote Control Installation Guide.

For a NIST-compliant server, all encrypted SSL/TLS connections must use TLS 1.2 exclusively.

When the Remote Control server is configured to be compliant with the NIST SP800-131A requirements, it requires all encrypted SSL/TLS connections to use TLS 1.2 exclusively. This compliance requirement can prevent connectivity from the server to other components that might not support TLS 1.2 connections or might require further specific configuration. For example, database servers, LDAP servers, or mail servers.

Java™ does not support legacy use of SSL certificates with SHA-1 in NIST SP800-131A-compliance mode.

Java™ does not support legacy use of SSL certificates with SHA-1. This issue affects the server and the controller. When NIST SP800-131A compliance is enabled, the server and the controller components disallow the usage or verification of certificates that use SHA-1. The certificates must be updated to SHA-2.

The Choose file to send window remains open when the session times out.

During a session if the session ends because the inactivity timeout limit is reached, and the Choose file to send window is open in the target, the window does not close at the end of the session. If the target is an on-demand target, the target does not exit until you click OK or Cancel in the window.

Some virtualization software does not render a mouse on the guest.

Some virtualization software does not render a mouse on the guest. Instead, only the mouse on the host is used to stop the user from seeing two pointers instead of one. As a side effect, when the virtual machine is under the control of a remote controller, the local user might not see the mouse move within the guest window.

The auto-generated certificate overwrite and password options are not enabled at first.

During the server installation, when you are using the installer program, the auto-generated certificate overwrite and password options are not enabled at first. If you are using an auto generated certificate and want to enable the overwrite and password options, click Use an auto generated certificate store to enable them.

During a session with an on-demand target, if you select 'Inject Alt + Tab' from the controller action menu, it has no effect on the target system.

This limitation applies to Windows™ 8.1 and Windows™ Server 2012 R2 operating systems and it affects standard users only. During a session with an on-demand target, if you select 'Inject Alt + Tab' from the controller action menu, it has no effect on the target system. In Windows™ 8.1 and Windows™ Server 2012 R2 operating systems, Microsoft™ blocks applications from injecting the Alt + Tab keyboard shortcut except for Ease of Access applications. The on-demand target can mark itself as an Ease of Access application when it is run by an administrator user but not when it is run by a standard user.

The Use Remote Control Gateway option is not applicable when you install the CLI tools

When you install the CLI tools in a Windows™ operating system and select Use a proxy server or a Remote Control Gateway during the installation, two options are enabled. You can either select Use an HTTP proxy or Use a Remote Control Gateway. However, the CLI tools do not work in environments where gateways are configured and the Use a Remote Control Gateway is not applicable.

The Enable Privacy and Enable Input Lock options might be available when you are connected to a Linux™ target

During a session with a Linux™ target, the Enable Privacy and Enable Input Lock options might be available in the Perform Action in target menu in the controller. Clicking the options has no effect on the target because these features are not supported on a Linux™ target.

The server UI web session does not time out when the View Current Server Status page is kept displayed

In the server UI, the logon page is displayed when you select an option after a period of inactivity. The time limit is defined in the web.xml file. However, when you select AdminView Current Server Status and keep the page on display, the web session does not time out. The result is that you can continue to select options after the time limit is reached and the logon page is not displayed.

Controller fails to display entire large target screen on computers with not enough VRAM.

During a remote control session, if the visible target area is too large and the VRAM of the computer that runs the controller is too small, the image on the controller flickers. The scroll bars on the session window do not work and might hide occasionally. The controller session window toolbar might also be hidden by the target screen.

Windows™ 10 startup screen re displays before the smart card initialization completes

The Windows™ 10 startup screen is a background image that must be cleared to get to the logon screen. When you go to the logon prompt and there is no further input, the background screen is displayed again. The smart card reader might take a while to load, which means that the background screen is redisplayed before you can select the smart card as the logon method. Therefore, you must clear the background again and choose the smart card.

The subjectAltName extension is not supported in broker certificates

Brokers require an SSL or TLS certificate that is verified by the endpoints or other brokers when they establish a secure connection. The host name can be encoded in the certificate by using two methods. The traditional method that uses the commonName (CN) field in the Subject is deprecated in favor of the subjectAltName extension. SSL or TLS clients must verify any subjectAltName extensions, if they are present, and fall back to the CN field otherwise. Due to a problem with the verification code in the broker and target, the subjectAltName verification is disabled until a solution is found.

Some of the components in BigFix® Remote Control are unable to support verification of wildcard certificates

The broker, target, and CLI components in BigFix® Remote Control are unable to support verification of wildcard certificates. The only solution currently is to request a server certificate with the server's full FQDN in the CN field. It is acceptable for the certificate to have subjectAltName fields. The limitation that the broker and target ignore these fields when they verify the certificate.

On-demand target run as a normal user is unable to retrieve all of the target system information on a Linux™ operating system

When the On-demand target is run on a Linux™ operating system as a normal user, some of the target information cannot be retrieved when you use the Get System Info feature. The following target information is blank when you retrieve or view the system information. Model, Vendor, Serial Number, UUID.

An issue can arise where starting an on-demand remote control session does not work.

The issue occurs in the following cases:

• The server is configured for HTTPS and has the cookieSecure attribute set to true in the cookie.xml file. For example, [INSTALLDIR]/wlp/usr/servers/trcserver/cookie.xml
• The on-demand portal is being accessed by using HTTP instead of HTTPS. It is discouraged to allow unsecured access by using HTTP to the on-demand portal because the Connection Codes that are used for session authorization are sent unencrypted over the internet.

  If a reverse proxy is used to make the on-demand portal publicly available through the internet, configure the reverse proxy to make sure that internet users can access the on-demand portal by using HTTPS only. Access by using HTTP must be disabled. On the remote control server, check that the ondemand.url property in the ondemand.properties file is configured to begin with HTTPS.

The on-demand plug-in cannot be installed when using Firefox, HTTPS, and the server's certificate is not signed by a CA in the Firefox truststore.

When you try to launch the BigFix® Remote Control on-demand target from the landing page, by using Firefox you might be unable to install the on-demand plug-in if HTTPS is being used and the server's certificate is not signed by a CA in the Firefox truststore.

The on-demand plugin fails to install when you attempt to start an on-demand session from the landing page, and the following statements are true.

• You are using the Mozilla Firefox browser.
• You are using HTTPS to either connect to the reverse proxy, if one is being used, or the server.
• The certificate that is used on either the reverse proxy or the server (whichever one the user is accessing) is not signed by a certificate authority (CA) that is included in Firefox's truststore.

The following error is reported: The add-on could not be downloaded because of a connection failure on <server>. This issue prevents the user from using the Firefox plug-in to launch the on-demand target.

This issue can be resolved by using a server certificate that is signed by a CA that is included in Mozilla Firefox's store. Alternatively, the JNLP method can be used to launch the on-demand target if a version of Java™ is available on the user's system.

Controller cannot detect the insertion or removal of a smart card

During a session in which smart card authentication is enabled, the controller can fail to detect the insertion or removal of a smart card from the card reader. This issue is intermittent. To resolve the issue when you are in a peer to peer session you can end the session, then close the controller and reopen it. Start a new session and use the smart card feature again. To resolve the issue in a managed session, end the session, start a new session, and use the smart card feature again.