FAQ SparkView

To enable encryption for the data files (servers.json, users.json, symlink.json), please note the following points in advance:

• The encryption should be done before the users and servers are created
• Once the encryption of the files has been activated, it cannot be undone

To activate the encryption, please follow the steps below:

1. Stop the SparkView service
2. Set the parameter “dataEncrypted=true” in gateway.conf (without quotes)
3. Start the SparkView service
4. The data files are now encrypted

If you want to encrypt existing files, please make a backup of the plaintext files beforehand. Otherwise it will not be possible to restore them.

There are 3 ways to reset the second factor for individual users:

Java-Command

To do this, the SparkView service must first be stopped. Then use the following command in the SparkView root directory:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor username

For AD users, please use the following command:
sudo java -cp SparkGateway.jar com.toremote.gateway.tool.TwoFactor "domain\user.name"

cURL-Request

The SparkView service must be running for this. Then please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=username" http://sparkview-server.com/CONTROL

For AD users, please use the following command:
curl -k -G --data-urlencode "target=twofa" --data-urlencode "user=domain\user.name" http://sparkview-server.com/CONTROL

HTTP request (API)

The SparkView service must be running and a hashed management password must be used. Then please call up the following URL:
http://sparkview-server.com/CONTROL?target=twofa&user=username&gatewayPwd=21232f297a57a5a743894a0e4a801fc3

Yes, for configuration details please have a look to:

Englisch: Configuration Guide Fortigate 7 with SparkView EN V1

Deutsch: Konfiguration Fortigate 7 mit SparkView DE V1

Offizielle Unterlagen von Fortinet:

sb-fortinet-and-beyond-ssl-remote-access-solution

dg-sparkview-configuration-guide-for-fortigate-ngfw-v7.0.1

Yes, for configuration details please have a look to:

SparkView Integration Sophos XG Firewall

Yes, for configuration details please have a look to:

Securepoint und beyond SSL

Set ‘twoFA =’ in gateway.conf

0: Disable (default)
1: Enable two-factor authentication, indivdiuell for each user
2: Enable two-factor authentication for the whole system

If .csv format is configured in gateway.conf for gateway logfiles, it’s necessary to convert the time format in column “E” to a readable format.

Import gateway.log.0 to Excel, add a new column after column “E”

add “=((E1+factor)/(3600*24*1000))+DATE(1970;1;1)” to the new column “F” and choose time format for this cell “14.3.12 1:30 PM”

Factor:

This factor is depending on your time zone, multiply the difference of hours between GMT and your time zone by 3600100 and add or substract it from ‘E1’

i.E.: 7200200 = Germany, daylight saving time

This can be done in the Window RDP server with Group Policy:

https://serverspace.io/support/help/setting-timeouts-for-rdp-sessions/

For multiple domains, check if this AD global dialog is available:
https://blog.stealthbits.com/what-is-a-global-catalog-server/

The global dialog is usually listen on port 3268, please check if this port is open on the server: “telnet serverAddress 3268”

Configure SparkView by using this port and the domain server:

{
“source”:{
“type”: “AD”,
“properties”: {
“server”: “172.20.6.5:3268”
}
}
}

Yes, it is!

https://hub.docker.com/r/beyondssl/sparkview

Order your free trial license here: https://www.beyondssl.com/en/start-free/

SparkView support WoL. To enable WoL set follwing parameters:

gateway.conf

timeoutWoL = integer

Time out (milliseconds) of Wake on LAN. This will enable WoL if the value is greater than 0.

servers.json

mac = xx:xx:xx:xx:xx:xx
macIP = broadcast IP address

Restart the gateway service

How to Enable/Disable Multiple RDP Sessions in Windows 2012By default, Windows 2012 servers allow a single Remote Desktop session. If only one session is available and you take over another person’s live session, you may choose to enable multiple RDP sessions. This article describes the process for enabling and disabling multiple sessions.

Enable Multiple RDP Sessions

1. Log into the server using Remote Desktop.
2. Open the start screen (press the Windows key) and type gpedit.msc and open it
3. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
4. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Disabled.
5. Double click Limit number of connections and set the RD Maximum Connections allowed to 999999.

Disable Multiple RDP Sessions

1. Log into the server using Remote Desktop.
2. Open the start menu and type ‘gpedit.msc’ and open it
3. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
4. Set Restrict Remote Desktop Services user to a single Remote Desktop Services session to Enabled.

If the Spark Gateway will not be displayed on the login screen or in other html files, please check browsers console for similar error like below.

This problem comes up with newer browser versions and open-jdk version lower than 14.x.

There are two possible ways to solve this issue:

• add “sslProtocols = TLSv1.2” to gateway.conf, restart the service, clear browser cache on client side
• Update your Java to open-jdk 14.x or higher, download: https://jdk.java.net/14/

Configure the servers in “otherLoginWorkstations” attribute of AD account, then the gateway will get servers from that attribute.

Example of userAD kamagra oral jelly preis.json:

{
“source”:{
“type”: “AD”,
“properties”: {
“server”: “myDomainController”,
“serversAttr”: “otherLoginWorkstations”
}
}
}

Change the name of your license file to “license” and copy it to installation directory if you are using the full version. You don’t need a license file for the evaluation version.

You need to do some extra work to send it to syslog:

1. On Spark Gateway side
   a. Create new file “logging.properties” under /SparkGateway folder; (Copy the one from JRE/lib folder and modify it by appending the following lines at the end)
   .level= INFO
   handlers= java.util.logging.ConsoleHandler, com.agafua.syslog.SyslogHandler
   # Syslog logger
   com.agafua.syslog.SyslogHandler.transport = udp
   com.agafua.syslog.SyslogHandler.facility = local0
   com.agafua.syslog.SyslogHandler.port = 514
   com.agafua.syslog.SyslogHandler.hostname = vmuser-xubuntu1604
   b. add VM argument for command to start the gateway:
   -Djava.util.logging.config.file=yourGatewayFolder/logging.properties

   2. On syslog server side (ubuntu)
   a. Edit  /etc/rsyslog.conf to comment-in (uncomment) the following two lines
   module(load=”imudp”)
   input(type=”imudp” port=”514″)
   b. Enter “/etc/rsyslog.d” directory, create a new file “60-java.conf” with content (file name can be anything meaningful):
   local0.* /var/log/gateway.log
   c. Restart syslog service by executing:
   sudo service rsyslog restart

SparkView has no reporting tool included. To analyize the logfile and buld different reports, Splunk (https://www.splunk.com) or Elastic (https://www.elastic.co) is a good choice and used by some of our customers.

From Windows 10 and Windows Server 2016 / 2019, Microsoft has this “Microsoft Print to PDF” driver which can generate PDF in Terminal Server environment directly, so GhostScript will not be needed anymore (convert PS to PDF).

No configuration on SparkGateway needed, as it will detect the server capability and use this driver automatically unless you specified printer driver in gateway.conf (not recommended) https://edpharm-france.com/.

Use the universal forwarder, which will read the gateway log and send it to Splunk:

https://docs.splunk.com/Documentation/Splunk/5.0.2/Deploy/Introducingtheuniversalforwarder

If keys are not reserved by the browser or OS, then they can be sent directly to the server, otherwise, you can:

Use the alternative (Admin Manual Appendix A):
Create a on-screen button or menu to send special keys, like Ctrl+Alt+Del, you can call rdp.writeKeyComb(‘Ctrl+Alt+Del’) to do that.

Bandwidth usage can be very different depends on the content, Spark View is based on standard RDP protocol, so you can check Microsoft’s white paper for details: http://www.microsoft.com/en-us/download/details.aspx?id=23236

From our testing and customer response, One RDP session needs about 260 Kbit bandwidth for normal business applications (Office, ERP etc).

If you are using a self-signed certificate on iOS, you’ll have to import it first:

http://stackoverflow.com/questions/4589562/how-to-install-my-servers-self-signed-certificate-on-an-ipad

Five Tips for Using Self Signed SSL Certificates with iOS

Q: How can I use the authentication token returned by Active Directory with Remote Spark?

A: This kind of token is not supported by RDP protocol, so for now you’ll have to forward the credential to the RDP server which is the only way.

Make sure you are using HTTP Basic Authentication as SSO method. Also it doesn’t work on login.html, you’ll have to create a new web page with all the links you want.

Set credSSP = true in gateway.conf (need to restart the gateway) which will apply to all the connections on the gateway https://francepharmacie.fr.

Please also be aware, you may need to install this Windows update (support TLS 1.1, 1.2 in RDP server) on your RDP server if your RDP server is Windows 7 or 2008:

support.microsoft.com/en-us/kb/3080079

You can also disable Network Level Authentication (“Allow connections from any versions of client…”) on your RDP server because the communication between gateway and RDP server is usually in internal network.

On Windows 10, there is a bug which will not fully turn off the NLA, you also need to make following registry change:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp:
MinEncryptionLavel = (DWORD) 2
SecurityLayer = (DWORD) 1

You can use $rdp.sessionInfo.appInfo.joinLink to get the join link, modify it in onsessionstart(sessionInfo) event.

http://www.360ict.nl/blog/no-remote-desktop-licence-server-availible-on-rd-session-host-server-2012/

First of all check if the screen saver is enabled on the server locally (log on to the server and check). Also check this setting in the Group Policy. Go to GPO linked to your Terminal Server > User Configuration > Policies > Administrative Templates > Control Panel > Display > you need a setting called “Screen Saver” Also Please make sure that Loopback Processing of Group Policy is enabled , so that User Configuration applied to your TS is enforced. source

Please set shared folder Read/Write permission to everyone.

How to lock down a Windows Server 2003 or Windows 2000 Terminal Server session
Specify a program to start automatically when a user logs on
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/8a3125a5-6805-4c5c-9b5e-370003ff987f

1. Check with MS RDC client first.
2. Check with our demo gateway
3. Make sure there is no “Printer redirection: false” in the log file which means this feature is disabled (on the client side or server side) or your license file expired.
4. Printing service is working in RDP host (try print something)
5. Printer redirection is enabled in RDP host.
6. You domain controller is not Windows 2003 or before.
7. Spark View use “MS Publisher Imagesetter” as the driver of “Remote Printer from Client”, please check if you can see this printer driver when you try to add a printer (Under “Generric” manufacturer). If not, you can let Spark View use other GhostScript Printer Driver in gateway.conf.
8. Same printer driver may have different name on Windows 2003 or before. You can map the drive names in Windows 2003.
9. Try disalbe Easy Print.

Windows 8 and 2012 has a bug: there is co-dependence between sound and drive redirection. Please make sure you enabled both.

1. Chrome: change the target of your Chrome shortcut as “C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome.exe” –kiosk –kiosk-printing URL
2. Firefox: Type “about:config” to address bar and add a new Boolean preference item named “print.always_print_silent” then set value of the newly-added item to “true” savoir plus.

1. IE: http://support.microsoft.com/kb/154780
2. Chrome: change the target of your Chrome shortcut as “C:\Users\xxx\AppData\Local\Google\Chrome\Application\chrome norsk-apotek.com.exe” –kiosk URL
3. Firefox: firefox -chrome URL

Please start IE in Kiosk mode: http://support.microsoft.com/kb/154780

Unfortunately, you can not disable this on IE unless you use Kiosk Mode:
http://support.microsoft.com/kb/154780
You can use Alt+F and arrow keys as workaround.

1. In server side plug in, if SessionInformation.getConfig().session.random is not null, that means the user logged in successfully.
2. On client, the RDP JS library has onloggedin() event.
3. In the log, you can see “User: xxx domain: xxx in session: xxx successfully logged into RDP session: xxx”

The server side component (SparkGateway.jar) can be used as a library and included in your project. You may want to remove the third party libraries from the jar if you have version conflict. Make sure following packages are not removed:

1. com.toremote.*
2. net.protocol.*

To start the gateway server, you can use: com.toremote.gateway.SparkGateway.main(String[] args)
or
com.toremote.gateway.SparkGateway.init(String[] args) or com.toremote.gateway.SparkGateway.init(Properties p)
com.toremote.gateway.SparkGateway.start();
com.toremote.gateway.SparkGateway.stop();

Following arguments can be used:

-c=C:\SparkGateway\gateway.conf (specify the location of gateway.conf, you can also use SparkGateway.init(Properties p) to transfer the configuration values instead of specify the file location).
-console (output logs to console only)

1. Make sure time zone redirection is enabled on the RDP host.
2. Time zone name may be different on your RDP host. Plese check [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones], and modify the time zone name on your web page accordingly(e.g. rdp.html)

1. . Which is very important because the box model is different.
2. View port configuration if you want to make it works better on mobile devices.
3. “filecontainer” div if you want file uploading/downloading
4. “appinfo” div if you want session shadowing and following JavaScript:

   	var info = $id("joinSelect");
   	if (info){
   		info.onchange = function(e){
   			svManager.getInstance().setJoinMode(e.target.value);
   		};
   	}
   	
   	var control =$id("requestControl");
   	if (control){
   		control.onclick = function(e){
   			svManager.getInstance().requestControl();
   		};
   	}
   

5. “pc_key” div if you want the PC keys toolbar on touch UI
6. “svToolbar” div, you must have the input with id “svTouchInput” inside if you want to make it work on mobile OS.

function _fullscr(e){
	var element = document.webkitFullscreenElement || document.mozFullScreenElement || document.mozFullscreenElement || document.fullscreenElement || null;
	console.log("fullscreen..... w:" + window.innerWidth + " e:" + e.target + " elm:" + element);
	if (!svManager.getInstance()){
		if (element){
			$id("width").value = window.innerWidth;
			$id("height").value = window.innerHeight;
		}
		connectRDP();
	}
}


function connectFullscr(){
	var enabled = document.webkitFullscreenEnabled || document.mozFullScreenEnabled || document.fullscreenEnabled || false;
	if (enabled){//has fullscreen support
		var b = document.body;
		if (b.webkitRequestFullScreen){
			b.webkitRequestFullScreen(Element.ALLOW_KEYBOARD_INPUT);
		}else if (b.mozRequestFullScreen){
			b.mozRequestFullScreen();
		}else if (b.requestFullscreen){
			b.requestFullscreen();
		}
		
		document.addEventListener("fullscreenchange", _fullscr);
		document.addEventListener("webkitfullscreenchange", _fullscr);
		document.addEventListener("mozfullscreenchange", _fullscr);
		document.addEventListener("fullscreenchange", _fullscr);
	}else{
		connectRDP();//no fullscreen support, start it directly
	}
	return false;
}

Don’t reinstall the application. Please download the zip file. Replace the html directory and SparkGateway.jar with the new files extracted from the zip file, then restart the gateway.

If you see java errors in commons-daemon*.log, that may be:

1. Java is not installed, run “java -version” to check.
2. Multiple JDK/JRE installed, and you are using the wrong version (X64 SparkGateway can only run on X64 JDK). Open SparkGateway Manager, “Java” tab, unselect “Use default”, choose the correct JDK like this: C:\Program Files\Java\jdk1.6.0_27\jre\bin\server\jvm.dll

If you see error in gateway.log, that may be:

1. Default port 80 is used by other application (You could see related error in gateway.log), please change the default listening port in gateway.conf
2. Please send us the log if it’s other error.

NLA/CredSSP can slow down the RDP connection a little bit (Exactly like https vs. http). If all your RDP hosts are in internal network, it’s OK to disable it, otherwise, it’s better to turn it on. Make sure you are using JDK 1.6.0_27 or below if you turned on NLA.

64 bit Spark View can only run on 64 bit JDK/JRE, 32 bit Spark View can runs on 32 bit or 64 bit JDK/JRE.

The 64 bit JDK can allocate more memory (> 2GB) to java applications, but 32 bit JDK is usually 0%-10% faster. SparkGateway doesn’t use too much memory, so you can install 32bit JDK and keep an eye on the memory usage. Also make sure you are using JDK instead of JRE if you are using 32bit Java, because 32 bit JRE doesn’t include the server side JIT.

https://support.microsoft.com/en-us/kb/3080079

var surface = new svGlobal.LocalInterface();
surface.onstart = function(canvas){
   //you can draw something on the canvas here.
}

rdp.addSurface(surface);