RemoteApp Troubleshooting

Description of the Interaction Between JumpServer, RDS Server, and Tinker

In this article, I will describe in detail how JumpServer, RDS Server, and Tinker interact so that any issues can be identified.

Description of the RDS and JumpServer Integration Process

1. JumpServer connects to the RDS server via SSH:

• Installs the Tinker service on the RDS server and specifies the JS address (Core API parameter).

• Creates local service accounts of the type js_* and jms_* on the RDS server.

• Adds the created accounts to the "Remote Desktop Users" group.

Important: The "Remote Desktop Users" group name may differ in Windows, depending on the OS language. If these accounts are not present in the group, you will need to add them manually.

---

2. Tinker connects to JumpServer at the specified address (Core API parameter):

• Tinker reports that it is running, and the RDS status changes to "online".

• Downloads distributions of selected applets, such as Chrome and DBeaver, from the JS server using the same address specified in the Core API. Other applets may be downloaded from the internet. If there is no internet access, you can manually install the required applications.

• Tinker installs the downloaded applets

Description of Tinker

Tinker is an auxiliary application for integration with JumpServer, assisting in maintaining communication between RDS and JS, installing applications (applets) required for publication, and managing the publication of RemoteApp applications during session initiation.

• By default, it is installed in the folder:
  C:\Users\[ACCOUNT]\AppData\Local\Programs\Tinker\
  ([ACCOUNT] is the account used for the integration of JS and RDS.)

• It installs the JumpServer Tinker Service - this service must always be running.

• Detailed logs of Tinker's operation and errors are available in the folder:
  C:\Users\[ACCOUNT]\AppData\Local\Programs\Tinker\data\logs

Tinker Applets

Applets are a set of applications and automation scripts for managing applications. By default, applets are installed in the folder:
C:\Program Files\JumpServer

This folder contains executable applications and Python scripts with launch parameters that you can modify if necessary.

Final Checklist

• OpenSSH is installed on Windows RDS, and port 22 is open on the Windows firewall.

• The account used for integration with RDS has administrator rights on the RDS server.

• The IP/Host field contains the IP address of the RDS server or its DNS name, which can be resolved by JumpServer.

• The Core API field contains the URL of JumpServer, accessible from the RDS Server.

• Accounts of the type JS_XX and JMS_XX are created on the RDS server.

• Accounts of the type JS_XX and JMS_XX are members of the Remote Desktop Users group on the RDS server.

• The JumpServer Tinker Service is running on the RDS server.

• The RDS server status in the JumpServer interface: Normal.

• The Status of applets in the properties of the RDS server in the JumpServer interface: Success.

Here are some screenshots for example:

<< How to check system status and container logs

Need help?

Support during the JumpServer PAM Enterprise Edition pilot

Have you started testing JumpServer PAM EE and encountered an issue? Our process includes organizing email threads or Telegram groups for prompt issue resolution. If you are sure you were not added to such a group, please contact your supplier or reach out to us at support@afi-d.ru

Training for your specialists on configuring and administering JumpServer PAM

As part of an active technical support subscription, we will train your specialists in installation, configuration, administration of JumpServer PAM, as well as recovery from errors and incidents.

Training is conducted online, according to a pre-agreed plan, and includes mandatory practical knowledge verification with the issuance of personalized certificates (upon successful exam completion).

Video tutorials

Visit our channel on YouTube with video tutorials covering the configuration of all JumpServer PAM sections. The videos are in Russian and are updated with each new release.

Technical support for the free JumpServer PAM Community Edition

The idea of implementing a complex but business-critical PAM system can be intimidating due to the perceived complexity of setup, administrator and security team training, and changes to account management processes.

To make the deployment and configuration of JumpServer Community Edition comfortable, and to ensure you can always rely on professional assistance, AFI Distribution offers an annual technical support subscription.

The support package priced at 1.5 million RUB per JumpServer Community Edition instance (with no limits on the number of users or target systems) includes everything required to use PAM:

• Russian-language documentation;
• usage scenarios and recommended deployment architectures;
• training for administrators and information security specialists on working with JumpServer;
• tips and solutions for common questions;
• notifications about new releases with verified upgrade instructions;
• integration with RADIUS and multi-factor authentication “Multifactor” ;
• direct access to an engineer (no first-line support) with a clear SLA.

Learn more and make a purchase on the Technical support subscription page