Problem:
When using Live Connect to connect to an endpoint, an error message is thrown stating: “Error: The request failed with status code: 403.”
Cause:
This is a user rights permissions problem that prevents the User Role from accessing KLC from being used. For the new KLC connection to be established, the User Role accessing the KLC endpoint must have the following access rights:
- Live Connect > Home > Home
- Audit > Asset > View Assets > View
- Audit > View Individual Data > Machine Summary (Machine Status OR View Single Machine Interface)
Depending on features used within Live Connect, some, or all, of the following permissions may also be needed:
Module | Permission |
Agent | Manage Agents |
Agent | Agent Logs |
Agent Procedures | Schedule Agent Procedure |
Agent Procedures | Get File |
Agent Procedures | Agent Procedure Status |
Agent Procedures | Schedule / Create |
Audit | Installed Applications |
Audit | Software Licenses |
Audit | Accounts |
Audit | Groups |
Audit | Members |
Patch Management | Scan Machine |
Patch Management | Machine History |
Patch Management | Machine Update |
Patch Management | Patch Status |
Quick View | Edit Procedure List |
Quick View | Change Settings |
System | Machine Groups |
Workaround / Resolution:
Option 1
- Add the permissions listed above to User Role permissions for affected users
Option 2
- The VSA system can be configured to turn off the new Live Connect and use “Classic” Live Connect, for which required permissions are the same as for VSA R9.2 and earlier. Please note: This configuration will apply to ALL users. After making this change, users will need to log out and then log in again.
Reference: #134719 / RC-1770 and #135817 / RC-1891
Note: For files/folders to be seen in KLC's Files Module, on the machine locally, the file/folder must have the SYSTEM user with full permissions. Otherwise the file/folder will not show up in KLC's Files Module