Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH Tectia

Problems with Management Agents

Symptom: The Management Agent does not connect to the Management Server

Possible reasons:

  • Managed hosts with an encrypted file system (or another feature that stops a login screen from appearing when a host is restarted) do not connect to the Management Server after restarting until the user provides authentication credentials to allow the machine to proceed. This may cause situations where for example a software installation with the "Restart host" option enabled requires user interaction on the managed host.

  • Software installations and uninstallations on managed hosts are likely to fail if other software installations or uninstallations (not started from the administration interface) are running at the time when the Management Agent starts the installation or uninstallation operation.

  • On Unix, changing the network settings on Unix hosts may cause the Management Agent to lose the management connection, and requires restarting the Management Agent.

Symptom: The Management Agent on Windows does not connect to the Management Server

  • If this is the first installation of the Management Agent, check that there is a valid icb.dat file in the directory where ssh-mgmt-sysmonitor.exe is installed. By default, this is C:\Program Files\SSH Communications Security\SSH Tectia Manager. If there is no icb.dat file in this directory, obtain a valid ICB file and copy it there. The agent will connect automatically within a couple of minutes. Once the icb.dat has been used successfully, Management Agent creates a router.dat and the icb.dat is deleted.

    If you want to connect immediately, restart the Management Agent from the services control panel. Note that you have to have administrator privileges on the host to successfully restart the Management Agent.

  • If there is an icb.dat file in the directory, check that it is valid and intact by viewing it in a text editor. You might need to generate and download a new icb.dat file and follow step 1.

  • If the connection has been working in the past, but does not work now, try the following. Stop the Management Agent from the services control panel. Delete router.dat and icb.dat, if it exists, from this directory. Download a host specific icb.dat file from the server and start the Management Agent. Using host specific ICB downloaded from the host details view will not create a new entry for the host on the Management Server, instead the existing identity of the host is preserved.

Symptom: The Management Agent needs to connect to a new server


  1. Stop the Management Agent.

  2. Copy a new icb.dat file to the location where Management Agent is installed.

  3. Wait until the new ICB is automatically loaded, or restart the Management Agent to connect immediately.

Symptom: The Management Agent recreates manually deleted SSH Tectia Client connection profile desktop shortcuts

The user monitor module is responsible for creating the desktop icons, and it does so when it notices changes in certain directories or at specific time intervals.

The user monitor module checks the %ALLUSERSPROFILE%\Application Data\SSH directory and the %USERPROFILE%\Application Data\SSH directory of the current user for SSH Tectia Client connection profiles, and reads comment lines in the connection profile itself, checking for flags that indicate whether a desktop icon should be created. If these flags are found, it checks for the appropriate shortcuts, and if they are not found, it creates them. It does the same thing for startup shortcuts.

The user monitor module runs separately from the rest of the Management Agent, just to perform these sort of synchronizations. Because of this, it is unaware of whether the client is connected to a server or not. Hence, it recreates shortcuts even if you remove the machine from management.


If you "uninstall" yourself from an SSH Tectia Server and want to delete the SSH Tectia Manager -managed profiles, desktop icons, and so on, do the following:

  1. Delete the profiles from %ALLUSERSPROFILE%\Application Data\SSH

    The %ALLUSERSPROFILE% path will normally be either C:\Documents and Settings\All Users or C:\WINNT\Profiles\All Users.

  2. Delete the corresponding profile from your %USERPROFILE%\Application Data\SSH.

    The %USERSPROFILE% path will normally be either C:\Documents and Settings\<username> or C:\WINNT\Profiles\<username>.

  3. Delete the corresponding shortcut from your desktop.

  4. Check also Start → Programs → Startup for shortcuts to that profile.

Note on pop-up messages

The Management Agent currently uses the Windows Messenger Service to send pop-up messages to all users logged onto the system. If the Messenger service is stopped, SSH Tectia Manager tries to start it before sending the message. After the message is sent, the service is stopped. If the service had already been running, it is left running. If the service cannot be started, the message is not sent.

To avoid receiving pop-up messages from the Management Agent, set the Messenger service to Disabled via the Control Panel. On Windows XP this can be done under Start → Settings → Control Panel → Administrative Tools → Services.

The service name is Messenger. To disable the service, double-click it and select Disabled in the Startup Type.

Symptom: Problems with Management Agent remote deployment on Unix

During Management Agent remote installation, file transfer is done over the terminal connection (rlogin/telnet) or by the scp2 secure file copy application (ssh2).

Remedy: If there are problems with the remote agent deployment, try using the selected connection method manually from Management Server to the managed host with the sshmgmt user account:


mgmt-server$ su -l sshmgmt
mgmt-server# rlogin -l remoteuser remotehost


mgmt-server$ su -l sshmgmt
mgmt-server# telnet remotehost


mgmt-server$ su -l sshmgmt
mgmt-server$ touch tempfile
mgmt-server# scp2 tempfile remoteuser@remotehost:
 <check that the file was transferred correctly>
mgmt-server# ssh2 remoteuser@remotehost