This article covers troubleshooting Splashtop remote connections to Mac devices only. For Windows troubleshooting, see Troubleshoot Splashtop Remote connection to Windows agents. For Linux, see Troubleshoot Splashtop Remote connection to Linux agents. For general prerequisites (firewall, ports, whitelisting), see Firewall settings for Atera's integrations.

Prerequisites

Before troubleshooting, ensure all Splashtop network and software prerequisites are met:

• Firewall settings for Atera's integrations — Verify that all required Splashtop servers are whitelisted and necessary ports are open. All Splashtop cloud traffic is outbound only — no inbound ports need to be opened.
• The following domains must be whitelisted in your firewall:
  • *.splashtop.com (Global region)
  • *.splashtop.eu (EU region — required if your Atera account is on the EU stack)
• The following outbound ports must be open:
  • Port 443 (TCP) — Primary connection for all Splashtop traffic
  • Port 80 (TCP) — Required for Splashtop Streamer auto-updates via CloudFront
  • Port 6783 (TCP) — Used for local same-network connections
  • Port 3479 (UDP) — Used for QUIC-optimized end-to-end connections (improves session quality)
• Make sure you have Splashtop for RMM (Mac installer) installed on the device you are remoting from.
• Make sure you have pop-ups enabled on your browser.
• If your network uses DPI (Deep Packet Inspection) or SSL/TLS inspection, Splashtop domains must be excluded from inspection. SSL inspection intercepts and re-encrypts traffic, which breaks Splashtop's connection. Splashtop currently supports RSA-based TLS certificates only — firewalls or proxies that present ECDSA certificates during inspection will cause connection failures. Add *.splashtop.com and *.splashtop.eu to your SSL inspection bypass list.

Fix Splashtop remote access on Mac

If you have issues connecting to a Mac device via Splashtop, follow these steps:

1. Run the Splashtop connectivity check: As a quick first diagnostic, open www.splashtop.com/check on the affected device. This Splashtop-provided tool tests whether the device can reach all required Splashtop servers. If the check reports failures, the issue is network-related — review the prerequisites above before continuing.

2. Check agent connection: Open Terminal to verify the connection, check if the manage options are hanging or not.
- If unresponsive, the Atera Agent is the issue. Check this KB: Troubleshoot Atera's Mac agent
- If responsive, the issue is with Splashtop; continue troubleshooting.

3. Run Fix Splashtop issues script Mac: Run the script listed below to perform a detailed connectivity test, detect SSL inspection issues, and run maintenance tasks that should resolve the issue.

Fix Splashtop issues script Mac (.sh)

This script does the following:

1. Tests connectivity to all required Splashtop servers — both Global and EU regions.
2. Checks port 80 — verifies that the port used for Splashtop Streamer auto-updates is reachable.
3. Detects SSL/TLS inspection — checks whether the TLS certificate presented by Splashtop servers is legitimate or has been replaced by a proxy/firewall, and whether the certificate uses RSA (required by Splashtop).
4. Performs maintenance — stops Splashtop processes, clears cached agent packages, and allows the service to reinitialize cleanly.

To run the script, upload it to your Atera instance following these knowledge base articles:

• Create, upload, and generate scripts
• Run a script

Important Note: Please ensure that you set the script as .sh.

log_file="/Library/Application Support/com.atera.ateraagent/Agent/packages/AgentPackageSystemTools/SPLogs.txt"; write_log() { echo "$1" | tee -a "$log_file"; }; write_log "Starting log"; write_log "Attempting to create log file..."; touch "$log_file" || { write_log "Failed to create log file $log_file."; exit 1; }; chmod 644 "$log_file" || { write_log "Failed to change permissions of log file $log_file."; exit 1; }; if [ -f "$log_file" ]; then write_log "Log file $log_file created successfully."; else write_log "Failed to create log file $log_file."; exit 1; fi; write_log "Killing processes Splashtop Streamer, SplashtopPMService, and SRStreamerDaemon..."; pkill -9 -f "Splashtop Streamer" || write_log "Failed to kill Splashtop Streamer"; pkill -9 -f "SplashtopPMService" || write_log "Failed to kill SplashtopPMService"; pkill -9 -f "SRStreamerDaemon" || write_log "Failed to kill SRStreamerDaemon"; check_connection() { local domain=$1; local url="https://$domain/api/fulong/v3/echo/check-relay"; write_log "Checking connection to $domain..."; local response=$(curl -s -w "%{http_code}" -o /tmp/curl_output.txt --max-time 10 "$url"); local http_code=$(tail -n1 <<< "$response"); local content=$(cat /tmp/curl_output.txt); if [[ "$http_code" -eq 200 ]] && echo "$content" | grep -q '"result"\s*:\s*20200'; then write_log "$domain : $http_code - SUCCESS"; elif [[ "$http_code" -eq 200 ]]; then write_log "$domain : $http_code - UNEXPECTED RESULT"; else write_log "$domain : ERROR - HTTP $http_code"; fi; }; write_log ""; write_log "=== GLOBAL REGION SERVERS ==="; domains=("st-v3.api.splashtop.com" "st-v3-g3.api.splashtop.com" "st-v3-src.api.splashtop.com" "st-v3-src-g3.api.splashtop.com" "st-relay-v3.api.splashtop.com" "st-relay-v3-g3.api.splashtop.com" "st-premium-v3.api.splashtop.com" "st-premium-v3-g3.api.splashtop.com"); for domain in "${domains[@]}"; do check_connection "$domain"; write_log ""; done; write_log "=== EU REGION SERVERS ==="; eu_domains=("st-v3.api.splashtop.eu" "st-v3-g3.api.splashtop.eu" "st-v3-src.api.splashtop.eu" "st-v3-src-g3.api.splashtop.eu" "st-relay-v3.api.splashtop.eu" "st-relay-v3-g3.api.splashtop.eu" "st-premium-v3.api.splashtop.eu" "st-premium-v3-g3.api.splashtop.eu"); for domain in "${eu_domains[@]}"; do check_connection "$domain"; write_log ""; done; write_log "=== PORT 80 CHECK (Auto-updates) ==="; port80_code=$(curl -s -o /dev/null -w "%{http_code}" --max-time 10 "http://www.splashtop.com" 2/dev/null); if [[ "$port80_code" != "000" ]]; then write_log "Port 80 (HTTP): REACHABLE (HTTP $port80_code)"; else write_log "Port 80 (HTTP): BLOCKED - Splashtop Streamer auto-updates may fail"; fi; write_log ""; write_log "=== SSL/TLS INSPECTION CHECK ==="; ssl_issuer=$(echo | openssl s_client -connect st-v3.api.splashtop.com:443 2/dev/null | openssl x509 -noout -issuer 2/dev/null); if [ -z "$ssl_issuer" ]; then write_log "SSL Certificate Issuer: UNABLE TO CHECK - Could not establish TLS connection"; elif echo "$ssl_issuer" | grep -qiE "amazon|splashtop|starfield|digicert"; then write_log "SSL Certificate Issuer: LEGITIMATE ($ssl_issuer)"; else write_log "SSL Certificate Issuer: WARNING - Unexpected issuer: $ssl_issuer - Possible SSL/DPI inspection detected"; fi; cert_algo=$(echo | openssl s_client -connect st-v3.api.splashtop.com:443 2/dev/null | openssl x509 -noout -text 2/dev/null | grep "Public Key Algorithm" | head -1 | awk -F: '{print $2}' | xargs); if echo "$cert_algo" | grep -qi "rsa"; then write_log "Certificate Algorithm: RSA - Compatible with Splashtop"; elif [ -n "$cert_algo" ]; then write_log "Certificate Algorithm: $cert_algo - WARNING: Splashtop requires RSA. This may indicate SSL inspection is active."; else write_log "Certificate Algorithm: UNABLE TO DETERMINE"; fi; write_log ""; folder_to_delete="/Library/Application Support/com.atera.ateraagent/Agent/packages/AgentPackageSTRemote"; write_log "Deleting folder $folder_to_delete and all of its contents..."; rm -rf "$folder_to_delete" || write_log "Failed to delete folder $folder_to_delete"; write_log "Folder $folder_to_delete deleted successfully."; write_log "Script completed."

Understanding the script output

The script output is organized into four sections. Review each section to identify the root cause of your connection issue.

Section 1: Server connectivity (Global and EU regions)

The script tests connectivity to each Splashtop server in both the Global and EU regions. For each domain, you will see one of three results:

✅ st-v3.api.splashtop.com : 200 - SUCCESS

The device can reach this Splashtop server. No action needed for this domain.

⚠️ st-v3.api.splashtop.com : 200 - UNEXPECTED RESULT

The server responded, but returned an unexpected payload. This is most commonly caused by DPI (Deep Packet Inspection) or SSL/TLS inspection intercepting and modifying the traffic. It can also be caused by a web proxy, content filter, or captive portal serving its own response. To resolve this:

1. Check whether your firewall or security appliance performs SSL/TLS inspection. If so, add *.splashtop.com and *.splashtop.eu to the SSL inspection bypass/exclusion list. Splashtop uses non-standard TLS traffic on port 443 that breaks when intercepted.
2. Splashtop currently supports RSA-based TLS certificates only. If your security appliance presents ECDSA certificates during inspection, the connection will fail even if the domain is technically reachable.
3. Check if a web proxy or content filter (e.g., Zscaler, FortiGuard, Cisco Umbrella) is intercepting traffic to Splashtop domains. The domain should be allowed to pass through unmodified.
4. If the device is on a guest or public network, check for a captive portal that may be intercepting HTTPS requests.

❌ st-v3.api.splashtop.com : ERROR - HTTP 403

The device cannot reach this Splashtop server. The HTTP code will vary (e.g., 403, 500, or a timeout). This is typically caused by a firewall, DNS, or network configuration blocking outbound connections. To resolve this:

1. Verify that *.splashtop.com (and *.splashtop.eu for EU accounts) is whitelisted in your firewall. See Firewall settings for Atera's integrations for the full list of required domains.
2. Ensure outbound traffic on port 443 (TCP) and port 80 (TCP) is allowed. Port 443 is used for all Splashtop connections. Port 80 is used for Splashtop Streamer auto-updates via CloudFront.
3. Check if a DNS resolver issue is preventing the domain from resolving. Try running nslookup st-v3.api.splashtop.com from Terminal to verify.
4. If using a VPN or proxy, confirm it is not blocking or rerouting Splashtop traffic.
5. Note: Splashtop servers use dynamically assigned IPs across cloud providers (AWS, GCP). Do not rely on static IP allowlists — always whitelist by domain name.

Understanding the Global vs. EU results:

• If your Atera account is on the Global stack, the Global servers must all show SUCCESS. EU servers may show errors — this is expected and does not affect your connectivity.
• If your Atera account is on the EU stack, the EU servers must all show SUCCESS. Global servers should also be reachable but are not strictly required.
• If you are unsure which stack your account is on, both regions should ideally return SUCCESS. If one entire region fails, ask your Atera admin which stack you are on, or contact Atera support.

Section 2: Port 80 check (auto-updates)

✅ Port 80 (HTTP): REACHABLE (HTTP 200)

Port 80 is open. Splashtop Streamer can receive auto-updates normally.

❌ Port 80 (HTTP): BLOCKED - Splashtop Streamer auto-updates may fail

Outbound HTTP traffic on port 80 is blocked. This prevents the Splashtop Streamer from downloading updates via CloudFront, which can lead to version drift and eventual compatibility issues. To resolve this, allow outbound traffic on port 80 (TCP) in your firewall for Splashtop domains.

Section 3: SSL/TLS inspection check

This section checks whether a security appliance is intercepting and modifying Splashtop's TLS traffic. It examines two things: who issued the TLS certificate, and what algorithm type it uses.

✅ SSL Certificate Issuer: LEGITIMATE (issuer=CN = Amazon RSA 2048 M03, O = Amazon, C = US)

The certificate is issued by a known Splashtop/AWS certificate authority. No SSL inspection is interfering with the connection.

❌ SSL Certificate Issuer: WARNING - Unexpected issuer: issuer=CN = Your-Firewall-CA - Possible SSL/DPI inspection detected

The certificate was not issued by a legitimate Splashtop certificate authority. This means a security appliance (firewall, proxy, or DPI solution) is intercepting and re-encrypting Splashtop traffic. This will break Splashtop connections. To resolve this, add *.splashtop.com and *.splashtop.eu to your SSL inspection bypass/exclusion list.

✅ Certificate Algorithm: RSA - Compatible with Splashtop

The certificate uses RSA encryption, which is supported by Splashtop.

❌ Certificate Algorithm: ecdsa-with-SHA256 - WARNING: Splashtop requires RSA. This may indicate SSL inspection is active.

The certificate uses ECDSA instead of RSA. Splashtop currently supports RSA-based certificates only. If your security appliance presents ECDSA certificates during SSL inspection, Splashtop connections will fail even if the domain is reachable and whitelisted. Configure your firewall to either bypass SSL inspection for Splashtop domains, or present RSA certificates.

SSL Certificate Issuer: UNABLE TO CHECK - Could not establish TLS connection

The script could not connect to the Splashtop server at all. This typically indicates a complete network block — resolve the server connectivity errors in Section 1 first.

Domains tested by the script

Global region:

• st-v3.api.splashtop.com
• st-v3-g3.api.splashtop.com
• st-v3-src.api.splashtop.com
• st-v3-src-g3.api.splashtop.com
• st-relay-v3.api.splashtop.com
• st-relay-v3-g3.api.splashtop.com
• st-premium-v3.api.splashtop.com
• st-premium-v3-g3.api.splashtop.com

EU region:

• st-v3.api.splashtop.eu
• st-v3-g3.api.splashtop.eu
• st-v3-src.api.splashtop.eu
• st-v3-src-g3.api.splashtop.eu
• st-relay-v3.api.splashtop.eu
• st-relay-v3-g3.api.splashtop.eu
• st-premium-v3.api.splashtop.eu
• st-premium-v3-g3.api.splashtop.eu

After running the script

If all servers in your region returned SUCCESS, port 80 is REACHABLE, and the SSL check shows LEGITIMATE with RSA — the maintenance tasks performed by the script (clearing cached packages and stopping Splashtop processes) should resolve most connection issues. Please allow two minutes before attempting to remotely access the device again.

If the script identified issues, address them in this order:

1. SSL inspection detected? → Add *.splashtop.com and *.splashtop.eu to your SSL inspection bypass list. This is the most common cause of Splashtop failures in enterprise environments and must be resolved first.
2. Server connectivity errors? → Whitelist the failing domains in your firewall and ensure ports 443 and 80 are open for outbound traffic.
3. Port 80 blocked? → Allow outbound HTTP traffic to prevent Streamer update failures.
4. ECDSA certificate detected? → Configure your firewall to present RSA certificates for Splashtop domains, or bypass SSL inspection entirely.

If all checks pass and you are still unable to connect, try these additional steps:

• Run the Splashtop connectivity check at www.splashtop.com/check — this tests broader connectivity beyond the API endpoints tested by the script.
• Verify that Splashtop Streamer permissions for macOS are correctly configured (Accessibility, Full Disk Access, Screen Recording).

If the issue persists after all checks above, continue with the common Mac-specific issues below.

Splashtop Streamer keeps popping up on Mac

If the Splashtop Streamer app repeatedly pops up on end-user Mac devices every few minutes — even when no remote session is being initiated — this is a known issue that can occur after deploying the Atera agent on Mac devices. It is particularly common when the Mac previously had Splashtop installed through a different MDM or RMM tool.

Cause: A corrupted or conflicting Splashtop plist file, or modified permissions in the /tmp/ path, causes the Streamer to repeatedly prompt for configuration. Previous Splashtop installations from other management tools (e.g., Addigy, Jamf, Kandji) can leave behind residual configuration that conflicts with Atera's deployment.

To fix this issue:

1. Run the following cleanup commands on the affected Mac device via Terminal (or via Atera's script execution as a .sh script):

pkill -9 -f "Splashtop Streamer"; pkill -9 -f "SplashtopPMService"; pkill -9 -f "SRStreamerDaemon"; rm -rf /Applications/Splashtop\ Streamer.app; rm -f /Users/Shared/SplashtopStreamer/Splashtop-Streamer.plist; rm -rf /tmp/Splashtop*; rm -rf /Library/Application\ Support/com.atera.ateraagent/Agent/packages/AgentPackageSTRemote

2. Reboot the Mac device.

3. After the reboot, the Atera agent will automatically redeploy the Splashtop Streamer. The popup issue should no longer occur.

4. Verify that Splashtop Streamer permissions for macOS are correctly configured (Accessibility, Full Disk Access, Screen & System Audio Recording).

Tip: If you are onboarding multiple Mac devices and expect this issue, you can add this cleanup script to an IT Automation profile that runs automatically when new Mac devices are added to the console. This prevents the popup from appearing in the first place.

Splashtop asks for a session code instead of connecting

If Splashtop Streamer on a Mac device is prompting for a session code when you try to connect from the Atera console, it means the wrong version of Splashtop is installed. The consumer/standalone version of Splashtop Streamer (downloaded from splashtop.com) requires a code. The Atera-integrated version connects silently without a code.

To fix this issue:

1. Uninstall the incorrect Splashtop Streamer by running the following commands on the Mac via Terminal:

rm -rf /Applications/Splashtop\ Streamer.app; kill -9 $(ps -ax | grep Splashtop | grep -v grep | awk '{print $1}') 2/dev/null; rm -f /Users/Shared/SplashtopStreamer/Splashtop-Streamer.plist

2. Reinstall Splashtop Streamer using the Atera-provided installer. Run the following command in Terminal:

downloadUrl="https://my.splashtop.com/csrs/mac";downloadPath="/tmp/Splashtop_Streamer.dmg";curl -L -o "$downloadPath" "$downloadUrl";mountPoint=$(hdiutil mount "$downloadPath" | grep "/Volumes/" | awk '{print $3}');sudo installer -pkg "$mountPoint/Splashtop Streamer.pkg" -target /;sleep 2;hdiutil detach -force "$mountPoint";rm "$downloadPath"

3. Grant all required macOS permissions for Splashtop Streamer: Accessibility, Full Disk Access, and Screen & System Audio Recording. See Enable Splashtop Streamer permissions for macOS.

4. Reboot the Mac device.

5. Try connecting again from the Atera console. The session code prompt should no longer appear.

Important: Always install Splashtop Streamer using the Atera-provided method above or by initiating a remote session from the Atera console (which triggers automatic installation). Do not download and install Splashtop Streamer directly from the Splashtop website — the consumer version does not integrate with Atera and will always prompt for a code.

Splashtop won't install or connect after agent deployment

If the Atera agent is online and responsive (you can access Terminal via Manage), but Splashtop shows "Unable to connect" and the Streamer never appears on the device, the automatic Splashtop deployment may have failed silently.

Step 1: Manually install Splashtop Streamer

Run the following command on the Mac via Terminal to manually install the Streamer:

downloadUrl="https://my.splashtop.com/csrs/mac";downloadPath="/tmp/Splashtop_Streamer.dmg";curl -L -o "$downloadPath" "$downloadUrl";mountPoint=$(hdiutil mount "$downloadPath" | grep "/Volumes/" | awk '{print $3}');sudo installer -pkg "$mountPoint/Splashtop Streamer.pkg" -target /;sleep 2;hdiutil detach -force "$mountPoint";rm "$downloadPath"

After installation, grant all required macOS permissions, reboot the device, and try connecting again from the Atera console.

Step 2: If manual install doesn't work — full Splashtop cleanup and reinstall

If the manual install doesn't resolve the issue, perform a complete cleanup of all Splashtop components before reinstalling:

1. Remove Splashtop completely:

pkill -9 -f "Splashtop Streamer"; pkill -9 -f "SplashtopPMService"; pkill -9 -f "SRStreamerDaemon"; rm -rf /Applications/Splashtop\ Streamer.app; rm -f /Users/Shared/SplashtopStreamer/Splashtop-Streamer.plist; rm -rf /tmp/Splashtop*; rm -rf "/Library/Application Support/com.atera.ateraagent/Agent/packages/AgentPackageSTRemote"

2. Reboot the Mac.

3. After reboot, the Atera agent should automatically redeploy the Splashtop Streamer when attempting to initiate a remote connection on the device. If it fails, please try a couple of time more, as Splashtop might be in the installation process. 

Note: If you have completed both steps above and Splashtop still fails to connect, please contact our support team. The issue may require investigation from our engineering team.