Software distribution task for a windows action package or batch file package to edit the registry will show as successful, but the change in the registry was not applied.
The value is being added to the key path under WOW6432NODE due to the task running in 32-bit mode by default.
Change the Architecture options setting in distribution package properties to "System Architecture"
Hi Guys,
I seem to be having issues with software deployment from Ivanti EPM 2017.4 SU4 for Mac High Sierra 10.13.4.
Anything previous to Sierra can download software packages fine without any issues but with Mac OS High Sierra 10.13.4 the task just stays stuck on downloading and never downloads or fails.
Not sure if anyone has come across this issue and if anyone knows any work around ?
Thanks in advance.
For configuring a Preferred Server on a Core Server see the following Community Document: http://community.landesk.com/support/docs/DOC-1385
Create a folder on your Preferred Package Server - This folder MUST be the same structure as your root folder on your primary package server.
Example:
If the primary package server URL is ..\Program Files\directory1\appname\application.exe
Your preferred package server would be ..\Program Files\directory1\appname\application.exe.
Replicate all the files and folders associated with the original package root to the new folder created on the preferred server.
Any file replication software can be used to automate this process. It is recomended to use LANDesk Content Replication to preserve the hash and to make file management easier.
For Windows 2008 and IIS 7.5, please visit How to set up a Preferred Server in IIS 7.5
The purpose of this document is to troubleshoot Signature Verification Failure related error messages during policy software distribution in LANDesk Management Suite. More information on troubleshooting Policy Sync can be found here:
How To Troubleshoot Policy Sync
Software distribution tasks are failing. PolicySync fails. Workspaces and Portal Manager show no applications or do not update new application polices or display "Failed to load packages", and the PolicySync.exe.log shows this error:
RollingLog : Run PolicySync.exe
RollingLog : Request: Request policies
RollingLog : Request: GetWebResponse ok
RollingLog : LoadLocalPolicyInfo: load local machine
RollingLog : Verify: failed, no signature
RollingLog : Request: signature verification failed
RollingLog : LoadLocalPolicyInfo: load user
RollingLog : PolicySync: failed request
RollingLog : Exit PolicySync.exe with code -3
The LANDeskComPlus local user is not a member of Users group on the core server, or the user account specified in the LANDESK and LANDESK1 COM+ Applications is not valid.
NOTE: If you decide to not use a domain admin account, the account that you specify in the LANDesk COM+ Applications should be a member of the local Administrators, LANDesk Administrators, and LANDesk Management Suite groups on the core server.
Overview
This document will detail the sequence of events related to file hashing and the overall file download process in Ivanti EPM. Understanding the processes associated to how client side functions decipher the information being presented will allow for a more direct approach to troubleshooting and a speedy resolution. The information contained in this document is intended for the advanced LANDESK Administrator but is comprehensible and advantageous for administrators at all levels to be aware of. This document outlines all pertinent core server processes, IIS web services and the relative SQL database actions related to file hashing.
Here are some known issues you may encounter if you are experiencing download issues:
Note: Please click to enlarge all images
A file hash is a data value consisting of a fixed length of characters for unique identification. It's a widely used in cryptography designed to resist modifications to the original data structure in efforts to maintain the integrity of the file.
The hash values for files in a package are contained in the Package_Files_Hash database table, HASH column. This table includes the primary file and any additional files included in your package. The Data Type for the HASH column is nvarchar.
To view these values, connect to your SQL Database Server, open Microsoft SQL Server Management Studio, connect to your Ivanti EPM database and run the following SQL statement:
select * from Package_Files_Hash
The execution of this statement will display the contents of the Package_Files_Hash table.
A Software Distribution package contains section for two (2) types of files, Primary and Additional. The first thing you will need to do is identify the Package ID of the desired Software Distribution package.
| Primary Package File | Additional package Files |
|---|---|
 |  |
The Package_IDN is the database identifier and is equal to the Package ID in the distribution package. To view the Package ID, from the Ivanti Endpoint Manager console navigate to the following location:
Tools | Distribution | Distribution Packages
Select (highlight) the desired package, right-click and select Info. An exportable item information interface will be displayed and will contain an ID box. This is your package ID.
Please take note, Package ID = 4
Now that the package ID (Package_IDN) has been identified, run the following SQL statement to identify the Package_Files_Hash_IDN associated to the desired package:
In this example, I'm using the Package ID from the PXE Representative Deployment package.
select * from Package where Package_IDN = 4
Please take note, Package_Files_Hash_IDN = 3
Now that we have all information required to isolate the hash value of the PXE Representative Deployment package (Package_IDN = 4) you can now run the following SQL statement to identify the hash value of the primary file:
select * from Package_Files_Hash where Package_Files_Hah_IDN = 3
This will present you with the hash value of the primary file in your package.
The Package_Files_Hash_IDN value for the additional files is stored in the Package_Files database table. The Package_IDN for your package will be used as the identifier to locate your additional file(s) Package_Files_Hash_IDN value.
To get the Package_Files_Hash_IDN for the additional files, run the following SQL statement:
select * from Package_Files where Package_IDN = 4
Please take note, Package_Files_Hash_IDN = 4 and Package_Files_Hash_IDN = 5 are the identifiers for the two (2) additional files contained in your package. Now you can go back to the Package_Files_Hash table to view the hash value associated to those two (2) files.
Now that you have the identifier to isolate the hash value of your additional files, please run the following SQL statement to view the hash value of the additional files for the PXE Representative Package.
select * from Package_ Files_Hash where Package_Files_Hash_IDN = 4 or Package_Files_Hash_IDN = 5
Now that the details are outlined you can create one (1) SQL script to display all of the above-listed information by running the following statement using only the Package_IDN value:
declare @PackageId int SET @PackageId = 4 select p.PACKAGE_IDN, p.NAME, p.LastSavedDate, pfh.FULL_PATH, pfh.PACKAGE_FILES_HASH_IDN, pfh.FILE_SIZE,pfh.HASH from Package p, PACKAGE_FILES_HASH pfh where p.PACKAGE_IDN = @PackageId and (pfh.PACKAGE_FILES_HASH_IDN = p.PACKAGE_FILES_HASH_IDN or pfh.PACKAGE_FILES_HASH_IDN in (select package_files_hash_idn from package_files where PACKAGE_IDN = @PackageId) )
Upon initial creation of a Software Distribution package, the package will contain a NULL hash value. You can expect to see a BLANK (empty string value) hash value in the database if you execute the "Reset package hash" option from the package. There are two (2) controlling processes responsible for hash calculations on the core server:
PolicyTaskHandler.exe and SchedPkgUpdate.exe
The PolicyTaskhandler process will perform a hash calculation upon task execution if the package hash is NULL or BLANK and will write the hash value to the database. In the event you modify a file in an existing package for a previously hashed file and reset the package hash, this will clear the value from the database leaving it BLANK.
This document will outline three (3) network options for you to enable in efforts to minimize the bandwidth constraints on your network; Peer, Preferred Server, Source. These network options are located in the following location:
Tools | Configuration | Agent Settings | Distribution and Patch settings | Network settings
If you enable all 3 options, the downloader will check for the file in the following order; If the file is found in location (I), location (II) or (III) will not be checked:
A peer refers to a client device on the same broadcast domain of the client requesting the file. When the peer network option is enabled, the LANDESK downloader performs a discovery utilizing the LANDESK Targeted Multicast service (tmcsvc.exe) asking "Does any device on my subnet have the file I need"? The discovery request will contain the structure of the desired file. If a device replies to the request a file download from the peer will occur. This process is referred to as Subnet Aware Downloading (SAD).
Note: In order for the peer to offer a cached file to another client on its subnet/broadcast domain, the file must be distributed by Ivanti EPM, By default, the files will be cached in the SDMCACHE directory on the client. Manually copying files into the sdmcache directory does not "cache" the files.
To view all files currently cached by Ivanti EPM on your client and their expiration date, execute the following command from an Administrator command prompt after changing directories to LDClient:
tmcsvc.exe /f | more > output.txt
A preferred server can be thought of as a file repository. It's simply a device in your environment more proximal (in the sense of location) to a subset of devices than the Ivanti EPM core server. A preferred server does not have to actually be a "server" and does not have to be managed by Ivanti EPM (an agent is not required). For more information on preferred server packaging and troubleshooting please reference the following articles:
How to configure a Preferred Package Server
Ivanti EPM Content Replication - Preferred Server (Target) Configuration
How to debug why my preferred server config isn’t being used (Preferred server doesn't work)
When the preferred server network option is enabled, the downloader will check for the existence of a file with the same name on the available preferred server(s). The component using the downloader (Software Distribution) will provide the hash of the file and the downloader will compare the hash provided to the file hash contained on the preferred server. If there is a match the file will be retrieved. A hash value will only be contained on the preferred server if the files were replicated over via Ivanti EPM Content Replication. If content Replication was not used, the downloader will download the entire file, calculate the hash and compare the hash it has to the hash found in the database.
Example (File replicated via Ivanti Content Replication):
File destination path: \\server\share\test\test_file.txt
Hash file location: \\server\share\test\LDHashDir\test_file.txt.hash.xml
Example (Without Ivanti Content Replication):
File destination path: \\server\share\test\test_file.txt
Hash file location: Package_Files_Hash DB table
When selecting the source network option, the downloader will be allowed to traverse your network back to the network path specified in your package (primary and additional files) in efforts to download the file. In this event, the hash is written to the Ivanti EPM database and will not be pulled from a preferred server or peer.
Note: A troubleshooting tool that will assist you in testing the download abilities from the Peer, Preferred Server or Source is PEDownloader.exe. More information related to the use of this tool can be found in the following location:
How to use PEDownloader.exe to Duplicate / Troubleshoot Software Distribution
In order for the targeted device to be able to perform a file download, it must first gather information from the core to know what information is contained in the package. The client policy xml file (CP.TaskId.RunNow.xml for non-portal tasks and CP.TaskId.xml for portal tasks) will contain all pertinent information related to the job being sent to the client.
For more detailed information on how the core publishes information to IIS and how clients retrieve this information from IIS please reference the following articles:
How to troubleshoot Software Distribution Tasks - Core Side (Advanced)
How to troubleshoot a Software Distribution Task - Client Side
Ivanti is moving further development of the Workspaces product into Portal Manager, and other utilities. This will allow us to address the use case scenarios and challenges faced by end users more appropriately. This document will go over what settings you will need to change in order to switch your environment to Portal Manager.
1) Disable Workspaces from current agent configuration.
Uncheck the box for "Add to program group>
2) Enable Portal Manager.
Once the correct options have been changed, you will need to address the current agents since, unchecking work-spaces will not remove it from the program group. Also, the links for Portal Manager will not be created since, this is part of the install.
Please use the script below that matches your version:
2017.X:
Issue : after a side by side upgrade or a fresh install you are not able to start a new software distribution task. You start the task but it stays on "active" and doesn't progress.
First of all, you will want to follow the steps highlighted in article How to troubleshoot Software Distribution Tasks - Core Side.
This will help you to identify if the issue happens on core or client side.
A good hint that the issue happens on core could be that one or more following logs are missing in %LDMS_HOME%\log folder :
If you are sure that the issue is on core side, we have seen recently some reports about blocked files.
As example :
- LANDesk.ManagementSuite.Data.dll
- LANDesk.ManagementSuite.Database.dll
- LANDesk.ManagementSuite.Diagnostics.dll
- TaskHandlerProxy.exe
- LANDesk.Scheduler.GlobalScheduler.exe
- PolicyTaskHandler.exe.log
Please check files and make sure that they are not blocked by Windows. To double check it, follow this process :
If you find a blocked file, you can unblock recursively the EPM install folder with the following Powershell command :
dir C:\Program Files\LANDesk\ManagementSuite -Recurse | Unblock-File
Hello,
i would like to know if there is a way to install a software ONLY if it do not exist. For example: i need to deploy skype 8.xx, but i want install it only if it do not exist or if exist a lower version then 8.xx
Is that possible?
thanks
Steven
Pre 9.6 version it was possible to choose personalized MDRs.In version 9.6, the 'Multicast Domain Representatives' folder indicates that it is only for previous versions.
How can we select specific hosts for this feature in version 9.6?
Solution
- In 9.5 and older we used Targeted Multicast, and it was the Core server’s job to select the MDRs and send the files out to them that were going to be multicasted. The reason we could manually specify MDRs was that the type of network packet used by the Core to select the MDRs would often get dropped at the routers on the network, and so the Core was unable to find out what machines were available to act as MDRs.
- In LDMS 9.6 we use Self-Organizing Multicast, now instead of the Core sending out a packet hoping to hear back from machines on the subnet, it just pushes the task out to all the machine included in the task. If a machine is on, it will get the task. Generally the first machine to get the push will act as the MDR. All other machines will recognize that client as the MDR for their subnet, and listen for the multicast once it begins. We can’t specify MDRs anymore, because it is not necessary, all the communication concerning who will be the MDR happens between the clients themselves, and the Core server is not involved in that part of the process anymore. And in the end it does not matter which machine is the MDR because the files will get out to the target devices.
Multicast in LDMS 9.6 will not work for Software Distribution Tasks unless you have the LD96-CP_BASE-2015-0114 patch installed on the Core and Clients. That is a post SP1 patch, meaning you have to be up to SP1 also. Patch and Provisioning Multicast will work just fine.
I have a Microsoft Project 2016 June update on the portal manager for users to install but the installer simply hangs at the "downloading" stage. Not getting any errors. Did I do something wrong in my Distribution Package?
This article will cover how to make use of an Ivanti EPM Provisioning binary to help you in either troubleshooting or (if desired) duplicating detailed (sub-)steps of Ivanti EPM Software Distribution.
If you've ever been in a situation where you'd love to have "out of band' access to Ivanti EPM technology to download "just this one file" as part of some script you're writing, this is the way to do it.
As the name may appear to imply - it is one of the key binaries that we make use of when downloading files into a Windows PE environment. So it's actually originally a file from the Provisioning side of the product - usually to help download "this or that" as part of the image deployment process.
However, the binary CAN also be used inside a "full" Windows environment. It's THIS aspect that we look to exploit to make use of to help you along with a few things.
The short answer to that is - "anything that regular Ivanti EPM Software Distribution can do".
You can make use of (or exclude) Peer Download, Preferred Servers, authenticating to shares, verifying downloaded files against certain hashes. In short - "everything" that regular Software Distribution does / can do, you can do via this binary (as it calls upon the same tech to do the respective deed).
A detailed print out of all the command-line options can be had by running "pedownloader /?" - a copy of whose output is included further below for your convenience.
PEDownloader.exe is very easy to use. It makes use of (and calls upon) all the regular software distribution technology available through regular software distribution - all available through some command line options.
Let's start with the complete basics - let's download a file from the source server. To this end, we see the command-line and the resulting output as follows (I'm using the pedownloader.exe out of the LDCLIENT directory in this scenario).
Note that you get visual confirmation of the following:
So if you want/need to test peer download across your network, as an example - this is a superbly easy & convenient (and repeatable) way to do so.
Actual command-line used in this example (split up for easier readability)
C:\Program Files (x86)\LANDesk\LDClient>pedownloader.exe /P="http://samarkum.fantasia.org/ldlogon/xx/vlc-2.1.3-win32.exe" /O /Dest="C:\Program Files (x86)\LANDesk\LDClient\sdmcache\vlc-2.1.3-win32.exe" /AllowSource
Note also the following here:
So - basic download is working. Great - now let's use this to test Peer Download on the network segment that we've pulled the file from Example 1 down.
Here, I've spun up another client and I am going to force the use of Peer Download (and only peer download).
REMEMBER - I've re-started the "LANDesk Targeted Multicast" on the device that's due to act as a peer, so it is now aware of the new file that was downloaded upon it.
Actual command-line used in this example (split up for easier readability):
C:\Program Files (x86)\LANDesk\LDClient>pedownloader.exe /P="http://samarkum.fantasia.org/ldlogon/xx/vlc-2.1.3-win32.exe" /O /Dest="C:\Program Files (x86)\LANDesk\LDClient\sdmcache\vlc-2.1.3-win32.exe" /AllowPeer
Note the following bits of data we get back:
For reference and convenience - here's a print-out (to save you the hassle of doing so yourself) of all of the command-line options / parameters for WinPEDownloader for LANDesk Management Suite 2016. You can get your specific versions' help data by running "pedownloader.exe /?" from a command prompt.
pedownloader.exe /?
Downloads files or folders to the local machine.
pedownloader.exe [options]
Options:
[/P=<package/file path>|/Dir=<filedir>] [[/WanBW=xx]|[LanBW=xx]]
[[/AllowMulticast /MulticastGuid=<guid> /MulticastDelay=<seconds>]|
[/MCRAllowPeer]|[/MCRAllowSource]|[/PeerOneSource]|[/AllowPeer]|[/AllowSource]]
[[/RequirePref]|[/AttemptPref]|[/NoPref]|[/NoServerCom]] [/PreserveDir] [/O]
[/Recursive] [/UseDownloaderCopy] [/Username=<username> /Password=<password>]
[/ShowProgress] [/NoProxyhost] [/NoHardLink] [/Dest=<destination path name>]
[/PushWan] [/Synchronize] [/CancelAfter=<seconds>] [/Discard=<ttl in seconds>]
[/MaxThreads=xx] [/Hash=<md5hash>] [/NoPushHash] [/CoreServer=<core server>]
Exclusive Options:
[/CalculateHash /P=<local file path>] [/WOL=<MAC Addresses>]
/P Specify the package to download. This can be a web path (http://server/share/package.exe) or a UNC path
(\\server\share\package.exe). Use quotes where needed.
/Dir Specify the directory/folder to download. This can be a web path (http://server/share/folder) or a UNC path
(\\server\share\folder). Use quotes where needed.
/WanBW The bandwidth (as a percentage) to allow over the WAN.
(This is to the source or preferred server)
/LanBW The bandwidth (as a percentage) to allow over the LAN.
(This is to the peers)
/AllowMulticast Allows multicast to take place. Discovery will occur between all of the machines using the same multicast GUID, to determine the multicast representative.
This option requires the use of /MulticastGuid and /MulticastDelay.
/MulticastGuid Specify a GUID for the file or folder to download. This MUST be in a GUID format.
(Example: CA761232-ED42-11CE-BACD-00AA0057B223)
/MulticastDelay The number of seconds that the multicast representative will wait before beginning to broadcast the job.
/MCRAllowPeer Allows multicast representative to download from a peer. By default, the multicast representative will inherit this trait from /AllowPeer if used.
/MCRAllowSource Allows multicast representative to download from a source. By default, the multicast representative will inherit this trait from /AllowSource if used.
/PeerOneSource Allows downloading from a peer but requires that only one of the peers can download from the source (or preferred server).
/AllowPeer Allows downloading from a peer.
/AllowSource Allows downloading from the source (or preferred server).
NOTE: Regardless of the order placed on the command- line, the hierarchy of the above options is...
/AllowMulticast, /PeerOneSource, /AllowPeer, and /AllowSource. There are no default options.
/RequirePref Require the use of a preferred server.
/AttemptPref Attempt the use of a preferred server.
/NoPref Do not use a preferred server (default setting).
/NoServerCom Specifies that no head request be done on the package.
/PreserveDir Preserves the full package path in the cache directory.
/O Overwrites the package in the cache.
/Recursive Recurse the subfolders when the package is a folder.
/UseDownloaderCopy Moves package to location rather than copying it.
/Username The user name to use if authentication is needed for the package path.
/Password The password to use if authentication is needed for the package path.
/ShowProgress Shows the progress of the download.
/NoProxyhost Specifies to go directly to URL rather than through proxyhost.
/NoHardLink Do not create a hard link (copy of the package).
/Dest The destination on the local machine to download the package.
/PushWan Use WAN bandwidth for file replication.
/Synchronize Synchronizes files instead of just copying them.
/CancelAfter Cancel the job after the specified number of seconds.
/Discard How long (in seconds) the package should exist in the cache.
/MaxThreads Maximum number of peer discovery threads. (default=15, max=30)
/Hash The MD5 hash of the package. This ensures that the package being downloaded is the right one.
/NoPushHash Do not push the hash to the machine.
/CalculateHash Outputs the hash of a package (that resides in a local directory).
/WOL Send list of MAC addresses to multicast service for WOL separated by a comma.
(/WOL=0012B74B523F,00-12-B7-3D-44-31,00:12:B7:4E:30:29)
/CoreServer Overrides core server to use to get credentials and and the preferred server list.
Deprecated options:
/NoSource Mapped over to /AllowPeer.
/OneSource Mapped over to /PeerOneSource.
/AttemptPeer Mapped over to /AllowPeer and /AllowSource.
/SourceOnly Mapped over to /AllowSource.
Examples:
To download a package (or file) from an anonymous web share and allow it to
come from a peer or the source, enter the following:
pedownloader.exe /P="http://server/share/package.exe" /AllowPeer
/AllowSource
To download a package (or file) from a secure UNC share and force it to get
the file from the source (or preferred server), enter the following:
pedownloader.exe /P="\server\share\package.exe" /AllowSource
/AttemptPref /User=<username> /Password=<password>
To multicast a folder with all of its subfolders, enter the following from
each machine you want involved in the multicast. The MulticastDelay will
provide time for you to enter this on each machine:
pedownloader.exe /Dir="http://server/share/folder" /Recursive
/PreserveDir /AllowSource /AllowPeer /AllowMulticast /MulticastDelay=300
/MulticastGuid=CA761232-ED42-11CE-BACD-00AA0057B223
With the above example it would wait 300 seconds (5 minutes), and then begin
multicasting the files from the folder(s). It would place all of the files
in the cache directory in the same folder structure as existed on the source.
Depending on the version of PEDownloader used in your specific version of LANDESK Management Suite, you may have certain deprecated options - so please verify against your own version to ensure full accuracy.
This article covered everything that you need to get started & make use of PEDownloader.exe to help you with either troubleshooting or the occasional "one-off" operation that you may even want to script.
If i have a application published to Portal Manager with setting:
Task Settings:
Frequency: Run Once
Checked: Optional (display in portal) and "allow users to run as desired (keep in portal after selected)
Problem 1:
First time i run the schedule task the software is availible in Portal Manager for my users.
What i have noticed is when a computer is re-installed with new OS the software will not be availible again in Portal Manager for the computer because it have already been succesfully publish to Portal Manager before.
Very annoying... any setting to fix this problem?
Problem 2:
First time i run the schedule task the software is availible in Portal Manager for my users.
If i choose "re-run task" on a computer that alrady successfully published a software to portal manager, it WILL INSTALL the software?! Even if i have the task setting: Optional (display in portal)
Or if i choose Task settings frequency to Run Daily, the first time it will publish to portal manager, the next day it will INSTALL the software...
This must be a bug?
Regards Johan
One of the most commonly used components of Ivanti Endpoint Manager is the Software Distribution feature. Companies around the world use it to quickly and efficiently distribute software to hundreds, or even thousands of computers in a very short period. Occasionally there are problems within a deployment task. This document will walk you through the basic steps of troubleshooting a Software Distribution task that has failed or is stuck in an active status. Also as working through the steps below you will find links to other troubleshooting documents that go into greater detail about specific issues.
Software Distribution has many moving parts so it is important to be able to quickly locate the failure point, and make sure to investigate the correct step in the process to resolve the issue. The following steps are commonly used by Ivanti Support to quickly locate the cause of a problem in Software Distribution.
Once we know some basic information about the failure we can move to troubleshoot it effectively.
According to the questions above, if you find that the problem is on the client itself please refer to the following documents to continue the troubleshooting process.
How to troubleshoot a Software Distribution Task - Client Side
How To Troubleshoot Policy Sync
If from the above questions you find that you need to troubleshoot an issue on the Core Server please continue to the following documents
How to troubleshoot Software Distribution Tasks - Core Side
How to troubleshoot Agent Discovery
There are a couple of verbose logging options that can help provide more information on Software Distribution tasks to help in finding and resolving the issue. Some of these logs are VERY verbose and may take some time to read through.
In the Ivanti Endpoint Manager, almost all verbose logging is controlled by a feature we call XTrace. This provides a simple method of enabling the verbose logging on both the Core and Client. The following document provides the instructions for
How to enable XTrace Diagnostic logging on the Ivanti EPM Core and Clients
How To: Enable Verbose Logging for BrokerConfig and Proxyhost.exe
C:\ProgramData\LANDesk\Log:
ServiceHost.log - Communication from the core to the client.
PolicySync.exe.log - Downloading of Policies from the core server.
PolicySync.log - Monitors the performance of the PolicySync program itself.
SendTaskStatus.log - Monitors the task status updates sent from the client to the Core.
LocalSch.log - Monitors the activity of the Local Scheduler on the client.
tmcsvc.log - Monitors the performance of the LANDESK Targeted Multicast service on the client.
C:\Program Files (x86)\LANDesk\LDClient\Data:
sdclient.log - Monitors the performance of the sdclient process.
sdclient_task{taskID}.log - Displays the progress of a specific software distribution task on the client.
C:\Program Files (x86)\LANDesk\Shared Files:
proxyhost.log - Communication from the client to Core directly or over CSA.
proxyhost.log.old - Communication from the client to Core directly or over CSA.
C:\ProgramData\LANDesk\Log:
SchedSvc.log - Monitors performance of Scheduler Service.
LANDesk.Scheduler.GlobalScheduler.log - Monitors the task initialization process.
LANDesk.Scheduler.GlobalScheduler.Skeleton.log- Monitors the task initialization process.
raxfer.log - Monitors the WOL discovery and sending of the wake up packets.
\Program Files\LANDesk\ManagementSuite\Log:
TaskHandlerProxy.exe.log - Gathers the task information to hand-off to PolicyTaskHandler.exe
SchedQry.exe.log - Monitors the performance of resolving LDMS queries to add target to tasks.
SchedLDAPResolver.exe.log - Monitors the performance of resolving LDAP queries to add target to tasks.
PolicyTaskHandler.exe.log - Logs the discovery and deployment of tasks to the clients.
WSvulnerabilityCore.Dll.log - Monitors task status updates from clients while tasks are processed.
If you did not find what you are looking for with this document please see the Ivanti EPM Software Distribution Landing Page for more information.
During Inventory scan or Software Distribution task LDAPWhoami.exe triggers smartcard reader dialog box (on the devices with smartcard reader installed).
Example 1:
Example 2:
Changes implemented in the product in version EPM 2017.3 within ldapinfo.dll code (used by ldapwhoami.exe). Ldapinfo.dll is part of the agent package so the issue is client-oriented.
Replace ldapinfo.dll with the file from a previous version of EPM (attached to this document) on affected devices. If you encounter this issue in your environment, please raise a case with Ivanti.
The engineering team is currently working on fixing this issue (DSI 232949). If you have any additional questions, please contact Ivanti Support.
Hi, the reason of this thread is the following.
I use Ivanti Portal Manager in a lot of computers in my organization. When I start Windows and try to install any software from Portal Manager, it works fine. But after the computers get suspended (and resumed), locked or just used for other things for a couple hours, the Portal Manager stops working ok.
When any user try to install a software, the progress bar in the Portal stays in "Download pending" forever, at the moment the only solution I've found was restart the computer, but is not practical at all for the user...
I've tried restarting manually the Ivanti services but doesn't work, and looked for similar posts in the community but doesn't found anyone reporting the same problem, which is weird.
Ivanti 2017 v3.
Windows 8.1, 10
Let me know if I can help adding any other info.
Thanks in advance!
Hi to everyone,
i have the below issue with some client in my environment: i have 90 client of 230 in pending status with Policy has been made available message, return code 1001
Could you please help me ?
many thanks
Hi everybody,
Does anyone of you have a patch management task, Policy type, on more than 32k devices?
If yes, does it working properly?
If so, could you please share your DB type, DB size and LDMS version?
Thank you!
EPM 2017.3
i need to restore a snapshot before sending an install task on some clients, the vms are running in vmware, I was able to complete an script using powershell (in conjunction with powercli) to restore the snapshot, the thing is that to run the script, the machine that runs it has to have certaing prerequisites installed, powercli and some variables.
So as far as I can see it now (I don't really know) I need to:
1. Run the script from a machine with this configuration (I would need to have a machine in stand by just to run the powershell/powercli commands)
2. Run my normal Software distribution task after the restore is completed.
Is there another way to do this?
I found this: Creating and deleting snapshots the reference doc is for hyper-v for which Normal powershell would work (installed on the core) but no the additional powercli requirements.
Can I install powerCLI in my core?
Any reference is appreciated.
Best.
Hiya
I am wanting to installing Microsoft Teams as part of my OS deployment task sequence.
There are install files as an EXE or an MSI
The EXE installs only to the local user app data folder.
The MSI will install it for each user when they log in for the first time so it is this i want to use.
It installs successfully during the build but when I then log in as a user it doesn't appear to run and install.
Has anyone successfully installed it so it appears for users when they log into their device?
Cheers
Phil
| Switch | Description |
|---|---|
| No switch | Sync policies with core and run runnow policies (required policies). |
| /taskid=<taskid> | Get the policy based on task id and run the policy if is runnow policy. |
| /enforce | check RunNow and Removed queues to run/remove the policies including running reoccurring policy. |
| /wait | work with /taskid, such as /taskid=<taskid> /wait. Get the policy based on taskid and wait until all policies in RunNow queue finished. |
| /check | return the number of policies in the RunNow queue waiting to be executed. |
| /check=wait | Block and return only when RunNow queue is empty. |
| /getlogfile=<filename> | return specified log file as standard output. |
| /getlogs | Get and zip all client logs and output the zip content as standard output. |
| getlog=<type> [/taskid=<taskid> | where type is currentdownloads, inventory, localscheduler, policysync, sdclient, servicehost and proxyhost. For sdclient, <taskid> has to be specified. |
