The purpose of this document is to explain what the return codes in the .stat file mean. The stat file is a client-side file that gets dynamically updated while the task is processing. The file is located in the following directory:

C:\ProgramData\Landesk\Policies 

Stat File Status Codes

Below are the code definitions for the possible return code values contained in the .stat client policy file:

Description

When creating a Distribution Package in the Ivanti Endpoint Manager console there is the option to use "Specified Credentials" where you can select what user account to run certain software packages with. This is helpful in environments where standard users do not have access to install software, and the software in question has to be installed by a user and not the Local System account.

• The username and password are stored in the Ivanti EPM Database in the PACKAGE table.
• The password is encrypted before being stored in the table.
• The password is passed down to a machine when it receives the package information, however, it remains encrypted at all times. At no point in time is the password view-able in plain text.
  • Package information arrives in the format of an XML that is removed once the task is complete. If the task has to run again later we get a new copy of the XML
  • You can view the XML on the Core Server:
    • Opening a browser and going to http://localhost/ApmService/PackageInfo.asmx?op=GetPackageXML
    • Enter Package ID
    • Click Invoke

If you have any further questions about this feature please contact Ivanti Support.

When analyzing lddwnld.xlg xtrace log file, you might find the following error message :

CreateFile failed with #.  For example, "CreateFile failed with 5."

This is a standard CIFS error code returned from the file server hosting the file. Here is a short list of common error.  The error in the lddwnld.xlg relates to the last digit of the Error Code :

Resolution

Either the file doesn't exist on the server or the account used to access it doesn't have sufficient right. Activating the object access auditing on the file server for those files can help you.

Additional Info:

To enable xtrace for lddwnld please see this document: http://community.landesk.com/support/docs/DOC-1623

Introduction

This article will cover how to make use of an Ivanti EPM Provisioning binary to help you in either troubleshooting or (if desired) duplicating detailed (sub-)steps of Ivanti EPM Software Distribution.

If you've ever been in a situation where you'd love to have "out of band' access to Ivanti EPM technology to download "just this one file" as part of some script you're writing, this is the way to do it.

What is PEDownloader.exe exactly?

As the name may appear to imply - it is one of the key binaries that we make use of when downloading files into a Windows PE environment. So it's actually originally a file from the Provisioning side of the product - usually to help download "this or that" as part of the image deployment process.

However, the binary CAN also be used inside a "full" Windows environment. It's THIS aspect that we look to exploit to make use of to help you along with a few things.

Where is it located?

• The "PEDownloader.exe" binary can be found in the root of the LDLOGON share of your Core Server.
• Most clients will already have a copy of the binary in their LDCLIENT folder (so - )

What can I get it to do?

The short answer to that is - "anything that regular Ivanti EPM Software Distribution can do".

You can make use of (or exclude) Peer Download, Preferred Servers, authenticating to shares, verifying downloaded files against certain hashes. In short - "everything" that regular Software Distribution does / can do, you can do via this binary (as it calls upon the same tech to do the respective deed).

A detailed print out of all the command-line options can be had by running "pedownloader /?" - a copy of whose output is included further below for your convenience.

How does it work? A short working example walkthrough

PEDownloader.exe is very easy to use. It makes use of (and calls upon) all the regular software distribution technology available through regular software distribution - all available through some command line options.

Example 1 - Download a file from a server

Let's start with the complete basics - let's download a file from the source server. To this end, we see the command-line and the resulting output as follows (I'm using the pedownloader.exe out of the LDCLIENT directory in this scenario).

Note that you get visual confirmation of the following:

• Where the file(s) was/were downloaded from.
• How long the file download took.

So if you want/need to test peer download across your network, as an example - this is a superbly easy & convenient (and repeatable) way to do so.

Actual command-line used in this example (split up for easier readability)

C:\Program Files (x86)\LANDesk\LDClient>pedownloader.exe
/P="http://samarkum.fantasia.org/ldlogon/xx/vlc-2.1.3-win32.exe"
/O /Dest="C:\Program Files (x86)\LANDesk\LDClient\sdmcache\vlc-2.1.3-win32.exe" /AllowSource   

Note also the following here:

• No file-hash has been specified here - so the file won't be verified upon download!
• The use of the "/O" flag forces an overwrite of any existing file in the destination.
• In order to make use of the Peer Download option (as in example 2), you may need to re-start the "LANDESK Targeted Multicast"-service on the device that's due to serve as a peer. This is ONLY necessary because we're not going 100% through the "regular" download process here. The process parses files in SDMCACHE every hour roughly - a manual re-start simply accelerates this as it triggers this step right away.

Example 2 - Force a download from a peer

So - basic download is working. Great - now let's use this to test Peer Download on the network segment that we've pulled the file from Example 1 down.

Here, I've spun up another client and I am going to force the use of Peer Download (and only peer download).

REMEMBER - I've re-started the "LANDesk Targeted Multicast" on the device that's due to act as a peer, so it is now aware of the new file that was downloaded upon it.

Actual command-line used in this example (split up for easier readability):

C:\Program Files (x86)\LANDesk\LDClient>pedownloader.exe
/P="http://samarkum.fantasia.org/ldlogon/xx/vlc-2.1.3-win32.exe" /O
/Dest="C:\Program Files (x86)\LANDesk\LDClient\sdmcache\vlc-2.1.3-win32.exe"
/AllowPeer   

Note the following bits of data we get back:

• We get confirmation again of the download source (Peer in this case)
• We get information the specific IP from which peer we've downloaded the file.
• I've (again) not specified a file-hash, so the file will not be verified against it!

Things to be aware of

• Unless you specify a DESTINATION in your command-line, WinPEDownloader will always download files into the root of your SDMCACHE folder (by default - C:\Program Files (x86)\LANDesk\LDClient\SDMCache\ ).
• It's good practice to always encapsulate path names with "-s (even when there are no spaces) as a "just in case" habit enforcer.

Full Command Line options

For reference and convenience - here's a print-out (to save you the hassle of doing so yourself) of all of the command-line options / parameters for WinPEDownloader for LANDesk Management Suite 2016. You can get your specific versions' help data by running "pedownloader.exe /?" from a command prompt.

pedownloader.exe /?

 

Downloads files or folders to the local machine.

 

pedownloader.exe [options]

 

Options:

[/P=<package/file path>|/Dir=<filedir>] [[/WanBW=xx]|[LanBW=xx]]

[[/AllowMulticast /MulticastGuid=<guid> /MulticastDelay=<seconds>]|

[/MCRAllowPeer]|[/MCRAllowSource]|[/PeerOneSource]|[/AllowPeer]|[/AllowSource]]

[[/RequirePref]|[/AttemptPref]|[/NoPref]|[/NoServerCom]] [/PreserveDir] [/O]

[/Recursive] [/UseDownloaderCopy] [/Username=<username> /Password=<password>]

[/ShowProgress] [/NoProxyhost] [/NoHardLink] [/Dest=<destination path name>]

[/PushWan] [/Synchronize] [/CancelAfter=<seconds>] [/Discard=<ttl in seconds>]

[/MaxThreads=xx] [/Hash=<md5hash>] [/NoPushHash] [/CoreServer=<core server>]

 

 

Exclusive Options:

[/CalculateHash /P=<local file path>] [/WOL=<MAC Addresses>]

 

  /P                   Specify the package to download. This can be a web path (http://server/share/package.exe) or a UNC path

                       (\\server\share\package.exe). Use quotes where needed.

  /Dir                 Specify the directory/folder to download. This can be a web path (http://server/share/folder) or a UNC path

                       (\\server\share\folder). Use quotes where needed.

  /WanBW               The bandwidth (as a percentage) to allow over the WAN.

                       (This is to the source or preferred server)

  /LanBW               The bandwidth (as a percentage) to allow over the LAN.

                       (This is to the peers)

  /AllowMulticast      Allows multicast to take place. Discovery will occur between all of the machines using the same multicast GUID, to determine the multicast representative.

                       This option requires the use of /MulticastGuid and /MulticastDelay.

  /MulticastGuid       Specify a GUID for the file or folder to download. This MUST be in a GUID format.

                       (Example: CA761232-ED42-11CE-BACD-00AA0057B223)

  /MulticastDelay      The number of seconds that the multicast representative will wait before beginning to broadcast the job.

  /MCRAllowPeer        Allows multicast representative to download from a peer. By default, the multicast representative will inherit this trait from /AllowPeer if used.

  /MCRAllowSource      Allows multicast representative to download from a source.  By default, the multicast representative will inherit this trait from /AllowSource if used.

  /PeerOneSource       Allows downloading from a peer but requires that only one of the peers can download from the source (or preferred server).

  /AllowPeer           Allows downloading from a peer.

  /AllowSource         Allows downloading from the source (or preferred server).

 

                       NOTE: Regardless of the order placed on the command- line, the hierarchy of the above options is...

                       /AllowMulticast, /PeerOneSource, /AllowPeer, and /AllowSource. There are no default options.

 

 

  /RequirePref         Require the use of a preferred server.

  /AttemptPref         Attempt the use of a preferred server.

  /NoPref              Do not use a preferred server (default setting).

  /NoServerCom         Specifies that no head request be done on the package.

  /PreserveDir         Preserves the full package path in the cache directory.

  /O                   Overwrites the package in the cache.

  /Recursive           Recurse the subfolders when the package is a folder.

  /UseDownloaderCopy   Moves package to location rather than copying it.

  /Username            The user name to use if authentication is needed for the package path.

  /Password            The password to use if authentication is needed for the package path.

  /ShowProgress        Shows the progress of the download.

  /NoProxyhost         Specifies to go directly to URL rather than through proxyhost.

  /NoHardLink          Do not create a hard link (copy of the package).

  /Dest                The destination on the local machine to download the package.

  /PushWan             Use WAN bandwidth for file replication.

  /Synchronize         Synchronizes files instead of just copying them.

  /CancelAfter         Cancel the job after the specified number of seconds.

  /Discard             How long (in seconds) the package should exist in the cache.

  /MaxThreads          Maximum number of peer discovery threads. (default=15, max=30)

  /Hash                The MD5 hash of the package. This ensures that the package being downloaded is the right one.

  /NoPushHash          Do not push the hash to the machine.

  /CalculateHash       Outputs the hash of a package (that resides in a local directory).

  /WOL                 Send list of MAC addresses to multicast service for WOL separated by a comma.

                       (/WOL=0012B74B523F,00-12-B7-3D-44-31,00:12:B7:4E:30:29)

  /CoreServer          Overrides core server to use to get credentials and and the preferred server list.

 

 

Deprecated options:

 

  /NoSource            Mapped over to /AllowPeer.

  /OneSource           Mapped over to /PeerOneSource.

  /AttemptPeer         Mapped over to /AllowPeer and /AllowSource.

  /SourceOnly          Mapped over to /AllowSource.

 

 

Examples:

 

 

To download a package (or file) from an anonymous web share and allow it to

come from a peer or the source, enter the following:

 

 

     pedownloader.exe /P="http://server/share/package.exe" /AllowPeer

     /AllowSource

 

 

To download a package (or file) from a secure UNC share and force it to get

the file from the source (or preferred server), enter the following:

 

 

     pedownloader.exe /P="\server\share\package.exe" /AllowSource

     /AttemptPref /User=<username> /Password=<password>

 

 

To multicast a folder with all of its subfolders, enter the following from

each machine you want involved in the multicast.  The MulticastDelay will

provide time for you to enter this on each machine:

 

 

     pedownloader.exe /Dir="http://server/share/folder" /Recursive

     /PreserveDir /AllowSource /AllowPeer /AllowMulticast /MulticastDelay=300

     /MulticastGuid=CA761232-ED42-11CE-BACD-00AA0057B223

 

 

With the above example it would wait 300 seconds (5 minutes), and then begin

multicasting the files from the folder(s). It would place all of the files

in the cache directory in the same folder structure as existed on the source.

 

  

Depending on the version of PEDownloader used in your specific version of LANDESK Management Suite, you may have certain deprecated options - so please verify against your own version to ensure full accuracy.

In Conclusion

This article covered everything that you need to get started & make use of PEDownloader.exe to help you with either troubleshooting or the occasional "one-off" operation that you may even want to script.

• Purpose
  • Services
  • Software Distribution Process
  • Software Distribution Stages
    • Stage 1: Discovery (Core initiated)
    • Stage 2: Asynchronous Policy Execution (Client has initiated processing)
    • Stage 3: Task Has Started
    • Stage 4: Downloading
    • Stage 5: Complete
  • Software Distribution (IIS)

Purpose

This document is designed to help diagnose and resolve common issues that happen in Ivanti EPM Software Distribution from the perspective of the core server.

Services

A few notable services core side that must be started in order for the Software Distribution process to function correctly are as follows:

• LANDESK Scheduler Service
• LANDESK® Management Agent Service
• LANDESK Policy Server Service

Software Distribution Process

The following process outlines how Software Distribution works Core side.

Upon creation of a scheduled task from a Distribution Package, a Client Policy file is created which contains all client side information you've configured in the task properties as well as the ID number of your Distribution Package. This file will be contained in the following directory on your core server and will be in the following format :

Path:  %ldms_home%\LANDESK\Files\Client Policies

 

File Format:  CP.TaskID.RunNow.xml   

Software Distribution Stages

• Stage 1: Discovery (Core initiated)

When the task is initiated on the core,  the Landesk.Scheduler.Global Scheduler will communicate with TaskHandlerProxy who in turn will talk to PolicyTaskHandler (see above diagram) in efforts to make the task information available to the targets in the task. This series of events will place the task in the Discovery Stage.  For more info on the discovery process please reference How to troubleshoot Agent Discovery.

In order to attain more logging around the discovery process please enable verbose policy task handler logging by navigating to:

Tools | Distribution | Scheduled Tasks

Configure Settings	Default Scheduled Task

Below is an example of this sequence of events from a logging perspective:

LANDESK.Scheduler.GlobalScheduler.exe.log	TaskHandlerProxy.exe.log	PolicyTaskHandler.exe.log

Synchronizing policy with the command: [C:\Program Files (x86)\LANDESK\LDClient\PolicySync.exe -taskid=1099], to machine: [WIN8196]

• Stage 2: Asynchronous Policy Execution (Client has initiated processing)

  During this stage, the client policy file has been made available to the client, and the client is in the process of retrieving the file from the core. If successful, the CP.TaskID.RunNow.xml or CP.TaskID.xml file will be downloaded to the (Programdata\LANDESK\Polices) directory. A status (.stat) file will be created by policysync.exe. This file corresponds to the activity taking place by sdclient.exe. For a listing of what the return codes mean in the .stat file please reference How to Interpret Client Policy .Stat file Status Codes.

• Stage 3: Task Has Started

        During this stage, the sdclient process on the client has been initiated. There will now be a sdclient_taskXXX.log file (XXX = taskID) on the client in %ldms_local_dir%.

• Stage 4: Downloading

  During this stage, the LANDESK download utility has begun downloading the files contained in the Software Distribution package. These files will reside in the %ldms_local_dir%\..\sdmcache directory.

• Stage 5: Complete

  During this stage, the sdclient process has completed processing the client policy task made available to the target.

Software Distribution (IIS)

There are a variety of web requests made over the HTTP protocol related to the Software Distribution process. To properly troubleshoot the process, you will need to understand what sites and web services are at play.

To access IIS Manager, open a run prompt and type in INETMGR. This command will take you to IIS.

Run Prompt	IIS Manager

The APMService site handles all Software Distribution activity and the LDAppAPM application pool serves the site.

APMService	LDAppAPM

The two (2) primary web services in the APMService site are as follows:

• Packageinfo.asmx (contains all pertinent information about the package being distributing to the client)
• PolicyRequest.asmx (contains all pertinent information configured in the task properties)

             

The operations contained in each web service allow the transfer of information from the core server to the client.

PackageInfo	PolicyRequest

In the event a targeted client cannot get a policy file or package information, review the IIS log files to determine if the attempt made it from the client to the core. If no entry from the time frame of the request is contained in the IIS logging file, the traffic was dropped/blocked in route to the core or never left the client. To view the IIS logging please navigate to the following location on your core server:

%SystemDrive%\inetpub\logs\LogFiles

Hello,  currently we are using LD 9.6 SP3 and I have a distribution package that uses "Run as a specified user". When I schedule and run the package it touches the PC and reflects the "Software Distribution" pop up bubble for about 5 seconds, then goes away and reports completed even though it didn't. I suspect there is a permission issue. But I did check the user account and it has domain admin privileges. Another thing, I rebuilt the package with the "LocalSystem account" option and the subsequent package installed perfectly. That is the reason for the subject line. Is there a security issue using the LocalSystem account? Could it cause problems? I still want to figure out the issue with "Run as a specified user" option failing but frankly I am under the gun (doesn't that always seem to be the case) to get this done quickly. That being said I want to make sure I do it right. Any help would be appreciated.

Thanks!

Hi all,

We have a problem with our LANDESK set up which we have ignored because we have never needed it and everything else seems to work okay but now we actually need to use it I need to find a solution.

We have software we need to deploy but it has to be installed with a specific user account - It will not install with Local System or Current User. Reasoning why is convoluted so I won't go into that.

Problem is, If I try to deploy the software with a specified user, it always fails.

I have done some tests and it is not just this software. It is anything. Any distribution package I make where I chose to specify a user account to run it, fails.

I have tried many different accounts which I know to be correct and to have administrator rights on the target device.

The software physically makes it to the target device(s) - I can see it in the sdmcache folder, so there is no problem there. It is when it tries to run the package - whether it be an exe, msi or batch. It doesn't matter.

The scheduled task fails - Batch Files give the return code 16386, executable give Return code 16450

Regardless, the logs give the following error;

Batch

Exe

From what I can see, there is a problem with our certificates. The schedule task is failing because it cannot unencrypt the password I have given on the client device??? That is what I am assuming. I have no idea how to go about resolving it though.

Has anyone had a similar issue. I am going to log with the Ivanti support but wanted to share with you all too in case any of you had any ideas.

I've created a task to modify a registry entry via batch file but it will not modify the registry when ran with a task. Below is my batch file contents and then reg file that I want to merge or edit. If I run the batch file locally it will work, just not via task or windows action. Tried running it with localsystem account and run as specified user. Both with same results. Any recommendations?

Batch file -

regedit /s Skype_Disable.reg

reg file -

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Office\Outlook\Addins\UCAddin.LyncAddin.1]
"LoadBehavior"=dword:00000001

I'm creating basic tasks to put a URL link on user's desktops.

Everything seems to work fine, but I am having issues with modifying Portal Settings in Schedule Task.

The settings are grayed out.

Any ideas?

Thanks,

Linda

There are a large number of ways to configure Ivanti EPM Content Replication to meet a variety of needs. Some examples of how Content Replication can be used are listed below. These are not necessarily in-use in a production environment nor specifically supported by Ivanti They are intended as ideas or starting points to create a Content Replication configuration to meet your needs.

For more information on Content Replication and Preferred servers see: How to use Ivanti EPM Content Replication

Single - Simple Replication

This scenario involves a single Source, Preferred server, and Replicator each configured as a separate device. This could be used when to locations are connected by a decent link, or simply to reduce traffic to the Source.

New Scenarios

If you have a Scenario that you have used and would like to share, please send me a private message with details and I will try to get it added here.

HI all, I am trying to push a script package (windows script Host) but it keeps failing. I receive the return code 1921 which says in the result: "Unknown status code (0x781 ,0:1921). This script worked just fine with Landesk 9.6, but we are currently running version 10.1.10 console. Any help is greatly appreciated.

Description

This document discusses the differences between environment variables when deploying a batch file using LDMS.

Ivanti EPM Environment Variables when Running as Local System

ALLUSERSPROFILE=C:\Documents and Settings\All Users
CBA8_BSA_PATH=C:\Program Files\LANDesk\Shared Files\cbaroot\bsa
 CBA8_START=2008-12-17 16:29:10
 CBA8_STOP=2008-12-17 00:24:55
 CommonProgramFiles=C:\Program Files\Common Files
 COMPUTERNAME=XP
 ComSpec=C:\WINDOWS\system32\cmd.exe
 CORESERVER=D88
 FP_NO_HOST_CHECK=NO
 LDMS_LOCAL_DIR=C:\Program Files\LANDesk\LDClient\Data
 LD_CLIENT_DIR=C:\Program Files\LANDesk\LDClient
 NUMBER_OF_PROCESSORS=1
 OS=Windows_NT
 PACKAGE_DESCRIPTION=Get Environment Variables
 PACKAGE_NAME=SET
 Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\LANDesk\Shared Files;C:\Program Files\LANDesk\Shared Files;C:\Program Files\landesk\shared files;C:\Program Files\LANDesk\LDClient;
 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
 PROCESSOR_ARCHITECTURE=x86
 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 8, GenuineIntel
 PROCESSOR_LEVEL=6
 PROCESSOR_REVISION=0f08
 ProgramFiles=C:\Program Files
 PROMPT=$P$G
 SERVICE_HOST_PATH=C:\Program Files\LANDesk\Shared Files
 SystemDrive=C:
 SystemRoot=C:\WINDOWS
 TASK_ID=18
 TASK_NAME=Set
 TEMP=C:\WINDOWS\TEMP
 TMC_CACHE_DIR=C:\Program Files\LANDesk\LDClient\sdmcache\
 TMP=C:\WINDOWS\TEMP
 TRUSTED_CERT_PATH=C:\Program Files\LANDesk\Shared Files\cbaroot\certs
 USERPROFILE=C:\Documents and Settings\LocalService
 UTF8_MACHINE_NAME=XP
 windir=C:\WINDOWS

The following is a short list of additional variables that are added to the environment by Ivanti EPM when deploying a batch file.  (This list was created using 8.8 SP1.).

CBA8_BSA_PATH=C:\Program Files\LANDesk\Shared Files\cbaroot\bsa
 CBA8_START=2008-12-17 16:29:10
 CBA8_STOP=2008-12-17 00:24:55
CORESERVER=Core88
LD_CLIENT_DIR=C:\Program Files\LANDesk\LDClient
 PACAKGE_DESCRIPTION=Get Environment Variables
 PACKAGE_NAME=SET
 Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\LANDesk\Shared Files;C:\Program Files\LANDesk\Shared Files;C:\Program Files\landesk\shared files;C:\Program Files\LANDesk\LDClient;
 SERVICE_HOST_PATH=C:\Program Files\LANDesk\Shared Files
TASK_ID=18
TASK_NAME=My Task Name
TMC_CACHE_DIR=C:\Program Files\LANDesk\LDClient\sdmcache\
 TRUSTED_CERT_PATH=C:\Program Files\LANDesk\Shared Files\cbaroot\certs
 UTF8_MACHINE_NAME=MyPCName

Local System Environment Variables When Launched by Microsoft's AT.EXE Command

ALLUSERSPROFILE=C:\Documents and Settings\All Users
 AltStartup=C:\Unknown_AltStartUp
 AppData=C:\Documents and Settings\NetworkService\Application Data
 CommonDesktop=C:\Documents and Settings\All Users\Desktop
 CommonFavorites=C:\Documents and Settings\All Users\Favorites
 CommonFiles=C:\Program Files\Common Files
 CommonProgramFiles=C:\Program Files\Common Files
 CommonProgramGroups=C:\Documents and Settings\All Users\Start Menu\Programs
 CommonStartMenu=C:\Documents and Settings\All Users\Start Menu
 CommonStartUp=C:\Documents and Settings\All Users\Start Menu\Programs\Startup
 COMPUTERNAME=XP
 ComSpec=C:\WINDOWS\system32\cmd.exe
 ConnectionWizard=C:\Program Files\Internet Explorer\Connection Wizard
 Cookies=C:\Documents and Settings\NetworkService\Cookies
 DesktopDirectory=C:\WINDOWS\Desktop
 DocAndSettingRoot=C:\Documents And Settings
 Favorites=C:\WINDOWS\Favorites
 FP_NO_HOST_CHECK=NO
 History=C:\Documents and Settings\NetworkService\Local Settings\History
 InternetCache=C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files
 LDMS_LOCAL_DIR=C:\Program Files\LANDesk\LDClient\Data
 NetHood=C:\WINDOWS\Nethood
 NUMBER_OF_PROCESSORS=1
 OS=Windows_NT
 Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
 PersonalDocuments=C:\Unknown_PersonalDocuments
 PROCESSOR_ARCHITECTURE=x86
 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 8, GenuineIntel
 PROCESSOR_LEVEL=6
 PROCESSOR_REVISION=0f08
 ProgramFiles=C:\Program Files
 PROMPT=$P$G
 RecycleBin=C:\Unknown_RecycleBin
 SRArchiveDir=*:\_restore.{37BBF00C-E178-4053-9A9F-1F6B16F2982C}
 SRDataStoreRoot=*:\_restore.{37BBF00C-E178-4053-9A9F-1F6B16F2982C}
 SRTempDir=*:\_restore.{37BBF00C-E178-4053-9A9F-1F6B16F2982C}
 StartMenu=C:\WINDOWS\Start Menu
 SystemDrive=C:
 SystemRoot=C:\WINDOWS
 TEMP=C:\WINDOWS\TEMP
 Templates=C:\Unknown_Templates
 TMP=C:\WINDOWS\TEMP
 USERPROFILE=C:\Documents and Settings\NetworkService
 windir=C:\WINDOWS
 WinSys=C:\WINDOWS\system32

Local System Environment Variables When Launched by the Local Scheduler Service

ALLUSERSPROFILE=C:\Documents and Settings\All Users
 CommonProgramFiles=C:\Program Files\Common Files
 COMPUTERNAME=XP
 ComSpec=C:\WINDOWS\system32\cmd.exe
 FP_NO_HOST_CHECK=NO
 LDMS_LOCAL_DIR=C:\Program Files\LANDesk\LDClient\Data
 NUMBER_OF_PROCESSORS=1
 OS=Windows_NT
 Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
 PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
 PROCESSOR_ARCHITECTURE=x86
 PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 8, GenuineIntel
 PROCESSOR_LEVEL=6
 PROCESSOR_REVISION=0f08
 ProgramFiles=C:\Program Files
 PROMPT=$P$G
 SystemDrive=C:
 SystemRoot=C:\WINDOWS
 TEMP=C:\WINDOWS\TEMP
 TMP=C:\WINDOWS\TEMP
 USERPROFILE=C:\Documents and Settings\LocalService
 windir=C:\WINDOWS

Notice: Any E-Learning content is available by default to Members who have a minimum support agreement at the Professional level.

This article is not a comprehensive list of documents and issues. You can continue to search the rest of the community or the portion specific to Software Distributionif this page hasn't help

Description

Targeting machines through Active Directory is a very useful and convenient way to manage software deployments.

Ivanti EPM Software Distribution allows you to target an LDAP container or LDAP group.

This document outlines the steps that you need to complete to get this working.

Steps to Configure LDAP Policies

1.  Enable LDAP enumeration on the agents

The LDAP Enumeration registry setting instructs the agent to gather the current LDAP location and report this in the inventory of the machine.

The registry key which controls LDAP group enumeration behavior for Software Distribution is:

HKLM\Software\LANDesk\ManagementSuite\WinClient

DWORD: DisableLdapGroupEnumeration

0(default) - feature is disabled

1 - feature is enabled

To make this configuration a permanent part of the default Agent configuration, do the following.

Browse to the LDLOGON share on the core server.  Open the ntstacfg.in# file with notepad.exe.  Search for ldap, which should take you to this section:

; LDAP groups can be enumerated on the client, this provides more information in the inventory
; database and faster targeting of LDAP groups.  This also generates network traffic between the
; client and the LDAP server, the following registry value can be used to disable this option

REG54=HKEY_LOCAL_MACHINE, SOFTWARE\LANDesk\ManagementSuite\WinClient\DisableLdapGroupEnumeration, 0, , REG_DWORD

The default value is 0 which is Disabled.  Change this to 1, and save the file.

On the Ivanti EPM Core server, go to Configure | Services | Inventory and restart the Inventory Service.  This will run stamper.exe, which builds the ntstacfg.ini file from the ntstacfg.in# file.

Next, in the Ivanti EPM Console, go to Tools | Configuration | Agent Configuration and click the "Rebuild All" button.  This will rebuild the Agent_Name.ini file from the ntstacfg.in# file.

After doing this all of the Ivanti EPM Windows Agents will have LDAP enumeration enabled when the agent is installed.

2. Configure the Directory Manager plugin

In the Ivanti EPM Console, go to Tools | Distribution | Directory Manager.  Click the Key icon, and then the Add button.  Enter the credentials of a domain administrator or a user that can browse the domain.

After successfully authenticating to the Active Directory domain, the domain structure should be browsable.

3.Create the scheduled task that will target the LDAP objects.  For this example, the scheduled task is a Required Policy.

Save the policy after adding the software package and the delivery method.

  Note:  At this point, the policy has no targeted devices.

4.To target the LDAP group or Active Directory OU, from Directory Manager drag the group or OU down onto the scheduled task.

Browse to the desired OU in Directory Manager and highlight it.

Drag and drop the OU to the Scheduled Task that was created.

The following window will come up, prompting for the kind of LDAP objects to find.  Depending on the type of query and what is going to be targeted (users or machines), this will change.  For this example, both types are selected.

Another window will come up to save the query.  The query must be saved.

After saving the query, the LDAP OU will be targeted in the scheduled task.  To see the LDAP target, see the scheduled task under Target Devices.

Hi

am using Ivanti ans core server running with 10.1.30.401 and 2017 Update 3.

core serer running on windows 2012 R2.

When i use root accounts everything works fine and includes deploying agent and pushing packages to the clients.

I have added root credentials in ( alternate credentials).

my plan to not use root credentials because of root password is not same in all same servers as its will change frequently as of now for test servers am using root account and its working fine.

when i am adding my account in alternate credentials then i am facing issues and when i deploy task i will see status as " policy has been made available" will not go further.

is any also facing same issue? please let me know if any different way i can push packages to the servers.

Hi,

I'm trying to deploy Office 2016 Standard / Pro but I do not want the PC to reboot during the deployment because everyone is using their PC and I would like to do a silent install. I was in the agent settings to block the reboot but in my tests the PC reboot anyway without warning the user..

The package is deployed successfully, but I have this error code 1641 and the reboot of the PC

Any idea to solve this problem?

Hello,

We have a lot of machines that have old versions of adobe on them.  We crafted a distribution package(s) to uninstall the old and install the new.  The problem we are having is that it doesn't work on all machines.  There also doesn't seem to be any commonality between the machines that worked and the ones that don't.  I am fairly new to LANDesk so I am not familiar about its diagnostic abilities in regards to task failure.  Any suggestions would be great.

Thanks,

Matt

I want to slowly, like not via a Push or Policy supported push, distribute software to 4 groups of devices. If I pick Policy though, it schedules the 4 tasks immediately and devices in each task check in and get the task. Is this not possible??

I've seen this occur sporadically in our environment as of late. However, while attempting to change an agent setting on about 1400 machines nearly 90% percent returned the following error. The others are just offline.

The setting is a power management setting. Our previous setting was no longer being deployed. Received the "Unable to get or apply agent settings, Return Code: 432"  error on a sampling of machines. Recreated the agent setting. Tested deploying to 1,474 machines. 1,270 machines returned the above (with the log file below). The remaining machines are pending or active.

I tried the "run vulscan /showui /reset on a problematic client.  This will clear all existing agent behavior xml files." step from Re: Unable to get or apply Agent Settings on a few machines with no change in results.

Any help would be appreciated.

We're running Management Suite 2016.3.5

Verifying device ID with core HO-LDCORE.corp.Alfacompanies.com

Contacting server...

     Done

Checking for updated settings

Contacting server...

     File not found on core

     New updates are available.

Downloading file from source http://HO-LDCORE.corp.Alfacompanies.com:443/ldlogon/AgentBehaviors/pwmbehavior_HO-LDCORE_v15909.xml.

Downloading file from source http://HO-LDCORE.corp.Alfacompanies.com:443/ldlogon/AgentBehaviors/pwmbehavior_HO-LDCORE_v15909.xml.

http://HO-LDCORE.corp.Alfacompanies.com:443/ldlogon/AgentBehaviors/pwmbehavior_HO-LDCORE_v15909.xml

     Done

Changing settings

Parsing trusted file list information

     Done

Checking for updated trusted file lists

Contacting server...

     Done

Building trusted file list for default location

     Up to date

Applying 'Distribution and Patch' settings

     Done

Applying additional settings

Downloading trusted certificates

Contacting server...

     Done

Applying other security settings

     Done

     Failed

Sending current settings information to core

Contacting server...

     Done

Sending status to core

Hello to all,

We are about to use the Portal Manager with Landesk Management Suite 2016 but I have a doubt due to my inexperience ..

Instead of using a scheduled task to make the new application available to clients, is it possible to make it available in another way?

My idea was to make available for a group of clients and possibly in the future remove it from the list without performing scheduled tasks ..

Thanks to those who will answer my question