Quantcast
Channel: Ivanti User Community : All Content - Software Distribution
Viewing all 1056 articles
Browse latest View live

In Distribution Packages the Reset Package Hash has a red X, is reseting Package hashes not used in 2016.3

$
0
0

I'm running 2016.3 No patches

Do we not reset package hashes in 2016.3?


How to use Ivanti EPM Content Replication

$
0
0

More information about how a replication job works can be found in LANDESK Content Replication Process

 

 

 

Components

There are a few components involved in the Content Replication process that are all used to create and manage a replication setup.

 

Ivanti Endpoint Manager Console

The configuration of all settings is done in the Ivanti EPM Console. The console also contains information about running, pending, and unscheduled tasks. There is also a task history with progress, status and logs for each replication task. Additionally, the console allows the Ivanti EPM administrator to quickly stop any running replication jobs or disable job(s) from running in the future. For more information about the tools available in the Ivanti Endpoint Manager Console see:

 

Ivanti EPM Content Replication - Console Options and Tools

 

Preferred servers (Targets)

These are the preferred servers that the clients will use to download files from. They are also the target servers that files will be replicated to from a source location. Any existing configuration of the Preferred servers will persist through an upgrade and can still operate as preferred servers only, without replication if desired. For more information about all the configuration options available for a Preferred server please see:

 

Ivanti EPM Content Replication - Preferred Server (Target) Configuration.

 

The Preferred servers will continue to operate the same way they did with previous versions of Ivanti EPM. Clients will attempt to get files from Preferred servers first, before attempting to get them from the original source location. More information about how Preferred servers work and support clients can be found here:

 

How to Configure a Preferred Package Server

How to set up an HTTP share for a Preferred Package Share

Using Preferred Server in Patch Manager

 

Some of the configuration steps in the documents above have changed. For current configuration options see the various updated documents listed here.

 

The Preferred server must have identical shares that match any Source that is replicated to them. That means if \\FileServer\Software is replicating to PreferredServer1, then PreferredServer1 must have a Software share (\\PreferredServer1\Software). These shares must be created manually, but any folders inside the shares can be created by the replication process.

 

A Preferred server that will be a target for replication can be any UNC compatible device, including NAS devices.

 

A Source can also be a Preferred server. For example, a "master" Source may replicate to "child" Sources. Then those "child" Sources replicate to more Preferred servers. In this case, a "child" Source would be both a Preferred server (for the "master" source) and a Source (for the final Preferred servers).

 

Sources

A source is any UNC or HTTP share that contains data and files that need to be replicated to Preferred servers. A source can be configured as an entire share or a specific folder inside a share. All subfolders and files are included as part of the source. For example, if a source is configured as \\FileServer\Software, it will include all the files and folders inside the Software share. However, if it is configured as \\FileServer\Software\Microsoft, it will only include the files and folders inside the Microsoft folder. For more information on the configuration of a Source see:

 

Ivanti EPM Content Replication - Source Configuration

 

Any number of Sources can be configured. They can overlap if needed. They can all be managed independently and assigned to any combination of Preferred servers as needed to suit the environment. The share names must match and already be configured on any Target Preferred servers, but any subfolders will be created by the replication process.

 

A Source can also be a Preferred server. For example, a "master" Source may replicate to "child" Sources. Then those "child" Sources replicate to more Preferred servers. In this case, a "child" Source would be both a Preferred server (for the "master" source) and a Source (for the final Preferred servers).

 

Replicators

A Replicator is any Windows-based managed node and must be a Windows-based managed node. The Replicator is the machine that will do the replication work. It will identify which files and folders on the source need to be copied to the Preferred server (Target) then download those files and push them to the Preferred server (Target). The device used as the Replicator will need to have enough storage for the files being replicated to be stored in the cache.

 

The replication process is managed on the client machine by the LANDESK Local Scheduler and the client process that performs the replication is vulscan.exe. The Replicator configuration allows for scheduling replication, including a true maintenance window as well as bandwidth restrictions as needed. For information on configuring a Replicator see:

 

Ivanti EPM Content Replication - Replicator Configuration

 

During a replication job the Replicator will identify which files are missing from the Preferred server. It will then download those files from the Source and push those files to the Preferred server. All files that are downloaded to be pushed to Preferred servers will remain in the Replicator's cache. The time to keep these files can be configured in the Replicator settings. For details on the file replication process see:

 

Ivanti EPM Content Replication Process

 

A Replicator can be configured on a Source or a Preferred server. In this case, a single device would serve 2 roles. Also the device will have 2 copies of all files that were replicated. One in the share location and one in the SDMCache.

 

If the SDMCache is on the same drive as the share (C:\Program Files\LANDESK\LDClient\SDMCache and C:\Share, or D:\SDMCache and D:\Share) Ivanti EPM will try to create a hard link so that there is only one physical copy of the data on the disk, even though it can be found in two logical locations.

A single Replicator can handle any number of independent Sources and Preferred servers (Targets). However, a Preferred server can only have ONE replicator assigned to it.

Replication Scenarios

A large variety of configurations and scenarios can be set up to meet many file replication needs using Ivanti EPM Content Replication. These vary from a single Source and single Preferred server to dozens of Sources and hundreds of Preferred servers, each needing different sets of files. Most needs can be met with good planning and some creativity. To get started, a few scenarios can be found here:

 

Ivanti EPM Replication - Scenarios

 

These scenarios are meant as a starting point or ideas in developing a replication configuration. Not all of the scenarios are in use in a production environment and should be carefully tested.

Error: "404" when adding additional files to package

$
0
0

Description:

While adding additional files to a package a 404 error occurs.

RemoteServer404.jpg

 

CAUSE

One of the sub-directories has a file that is set as a default content page like: Default.aspx, Default.htm, Default.asp, index.htm, or iisstart.htm.

When accessing that directory those pages are served up instaed of a listing of the directory.

 

RESOLUTION

Change to a UNC share.  Those files are not going to be downloaded to clients if using download from source since IIS will treat them as webpages and not downloadable content.

 

RESOLUTION 2

 

  1. Open IIS manager and browse to the root of the package.
  2. Highlight the directory.
  3. Double-click "Default Document"
  4. On the right-hand side under "Actions" click "Disable"
    or
  5. Click on the specific page that the package contains and click "Remove" on the right hand side under "Actions"
  6. Click Ok.

How to use a Transform (MST) File

$
0
0

Using a Transform File

 

A transform file (.mst) is file that passes customized configuration settings to the MSI installer package. Information about the customized setup of a package, application configuration, or a variety of other customizations is contained in the transform file. These customizations are typically unique to a specific environment.

 

Once a transform file is created, the transform file needs to be added to the package as an additional file.

 

additional files.bmp

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

To use a transform file that was added as an additional file, the TRANSFORMS= command must be part of the command line.

For example, If you had a package that had a .mst file called test.mst the command line would need to contain TRANSFORMS=test.mst. LANDesk will then build the command line for msiexec.exe to look something like this:

msiexec.exe /i example.msi TRANSFORMS=test.mst


This would install the application (/i) and use the specified transform file. This example also assumes that the transform file is in the same directory as the msi. In the event that they transform file is not in the same directory the path would need to be specified.

msiexec.exe /i example.msi TRANSFORMS=c:\your_directory\test.mst

 

The msiexec.exe command is called by LANDESK and does not need to be specified in the command line and the install switch is added to the command line automatically for you. The only additional parameter required to use the transform file is the TRANSFORMS= command. Other parameters may be specified based on the requirements of the package.

When calling a transform file from the command line TRANSFORMS must be in all capital letters. Also note that there is no / or \ for TRANSFORMS.

 

This is what it should look like in the console:

MSI Options1.bmp

How to set up an HTTP share for a Preferred Package Share

$
0
0
Information on how to debug your Preferred Server configuration can be found here: http://community.landesk.com/support/docs/DOC-27151

For configuring a Preferred Server on a Core Server see the following Community Document:  http://community.landesk.com/support/docs/DOC-1385

 

Creating an HTTP share for a Preferred Package Server


Create a folder on your Preferred Package Server - This folder MUST be the same structure as your root folder on your primary package server.


Example:

 

If the primary package server URL is ..\Program Files\directory1\appname\application.exe

Your preferred package server would be ..\Program Files\directory1\appname\application.exe.

 

Replicate all the files and folders associated with the original package root to the new folder created on the preferred server.
Any file replication software can be used to automate this process. It is recomended to use LANDesk Content Replication to preserve the hash and to make file management easier.

 

  1. Install IIS if it is not already installed on your server.
  2. Add the MIME type ".* octetstream/application” to the “DefaultWebsite”. This is done under the properties of the “DefaultWebsite”. If any files have no extension, you will also need to add a . to the Mime Types.
    ld8-2009-10-06-14-00-48.jpg
  3. Create a new Virtual Directory in IIS with the same name as the root folder.
    Again, the file structure needs to match identically on your main package server and your preferred package server. If these shares do not match then the file transfer will fail.

    For Example:
    If the primary package server URL is:  http://packageserver/directory1/appname/application.exe
    Your preferred package server would be: http://preferred_package_server/directory1/appname/application.exe

  4. Make sure this Virtual Directory gets “Read” and “Directory Browse” rights.
  5. Assign the IUSR_ account Read and Execute NTFS permissions to the new folder

 

For Windows 2008 and IIS 7.5, please visit How to set up a Preferred Server in IIS 7.5

Issue: Software Distribution task status is "Failed", even though software installed successfully

$
0
0

Issue

A software distribution task will be created and run.  The required package will successfully deploy, but the task will show failure in the LANDESK console.

 

 

Cause

Traditionally software tasks used an exit code of 0 to indicate a successful status, and anything nonzero meant an error had occurred, with the different exit codes meaning different reasons for the failure.  Unfortunately it is becoming more and more common to use nonzero exit codes to indicate success.  For example, exit code 3010 often means that the installation was successful, but a reboot is required.  In this scenario it would be beneficial to have that count as a success rather than a failure.  This is especially true for Policy Support Push tasks that rely on a successful status to make sure that the device doesn't get queued up to run the same task as a policy.

 

Resolution

A custom return code mapping can be created by following these steps:

 

How to assign Distribution return codes

How to quickly troubleshoot a Software Distribution job

$
0
0


Description

                 

The idea of this document is a resource for what to look for when a Software Distribution job fails.  Its intent is to help anyone using the Ivanti EPM product narrow down the cause of a failed Software distribution job.  This document is not intended to cover high-level troubleshooting (I.E. using Xtrace and Packet captures).

 

Assumption


This document is assuming that the Software Distribution job has actually attempted to run on a system.  This document is not going to cover scenarios or problems that may occur with "Scheduling" a Software Distribution job.  Troubleshooting the "Global Scheduler" is an entirely different topic.

 

Understanding how Software distribution tasks run


The first and worst assumption that is always made is the following:  "The software installs fine if I browse to the location and run it manually".  This is the biggest misconception that almost everyone makes when trying to diagnose a Software Distribution task.  When a task is run using this method, it is run as the logged in user, or if desired the "Run as" option is selected and it runs as a specific user.  By default Ivanti EPM runs its tasks using "LOCAL SYSTEM".
The only way that a Software distribution job should ever be tested is trying the run them as " LOCAL SYSTEM".  The following document will walk you through testing an application as "LOCAL SYSTEM".  http://community.landesk.com/support/docs/DOC-2316
Once you have brought up the "LOCAL SYSTEM" CMD prompt do the following.  Use the "NET USE" command to map a drive to the software location.  Make sure that when the application is selected the switches that may have been added when creating the task are used.  (For Example msoffice.exe /q)

 

If the application still fails

 

  • The application should always be tested on multiple systems.  It is possible that a single test system may have a problem.
  • Make sure "LOCAL SYSTEM" has the appropriate rights to the share.
  • If the same failure occurs on all test systems a call should be made to the vendor of the application that you are trying to deploy.  The vendor is always going to have the most insight as to why their applications fail to install.  It could be something as simple as a switch that cannot be passed, or something as unlikely as certain operating system patches have to be applied first.
  • Before any Software Distribution packages are created using LDMS it should be tested using the above method first.  Verify all is working as expected.

 

I can now run the software as "LOCAL SYSTEM"


What should I check on the client side


The sdclient_taskXXX.log in the ldclient\data folder.  This log contains almost everything that should be known about the task.
Open this log and scroll to the bottom.  If the job is failing something like this will be seen:

 

Fri, 23 Jan 2009 12:40:47 .\AdditionalFiles.cpp(62): (8DAC4026): Failed to download file http://LANDesk.Gateway@10.4.42.98/ldlogon/FileLists/taskmanifest.WLUDEV071119.154.2303.ini : (80070002)
Fri, 23 Jan 2009 12:40:47 processing of package is complete, result -1918091226 (0x8dac4026 - code 16422)


According to this log, the taskmanifest file is not being downloaded to ldclient\sdmcache.

What to do with this information:


At this point we have a failed result code that is highlighted in red.  You should go to http://community.landesk.comand search for what is highlighted in red.  I would first put both together.  If I get nothing search for the results separately.  -1918091226 first.  If I get no hits search for (0x8dac4026 - code 16422).  These questions are usually answered in the community.  If not, you know what to talk to the support tech about.

 

Downloaded http://ci-ldms/Ldpackages/SWDistribution/JR142_18b/Ldms/Onefile/JR142_18b.exe did not match the hash, expected o23uEj6jKNWh+0pDt9oK1g== actual JE1ajAIxHFHUTV11Hs73fQ==
Mon, 15 Dec 2008 11:55:17 .\AdditionalFiles.cpp(227): (8DAC4027): Failed to download and hash all additional files.


According to this log there is a problem with hashing of files.  There is already a great document on this issue.  Error: "Failed to Download and Hash All Additional Files" .

Also searching the results in http://community.ivanti.com is always a good thing to try.

               

Note:  No matter the error message seen in the console.  It is always best to review the sdclient_taskXXX.log first.

               

What if I know my task installed successfully, but the status of the core server is not reflecting a success?

               

  1. There are a couple of reasons that can cause this issue:
    Return Codes- Some vendors will send back a return code that is a non "0" for a success.  LANDESK interprets anything that is not a "0" return code as a failure.  This is common in applications like Office 2007.  In the case that a vendor goes away from the standards and uses non "0" return codes as a success.
  2. In LDMS 9.0 or newer, the Return Code Template that is associated with the package can be changed to include this non-zero exit code as a successful exit code Software Distribution Return Code Mapping Configuration Guide
  3. In 8.8 and older versions, the resolution is to use a batch file.  See About Batch File Distribution Packages
  4. Client is simply not sending the status back to the core
    This can be narrowed down by looking at How to troubleshoot policy status reporting

 

What can be done to make sure I limit the possibilities that Ivanti EPM is going to be the reason a job fails.

               

  1. Make sure your core & clients are on the latest service pack.
  2. Make sure that your clients have the latest version of lddwnld.dll, and tmcclnt.dll.
  3. Configure the Core Server and all shares the software packages are stored on to be Preferred Servers.  This is easily configured on the Core server under Tools | Distribution | Content Replication/Preferred Servers.  An IP range does not have to be configured.  SeeHow to configure a Preferred Package Server

NOTE:  See the following for more information on Troubleshooting Policies: http://community.ivanti.com/support/docs/DOC-3245

How to use the Ivanti EPM Software Deployment Portal

$
0
0

Description

 

The purpose of this document is to cover the usage of the Ivanti EPM Software Deployment Portal.

 

Requirements

 

The following prerequisites must be met in order to use the Software Distribution Portal in Ivanti EPM:

 

  • Ensure the Scheduled task is not set to reoccurring. This is configured in the Scheduled Task Properties window under Schedule Task and Task Settings.

Schedule Task.png

  • Ensure that the "Task Type" is set to Policyunder Task Settings.

Task Settings.png

  • The "Portal Options" under "Portal Settings" must be configured as Recommended (display in portal) or Optional (display in portal).

Portal Settings.png

One the applicable devices have been added, start the task.

 

Viewing the Policy in the Portal

 

Once the task has been started, the core will process the task and create the policy for each device in the task.

 

The task is ready to appear on the Portal when the "Status" says Waiting and the "Result" says Policy has been made available in the Ivanti EPM console.

Task Status.png

At this point, it is up to the workstation to run PolicySync.exe and retrieve the task. This is done in a couple of ways:

 

  • The Local Scheduler on the workstation runs PolicySync.exe automatically due to its scheduled recurrence. This is configured under the Distribution and Patch Agent Settings under Policy Sync Schedule.
  • PolicySync.exe can be forced to run by clicking the Refresh button in the Ivanti EPM Portal Manager

PolicySync Schedule.pngPortal Manager.png

                                                               


Issue: File Extensions such as ASP or .ASPX can't be downloaded from a Web Share

$
0
0

Description

 

Certain file extensions cannot be downloaded from a package server's web share running Internet Information Services (IIS) and ASP.NET, though these extensions may be downloaded just fine from a package server running another web server like Apache.

 

By default the following extensions cannot be downloaded on a server running IIS with ASP.NET.

 

Extensions (a - c)

Extensions (d - r)

Extensions (s - z)

.asax

.dd

.sd

.ascx

.exclude

.sdm

.ashx

.idc

.sdmDocument

.asmx

.java

.shtm

.asp

.jsl

.shtml

.aspx

.ldf

.sitemap

.axd

.licx

.skin

.browser

.master

.soap

.cd

.mdb

.stm

.cdx

.mdf

.svc

.cer

.msgx

.vb

.compiled

.regresh

.vbproj

.config

.rem

.vjsproj

.cs

.resources

.vsdisco

.csproj

.resx

.webinfo

 

 

Other extensions may also be processed on the IIS server, such as .php if such is installed.

 

Cause

 

This is because certain file extensions are mapped to be processed by an application on the IIS server and only the output should be displayed.  Many of these extensions do not have output but instead will just say that access is denied.

 

Resolution

 

These extensions can be allowed for one particular web service without affecting other web services.

 

This can be resolved in a two step process:

 

  1. Create a new web share for the packages (if one is not already created).

  2. Allowing all files to be downloaded instead of processed on the web server

 

Step 1 - Creating the Distribution Package Web Share

  1. Create a folder on the server where the packages will be stored. (This may already be created.)

  2. Open Internet Information Services (IIS) from Administrative Tools.

  3. Right-click on Default Web Site and choose New | Virtual Directory.

  4. Click Next.

  5. Enter the Alias for the web share.  For example, if the web share is going to be then the Alias name is Software.

  6. Click Next.

  7. For the Path, enter the folder on the server where the packages are be stored.

  8. Click Next.

  9. Check the option to allow Read and Browse.

  10. Click Next.

  11. Click Finish.

 

The virtual directory now appears under the Default Web Site.

 

Step 2 - Allowing all files to be downloaded instead of processed on the web server

 

  1. Right-click on the newly created virtual directory and choose Properties.

  2. Under the Virtual Directory tab, under the Application settings section, click the Create button to create the web application.

  3. Click the Configuration button.

  4. Under the Mappings tab, delete all the extensions under Application extensions except of one.

    Warning:If every single item is removed it seems IIS adds them all back in.  So it looks like you have to have at least one extension in the list or all extensions are added again.  Create a bogus extension such as .BogusExtension and leave it in there.
  5. Click OK to exit the configuration. 

  6. Click OK again to exit the properties of the virtual directory.

How to add Local Users and Groups using a Batch File Distribution Package

$
0
0

 

Adding a Local User

 

A batch file can be used to add a local user to many machines at once.

 

The following is a sample batch file that will accomplish this task.

 

REM Add a user batch file  net user john1 passwd! /add

 

However, maybe you do not want the username and password in the batch file in clear text. That batch file will hang out in the ldclient\SDMCache for a short time, as well as be echoed to the sdclient_task#.log in the ldclient\data directory.

 

So you can store the password in the command line of the Distribution Package.

 

REM Add a user REM %1 is the username REM %2 is the password  REM Turn echo off so the password is not echoed to the log @echo off net user %1 %2 /add

 

Now in the distribution package simply put the username and the password in the command line.  The password is still clear text in the Distribution Package, but only Ivanti EPM administrators can see that so there is more security there.

 

Deleting a Local User

 

To delete a user, it is just as simple.

 

REM Add a user batch file  net user John1 /delete

 

Adding Local Users from a .CSV File

 

Here is one command in a batch file that will add all the users from a .csv file.

 

REM Add all the users from a .csv file  REM Turn echo off so the passwords are not echoed to the log @echo off FOR /F "tokens=1,2 delims=," %%a IN (users.csv) DO net user %1 %1 /add  REM Now delete the .csv file.  We need to delete it, it has clear text passwords del /F /Q users.csv

 

The .csv file would look like this:

 

John,passwd!1234 Jane,passwd!1234 Jared,passwd!1234

 

Adding a Local Group

 

Use the following batch file to add a local group.

 

REM Adding a local group  net localgroup MyGroup /Comment:"My own Group" /add

 

Deleting a local Group

 

Use the following batch file to delete a local group.

 

REM Adding a local group  net localgroup MyGroup /delete

 

Adding a User to a Local Group

 

Use the following batch file to add a user to a local group.

REM Adding a user to a local group  net localgroup MyGroup john /add

 

Deleting a User from a Local Group


Use the following batch file to delete a user from a local group.

REM Deleting a user to a local group  net localgroup MyGroup john /delete

 

Managing a Local Administrator Account in Workgroup Environments

 

It may be beneficial especially in Workgroup environments to have a local administrator account that has the same username and password on all workstations.

 

This can be done with this batch file.

REM Adding a local administrator REM Turn echo off @ECHO OFF  REM Add the user net user ITAdmin %1 /add REM Put the password in the distribution package's command line  REM Add the user to the group net localgroup administrators ITAdmin /add  REM Remove the user from the default "users" group net localgroup users ITAdmin /delete

How to open a command prompt running as the Microsoft "Local System" account

$
0
0

Description

 

There are multiple ways to open a command prompt running as the Local System account.  Here are some easy ways to do this:

 

Note: All commands should be run from an administrative elevated command prompt (CMD running as administrator

 

  • Download a Sysinternals tool called PSexec. This tool can also be used to launch other programs or scripts as the local system (regedit.exe!).  Run:

    psexec -i -s cmd.exe

 

 

  • On an Ivanti EPM agent, run the following command from a command prompt as a local administrator:

    "c:\program files\landesk\ldclient\localsch.exe" /exe=cmd.exe

     

  • On a workstation without a n Ivanti EPM agent, use Microsoft's Scheduler service by running the following command at the command prompt. Note: Determine the current system time and replace the time in the example below with the current time on your system plus 1 or 2 minute(s).  For example, the command for 2:23 PM would be this:

at 14:23 /interactive cmd.exe

 

  • When remote controlling an Ivanti EPM agent, in the top of the screen there is a Run: field.  Simply type "cmd.exe" in the Run:  field and click the green arrow.

Note: This doesn't work with the Management Gateway on-demand agent, because the user launches the on-demand agent.  It only works with the agent service.

 

  • Download the attached script to the scripts directory on your Core Server.  Schedule the attached script as a scheduled task from the Console.  It will open a Local System command prompt on the target workstation. 
    Local System Command Prompt.ini

How to keep files in the SDMCACHE directory for a longer period of time

$
0
0
This document applies to LDMS 9.5 and older versions. For LDMS 9.5 Service Pack 1 and later please refer to the following document: How to alter the retention period for content to remain within SDMCACHE

Issue

How to change the time that files remain in the SDMCACHE directory.

The SDMCACHE directory is where LANDesk products store files that were downloaded during Software Distribution or Patching tasks. By default, this folder is purged every 7 days on normal agents and every 14 days on subnet representative agents.

 

 

Solution

  1. Change the following registry values on the client:

    32bit
    HKLM\Software\Intel\LANDesk\LDWM\Distribution\Multicast\Discard Period
    HKLM\Software\Intel\LANDesk\LDWM\Distribution\Multicast\Subnet Rep Discard Period

    64bit
    HKLM\Software\Wow6432Node\Intel\LANDesk\LDWM\Distribution\Multicast\Discard Period
    HKLM\Software\Wow6432Node\Intel\LANDesk\LDWM\Distribution\Multicast\Subnet Rep Discard Period
    Default Data for Discard Period is set to (604800) in seconds = 7 days
    Default Data for Subnet Rep Discard Period is set to (1209600) in seconds = 14 days

 

         Increase the data value in seconds.

 

          Note: When updating the registry, this will update the *.info files located in ldcacheinfo directory for the discard date.

 

      2. Restart the LANDesk Targeted Multicast service on the client.

 

          Note: This does not change the time for files that are already in the SDMCACHE directory. To change the time for existing files in Management Suite 9.0 SP2 or higher, delete the LDCACHEINFO subfolder from each directory containing files needing the longer discard period before restarting the service.

 

          To verify that the files have been cached the intended amount of time, run "TMCsvc.exe /F | more" from a command prompt in the \LDClient directory. This command will output cached files "time to live" values to the screen.

Error: "Failed to download and hash all additional files" when running task

$
0
0

Description

 

Launching a software distribution task often results in one of the following errors:

 

Failed to download and hash all additional files

Failed to download all additional files for a package

 

Sometimes this error, though rare, may also be seen:

 

No more connections can be made to this remote computer at this time because there are already as many connections as the computer can accept.

 

 

Cause

 

There are several possible causes:

 

  1. The hashes in the database do not match the actual hashes of the files.

  2. The Scheduler Service on the core does not have access to the package files where they are stored on the network, so it cannot calculate the hash, update the database or generate the taskmanifest file.

  3. The file being downloaded is not an allowed MIME type in IIS.

  4. Files specified in the distribution package do not exist or cannot be found. This is common if using the auto detect feature in MSI distribution packages.

  5. The path to the files in the distribution package is using a c:\program files\path format. This is incorrect, it must be a UNC or an HTTP path.

  6. If the package is being hosted on a workstation vs. a server the number of connections may be exceeded.

  7. The taskmanifest file is being generated with an incorrect Core server name or ip address. The scheduler account is locked out or unable to authenticate.

 

Troubleshooting

 

  1. In the LANDESK Console under the Scheduled Task, under Failed, right-click on the device name with the failure and choose View log file.

    • If the log file does not exist, this indicates that the hash was never generated.  This usually means the files cannot be accessed and hashed.  If using a UNC share this indicates that the Scheduler service account does not have access to the files.  If using a Web Share it may indicate a hidden file, invalid mime types, or incorrect permissions.

    • If the log file exists, the error is after the hash generation and more likely to be a problem with a failure to download a file, or a file has been modified since the has was created.

  2. View the scheduledtaskhandler_##.log in \\CoreServer\ldlog. This log helps indicate what files the package is having issues hashing or downloading.

  3. If this article does not assist in resolving this issue, contact LANDESK support.

 

Resolution

 

  1. Reset the package hash.  To do this do the following from the LANDESK Console:

    1. Go to Tools | Distribution | Distribution Packages.

    2. Right click on the Distribution Package and choose Reset package hash.

  2. Use different credentials for the scheduler service, or modify the share and file permissions so the account that launches the scheduler service will have access.

  3. Verify that IIS mime types are properly configured. To do this:

    • Open the IIS administration tool on the core.

    • Choose Default web site properties | HTTP Headers | MIME Types.

    • Add the following MIME types:
      Extension:  .*
      MIME type:  All file types

  4. Verify all files in the distribution package exist and are not hidden.

  5. Change the source path to the files from UNC to HTTP. This helps eliminate issues that may occur due to share permissions.

  6. If the core server is in a different AD domain, add the full domain name in the properties of the package under the package location.

    For example:

  7. Add the Domain Computers group to the security tab of the share.

  8. Create a new Delivery Method, and uncheck the Bandwidth Throttling option.  Test using the new Delivery Method.

  9. If the taskmanifest file in the ldlogon\Filelists folder does not contain the correct Core server name or IP address the name of the Core server has been changed.

  10. Unlock the account used for the Scheduler service.

  11. Use Preferred Servers so you can specify the account that will download package files instead of using Local System. In the console, click Configure, then Preferred Server, then Add, and specify the server and account you wish to use. (You can only configure preferred servers from the console on the core itself).

 

If the above fails, rename the file in the package to a different name and setup the package again. It has been seen at times where something has corrupted the file.

How to use Poweroff.exe in a script to reboot machines

$
0
0

Description

 

 

Creating a script to reboot machines with POWEROFF.EXE in:

 

C:\Program Files\LANDesk\ManagementSuite\ldlogon

 

 

How to use

 

 

Create a script with the following REMEXEC command:

 

REMEXEC0=C:\Windows\System32\Poweroff.exe 600 /REBOOT /nocancel

 

 

  • 600 is the number of seconds before the machine will reboot and can be adjusted as desired
  • /REBOOT must be capitalized
  • /nocancel option will take away the cancel button in the UI. This is not case sensitive.

How to interpret Scheduler Task Status Codes and MAC_STATUS for a task

$
0
0

Scheduler task status codes

 

The LD_TASK table inside the LDMS database contains a TASK_STATUS column whose values are represent the status for each task.

 

Below are the code definitions for the TASK_STATUS column:

 

CodeDescription
-1No Change
0Waiting
1Working
2Done (Deprecate)
3Failed (See NT Event Viewer)
4Failed (Scheduler Service Stopped)
5Success
6Partial Success (Not all devices processed task)
7Failed (All machines failed)
8Unknown value returned
9Hold (New Task)
10

Do Now (Begins task)

11Failed (Do not retry)
12

Pull Available (Policy Tasks)

13Invalid
14Failed (Task Cancelled)
15

Failed (Task Handler reported an exception)

16ASync Execution (Push Tasks)


 

Machine Status


The LD_TASK_MACHINE table inside the LDMS database contains a MAC_STATUS column whose values are represent the status for each machine targeted in a task.

 

Below are the code definitions for the MAC_STATUS column:

 

CodeDescription
-1No Change
0Waiting
1Working
2Done
3Failed
4Active
5Failed (Do not retry)
6Failed (Invalid IP)
7Failed (Unreachable)
8Failed (Task Cancelled)
9Busy
10Delayed
11Failed (Retrying)
12Async Execution
13Timezone Waiting

Policysync

$
0
0

Hi,

 

I am runing 9.6 SP1.

I noticed that policysync create srt file in c:\temp.

 

Any idea what those files are?

 

Thank you

软件分发问题

$
0
0

   1)门户管理推送后,很多卡在安装节点中,如上周推送的,有的好了(响应慢),有的仍然显示安装,速度非常慢,当前用户没有推送其它的任务,终止不了;

   2)推送软件安装包的时候,用指定用户推送时,经常失败,不知设置是否错误;

    3)推送软件时,到底是否需要代理,自己测试没用代理的时候容易失败,有代理还成功过,代理的作用是?;

    4)软件打包工具的使用,打包成静默安装模式;

Issues with InstallEase

$
0
0

Hello all,

    I have been trying to use InstallEase to create MSI packages for deployment.  I have been unable to create an installer that successfully performs the process. 

I have had a variety of errors in my testing.  One consistent one referenced some registry keys that had no value, and the MSI could not be created.  This persisted no matter how much I removed from the snapshot.  I did an easy one, where I copied files to the Program Files (x86) directory and then created links to those files and placed them on the desktop.  I was able to complete the process and an MSI file was generated.  After reverting the changes I made so I could test the installer, I attempted to use this MSI.  The "Gathering required Information" part takes longer that I have seen on other MSI installers.  I am not sure if that is related.  I get an error that it could not write a value to a key in the registry.  That I should check if I have sufficient privileges.

 

For reference, the details of this test environment are.  The OS is Windows 10 (latest build and updates) running as a VM (hyper-V).  Using a local user account that has admin privileges.  The Host OS is also a Windows 10 (latest build and updates) running on a Workstation laptop (Xeon processor, ECC RAM, etc).

 

Any thoughts are appreciated.

 

Sincerely,

  Pat

Replicator Stops reporting

$
0
0

We have random issues where the replicator stops reporting after so long.  Than it works other times.

 

We have tried to reinstall agent on client no correct.  

 

 

2018 10:11:33 Last status: Retrying in 1 seconds...

Thu, 01 Feb 2018 10:11:54 Action SOAPAction: "http://tempuri.org/ResolveDeviceID" failed, socket error: 0, SOAPCLIENT_ERROR: 5.  Status code: 503, fault string:

Thu, 01 Feb 2018 10:11:54 Disabling vulscan's & lddwnld.dll's use of proxyhost

Thu, 01 Feb 2018 10:11:54 ERROR: function DisableProxyHost is no longer supported

Thu, 01 Feb 2018 10:11:54   Retrying in 12 seconds...

Thu, 01 Feb 2018 10:11:57 Last status: Retrying in 9 seconds...

Thu, 01 Feb 2018 10:11:58 Last status: Retrying in 8 seconds...

Thu, 01 Feb 2018 10:11:59 Last status: Retrying in 7 seconds...

Thu, 01 Feb 2018 10:12:00 Last status: Retrying in 6 seconds...

Thu, 01 Feb 2018 10:12:01 Last status: Retrying in 5 seconds...

Thu, 01 Feb 2018 10:12:02 Last status: Retrying in 4 seconds...

Thu, 01 Feb 2018 10:12:03 Last status: Retrying in 3 seconds...

Thu, 01 Feb 2018 10:12:04 Last status: Retrying in 2 seconds...

Thu, 01 Feb 2018 10:12:05 Last status: Retrying in 1 seconds...

Thu, 01 Feb 2018 10:14:03 Action SOAPAction: "http://tempuri.org/ResolveDeviceID" failed, socket error: 10054, SOAPCLIENT_ERROR: 5.  Status code: -1, fault string:

Thu, 01 Feb 2018 10:14:03 Disabling vulscan's & lddwnld.dll's use of proxyhost

Thu, 01 Feb 2018 10:14:03 ERROR: function DisableProxyHost is no longer supported

Thu, 01 Feb 2018 10:14:03 Handling case of core server not found.

Thu, 01 Feb 2018 10:14:03 Last status: Failed: Core returned error

Thu, 01 Feb 2018 10:14:03 GetComputerIdn {B717B54C-E7DF-2B41-AAF9-5DA53C6454DA} = -1

Thu, 01 Feb 2018 10:14:03 Error:  Unable to resolve computer idn

Portal Manager applications wont install on client workstations

$
0
0

Hey awesome folks ive been reading alot on the website and found resolutions to problems i have been having...but now i need to ask my first question

 

For some reason application i made available in portal manger wont install when a user clicks on it. i had it working at first but it asked for admin rights to complete the download and installation.

currently running 9.6 and are on the verge of upgrading very soon. i along with my team want to put portal manager to its full use for the users, but i am stuck and dont know what else to do help please.

Viewing all 1056 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>