We are currently using UNC paths for all of our software packages. We have setup the permissions on the UNC paths so that only the client systems have access to that particular folder. This is to help protect our software repos from unauthorized access. I would like to move to using HTTPS so that I can get around firewalls to clients that are not on our home network. Is there a way to use HTTPS to distribute software that requires the system to authenticate?
We have tested couple of ways to distribute Visual Studio 2017 (over 12 gig)
Windows Action:
Download zip
Extract zip
setup /{with switches}
EXE
setup /{with switches}
additional files (include all files and sub directories)
Batch file
setup /{with switches}
additional files (include all files and sub directories)
EXE - run from source (network type install)
All methods install Visual Studio 2017 successfully, however the task gets stuck in "installing state"
For the Windows action sdistps1.exe never ends which causes the task to be in the stuck state.
I was wanting to see what others are doing to get Visual Studio 2017 installed.
Best known methods are only intended to be a starting point while finding what works best in any given environment. This guide will assist Ivanti Administrators with creating a software distribution package for Microsoft Office 365 Click-to-Run and deploying it with Ivanti EPM. When distributing Microsoft Office to multiple computers it is important to obtain the volume license for that product version. This document does not make reference to volume licensing. For more information on Microsoft Volume licensing please go direct with Microsoft.
There are (2) Deployment tools available. If you are managing Office 2016 product please use the 2016 version. For this example, the 2013 version was used.
For this example, the Core's LDLogon share was used and I created an Office sub-folder.
Image may be NSFW.
Clik here to view.
Run the Executable
Image may be NSFW.
Clik here to view.
Customize the Configuration.xml
Below is an example of what the Configuration file will look. You can modify the attributes to your liking through the Configuration XML Editor tool or by manually editing the file.
<Configuration> <Add SourcePath="\\share_server_name\share_folder" OfficeClientEdition="32" > <Product ID="O365ProPlusRetail"> <Language ID="en-us" /> <Product ID="VisioProRetail"> <Language ID="en-us" /> </Product> </Add><Updates Enabled="TRUE" UpdatePath="\\share_server_name\share_folder" /><Display Level="Full" AcceptEULA="TRUE" /><Logging Level="Standard" Path="%temp%" /><Property Name="AUTOACTIVATE" Value="1" /></Configuration>
Now that your configuration xml file has been completed, open up an admin command prompt, navigate to your share and run the following:
setup.exe /download configuration.xml
This creates an "Office" folder with all the required files to complete your install.
Image may be NSFW.
Clik here to view.
\\server_name\share_name\setup.exe /configure \\server_name\share_name\configuration.xml
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
/Configure configuration.xml
Image may be NSFW.
Clik here to view.
Note: You will be prompted to add the contents of any sub directories contained in your Office folder. Choose Yes.
Image may be NSFW.
Clik here to view.
Hi Ivanticommunity,
may be someone else out there had the same issue than me and knows how to solve it. I`m deploying Win10 upgrade from Win7 to clients via UEM. That normally works fine, but now there`s a client which don`t wants to upgrade. The Job starts and the download of the ISO file works fine, but when the Installation starts there`s Always this errorcode:.
this is a part of the log for that Job in Ivanti UEM:
Tue, 07 Aug 2018 09:49:12 Processing generic executable
Tue, 07 Aug 2018 10:00:31 Launched application 'C:\Program Files (x86)\LANDesk\LDClient\sdmcache\Softwareverteilung\Microsoft\Win10upgr\deWin10ProX64\setup.exe'('/auto upgrade /noreboot /quiet') result -1047526944
Tue, 07 Aug 2018 10:00:31 Installation result 8DB501E0
Tue, 07 Aug 2018 10:00:31 RunPackageInstall: stop on returncode=8db501e0 of package=W10Ver1803upgr
Tue, 07 Aug 2018 10:00:31 processing of package is complete, result -1917517344 (0x8db501e0 - code 480)
The Problem is I can`t find anything about errorcode 8db501e0, what does it mean?
Mit freundlichem Gruß
i.A. Florian Schriefer
Sometimes the drive can run out of space quickly due to patching. This guide will walk you through altering the retention of files within the SDMCache Folder
Within your Agent Settings tool locate the Client Connectivity options. Go to the Download Tab and alter the Number of days files stay in cache to whatever value you would like.
G'day all,
I'll be the first to admit I have no idea what I'm doing when it comes to Macs so if you can help you may need to use small words
I've got a couple of Macs in my environment and have been able to package and deploy various applications without any issues.
Adobe Creative Cloud on the other hand seems to be a different beast entirely, as much as it says it's a .pkg file my windows server sees it as a folder as well as Ivanti.
When attempting to create a package I get the following error:
Image may be NSFW.
Clik here to view.
The package is indeed available at that address if you manually navigate to it. I'm presuming it's just something simple I'm missing but all the other forum posts regarding this package that I have found seem to indicate that the package should be detected like any other package and using the Adobe Packager, which is what I used, is all that is required. If I run the installer manually on a Mac all works as expected.
Any assistance around this would be fantastic.
Thanks
Fry
2018.1 SU1 added the "Task Overrides" options in the scheduled tasks properties window:
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
This was added to allow software distribution to not be beholden to the maintenance window on the agent. For Patch tasks, the "Ignore Maintenance Agent Settings" from the main properties window to the new "Overrides" section.
If you want your tasks to respect the maintenance windows of the devices Patch and Compliance agent setting, make sure that you uncheck the "Ignore Maintenance Agent Settings" on your existing and new scheduled tasks.
Problem:
In some high secure environments, users can encounter an issue with PowerShell scripts distribution via Ivanti Endpoint Manager. This issue occurs mainly for Windows 10 build 1709. Error message in log file (sdclient_task{taskID}.log - C:\Program Files (x86)\LANDesk\LDClient\Data \ C:\Program Files\LANDesk\LDClient\Data):
Thu, 15 Mar 2018 11:39:58 PowerShell file Client Thread
Thu, 15 Mar 2018 11:39:58 Powershell install value is: [0]
Thu, 15 Mar 2018 11:39:58 Powershell version is: []
Thu, 15 Mar 2018 11:39:58 PowerShell is not installed in the client system
Cause:
The SDCLIENT process to detect PowerShell installation relies on two entries in the registry. According to information from Microsoft - PowerShell v2.0 (https://support.microsoft.com/en-us/help/4034825/features-that-are-removed-or-deprecated-in-windows-10-fall-creators-up) is deprecated for Windows 10 Fall Creator Updates. Due to security reasons following registry entries might be removed what causes mentioned issue.
OS x64:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\PowerShell\1 value Install
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\PowerShell\1\PowerShellEngine
OS x86:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1 value Install
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine
Working device:
Image may be NSFW.
Clik here to view.
Not-working device:
Image may be NSFW.
Clik here to view.
Solution/Workaround:
*** Update as of 8/13/18 *** The defect ID 345648 has been resolved and will be released in 2017.3 SU6 and 2018.1 SU2.
Until the SU's are released, the only immediate solution is restoring mentioned registry entries.
If you have any additional questions, please contact Ivanti Support.
Can we prepare script to disable Internet explorer for all Windows 2008 R2, Windows 2012 R2, and Windows 2016 R2 servers. and push from landesk
Ivanti Endpoint Manager 2017.3 = EPM 2017.3
I have setup a preferred server with a share same name as share on the source
All the credential tests worked during setup of Preferred Server, Sources,
When I select "Start content replication now" i get "Content Replication" "Requesting" then it changes to "Content Replication" "Failed" "No response from agent on target device"
Hardware and Software Scans work
Remote control works
Scheduled tasks to send update to device works.
I wanted to put this in "Online Support Discussion Group" but I don't have access.
Hello,
We have configured a distribution package to deploy office applications on some Apple IOS Iphone.
Now when launching the task, we would like these applications to be grouped together in a single folder on the Iphone screen.
The task must therefore install applications on the mobile and create a folder and add icons in the new folder.
Is it possible?
See attached file for screenshot (Landesk-Folder-icon.docx)
Thank you in advance for your answer.
best regards,
Philippe Rousselin
We have random issues where the replicator stops reporting after so long. Than it works other times.
We have tried to reinstall agent on client no correct.
2018 10:11:33 Last status: Retrying in 1 seconds...
Thu, 01 Feb 2018 10:11:54 Action SOAPAction: "http://tempuri.org/ResolveDeviceID" failed, socket error: 0, SOAPCLIENT_ERROR: 5. Status code: 503, fault string:
Thu, 01 Feb 2018 10:11:54 Disabling vulscan's & lddwnld.dll's use of proxyhost
Thu, 01 Feb 2018 10:11:54 ERROR: function DisableProxyHost is no longer supported
Thu, 01 Feb 2018 10:11:54 Retrying in 12 seconds...
Thu, 01 Feb 2018 10:11:57 Last status: Retrying in 9 seconds...
Thu, 01 Feb 2018 10:11:58 Last status: Retrying in 8 seconds...
Thu, 01 Feb 2018 10:11:59 Last status: Retrying in 7 seconds...
Thu, 01 Feb 2018 10:12:00 Last status: Retrying in 6 seconds...
Thu, 01 Feb 2018 10:12:01 Last status: Retrying in 5 seconds...
Thu, 01 Feb 2018 10:12:02 Last status: Retrying in 4 seconds...
Thu, 01 Feb 2018 10:12:03 Last status: Retrying in 3 seconds...
Thu, 01 Feb 2018 10:12:04 Last status: Retrying in 2 seconds...
Thu, 01 Feb 2018 10:12:05 Last status: Retrying in 1 seconds...
Thu, 01 Feb 2018 10:14:03 Action SOAPAction: "http://tempuri.org/ResolveDeviceID" failed, socket error: 10054, SOAPCLIENT_ERROR: 5. Status code: -1, fault string:
Thu, 01 Feb 2018 10:14:03 Disabling vulscan's & lddwnld.dll's use of proxyhost
Thu, 01 Feb 2018 10:14:03 ERROR: function DisableProxyHost is no longer supported
Thu, 01 Feb 2018 10:14:03 Handling case of core server not found.
Thu, 01 Feb 2018 10:14:03 Last status: Failed: Core returned error
Thu, 01 Feb 2018 10:14:03 GetComputerIdn {B717B54C-E7DF-2B41-AAF9-5DA53C6454DA} = -1
Thu, 01 Feb 2018 10:14:03 Error: Unable to resolve computer idn
Purpose
Windows package actions
Use Windows package actions to perform custom operations during package installation. Actions you create in the action interface then get combined into a package that runs a single PowerShell script on targeted devices. Available actions include the following:
Example
In this example we are going to use a situation where you are deploying a Software Package that has many files and is very large. If you zip the Software Package files, this will make the package size smaller, but also process quicker as each individual file will not have to go through the file hashing process, just the single zipped file will be hashed.
Image may be NSFW.
Clik here to view.
| You can add as many PowerShell Actions as you need for your Distribution Package. You can reorder the Actions by moving them up and down. |
|---|
| Image may be NSFW. Clik here to view.  |
| If your are having issues with your Distribution Package, always double check to make sure your File Paths are exactly correct. |
| Image may be NSFW. Clik here to view.  |
| Files added as "Additional Files" are by default copied to the SDMCache directory of the Client. The SDMCache default location can be changed in your Agent Settings. Reference - https://community.ivanti.com/docs/DOC-32702 |
| Image may be NSFW. Clik here to view.  |
During Inventory scan or Software Distribution task LDAPWhoami.exe triggers smartcard reader dialog box (on the devices with smartcard reader installed).
Example 1:
Image may be NSFW.
Clik here to view.
Example 2:
Image may be NSFW.
Clik here to view.
Changes implemented in the product in version EPM 2017.3 within ldapinfo.dll code (used by ldapwhoami.exe). Ldapinfo.dll is part of the agent package so the issue is client-oriented.
Replace ldapinfo.dll with the file from a previous version of EPM (attached to this document) on affected devices. If you encounter this issue in your environment, please raise a case with Ivanti.
The engineering team is currently working on fixing this issue (DSI 232949). If you have any additional questions, please contact Ivanti Support.
To deploy software to PCs within my environment I have always used the LANDESK Management Console GUI to schedule a task for any software listed under "Distribution Packages" such as below image. This requires logging into the server, scheduling a distribution package and then choosing the PC.
Image may be NSFW.
Clik here to view.
I am looking for a way to schedule a task from command line, powershell, vbs, etc from a workstation that will reach out to the server and create a scheduled task to start the install for audit
My end goal is so that IT employee who is imaging a PC can choose which software to install post deployment via checkboxes in a homemade gui. This will allow the deployment to be more agile than just having the apps listed in my Operating System Provisioning Template or needing to login to the server GUI to schedule. I would like to be able to walk through the following steps:
All in all I am trying to replicate something very similar to Microsoft Deployment Toolkit which allows you to specify which apps you want to install during a deployment
Hello everybody.
I manage Ivanti End Point Manager 2017.3 for a customer.
I have a task for uninstalling three software from the customer's workstations. This task just invokes a batch file which performs three steps.
1) uninstall the first software, then send a message to the Core Server console with sdclient.exe;
2) uninstall the second one, then send a message to the Core Server console;
3) uninstall the third one, then send a message to the Core Server console.
I can say that the task is working, but it has a little strange behaviour.
In the Scheduled Task console, I see that the task goes quickly in the Successful tab, showing Status Done and Stage Completed.
Actually, the batch is still working; if I refresh (F5) the Scheduled Task console, I can see the messages coming from the batch (uninstalled the first software, then later uninstalled the second one, then later uninstalled the third one).
I would expect that the task should stay in the Active tab (until the batch completes its execution), instead of going immediately in the Successful tab.
Anybody has the same issue (and possibly a solution)?
Thanks.
Fabrizio G.
Targeting machines through Active Directory is a very useful and convenient way to manage software deployments.
Ivanti EPM Software Distribution allows you to target an LDAP container or LDAP group.
This document outlines the steps that you need to complete to get this working.
1. Enable LDAP enumeration on the agents
The LDAP Enumeration registry setting instructs the agent to gather the current LDAP location and report this in the inventory of the machine.
The registry key which controls LDAP group enumeration behavior for Software Distribution is:
HKLM\Software\LANDesk\ManagementSuite\WinClient
DWORD: DisableLdapGroupEnumeration
0(default) - feature is disabled
1 - feature is enabled
Image may be NSFW.
Clik here to view.
To make this configuration a permanent part of the default Agent configuration, do the following.
Browse to the LDLOGON share on the core server. Open the ntstacfg.in# file with notepad.exe. Search for ldap, which should take you to this section:
; LDAP groups can be enumerated on the client, this provides more information in the inventory ; database and faster targeting of LDAP groups. This also generates network traffic between the ; client and the LDAP server, the following registry value can be used to disable this option REG54=HKEY_LOCAL_MACHINE, SOFTWARE\LANDesk\ManagementSuite\WinClient\DisableLdapGroupEnumeration, 0, , REG_DWORD
The default value is 0 which is Disabled. Change this to 1, and save the file.
On the Ivanti EPM Core server, go to Configure | Services | Inventory and restart the Inventory Service. This will run stamper.exe, which builds the ntstacfg.ini file from the ntstacfg.in# file.
Next, in the Ivanti EPM Console, go to Tools | Configuration | Agent Configuration and click the "Rebuild All" button. This will rebuild the Agent_Name.ini file from the ntstacfg.in# file.
After doing this all of the Ivanti EPM Windows Agents will have LDAP enumeration enabled when the agent is installed.
2. Configure the Directory Manager plugin
In the Ivanti EPM Console, go to Tools | Distribution | Directory Manager. Click the Key icon, and then the Add button. Enter the credentials of a domain administrator or a user that can browse the domain.
Image may be NSFW.
Clik here to view.
After successfully authenticating to the Active Directory domain, the domain structure should be browsable.
Image may be NSFW.
Clik here to view.
3.Create the scheduled task that will target the LDAP objects. For this example, the scheduled task is a Required Policy.
Image may be NSFW.
Clik here to view.
Save the policy after adding the software package and the delivery method.
Note: At this point, the policy has no targeted devices.
4.To target the LDAP group or Active Directory OU, from Directory Manager drag the group or OU down onto the scheduled task.
Browse to the desired OU in Directory Manager and highlight it.
Image may be NSFW.
Clik here to view.
Drag and drop the OU to the Scheduled Task that was created.
Image may be NSFW.
Clik here to view.
The following window will come up, prompting for the kind of LDAP objects to find. Depending on the type of query and what is going to be targeted (users or machines), this will change. For this example, both types are selected.
Image may be NSFW.
Clik here to view.
Another window will come up to save the query. The query must be saved.
Image may be NSFW.
Clik here to view.
After saving the query, the LDAP OU will be targeted in the scheduled task. To see the LDAP target, see the scheduled task under Target Devices.
Environment:
LDMS9.0 SP3 or later
Sympton:
Your schedule task will be stay active status and never finish.
Error message and Logs needs to check:
1. In C:\ProgramData\LANDesk\Log\LANDesk.Scheduler.GlobalScheduler.Skeleton.log
You may see the following exception:
Line 10767: 08/20/2013 15:17:12 INFO 14776:1 RollingLog : <MachineName> : Exception in GlobalSchedulerSkeleton: '', hexadecimal value 0x02, is an invalid character. Line 5, position 22.
Line 10768: 08/20/2013 15:17:12 INFO 14776:1 RollingLog : <MachineName> : at System.Xml.XmlTextReaderImpl.Throw(Exception e)
2. In the global scheduler log you may see the following:
<MachineName> has completed task with status 8 (An exception occured processing the delegated task.)
3. There is a .pmf file that is created for the scheduled task. It can be found in managementsute\landesk\file named corename-task-#.pmf. Where corename is the corename, and # is the task ID. Review that file to see if there are invalid characters looks like this:
<targets>
<target deviceId="xxxx" computerIdn="xxxx" />
</targets>
Reason:
The schedule task stacked at active status because of the exception, the task will not continue. The exception was because there was some invalid charicters contains in the "device ID"
Solution:
1. Delete the machine from All device list.
2. Then follow the steps in this document to clear the device ID on the machine.
Hiya
I am wanting to installing Microsoft Teams as part of my OS deployment task sequence.
There are install files as an EXE or an MSI
The EXE installs only to the local user app data folder.
The MSI will install it for each user when they log in for the first time so it is this i want to use.
It installs successfully during the build but when I then log in as a user it doesn't appear to run and install.
Has anyone successfully installed it so it appears for users when they log into their device?
Cheers
Phil
No error is shown, but a package is not shown in the Ivanti End User Workspace (portal manager) when you click the 'refresh' button.
Image may be NSFW.
Clik here to view.
You can go through the following steps regarding how the package is updated in portal manager and confirm which step has failed.
You need to confirm the client agent patch level. It should be the same as the core server.
Image may be NSFW.
Clik here to view.
.\Program Files (x86)\LANDesk\ManagementSuite\landesk\files
If there is a 'time out' error, you can go to this help document for help: Error: "Timeout" error when clicking 'refresh' on portal manager
