This document outlines how to enable xTrace logging for the Ivanti EPM Core and Clients.

xTrace stands for "Extended Trace Logging".

Enabling xTrace on the device will make the original log files more verbose and will allow for better troubleshooting.

Steps

• Open registry editor (regedit.exe)
• Navigate to the logXTrace key
  • 32Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\landesk\managementsuite\LogOptions\logXTrace]
  • 64Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\landesk\managementsuite\LogOptions\logXTrace]
• Right click logXTrace and choose Modify.
• Set logXTrace to have a value of 1 and click Ok.

Image may be NSFW.
Clik here to view.

Image may be NSFW.
Clik here to view.

Related Documents

Additional Logging Options

I have about 3000 preferred servers to configure and was wondering if anyone has written a PowerShell script to create the share paths\rights needed and IIS  settings. I am in short looking for any shortcut I can leverage to configure these boxes as preferred servers. If any of you folks with large environments have some ideas or a sample ps script I can modify and use I would be so thankful.  

Mon, 17 Dec 2018 17:19:19 ******* sdclient starting to process task *******

Mon, 17 Dec 2018 17:19:19 Task id to process: 1011

Mon, 17 Dec 2018 17:19:19 Command line: /policyfile="C:\ProgramData\LANDesk\Policies\CP.1011.RunNow._vH3En0icD8Z0ynIHHJyhS8zFKtI=.xml"

Mon, 17 Dec 2018 17:19:33 The nostatus flag has NOT been set.

Mon, 17 Dec 2018 17:19:33 Core name 'FDS.localdomain' obtained from the registry

Mon, 17 Dec 2018 17:19:33 Sending task status, cmd line -coreandip=FDS.localdomain -taskid=1011 -retcode=229392442 "-ldap=CN=Administrator,CN=Users,DC=FDS,DC=com" -pkgid=3010

Mon, 17 Dec 2018 17:19:43 IsFileInCache: Cache2.GetFilePrevCountEx failed - path=\\fds\temp\npp.7.5.5.installer.x64.msi

Mon, 17 Dec 2018 17:19:43 File (\\fds\temp\npp.7.5.5.installer.x64.msi) is not in cache

Mon, 17 Dec 2018 17:19:43 The nostatus flag has NOT been set.

Mon, 17 Dec 2018 17:19:43 Core name 'FDS.localdomain' obtained from the registry

Mon, 17 Dec 2018 17:19:43 Sending task status, cmd line -coreandip=FDS.localdomain -taskid=1011 -retcode=229392444 "-ldap=CN=Administrator,CN=Users,DC=FDS,DC=com" -pkgid=3010

Mon, 17 Dec 2018 17:19:46 About to call DownloadFiles (2 files) with these settings:

Mon, 17 Dec 2018 17:19:46 m_allowedBandwidthWAN: 50

Mon, 17 Dec 2018 17:19:46 m_allowedBandwidthLAN: 75

Mon, 17 Dec 2018 17:19:46 m_discardPeriodSeconds: 604800

Mon, 17 Dec 2018 17:19:46 m_preserveDirectoryStructure: 1

Mon, 17 Dec 2018 17:19:46 m_bUseWanBWForPush: 0

Mon, 17 Dec 2018 17:19:46 m_bSynchronize: 0

Mon, 17 Dec 2018 17:19:46 Allowed download methods(m_downloadControl):

Mon, 17 Dec 2018 17:19:46 PeerOneSource

Mon, 17 Dec 2018 17:19:46 Peer

Mon, 17 Dec 2018 17:19:46 Source

Mon, 17 Dec 2018 17:19:46 m_preferredServerControl: AttemptPreferredServer

Mon, 17 Dec 2018 17:20:01 GetPreferredServerList(called on \\fds\temp\npp.7.5.5.installer.x64.msi) returned:

Mon, 17 Dec 2018 17:20:01 Putting preferred servers in the following order by time:

Mon, 17 Dec 2018 17:20:15 DoDownloadFromSourceSteps: DOWNLOAD_ERROR_GENERAL_FAILURE

Mon, 17 Dec 2018 17:20:15 Download Error: err=1, path=\\fds\temp\npp.7.5.5.installer.x64.msi

Mon, 17 Dec 2018 17:20:16 processing of package is complete, result -1918107543 (0x8dac0069 - code 105)

To deploy software to PCs within my environment I have always used the LANDESK Management Console GUI to schedule a task for any software listed under "Distribution Packages" such as below image. This requires logging into the server, scheduling a distribution package and then choosing the PC.

Image may be NSFW.
Clik here to view.

I am looking for a way to schedule a task from command line, powershell, vbs, etc from a workstation that will reach out to the server and create a scheduled task to start the install for audit

My end goal is so that IT employee who is imaging a PC can choose which software to install post deployment via checkboxes in a homemade gui. This will allow the deployment to be more agile than just having the apps listed in my Operating System Provisioning Template or needing to login to the server GUI to schedule. I would like to be able to walk through the following steps:

1. Create a Bare Metal Object in LANDESK Management GUI on the server
2. Schedule Operating System Provisioning through the GUI on the server
3. Launch PC via PXE and Deploy OS from Template scheduled in Step 2
4. PC being Provisioned will prompt user to select software to install via a home made script*/gui (all client side PC)
   1. * This script will then send the needed commands back to the LANDESK server (or web gateway?) to schedule the tasks to start individual distribution packages. The LANDESK Management GUI will show the tasks just as if they were scheduled from the LANDESK Management Console itself.

All in all I am trying to replicate something very similar to Microsoft Deployment Toolkit which allows you to specify which apps you want to install during a deployment

Image may be NSFW.
Clik here to view.

I'm trying to execute a distribution package for any user that logs on to a machine.  The distribution package sets power settings for the user - screensaver timeout, forced screensaver etc.  The package works for the first user who logs in but if another user signs in to the same machine the package doesn't run because it has already been executed for this machine.

Is there a way to force this package to always install or a different way I'm not thinking of?  The distribution package a .bat file that creates registry keys for the HKCU

Thanks.

Hello everybody.

I manage Ivanti End Point Manager 2017.3 for a customer.

I have a task for uninstalling three software from the customer's workstations. This task just invokes a batch file which performs three steps.

1) uninstall the first software, then send a message to the Core Server console with sdclient.exe;

2) uninstall the second one, then send a message to the Core Server console;

3) uninstall the third one, then send a message to the Core Server console.

I can say that the task is working, but it has a little strange behaviour.

In the Scheduled Task console, I see that the task goes quickly in the Successful tab, showing Status Done and Stage Completed.

Actually, the batch is still working; if I refresh (F5) the Scheduled Task console, I can see the messages coming from the batch (uninstalled the first software, then later uninstalled the second one, then later uninstalled the third one).

I would expect that the task should stay in the Active tab (until the batch completes its execution), instead of going immediately in the Successful tab.

Anybody has the same issue (and possibly a solution)?

Thanks.

Fabrizio G.

Adobe just recently released an update to Adobe Acrobat Reader 9.1.  The update was released as an MSP file instead of an MSI file.  How can I deploy this via LANDesk as it works with MSI's instead of MSP's?

Description

Sometimes when pushing a repair task to install patches or a feature build of Windows 10, certain processes need to be enabled or disabled or other actions taken in order for the repair to complete successfully. This document discusses one of the ways that you can accomplish this by bundling a repair task with a script or other tool that will run before the repair task.

Overview

1. Select the definitions or other packages in Tools > Security and Compliance that you would like to install on your client machine, right click, and select to repair. If you are repairing a Feature Update for Windows 10, please make sure to check out this guide How To Upgrade Windows 10 Versions Using Ivanti Patch Manager .

    2. Save your repair task unscheduled with your desired configuration. You will be able to access this task in the Scheduled tasks section.

Image may be NSFW.
Clik here to view.

   3. Go to Tools > Distribution > Distribution Packages.

   4. In the Distribution Packages window, right click on either My packages, Content Packages, Public Packages, or All Packages and select a New Windows package.

   5. Select the type of tool that you would like to use before your repair task. For the purposes of this example, we will be using a batch file that disables services on the system.

Image may be NSFW.
Clik here to view.

   6. Name your batch file in the properties then search for your batch file under the Package Information section. After that, you can further configure your package or hit Save. This will create a new batch file distribution package.

   7. In the Distribution Packages area, follow the same steps as step 4, except this time select a new Package Bundle. Once you have created a New Package Bundle, double click it to open the properties.

   8. Name your new distribution package then click on Bundle Package Settings.

Image may be NSFW.
Clik here to view.

   9. Expand My packages or Public Packages (Depending on where you saved your batch file in step 6) and find your batch file or other tool that you created. After finding the package, hit the >> button to add it to your bundle.

   10. Expand My packages or Public Packages and find the repair task you created in step 2. Hit the >> button to add it to your bundle.

Image may be NSFW.
Clik here to view.

   11. After you have added both your tool and the repair task, save your bundle. Note that the order that the steps in the bundle are executed will be the order that they are listed in the Bundle package settings.

   12. Select your bundle and click the calendar button with the Green plus sign to schedule it.

Image may be NSFW.
Clik here to view.

    13. Configure and add machines to your bundle task like you normally would do to a normal repair task then schedule and run the task.

Image may be NSFW.
Clik here to view.

Problem

This article is for you if you are facing one very simple issue with your software distribution tasks. If there is a task that needs to recalculate the hashes it can take too long - between 10 and 20 minutes for just 2 files inside. Once the hashes are recalculated your task starts correctly. If then you start again the same task for the 2nd time there is no more hash recalculation which is perfectly working as designed. The only problem is the time it takes.

Cause

What is happening is that when SchedPkgUpdate.exe is hashing the files for the task it is going out to preferred servers to get the files. That is why it is taking so long.

Solution

Solution author: Bryce Stringham

The only decent solution so far has been to configure the preferred server records so that they exclude the core server. Then please create a preferred server record that points to the source file server (Whether that is the core or not) and allows the core to only talk to that one preferred server.  Alternatively, if you installed an agent on the core, you can change the Distribution and Patch setting assigned to the core. In that case, please change the download options to only allow download from the source.

1. Please configure the records of all the preferred server except one in a way so that it excludes the Core server in its IP range by following the 2nd image of the following article How to configure the Preferred Server (Target) for Content Replication
2. On your one main chosen preferred server please create a preferred server record that points directly to the source server for the files (whether Core or not) by following the 4th image of the following article How to configure the Preferred Server (Target) for Content Replication
3. Please allow your Core to talk to only this one chosen preferred server by following the 2nd image of the following article: How to configure the Source for Ivanti EPM Content Replication
4. After making the changes to the preferred server and Core server you should reboot them to be certain that any old information had been cleared from memory.

Alternatively, please allow only the "Allow source" option in the Distribution and Patch settings of your agent on the Core by following:

• Agent settings: Distribution and patch

Other useful Software Distribution troubleshooting articles

• How to troubleshoot Software Distribution Tasks - Core Side
• Scheduled tasks are staying in "Active" status and not progressing
• Issue: Tasks are stuck in active with the result "Client has initiated asynchronous policy execution"
• How to troubleshoot tasks hung with a status of "Client has initiated asynchronous policy execution"

Problem:

During Inventory scan or Software Distribution task LDAPWhoami.exe triggers smartcard reader dialog box (on the devices with smartcard reader installed).

Example 1:

Image may be NSFW.
Clik here to view.

Example 2:

Image may be NSFW.
Clik here to view.

Cause:

Changes implemented in the product in version EPM 2017.3 within ldapinfo.dll code (used by ldapwhoami.exe). Ldapinfo.dll is part of the agent package so the issue is client-oriented.

Solution/Workaround:

Replace ldapinfo.dll with the file from a previous version of EPM (attached to this document) on affected devices. If you encounter this issue in your environment, please raise a case with Ivanti.

Issue

• Removing the Source Representative from the sources fixes it but it is much slower.
• The preferred server is the Replicator and is also the Source Representative.
  The following is in the SERVICEHOST.LOG file on the Replicator:

Anonymous user impersonation, failed to get the Logon CBA Anonymous user (Error: 1385)
Error, unable to impersonate the anonymous user

The following is in the replicator log file:

Failed http://USNUSMLKP07.na.imtn.com:9595/vulscan.exe?manifest%3d%22%5c%5cUSNUSMLKP01.na.imtn.com%5cLANDESK_Drivers%5c%22&username=DOMAIN%5cLANDESK&password=ASKD8#^&4J0994kdKDN234== on server (0), server status: -1.

Resolution

Add the OS user “Users” to the Local Policy setting “Allow Log On Locally”.

Issue

• The Replicator is also the Preferred Server.
• The SDMCACHE folder is on the same drive as the shares.
• Issue does not occur for Preferred Servers where the SDMCACHE folder and shares are on different drives.

Solution

Give the Write credentials account used in the preferred server configuration, modify rights to the SDMCACHE folder on the Replicator.

Hi, we are having some issues where not all the drivers are being installed during the hii provisioning process - whilst we investigate further,  we have a script that will tidy up any missing hardware drivers.   Issue we have is that the script will not work as part of a distrubuted package or as a provisioning task.  Do any powershell or provisioning ninjas out there have a clean method to get the script running as required when part of an Ivanti automated task ? or have a working method to install missing drivers ?

Thanks in advance.

client os

all devices are win10 x64

script

Get-childitem  -recurse -include *.inf | foreach-object{C:\Windows\System32\PNPUtil.exe /add-driver $_.fullname /install}

logs

attached.

I've got the following scenario: i put a patch into autofix, it goes out to a machine, user gets a popup to reboot now or delay for 8 hours. they click delay for 8 hours and call me and say they're 18 hours through a 30 hour process and rebooting will force them to start back at hour 0. I'm wondering if it's possible to cancel the 8 hour reboot timer?

does landesk have its own timer and then sends a command to reboot once the timer expires? or does LANDesk send a windows shutdown command like "shutdown -r -t 28800" and "shutdown -a" will end that? or does a task get kicked off to do the reboot and i cant kill the task in process manager?

Hello all,

    I have been trying to use InstallEase to create MSI packages for deployment.  I have been unable to create an installer that successfully performs the process. 

I have had a variety of errors in my testing.  One consistent one referenced some registry keys that had no value, and the MSI could not be created.  This persisted no matter how much I removed from the snapshot.  I did an easy one, where I copied files to the Program Files (x86) directory and then created links to those files and placed them on the desktop.  I was able to complete the process and an MSI file was generated.  After reverting the changes I made so I could test the installer, I attempted to use this MSI.  The "Gathering required Information" part takes longer that I have seen on other MSI installers.  I am not sure if that is related.  I get an error that it could not write a value to a key in the registry.  That I should check if I have sufficient privileges.

For reference, the details of this test environment are.  The OS is Windows 10 (latest build and updates) running as a VM (hyper-V).  Using a local user account that has admin privileges.  The Host OS is also a Windows 10 (latest build and updates) running on a Workstation laptop (Xeon processor, ECC RAM, etc).

Any thoughts are appreciated.

Sincerely,

  Pat

I see 3 different reboot settings to configure. Just wanted some clarity on all 3.

1. Under standard ivanti agent there are "Agent install reboot settings" - This makes sense, just asking when can the client reboot after installing the agent

2. Under Standard Ivanti Agent there is also "Reboot settings" for distribution and patch reboot settings - Is this referring to when patches (windows updates) can be installed and when the client can reboot? (maintenance window?)

3. Under distribution and patch--->distribution and patch settings--->maintenance window. How is this different from reboot setting 2?