I have used the data analytics tool to model custom data that we gather for business purposes.
What I want to know is if I perform the upgrade will that modeled data that has been collected stay in my database as I upgrade to the most recent release?
So can someone chime in and confirm if this is the command for Refreshing Scopes using the MBSDK
ResolveScopeRights
I use the MBSDK alot and have discovered that delays in getting machines into tasks are due to the refresh scope. If i manually refresh the scope the code can continue so i want to force a refresh scope from the script.
I use powershell and hoping its as simple as
$LDWebService.ResolveScopeRights()
Assuming $LDWebservice is authenticated to the core with full admin....
Applies to LDMS 8.8
This document is intended for intermediate LANDesk Management Suite users who are also adept at managing SQL Databases or have a DBA.
Warning: This document contains SQL statements that will remove data from the database. Backup the database before executing any delete statements. The contributor(s) to this article and LANDesk make no warranty on the contents or statements and are not responsible for any data loss.
Software Scanning Mode:Ensure the scanning mode is “Listed” or for specific files instead of all files. This setting is contained in the ldappl3.template in ldlogon on the core. Click “Make available to All” button in Software License Monitoring to propagate changes to the clients via normal inventory process.
Scanning with “mode=all “not only increase the database size and scan size, it can also reduce performance as it inserts all of this data to the fileinfo tables. Combining this mode with additional file types beyond .exe can dramatically increase database size and scan size which also translates into a performance hit when inserting scans. Essentially using this mode needs to be carefully planned and executed and is usually done against a specific group of machines for a short period of time as needed.
See DOC-5553 to review more information on gathering software.
Apply patch 20525 (requires coredbutil) or apply 8.8 SP3 which has the patch rolled into it.
This prevents too many connections from being opened to the database, it affects performance and not table size. There are many other fixes and adjustments to the AMT functionality as a whole. LDMS users with AMT devices should utilize this if they are on 8.8 SP2.
Scanning for all vulnerabilities without removing old or unnecessary vulnerabilities from the scan section affects storage and performance. Usage is affected by the number of nodes, how many vulnerabilities are being scanned for and what frequency the scanning takes place.
The environment must be taken into account when tuning this. If over utilized then the vulnerability piece can take up far more connections to the database via IIS than other components.
LANDesk has created the following patch to help reduce the size of the computervulnerability table. (contact support for the patch)
The patch is: PAT-2333388.2 and requires the following SQL query be run with it. The same statements can be run against 8.8 SP3.
INSERT INTO PATCHSETTINGS (Name,Value) VALUES ('DiscardUndetectedBlockedApps',1)
INSERT INTO PATCHSETTINGS (Name,Value) VALUES('DiscardUndetectedSpyware',1)
Ensure if it is in use that the time it checks in is spaced out. Otherwise this generates a lot of traffic and updates to the database. Size is less of an issue here.
Setting the interval to a longer period of time is recommended for larger environments. Default is 30 once checked but that is only ideal in smaller environments, otherwise IIS traffic to the core and DB can be affected.
Individual or multiple device patch history can be purged to reduce the amount of storage consumed. This is explained in detail with screenshots in DOC-5676
The DBA can add the following SQL to the LANDesk Database maintenance plan to remove records that are X days old. In the example below, 90 days is used. Modify that value to the desired range. Ensure there is a backup of the database before running any delete statements.
DELETE from PatchHistory WHERE dateDiff("d",Actiondate,getdate()) > 90
When using Inventory Change History as shown below, change data is stored in the History table.
The Inventory Change Settings tool is found by choosing Configure – Inventory History
If this functionality is utilized for frequently changing attributes, the History table can increase in size over time.
The following SQL can either be run manually or added to the LANDesk Database maintenance plan. In the example below, removal of records older than 90 days is used. Modify that value to the desired range. Ensure there is a backup of the database before running any delete statements.
DELETE from History WHERE dateDiff("d",ChangeDate,getdate()) > 90
See DOC-5071 to prevent management updates every time CBA starts on machines. These updates can over time increase table size in the database based on number of nodes and updates. If the alerting component is utilized then leaving these alerts on is recommended because a health update is sent with the startup alert. This document also goes into preventing two miniscans from being sent at startup.
DOC-5036 can be referenced for detailed information on purging the Alertlog and history.
If reports on remote control are not utilized, then the option to add additional logging to this table can be disabled by going to “Configure – Remote Control Logging” on the core server. Uncheck the enable remote control history box. Also from this tool, history can be deleted by specifying a date to clear any RC history before the specified date.
<!--[if !vml]--><!--[endif]-->
Note, this data also can be purged via SQL script. This particular data is often not purged due to policy compliance or a requirement to keep remote control data. Also, removing data will affect data captured in the Return On Investment reporting.
The following SQL can either be run manually or added to the LANDesk Database maintenance plan. In the example below, removal of records older than 90 days is used. Modify that value to the desired range. Ensure there is a backup of the database before running any delete statements.
DELETE from RCLog WHERE dateDiff("d",EventTime,getdate()) > 90
SQL Express users should refer to DOC-6103 to add maintenance tasks.
A third party utility called LDMS_CORE automates multiple maintenance tasks. Below are just a few of the tasks it performs in relation to the above topics. See the readme for details from its author on how it works. Because it isn't an official LANDesk utility for any assistance on using LDMS_CORE go to http://www.droppedpackets.org/
Patch History:
LDMS_CORE can automatically remove patch history records for machines which no longer have a record in the database.
Computer Vulnerability:
LDMS_COREcan automatically remove superseded vulnerabilities from the scan folder. It also removes orphaned rows in the computervulnerability table. Both work differently and can be used in conjunction if proffered.
Orphaned Products:
A second factor that affects Software License monitoring is the number of packages that are not associated to computers. LDMS_CORE can automatically query the database to check for orphaned packages and remove them freeing up tablespace. There is additional logic to not remove any packages that have licenses associated or are in compliance groups, thus no important data is lost in the process.
Hi,
I'm trying to run a batch file that will remove Office 2013 from our machines. However, I have encountered an issue where the batch file doesn't get applied on the client PC (it gets stuck at the Core initiated stage).
Here is what I have done so far:
1) Created a batch file that will use an XML file to silently uninstall Office:
@ECHO OFF
IF EXIST "%CommonProgramFiles%\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" (
"%CommonProgramFiles%\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config "C:\Silent Uninstall Config\SilentUninstallConfig.xml"
)
2) On the scheduled task properties, I have set the task to run as LocalSystem and added the SilentUninstallConfig.xml file and the entire Office folder as additional files. The folders that contain all of the relevant files have read permissions for the 'Everybody' group
3) I check Event Viewer on the targeted machine but no entries appear. I have also checked the LD logs and this is what appears:
PolicyTaskHandler.exe.log
10/17/2017 12:27:05 INFO 12992:1 RollingLog : Calculating hash for \\server\c$\SilentUninstallConfig.xml
10/17/2017 12:27:05 INFO 12992:1 RollingLog : Hasherize: failed to calculate hash for file '\\server\c$\SilentUninstallConfig.xml'
10/17/2017 12:27:06 INFO 12992:1 MDMConsole.MDMTaskHandler : MDMTaskHandler.FilterNodesAndProcess(): Called with 1 computer IDs, Task ID 1183
10/17/2017 12:27:06 INFO 12992:1 MDMConsole.MDMTaskHandler : Queueing 0 devices to notify pipe.
10/17/2017 12:29:50 INFO 12992:1 RollingLog : [Task: Batch - Office2k13 Uninstall - 17/10/2017 12:24:33, TaskID: 1183, ProcID: 12992] : PolicyTaskHandler finished processing task, setting task status to [PULL_AVAILABLE]...
LANDesk.Scheduler.GlobalScheduler.exe.log
10/17/2017 12:29:27 INFO 25364:1 RollingLog : Hasherize: failed to calculate hash for file '\\server\c$\SilentUninstallConfig.xml'
10/17/2017 12:29:28 INFO 25364:1 RollingLog : 1183 : Updating allowed machines if needed.
10/17/2017 12:29:28 INFO 25364:1 RollingLog : AllowedMachines.UpdateAllowedMachines2: Updating allowed machines for task:[1183]
10/17/2017 12:29:28 INFO 25364:1 RollingLog : 1183 : Calling method to perform remote operations.
10/17/2017 12:29:28 INFO 25364:1 RollingLog : 1183 : Before hasherize of C:\Program Files\LANDesk\ManagementSuite\landesk\files\LDN-LDSK-001-task-1183.pmf
10/17/2017 12:29:28 INFO 25364:1 RollingLog : 1183 : After hasherize
10/17/2017 12:29:28 INFO 25364:6 RollingLog : 1183 : Troubleshooting guidelines
The global scheduler has delegated task 1183.
The task was delegated by (source): <server>
This task was delegated to (dest) : <server>
Using GlobalTask_Idn : 315
This delegation was done by creating an entry in the GlobalTask table on the destination core (the task id is provided above).
The Entry in the GlobalTask should have set to state column to 1 to indicate that it is a new task and should be processed.
The scheduler service should detect and process this delegated task, please check scheduler service log on the destination core to see if it successfully detected the GlobalTask entry.
10/17/2017 12:29:28 INFO 25364:6 RollingLog : 1183 : Waiting for task 1183 from <server> to complete on <server>. Checking every 10 seconds, inactivity timeout after 1200 seconds.
10/17/2017 12:29:48 INFO 25364:6 RollingLog : 1183 : <server> has completed task with status 5 (Delegated task complete.)
10/17/2017 12:29:48 INFO 25364:6 RollingLog : 1183 : Proxy work thread for core <server> is complete.
10/17/2017 12:29:48 INFO 25364:1 RollingLog : 1183 : Thread is complete, synchronizing status information.
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : 1183 : Remote operations complete, synchronizing status information.
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : 1183 : Task complete, returning status 12
schedpkgupdate.exe.log
10/17/2017 12:47:37 INFO 8328:1 RollingLog : Calculating hash for \\<server>\c$\SilentUninstallConfig.xml
10/17/2017 12:47:37 INFO 8328:1 RollingLog : Hasherize: failed to calculate hash for file '\\<server>\c$\SilentUninstallConfig.xml'
10/17/2017 12:47:37 INFO 8328:1 RollingLog : [Stop] Republishing complete.
10/17/2017 12:48:04 INFO 27716:1 RollingLog : [Start] Republishing policies...
10/17/2017 12:48:04 INFO 27716:1 RollingLog : Performing policy update...
10/17/2017 12:48:04 INFO 27716:1 RollingLog : Core has changed, resetting the core language cache
10/17/2017 12:48:04 INFO 27716:1 RollingLog : Getting core language for Key:CurrentLanguage Language:ENU
No entries on the SDClient log file exist.
If anybody has any idea on what is going wrong then the help would be appreciated!
Thanks in advance
When downloading Patches or Service packs from any LANDesk web site, it is recommended to add "*.landesk.com" and "*.Ivanti.com" to the Trusted Sites within Internet Explorer.
Note: Adding *.LANDesk.com and "*.Ivanti.com" to the trusted sites after downloading a patch or service pack will not resolve this issue. Either re-download the patch or service pack after performing these steps or follow the steps under "Fix" in this article to resolve this issue.
See the following article for further information. http://community.landesk.com/support/docs/DOC-1002
You can also use Group Policy to push this and still allow users to put their entries in by adding a registry key to the User Configuration | Preferences | Windows Settings | Registry:
Key Path: Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\landesk.com
Value Name: *
Value Type: REG_DWORD
Value Data: 2
In 9.6 and earlier client certificates were used to verify the core and for CSA machines to communicate securely to the core. Starting in 2016.0 and higher LANDESK Management Suite / Ivanti Endpoint Manager uses client certificates for two-way authentication as well as secure communication for sensitive data. This means in 2016 and higher if there is a client certificate issue the clients will fail different functions, like Software Distribution, Provisioning and Vulscans and appear they are not functioning at all.
The clients receive a key (.0) file from the core during install and then the machines runs brokerconfig.exe to create a certificate signing request (.csr). That is sent to the core, the core sends back a certificate signed by the cert that corresponds to the key (.0) file used the sign the request.
To verify what certs are being used in your environment you can review the Client Connectivity agent setting, here it shows the cert and the corresponding key (.0) file.
As you can see in this environment there are two key (.0) files and their corresponding certs.
In order for either of these certs to work they must be installed in the Trusted Root Certificate Authorities cert store for the local computer.
Note: You can also clean up your certs just to keep things organized and minimize possible future issues.
To verify if your current cert was hashed with SHA256 or SHA1 open the .crt or .cer, go to the Details tab and find the signature hash algorithm.
Once you have determined you need to or want to clean up your certs here are few different locations that will need to be cleaned up. You will need to identify the .0 files in your environment that need to be deleted.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; LANDesk(R) Management Suite Custom Script
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; MACHINES - This section is run once for each machine in the target set.
; Commands in this section will be processed in the order they are listed
; in the custom script. This section supports both local (LOCxxx) and remote
; (REMxxx) commands.
[MACHINES]
REMDEL0="C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\certs\cert1.0"
REMDEL1="C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\certs\cert2.0"
REMDEL2="C:\Program Files\LANDesk\Shared Files\cbaroot\certs\cert1.0"
REMDEL3="C:\Program Files\LANDesk\Shared Files\cbaroot\certs\cert2.0"
REMEXEC10=<qt/>%LDMS_CLIENT_DIR%\brokerconfig.exe<qt/> -r, STATUS
The script will delete "cert.0" where cert will be replaced with the .0 file name, example 5e207163.0. You may also want to add a cert.* (ex: 5e207163.*) in order to delete any certs that have been renamed to .1 .2 ect., it is not necessary to delete the cert files with .1 .2 or .3 appended as brokerconfig.exe will only use a .0 file to request the cert. There are two locations since x64 and x86 machines have different paths. The last line is requesting a new cert. This cert will be signed with the remaining key (.0) file so it's important to ensure you are deleting all the unwanted certs.
C:\Mount
C:\Mount\BootWIM
DISM /Mount-Wim /WimFile:C:\Mount\boot.wim /Index:1 /MountDir:C:\Mount\BootWIM
DISM /Unmount-Wim /MountDir:C:\Mount\BootWIM /Commit
It is recommended that you remove the unwanted cert files from the core first, both from the Shared Files\keys directory as well as the ldlogon directory, then proceed to the clients and boot wim files.
Environment
LANDESK Management Suite 9.0
LANDESK Management Suite 9.5
LANDESK Management Suite 9.6
Problem/Issue/Symptoms
The on line activation process of a LANDESK Management Suite Core server fails.
Causes
The most common causes for this issue are:
Solutions
1) Lack of http connectivity towards license.landesk.com
1.1) Check if your core server is able to communicate with license landesk com, executing a ping license.landesk.com in a command prompt, a public IP address should reply, for instance 204.246.129.106.
1.2 Verify that you can open in a browser the following URL:http://license.landesk.com/authorizationservice/licensing.asmx
1.3) Verify that the proxy options used in your web browser are the same used in your Core Server Activation, if the browser is able to reach the URL just checked.
1.4) Verify that the software and hardware firewalls between your core and the internet allow your core to reach license.landesk.com on the tcp port 80 (http).
1.5) Verify that your %windir%\system32\drivers\etc\hosts file doesn't contain any line referring to license.landesk.com
2) Missing certificates on the core
2.1) In the folder %programfiles(x86)%\LANDesk\Shared Files\keys\. You should find one file for each of the following extensions: .0, .cer, .crt and .key. If you are running a 32 bit server remove the (x86) part in the path. On a 9.6 Core user the %programfiles% folder instead.
2.2) Verify that the registry key CertName in HKLM\Software\Wow6432Node\LANDesk\ManagementSuite\Setup is pointing to the right certificate name. On a 9.6 core remove the Wow6432Node part from the registry path.
2.3) Verify to have a .0 file with the same name as the one just checked in the folder %programfiles(x86)%\LANDesk\Shared Files\cbaroot\certs\. If you are running a 32 bit server remove the (x86) part in the path. On a 9.6 Core user the %programfiles% folder instead.
2.4) To troubleshoot a missing or deleted certificate follow this article: How to troubleshoot a missing or deleted core certificate
3) Missing registry key for the activation URL
3.1) Verify the presence of the AuthorizationServiceUrl key in HKLM\Software\Wow6432Node\LANDesk\ManagementSuite. The value of the key (string) must be http://license.landesk.com/authorizationservice/licensing.asmx On a 9.6 core remove the Wow6432Node part from the registry path.
4) Other complementary tasks
4.1) Run the core server activation as an administrator
4.2) Track the activation process with procmon or wireshark to check if the core is really able to communicate with license.landesk.com
4.3) Delete the content of the %temp%, %tmp% and %windir%\temp folders
4.4) Delete all the .txt and .save files in the %programfiles(x86)%\LANDesk\Authorization Files\ folder\. If you are running a 32 bit server remove the (x86) part in the path. On a 9.6 Core user the %programfiles% folder instead.
5) Other resources
5.1) Unable to activate an 8.7 / 8.8 core server online: https://community.landesk.com/docs/DOC-29443
5.2) Manually activating the core server via email: How to Activate the Core Server
5.3) Missing licenses and subscriptions after a major release upgrade: The core server you are connecting to does not appear to have a valid license
Issue
When running tasks on a client, such as an Inventory Scan, Vulnerability Scan, Repair Task, etc, the client appears to finish the task successfully, but the Core never updates to reflect this. No errors are logged on the Core in the Event Viewer.
Example:
An inventory scan is launched at 5PM, and completes at 5:10 PM. Checking the device's inventory in the Core still shows a "Last Updated by Inventory Server" date that is old. No errors are in Event Viewer under Windows Logs > Application, and no scans are in %ldms_home%ldscan or %ldms_home%ldscan\ErrorScan
Checking the proxhost.log on the client, or IIS logs on the Core lists requests with a return code of 413, such as below:
2017-06-01 08:11:21 172.22.5.190 POST /postingData/scan.upload prefix=ldscan%5Cdecomp&suffix=.SCN 443 - 172.22.2.12 Inventory+Secure+Post - 413 0 0 15
Resolution
This process should not be your first step. Most functions, such as inventory scans and vulnerability scans, have far more common causes of results not showing.
This process applies specifically to situations where you find 413 errors in proxyhost.log. If you do not see these errors, this process is unlikely to help.
On your Core, open IIS Manager and Navigate to Default Site Web Site > Configuration Manager. Then select the upper left drop down in the Configuration Editor, and expand system.webServer, then select "serverRuntime"
Once the serverRuntime option opens, locate the "uploadReadAheadSize" attribute, and set it to 1000000. Then click out of the field and click "Apply"
Now open an elevated Command Prompt and run the following command:
iisreset
Then try to launch whatever task you were doing before. If you still don't see results, and you still see 413 errors in the client's proxyhost.log, you can try increasing the uploadReadAheadsize value in increments of 500000.
Hi
We are performing the migration tasks from LDMS 9.5 to IEM 2017. In order to proceed to do some prior tests, we want to create a laboratory simulating the current environment of the production environment with LDMS 9.5. This LDMS 9.5 is attached to a core database based on Oracle 11g R2.
In our Lab we have installed both Oracle 11g R2 (client + server) and LDMS 9.5, the problem we are faceting is that we can´t connect the product LDMS 9.5 with Oracle 11g, when we try to connect by giving user name / password from the LDMS login page, the system raise an error telling us that the connection could not be done to the database. If we connect directly through the Oracle client with same user there isn´t any problem and the connection is succesfull.
Please, could you give me some advice about any configuration tip at LDMS 9.5 or any other aspect I have to take into account?.
Thank yoy very much
Francisco Villena
Hi Everyone
We have recently updated our LANDESK management suite to 2016.3 from 2016.0.
We have come into a bit of an annoying issue with Workspaces since the update.
When we search for a device, the device appears. But when we click on that device it takes us into a different device record, but one that the same user has been using.
This means our service desk (who only use Workspaces) cannot use Workspaces to install software or remote control the device. They have to remote directly by putting the device in the URL window and ask an engineer with access to the main console to deploy software. This is not ideal.
This doesn't happen for everything but it has been happening enough after just one day of the update to cause some annoyance. I have run a full inventory scan on the device mentioned below just in case.
Here is some screenshots to show what I mean.
Has anyone seen this before or have any suggestions?
Is Landesk 2016.3 compatible with SQL Server 2017?
I didn't find this information in Supported Platforms and Compatibility Matrix for LANDESK Management Suite/Ivanti Endpoint Manager
Ivanti Endpoint Manager and Endpoint Security |
|---|
Other resourcesFor Online Help and Documentation visit the Help Center at http://help.landesk.com/ Customers can create and vote on product ideas within the Enhancement Requests area. For E-Learning and other training available to you visit the Training area. |
NOTE: This article is not a comprehensive list of documents and issues. You can continue to search the rest of the community or the portion specific to LANDESK Management Suite if this page hasn't helped.
Environment:
LDMS 9.6 and newer, wanting to rebrand the LANDESK Agent to display their own company's logo
Scenario:
First go to your Agent settings and open up the Distribution and Patch Settings
Then you will go down to the branding section at the bottom of the menu tree. Once you are within the Branding Section, click on the blue Go to “Branding” link
The Branding window will allow you to verify where you images will be stored as well as allow you to upload your images and also preview how the Repair, Status, and Reboot dialog windows will look with your logo.
Click the preview button to be given a drop down of the available windows
The Icon file will be placed in the upper left hand portion of each window as well as be the display icon on your system tray
We are building a new image staging system.
The OS is Windows 10. We are using LANDESK Management Suite 2016 10.1.0.168.
When we first stage our systems and install Win10, everything is working as expected.
I am able to remote into a system and issue an ALT-TAB command and I see the standard Win10 ALT-TAB box appear showing all running applications and allows me to stop on one to switch too.
During the staging process, we replace the windows shell with an in house shell application (our systems are highly locked down and the users only have access to a handful of applications we present them).
Once we have replaced the Windows shell, when we remote into a system and issue ALT-TAB the system will immediately switch to the next application without presenting the popup showing all running applications.
If I hit ALT-TAB locally on the Win10 system, I get a popup showing all running applications that is similar to the way Windows 7 displayed the ALT-TAB window.
We staged our previous Windows 7 images the same way, using the same shell replacement application and do not have this issue.
This will present problems to our support staff of knowing what windows are open, how to get to the appropriate window, and making sure not to accidentally leave something running that shouldn't be visible to users.
We have tried this with the standard remote view client and with the HTML5 client.
Upgrading LANDESK is not an option, we still support legacy systems running WinXP and this is the newest version we could find that also supports XP systems. Part of this new Win10 image is to replace those systems, but we need to support both until that conversion is complete.
Any ideas?
We are currently using 2016.1 (??), and have encountered an issue where all but a select one or two are no longer resolving to LANDesk. I have tried stopping and restarting services, but that did not resolve the issue. One of the distinct differences between the couple that are resolving versus the balance that are not is that the ones that ARE resolving have the cba_anonymous account, and the ones that are not resolving do not. The 2016.x version of LANDesk is supposed to not require it, and removes it. We've been on 2016 for a number of months and this is the first time we've encountered this issue. Is there some way to reinstall the agent on the servers and have the cba_anonymous account get generated? Or is there something else we need to be looking at?
Note that one of the servers that works fine is a Citrix VM, and the same image was used for that server as it was for other servers that we are encountering the issue with.
LANDESK Management Suite 9.6 SP1 Client Log File Locations
LANDESK Management Suite 9.5 Client Log File Locations
This document assumes the client is running a 64 bit version of Windows.
Please consult the document available here : Where are the Agent install log files?
C:\Program Files (x86)\LANDesk\Shared Files\alert.log
C:\ProgramData\LANDesk\Log\alertsync.log
C:\Program Files (x86)\LANDesk\LDClient\lddetectsystem.log
C:\Program Files (x86)\LANDesk\LDClient\createmonitorroot.log
What Logs Will Help Me Troubleshoot AMT/vPro Issues and Where Are They Located?
C:\ProgramData\LANDeskAV\ldav.log
C:\ProgramData\LANDeskAV\ldav_scan.log
C:\ProgramData\LANDeskAV\ldav_update.log
C:\ProgramData\LANDeskAV\ldav_install.log
C:\ProgramData\LANDeskAV\msi_install.log
C:\Program Files (x86)\LANDesk\Shared Files\residentagent.log
C:\ProgramData\LANDesk\Log\residentagent.log
C:\Windows\SysWOW64\serviceHost.log
C:\ProgramData\LANDesk\Log\fwregister.log
C:\Program Files (x86)\LANDesk\Shared Files\proxyhost.log
C:\Program Files (x86)\LANDesk\LDClient\brokerconfig.log
LDSECSETUP32-HIPS-debug.log (Debug level log for installation)
LDSECSVC-DCM-debug.log (Debug level log for Device Control)
LDSECSVC-HIPS-debug.log (Debug level log for HIPS)
How to troubleshoot LANDESK Endpoint Security: How to troubleshoot LANDESK Device Control
C:\ProgramData\LANDesk\Log\ldiscn32.log
C:\Program Files (x86)\LANDesk\LDClient\data\ldiscn32.log
(This log appears when ldiscn32.exe is run with the "/debug" switch)
C:\ProgramData\LANDesk\Log\ldiscnupdate.log
C:\ProgramData\LANDesk\Log\localsch.log
C:\Program Files (x86)\LANDesk\LDClient\LDSystemEventCapture.log
\Library\Application Support\LANDesk.log (All Components)
C:\ProgramData\vulscan\vulscan.log
C:\ProgramData\vulscan\vulscan.#.log
(The vulscan log will roll and create a vulscan.1.log, vulscan.2.log, etc)
C:\ProgramData\vulScan\softmon.log
C:\ProgramData\landesk\log\Vulscan.log
C:\ProgramData\landesk\log\vulscan.#.log
(The vulscan log will roll and create a vulscan.1.log, vulscan.2.log, etc)
C:\ProgramData\landesk\log\softmon.log
C:\Program Files (x86)\LANDesk\LDClient\Data\sdclient_task#.log
C:\ProgramData\LANDesk\Log\sdclient.log
C:\Program Files (x86)\LANDesk\LDClient\Data\sdclient.log
C:\ProgramData\LANDesk\Log\tmcsvc.log
C:\Program Files (x86)\LANDesk\LDClient\data\SDClientTask.[Core-Name].[task#].log
C:\Program Files (x86)\LANDesk\LDClient\data\[MSI Name].log (created during installation of MSI packages)
C:\Program Files (x86)\LANDesk\LDClient\CurrentDownloads.log (information regarding whether a file has been downloaded from the source or from a preferred server)
C:\Program Files\LANDesk\LDClient\policy.cgi.log
C:\Program Files (x86)\LANDesk\LDClient\policy.client.portal.log
C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.log
C:\Program Files (x86)\LANDesk\LDClient\policy.sync.log
C:\Program Files (x86)\LANDesk\LDClient\Data\GatherProducts.log
C:\Program Files (x86)\LANDesk\LDClient\Data\proddefs\*.xml
For remote control logs, please refer to the document below:
What log files are used for Remote Control Troubleshooting?
Gather logs in an automated way using Management suite 9.6 Service Pack 1
Please refer to the document below to know how to collect logs in 9.6 SP1 with a few clicks.
Hi,
I'm trying to run a batch file that will remove Office 2013 from our machines. However, I have encountered an issue where the batch file doesn't get applied on the client PC (it gets stuck at the Core initiated stage).
Here is what I have done so far:
1) Created a batch file that will use an XML file to silently uninstall Office:
@ECHO OFF
IF EXIST "%CommonProgramFiles%\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" (
"%CommonProgramFiles%\Microsoft Shared\OFFICE15\Office Setup Controller\setup.exe" /uninstall STANDARD /dll OSETUP.DLL /config "C:\Silent Uninstall Config\SilentUninstallConfig.xml"
)
2) On the scheduled task properties, I have set the task to run as LocalSystem and added the SilentUninstallConfig.xml file and the entire Office folder as additional files. The folders that contain all of the relevant files have read permissions for the 'Everybody' group
3) I check Event Viewer on the targeted machine but no entries appear. I have also checked the LD logs and this is what appears:
PolicyTaskHandler.exe.log
10/17/2017 12:27:05 INFO 12992:1 RollingLog : Calculating hash for \\server\c$\SilentUninstallConfig.xml
10/17/2017 12:27:05 INFO 12992:1 RollingLog : Hasherize: failed to calculate hash for file '\\server\c$\SilentUninstallConfig.xml'
10/17/2017 12:27:06 INFO 12992:1 MDMConsole.MDMTaskHandler : MDMTaskHandler.FilterNodesAndProcess(): Called with 1 computer IDs, Task ID 1183
10/17/2017 12:27:06 INFO 12992:1 MDMConsole.MDMTaskHandler : Queueing 0 devices to notify pipe.
10/17/2017 12:29:50 INFO 12992:1 RollingLog : [Task: Batch - Office2k13 Uninstall - 17/10/2017 12:24:33, TaskID: 1183, ProcID: 12992] : PolicyTaskHandler finished processing task, setting task status to [PULL_AVAILABLE]...
LANDesk.Scheduler.GlobalScheduler.exe.log
10/17/2017 12:29:27 INFO 25364:1 RollingLog : Hasherize: failed to calculate hash for file '\\server\c$\SilentUninstallConfig.xml'
10/17/2017 12:29:28 INFO 25364:1 RollingLog : 1183 : Updating allowed machines if needed.
10/17/2017 12:29:28 INFO 25364:1 RollingLog : AllowedMachines.UpdateAllowedMachines2: Updating allowed machines for task:[1183]
10/17/2017 12:29:28 INFO 25364:1 RollingLog : 1183 : Calling method to perform remote operations.
10/17/2017 12:29:28 INFO 25364:1 RollingLog : 1183 : Before hasherize of C:\Program Files\LANDesk\ManagementSuite\landesk\files\LDN-LDSK-001-task-1183.pmf
10/17/2017 12:29:28 INFO 25364:1 RollingLog : 1183 : After hasherize
10/17/2017 12:29:28 INFO 25364:6 RollingLog : 1183 : Troubleshooting guidelines
The global scheduler has delegated task 1183.
The task was delegated by (source): <server>
This task was delegated to (dest) : <server>
Using GlobalTask_Idn : 315
This delegation was done by creating an entry in the GlobalTask table on the destination core (the task id is provided above).
The Entry in the GlobalTask should have set to state column to 1 to indicate that it is a new task and should be processed.
The scheduler service should detect and process this delegated task, please check scheduler service log on the destination core to see if it successfully detected the GlobalTask entry.
10/17/2017 12:29:28 INFO 25364:6 RollingLog : 1183 : Waiting for task 1183 from <server> to complete on <server>. Checking every 10 seconds, inactivity timeout after 1200 seconds.
10/17/2017 12:29:48 INFO 25364:6 RollingLog : 1183 : <server> has completed task with status 5 (Delegated task complete.)
10/17/2017 12:29:48 INFO 25364:6 RollingLog : 1183 : Proxy work thread for core <server> is complete.
10/17/2017 12:29:48 INFO 25364:1 RollingLog : 1183 : Thread is complete, synchronizing status information.
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : 1183 : Remote operations complete, synchronizing status information.
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : No link entries were returned. No tasks will be synchronized
10/17/2017 12:29:48 INFO 25364:1 RollingLog : 1183 : Task complete, returning status 12
schedpkgupdate.exe.log
10/17/2017 12:47:37 INFO 8328:1 RollingLog : Calculating hash for \\<server>\c$\SilentUninstallConfig.xml
10/17/2017 12:47:37 INFO 8328:1 RollingLog : Hasherize: failed to calculate hash for file '\\<server>\c$\SilentUninstallConfig.xml'
10/17/2017 12:47:37 INFO 8328:1 RollingLog : [Stop] Republishing complete.
10/17/2017 12:48:04 INFO 27716:1 RollingLog : [Start] Republishing policies...
10/17/2017 12:48:04 INFO 27716:1 RollingLog : Performing policy update...
10/17/2017 12:48:04 INFO 27716:1 RollingLog : Core has changed, resetting the core language cache
10/17/2017 12:48:04 INFO 27716:1 RollingLog : Getting core language for Key:CurrentLanguage Language:ENU
No entries on the SDClient log file exist.
If anybody has any idea on what is going wrong then the help would be appreciated!
Thanks in advance
Since no new API features are going to be added to the current MBSDK, is there a timeline when we will be able to utilize the new SDK? Maybe as a beta?
Thanks,
Jon
This is just a general post to see what maximum numbers people are able to achieve with there tasks / provisioning.
We have a 16 cores - 16GB RAM ( expandable ) server and we ran a 800 machine provisioning task last night - it was not to build machines but a sequence of events.
The task never completed and actually broke provisioning - we had to restart the server to get it back.
My question is how many provisioning jobs has the community ran at once with no issues and what spec was there core?
We have approx 5k machines. And another question how many DB threads do you have? Were still running one and looking to increase to 2.
I. Introduction
Since LANDesk Management Suite heavily relies on database, you may need to make sure the connection to your database works properly. Most of the LANDesk Management Suite components (if not all) use information from it. Almost everything you do in LANDesk Management Suite will read/write something to your database.
Most of the troubleshooting, health check, audit and day to day work will need to test the connectivity of the database, and in many cases, you may just want to verify this quickly and efficiently
You do not need SQL Server Management Studio, Visual Studio or such for it - database connectivity can be tested simply by creating a file.
A Universal Data Link (UDL) allows you to establish and test a connection and then stores the connection string in text format.
II. Walkthrough of the process
1. Create a new text file on your desktop (it can be anywhere though) and rename it test.udl
2. Double-click it.
That’s it; it takes only 10 seconds to create a tool to test your database connectivity!
3. Now simply populated the fields needed (screen 1). Please remember that LANDesk Management Suite supports ONLY an username/password authentication. Should you choose NT Integrated Security, it will not ensure everything is working fine with LANDesk Management Suite, even if the connection suceeded.
Screen 1
4. Select one of the different provider (screen 2):
Screen 2
5. Get back to the Connection tab and click Test Connection. If the connection works, you will get the following confirmation message (Screen 3):
Screen 3
5. To get the connection string with the information you’ve just entered, simply open your test.udl file with a text editor, and you will get the following:
[oledb]
; Everything after this line is an OLE DB initstring
Provider=SQLOLEDB.1;Persist Security Info=False;User;Initial Catalog=ldms9;Data Source=LDMSdb