Download presentation
Presentation is loading. Please wait.
1
User Groups – Q4-2008 LANDesk Support Update
2
The LANDesk Community
3
Community – Overview LANDesk Community is the people who use our products ›LANDesk support team, developers and SEs ›Partners / ESPs ›Customers Everyone who uses our product has different knowledge Combined knowledge of these people is a very valuable resource Purpose of Community is to enable these people to share knowledge with each other ›Everyone gets smarter
4
Community - Website Best source of technical information for people who use LANDesk products One website combines knowledgebase, forums, downloads, blogs, and support portal ›Shared login ›Ability to search all content from one place ›Available to EVERYONE
5
Community - Forums Anyone can post a question, anyone can answer it Easy to collaborate with experts Learn from fellow customers and their real-world examples, experience, and best practices ›(50% of answers provided in the community are from people who don’t work for LANDesk) Reputation system to recognize top contributors ›People who ask the questions decide which answers are best and reward points accordingly
6
Community - Knowledgebase Content includes: ›Solutions to incidents reported to support team ›BKM documents and troubleshooting guides ›Tips and tricks from customers and partners Interactive knowledge ›Anyone can contribute knowledgebase content (even you!) ›Users can comment on articles – automatically notifies the article author to review the comment and article ›Users can rate articles – highest rated articles have increased visibility
7
Community – Support Portal LANDesk PMA/EMA customers can use the support portal to open and manage incidents with the Customer Support team Integrating the portal with the community site enables single-sign on across both systems ›Access the portal at: http://community.landesk.com/support/community/port al http://community.landesk.com/support/community/port al Suggestions for improvement are ALWAYS welcome
8
Agent Installation Issues
9
Agent Install Top Issues Machine no longer detected in the console after upgrade Running uninstallwinclient.exe does not remove all services One or more services (policy.invoker, TMCsvc, etc) are missing Inventory scans aren't being set to core server after agent upgrade
10
Agent Issues - The Problem The Microsoft API calls LANDesk uses for agent updates do not allow children of a given process to kill the parent process’s with an open socket. This may cause problems agent upgrade due to the Alerting functionality which may have inherited rights to the parent socket if in use. When the Alerting Agent (collector.exe) cannot be stopped, this process keeps the CBA agent from fully stopping and thus when the uninstall attempts to run only part of the CBA agent is removed. This essentially means that since we launch the upgrade process with residentagent.exe, we can’t kill the process to update it because it is now the parent of the update process. This problem will cause different end results as indicated by the previous slide.
11
Agent Issues – The Fix http://community.landesk.com/support/docs/DOC-4449 LANDesk now recommends using Advance Agent for ALL agent upgrades for 8.7 and 8.8 because of the before mentioned parent / child termination problem. Since Advance Agent runs it’s own service, all components / services of the existing installed agent can be terminated and upgraded. This post SP2 patch should also be applied http://community.landesk.com/downloads/patch/CLN-977388.2-2.zip http://community.landesk.com/downloads/patch/CLN-977388.2-2.zip Read the FAQ: http://community.landesk.com/support/docs/DOC-4686http://community.landesk.com/support/docs/DOC-4686
12
How to troubleshoot Integrated Security Remote Control
13
Troubleshooting Process Step 1 - Verify the security type is set to 9. Step 2 - Obtain all the logs. Step 3 - Determine where in the integrated security process, the failure is occurring. Step 4 - Search the Community for Errors
14
Step 1 – Verify the security type is 9 On the Agent workstation, check the following key in the registry: HKLM\Software\Intel\LANDesk\WUSER32 DWORD: SecurityType
15
Step 2 – Obtain all the logs Viewer Logs Remote Console Logs FilenameDefault PathDescription Console.exe.log ManagmentSuite (on the console) Logs Console activity. Connection Messages.txt n/a – In the Remote Control ISSCNTR.EXE interface. Logs the attempt to connect and authenticate and the result. Web Console Logs FilenameDefault PathDescription Connection Messages.txt n/a – In the Remote Control ISSCNTR.EXE interface. Logs the attempt to connect and authenticate and the result.
16
Client Logs Filename Default PathDescription Issuser.log C:\Program Files\LANDesk\LDClient Logs any attempts made to remote control the client. Isswuser32.log C:\Program Files\LANDesk\LDClient This log must be manually created to enable verbose logging. Alertlog.xml C:\Program Files\LANDesk\Shared Files\cbaroot\alert\queue XML file where each alert that is sent is stored. Alert.log C:\Program Files\LANDesk\Shared Files Log for alert.exe. Logs any alert transmissions.
17
Core Server Logs Core Logs Filename Default PathDescription exYYMMDD.log C:\Windows\System32\LogFiles\ W3SVC1 IIS log. Logs traffic to web server. w3wp.exe.log C:\Windows\System32\InetSrv Log for the web service process w3wp.exe. Each application pool has a w3wp.exe process and can log to this file. UserValidatorErrLog.txt \ManagementSuite Any failed attempts by the web service or LANDesk1 Com+ Application to enumerate groups on the domain are logged here. LANDesk.ManagementSu ite.Information.log \ManagementSuite\Log Logs the signing of the signed rights document.
18
Step 3 - Determine where the failure occurs The LANDesk Remote Control Process Remote Control Viewer connects to agent on port 9535. Agent responds with security type 9 which means Integrated Security.
19
Console contacts the Core Server’s RemoteControlServices.asmx web service Note: Please review this Community Article: Understanding Remote Control User Authentication http://community.landesk.com/support/docs/DO C-4670 http://community.landesk.com/support/docs/DO C-4670
20
The Core Server queries for rights from the database for the user. The Core Server sends and ldping to the client and requires a response. The Core Server checks if user is in the Managementsuite group. Note: the LANDesk1 COM+ Application identity is used to enumerate groups on the domain. Any failures to enumerate groups on the domain are logged tot his file: UserValidatorErr.txt. Troubleshooting this is the same as troubleshooting the Unable to Validate errors when open the web console: LDMS 8.8 Matrix for successful authentication when logging into the Web Console http://community.landesk.com/support/docs/DOC-3020 http://community.landesk.com/support/docs/DOC-3020
21
Core Server sends the signed rights document to the Remote Control Viewer. If permission is granted in the signed rights document, the Remote Control Viewer is allowed to establish a session with the agent.
22
Step 4 – Search the Community If you find an error, such as the following: ERROR on 10/31/2008 12:13:11 PM with user CALDOR\Administrator, and core vm88: GetGroupUsers() : NetGroupGetUsers failed with an ERROR_LOGON_FAILURE code. IIS may not have permission to query the domain for group information. Then you search the Community for “NetGroupGetUsers failed”, you will find these and more articles: Doc-3012 - The account used for the LANDesk1 COM+ Application Identity is locked Doc-3006 - User is in a nested Active Directory Security Group - Global group with default LANDeskComPlus identityThe account used for the LANDesk1 COM+ Application Identity is lockedUser is in a nested Active Directory Security Group - Global group with default LANDeskComPlus identity
23
LANDesk Antivirus
24
Using LANDesk Antivirus over WAN links Option added for “View as report” in Antivirus Activity and status information Window. LANDesk Antivirus
25
Using LANDesk Antivirus over WAN links: To make this work effectively you should read the following community article: http://community.landesk.com/support/docs/DOC -3197 http://community.landesk.com/support/docs/DOC -3197 And apply the following patch: AV-2079588.2
26
LANDesk Antivirus
27
Option added for “View as Report” in Antivirus Activity and status information window. Patch AV-1265688.2 adds this right-click reporting option.
28
LANDesk Power Management
29
LANDesk Power Management FAQ: http://community.landesk.com/support/docs/DOC -3237 http://community.landesk.com/support/docs/DOC -3237 How LANDesk Power Management Works: http://community.landesk.com/support/docs/DOC -4592 http://community.landesk.com/support/docs/DOC -4592
30
LANDesk Inventory and Software Monitoring
31
Limit/Prevent Software Scanning [Exclude Folders] /RSS /F- http://community.landesk.com/support/do cs/DOC-4464 http://community.landesk.com/support/do cs/DOC-4464
32
SLM Office Data is incorrect Main office suite data is correct Office applications that are not part of the main suite and are not the same version as the main suite will report incorrect usage data http://community.landesk.com/downloads/patch /SLM-2027487.6-2.zip http://community.landesk.com/downloads/patch /SLM-2027487.6-2.zip
33
LANDesk File Downloading
34
Why add Downloading Technologies Reduce WAN traffic If download is interrupted do not lose the work that was done Allow for distributed environment Allow machines to get packages while out of network – LANDesk Management Gateway Do not disturb other network traffic Pre-stage packages to allow for faster deployments with less user disruption Allow for authenticated share access
35
Downloading Technologies Checkpoint Restart Targeted Multicast Local cache Peer to Peer Subnet Aware Downloading Preferred Server Bandwidth throttling Dynamic Bandwidth Throttling Run From Source Downloading to Clients through the Gateway
36
Check Point Restart LANDesk downloads use a byte level check point restart - HTTP and UNC both use this technology ›If a file download is interrupted then on resume the download will restart at the failed byte ›What a partial looks like in SDMCache on the client @@partial@@firefox.exe
37
Targeted Multicast ›A Multicast domain is discovered ›A Multicast Representative for the domain is selected ›The files are Unicast to the Rep and then Multicast to the Domain ›Multicast packets have TTL set to 1 can not cross a Router Common Issues ›Additional files failed to download Cause 1: The TMC is UDP based and if packets are lost then the machine will fail out of the Task. Cause 2: TMC is multicast traffic and requires that the switches and OS be using the Same version of IGMP ›XP SP2 updated the version of IGMP causing many failures in Multicast Cause 3:Switches isolated Multicast traffic causing discovery to find more Multicast subnet than actual Subnets As a UDP based Protocol packets are sent multiple times to increase the robustness and reliability of Multicast.
38
Local Cache The agent installation creates a folder ›\\Client\Program Files\LANDesk\Ldclient\SDMCache\\Client\Program Files\ This folder is used as a temporary storage location for files that are being transferred Files are cleaned out of this folder automatically ›Defaults are 2 days for clients and 14 days for MDR MDR is only used in TMC task Files in this folder and registered with the TMC service can be peer downloaded
39
Peer to Peer When the agent needs a file, a file discovery packet is sent to local peers ›Peers respond with percentage of requested file in cache ›If multiple peers have the file then the fastest response time is taken Peer will only allow 7 remote peer connections
40
Peer to Peer Peer to peer downloading ›Always attempted ›If peer only is selected install will fail if not available on the local subnet Issues ›Selecting Peer download only in the Advance agent If peer only is selected, make sure to Pre-cache the file ›The files have timed out and been deleted from the SDMCache
41
Peer to Peer File Discovery TMC Service ›Listens for File requests ›File requests are verified against the files registered with the TMC service ›When LANDesk downloads the file the file is automatically registered ›If a file is to be manually added to the folder Stop the LANDesk Targeted Multicast service Add the files Start the Service What is registered on a client ›Registrations are stored in the registry key HKLM\software\Intel\LANDesk\LDWM\Distribution\Multicast\Cache files
42
Peer aware downloading
43
Overview Order of locations attempted ›Local cache ›Peer ›Preferred server ›Source
44
Subnet Aware Download
45
Peer aware downloading ›Limits remote downloading to a single computer ›Collective bandwidth usage Configured in Delivery methods
46
Step 6: Machines that were off turn on and are back on the network. They check with the Core Server for policies required and missed by the client. Subnet Rep & Peer Download 46 CORE SERVER L2 SWITCH ROUTER L2 SWITCH 256k T1 ROUTER Step 1: LANDesk administrator schedules distribution to clients across the enterprise Step 2: The best Subnet Representative is selected in each subnet Step 3: Subnet Representative begins the download of the package(s) Step 4: Other targeted machines start to pull from another machine that already has parts of the package in it’s cache. Step 5: If the best Subnet Representative fails or stops another machine will pickup where it left off and become that new Subnet Representative ON OFF
47
Preferred Server This was designed to allow for distributed staging servers ›Allow for authentication ›Allow for clients to find the best Staging server ›Invisible to the client when it is redirected ›Allow for servers to only work for specific subnets
48
Preferred Server Ldredirect is the file responsible for this Shares must be the same name ›Directory structure must be the same on source and preferred server Configured at the core ›Didn’t want passwords from web console going over HTTP ›Accessed from Preferred Server menu option in console ›Passwords are only on the Core and the Client make a request to the Core to access a share
49
Preferred servers 49
50
Preferred Servers 50
51
Preferred servers Controlling how many servers are detected ›Can be from 0 (don’t use) to 7 ›Registry value listed in ntstacfg.in# ›SOFTWARE\LANDesk\ManagementSuite\WinClient\SoftwareDistri bution\DynamicPreferredServers 51
52
Preferred Servers Clients track which Preferred Servers were used ›Ldredirect favors servers that had the file ›Temporary in memory history Cleared periodically (default 1 hours) Cleared when application exits Preferences configured via the registry (in ntstacfg.in#) ›SOFTWARE\LANDesk\ManagementSuite\WinClient\SoftwareDis tribution ›ServerHistoryUseCount defaults to 3, minimum number of times server must be used in order to be more preferred ›ServerHistoryCacheTime Defaults to 3600 seconds, the amount of time to remember that a server was used. 52
53
Preferred Servers Building the list on the Client ›Cached server usage first, servers used more than the minimum number of times first Server used most is first Will not be repeated in list ›Append dynamic preferred servers ›Append preferred servers from registry 53
54
Synchronizing Preferred Servers Example http://community.landesk.com/support/docs/DOC-2288 To synchronize the content of the core server and a preferred server using the robocopy utility do the following: 1. In the Management Suite Console go to Tools | Distribution | Manage Scripts. Create a new custom script with the following line: [MACHINES] LocExec1=C:\progra~1\landesk\managementsuite\ldlogon\packages\robocopy\Robocopy.exe \\ \ldlogon\packages \\ \ldlogon\packages /mir /IPG:3 Save the script with the desired name. 2. Download the robocopy utility from Microsoft's web site. The utility is part of the Windows Resource Kit. At this time the URL to download the Windows Resource kit is: http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE- B18C4790CFFD&displaylang=en Copy the robocopy.exe file to the location specified in the script. In the example above, it is c:\program files\LANDesk\ManagementSuite\ldlogon\packages\robocopy. 3. Check that the scheduler service is running as a user that has rights to the preferred server share. Preferably the scheduler service should run as a domain admin account. To change the user account that the scheduler service runs as, on the core server go to Configure | Services | Scheduler tab | Change Login. Use the format of domain\user when entering the credentials. 4. The same directory structure must exist on the preferred server that exists on the core server. For example, if you have created a directory called packages in the LDLOGON share on the core server, then the preferred server must have an LDLOGON\packages directory as well. 5. Create a scheduled task by right clicking on the newly created script and choose Schedule. This will create a scheduled task. 6. Drag and drop the core server onto the scheduled task. The script will run the locexec command on the core, and run the robocopy.exe with the specified parameters.
55
Preferred Server UNC Authentication Used when accessing a UNC location ›Check first then authenticate ›Connections dropped when complete Credentials obtained from the core ›HTTPS web server ›Client authenticates by listing trusted certificate hashes 55
56
UNC web service usage 56 Is my cert in list? Fail request Return credentials Authenticated No Yes Core HTTPS web service Client authenticates by listing trusted certificate hashes Core goes to the database directly
57
Dynamic Bandwidth throttling Configured as a percentage of the available bandwidth to use While downloading the time delay to get a package is monitored based on the time the delay between packets is increased or decreased ›This allows for the download to be dynamically adjust the amount of bandwidth that is being used ›Switch: Polite=
58
File based bandwidth detection DFS bandwidth detection problem ›Always went to the root DFS server Download a portion of the primary package file to determine bandwidth ›If the whole file is smaller, then the whole file is downloaded Enabled for SDClient by registry key ›SOFTWARE\LANDesk\ManagementSuite\WinClient\Softw areDistribution ›UseDownloadForBandwidth – non zero to enable ›DownloadSize –bytes to download 1024 – 65535 supported ›Keys are in the ntstacgf.in# file 58
59
Run From Source Allows for an installation to run directly for the Share ›This is the same as mapping a Drive and executing the software ›Preferred Server credentials are used to map the drive ›Once the application is launched there is no control over the throughput
60
Policy Downloads & the Gateway Clients that communicate through the gateway ›Check local cache ›Check peers ›Attempt to communicate with the package server If this is the Core Server then the request is routed through the Gateway ›Gateway Clients LDWM registry key must be configured with the Core Server name that is listed in the Default Agent Configuration.
61
Scenario 1 You want the package to trickle regardless of network congestion. In the case the Network is congested, you want the download to be polite. You only want one machine at a time to be able to go back to the core server for the package.
62
Scenario 2 You have a Remote site that cannot download across the WAN You need to set up a delivery method that will not cross the WAN to try and get the files. You can pre-cache files
63
Scenario 3 You have a Remote Subnet with clients that only communicate through the Gateway. Files are pre-staged on one of these clients. Can a Peer download the package from another peer?
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.