We are trying to avoid multiple reboots when pushing Windows patches. It seems that more times than not, LDMS requires users to reboot multiple times when pushing patches. Ideally we would like to reduce the amount of required reboots to twice per month. Our environment is almost 100% mobile which makes it even more tricky. I came across the setting in Distribution and Patch to Start Repair even if Reboot is already pending. I'm curious to know if this setting will allow all patches to install at once and therefor only require one reboot?
↧
What does Start repair even if Reboot is already Pending do exactly? LDMS 9.6
↧
bypass a maintenance window - vulscan - patch manager
Hello, I could you help with in soving some small problem with vulscan patch manager.
I use Landesk 9.6, I have a agent with some agent settings to be deployed on user workstations.
I configured distribution and patch settings with a maintenance windows.
My question is, I want to start a manual scan/repair on a specific workstation for an urgent patch.
I mean I want to bypass the maintenace windows settings from the current agent and force a patch scan and auto fix.
I tried to start a patch and compliance scan now on the workstation where I choose an other scan and repair setting where no maintenance windows is configured in.
The scan and repair always finish with, something like: deferring action until next maintenance window...
any idea about how to achive that?
thank you.
↧
↧
sdclient.exe or the installation program was terminated at the client
Hello everyone
I have a bat file is what makes the internet explorer inicar by turning the equipment is the key
@ echo on
reg ADD "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v InternetExplorer /t REG_SZ /d "C:\Program Files\Internet Explorer\iexplore.exe http://intranet-estafeta.estafeta.com/ie.html" /f
but it shows me the following error
Result
sdclient.exe or the installation program was terminated at the client
Could someone please help me on how to fix it?
Best regards,
↧
System problem in many computers after install agent
My problem is that in the organization where my enterprise wants to implement LDMS, there arose a problem with some computers, which began to fail and finally unable to log on, there's someone else has this happened?
More informatión:
The number of teams in the company about 80,000;
They all scattered in different network segments,
The affected computers are 160 and belong to different segments,
The minority of those 160 have not installed the agent and therefore do not communicate with LDMS
We found a security flaw in the system microsoft damaging collision with third party applications, but that update is not installed in the damaged equipment was discarded.
The problem is they are trying to blame this LANDesk equipment failure, that way we could show that LANDesk does not cause this type of failure?
thank you very much, best regards!!
↧
Force Encryption of all USB Mass storage Devices
Am I missing something obvious here. I have created an agent setting to force encryption and I get no prompts when I insert the USB. Has anyone done this successfully and or have a link? Thanks in advance.
↧
↧
CVE-2014-0224 patch
Hi everyone,
We are using LDMS 9.0 SP4 and we have approx. 120 Servers with a vulnerability finding (OpenSSL Out of Order Change Cipher Spec MiTM Vulnerability) on port 9593. Does anybody know where I can find and download the mentioned patch (CVE-2014-0224) so to be deployed to the agents?
Regards,
Konstantinos
↧
client has initiated asynchronous policy execution
Hi,
We just upgraded to Management Suite 9.60.0.244
When I try to distribute an exe file I get this message and return code 1354.
There is also an exclamation mark on the task and when I start it is possible to restart direcly after. Just as it is not really run?
The file gets copied to the client machine but the file is not executed.
I have tried to run it both silently and with a progress bar but nothing happends.
The log file does not tell me anything I manage to understand.
I have seen this happen to others but no solution how to solve this.
This is found in the sdclient_taskxxx file
The file is distributed from server1
Wed, 15 Oct 2014 07:53:03 ******* sdclient starting to process task *******
Wed, 15 Oct 2014 07:53:03 Task id to process: 512
Wed, 15 Oct 2014 07:53:03 Command line: /policyfile="C:\ProgramData\LANDesk\Policies\CP.512.RunNow._lIW0e3L0PG/vd8TIqNKU9OBgrGU=.xml"
Wed, 15 Oct 2014 07:53:03 File (\\server1\app\Landesk distribution\Microsoft\Patches\kb2878218\mso2010-kb2878218-fullfile-x86-glb.exe) is not in cache
Wed, 15 Oct 2014 07:53:03 The nostatus flag has NOT been set.
Wed, 15 Oct 2014 07:53:03 Core name 'server2' obtained from active task list
Wed, 15 Oct 2014 07:53:03 Sending task status, cmd line -coreandip=server2 -taskid=512 -retcode=229392444 "-ldap=CN=name,OU=IT,OU=HQ,OU=Con,OU=Users,OU=Company,DC=server1,DC=local" -pkgid=367
Wed, 15 Oct 2014 07:53:04 About to call DownloadFiles (1 files) with these settings:
Wed, 15 Oct 2014 07:53:04 m_allowedBandwidthWAN: 25
Wed, 15 Oct 2014 07:53:04 m_allowedBandwidthLAN: 75
Wed, 15 Oct 2014 07:53:04 m_maxDiscoveryThreads: 1430663218
Wed, 15 Oct 2014 07:53:04 m_discardPeriodSeconds: 604800
Wed, 15 Oct 2014 07:53:04 m_preserveDirectoryStructure: 1
Wed, 15 Oct 2014 07:53:04 m_bUseWanBWForPush: 0
Wed, 15 Oct 2014 07:53:04 m_bSynchronize: 0
Wed, 15 Oct 2014 07:53:04 Allowed download methods(m_downloadControl):
Wed, 15 Oct 2014 07:53:04 PeerOneSource
Wed, 15 Oct 2014 07:53:04 Peer
Wed, 15 Oct 2014 07:53:04 Source
Wed, 15 Oct 2014 07:53:04 m_preferredServerControl: AttemptPreferredServer
Wed, 15 Oct 2014 07:53:08 The nostatus flag has NOT been set.
Wed, 15 Oct 2014 07:53:08 Core name 'server2' obtained from active task list
Wed, 15 Oct 2014 07:53:08 Sending task status, cmd line -coreandip=server2 -taskid=512 -retcode=229392258 "-ldap=CN=name,OU=IT,OU=HQ,OU=Con,OU=Users,OU=Company,DC=server1,DC=local" -pkgid=367
Wed, 15 Oct 2014 07:53:09 ExpandEnvironmentVariables Result:
Wed, 15 Oct 2014 07:53:09 The nostatus flag has NOT been set.
Wed, 15 Oct 2014 07:53:09 Core name 'server2' obtained from active task list
Wed, 15 Oct 2014 07:53:09 Sending task status, cmd line -coreandip=server2 -taskid=512 -retcode=229392406 "-ldap=CN=name,OU=IT,OU=HQ,OU=Con,OU=Users,OU=Company,DC=server1,DC=local" -pkgid=367
Wed, 15 Oct 2014 07:53:11 LSWD or Executable Client Thread
Wed, 15 Oct 2014 07:53:11 PackagePath: [\\server1\app\Landesk distribution\Microsoft\Patches\kb2878218\mso2010-kb2878218-fullfile-x86-glb.exe]
Wed, 15 Oct 2014 07:53:11 Processing generic executable
I guess it has something to do with the delivery method? If I check Agent settings in old sheduled tasks I can see they refer to my earlier configured delivery method. In my new task it is default set to "keep agent's current settings" and it is not possible to find my earlier created delivery methods.
I really would appreciate any help. :-)
↧
Devices getting multiple reboots since upgrading Core to 9.6, agents still on 9.5
We have had a lot of issues with PCs and Servers rebooting multiple times since about a day after we upgraded our core server to 9.6. We have not updated our agents yet and planned to do them in an orderly fashion over the next couple weeks. Has anyone experienced this after upgrading?
↧
CISCO ISE?
I know that LANDesk used to have a CISCO NAC plug-in that allowed it to sandbox non-compliant computers.
We are talking to our CISCO guy about using CISCO ISE to do network posturing (NAC) but the new NAC Client for ISE does not appear to talk to LANDesk at all. It can query for LANDesk AV version, but not for a compliance policy or security and patch scan.
Has anyone out there in LANDesk land had any experience in getting the CISCO ISE (NAC) client to use LANDesk as a source for compliance policy and remediation?
↧
↧
LDMS 9.5 & TVT
Hi,
I need to install LDMS for TVT V9.5.
I have downloaded Media Install from this link: Lenovo Thinkvantage Tools for LANDesk Management Suite / Security Suite 9.5 Download
But when I want to download SP1, I have a 404 error.
Can you please upgrade the link?
What about SP2 and SP3? Standard Service Pack can be applied on TVT version of LDMS 9.5?
Thank you for your Help.
↧
During distribution tasks core server creates hundreds of connections with database server and takes lots of database server resources (memory)
When a Software distribution task (or patching task) is launched to 4000 client nodes, the core server creates hundreds even thousands of database connections against the Oracle sever and as the oracle server has a limit of 600 hundreds simultaneous connections for the LANDESK database, and when this limit is reached the Oracle server discards new connections while the connection limit has been reached. Because of that most of the software distribution tasks fails to complete and ends with an error. My question is how many concurrent connections to the oracle database should be defined for a customer with 5000 client nodes assigned to the core server?
On the other hand oracle administrators does not feel very happy having to assign so many connections to the LANDESK database, as no other database applications require such a number of connections for the same number of client nodes.
Any ideas?
↧
Why am I getting a reboot prompt 12 hours before, especially when NO devices have been assigned to the task yet.
I am doing an Agent Upgrade after updating from 9.5 SP2 to 9.6. I have reboot turned to never in all settings.
I am creating a reboot task to run independantly tonight between midnight and 2am. I have NOT assigned any devices to the task yet.
As soon as I created the task (NO devices assigned to it yet) I started getting reboot in 12 hours notification and prompts.
I have gone back through the Reboot Settings and the implemented Reboot Policy says Act as if Reboot is Never Needed.
Any thoughts?
↧
HII problems w/ Dell Precision M6800
Hi all,
Got our first Dell M6800 laptop in this week, am getting Win7 x64 drivers prepped for OSP with HII....downloaded the latest Dell enterprise driver pack for this model, imported into the driver library, assigned the needed drivers.
For whatever reason, when attempting OSP, HII just will not download two specific driver files...one's not terribly important, the Dell touchpad driver (specifically the file DellTPAD.exe) and the Centrino Untimate N drivers, which are much more important (netwsw00.sys specifically). I just cannot determine why these two specific files aren't able to be downloaded....I have tried UNC as well as HTTP, I can manually download both files either way, but HII doesn't seem to be able to.
HIIclient.log doesn't seem to indicate any problems other than the failed DISM command at the end, return code 2. The files are listed in the list of files to be downloaded
Setupapi.offline.log shows the following errors for each file...
!!! flq: Error installing file (0x00000002)
!!! flq: Error 2: The system cannot find the file specified.
! flq: SourceFile - 'c:\Windows\LDDriverStore\M6800-win7-A05-DPCCC\M6800\win7\x64\input\323GH_A00-00\win7x64\production\Windows7-x64\DellTPad.exe'
! flq: TargetFile - 'c:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_amd64_neutral_8c7ba743a1167e82\DellTPad.exe'
!!! sto: Failed to copy file 'c:\Windows\LDDriverStore\M6800-win7-A05-DPCCC\M6800\win7\x64\input\323GH_A00-00\win7x64\production\Windows7-x64\DellTPad.exe' to 'c:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_amd64_neutral_8c7ba743a1167e82\DellTPad.exe'. Error = 0x00000002
!!! flq: SPFQNOTIFY_COPYERROR: returned SPFQOPERATION_ABORT.
!!! flq: Error 995: The I/O operation has been aborted because of either a thread exit or an application request.
!!! flq: FileQueueCommit aborting!
!!! flq: Error 995: The I/O operation has been aborted because of either a thread exit or an application request.
!!! sto: Failed to copy driver package to 'c:\Windows\System32\DriverStore\FileRepository\apfiltr.inf_amd64_neutral_8c7ba743a1167e82'. Error = 0x00000002
!!! sto: Failed to import driver package into Driver Store. Error = 0x00000002
Checking that source location, the file is in fact not there....I assume that means it was never downloaded from the driver store. So....what else should I look at to find out why? I am really stumped.
Thanks!
↧
↧
95 SP3 - Icon change
I'm not finding any documentation that describes this, so look here for some input. This week we upgraded the Core and our Consoles for LD95 SP3. The core and consoles patched without any problems.
After several days we started testing updating the agents. We elected to push out new agents to address the endpoints. Patch and Compliance reflected the agent deployment as the number of affected computers without SP3 dropped with each deployment.
However, we noticed a new icon indicator (we started with 95 SP2, so this is the first sp upgrade). It appears there is a small "S" in a red bubble under the binoculars.
We assumed before deployment that this was the indicator that the installed agent was not at the current SP level. However, as the agents are deployed the icon indicator remains. What do we have to do to eliminate this from showing.
This is not critical as we will be deploying LD96 early next year. But I like my systems to "look right". Thanks
↧
Integration between LDMS and ThinApp
Hi,
I'am newbie in LDMS ...
I need information about the integration between LDMS and ThinApp:
- how does it work
- what is possible / not possible
- are there any restrictions
Thanks in advance
↧
Importing specific AD and SCCM data elements into LANDesk.
We are newbies with LANDesk so bear with my fundamental questions. Is it possible to import specific AD and SCCM attributes into LANdesk so I can see them in the console? I already import all computers into Landesk from time to time and we also have agent scanning enabled. Two specific pieces of data are computer last logged in date (AD) and SCCM null / non client status. I'd like to be able to pull this into LANDesk for as long as we keep the two systems running in parallel. If its possible whats the best appreach?
↧
Web Console 9.5 sp2
Good morning, to see a computer in the web console, when we go to the properties of the computer it takes a lot of time. We test this in different browsers and we have the same result. Also we stop Antivirus and Firewall services.
↧
↧
agent patches in LDMS 9.6
Hi all
I recently installed a test LDMS 9.6 server and am trying to get to grips with changes in 9.6.
I have noticed the following definitions in patch manager:
There is no description associated with each definition so I am unsure exactly what issues they are supposed to fix.
I have made these definitions available to my test clients and when I manually run a security scan on each device, I get a lot more patch activity than I would normally expect to see (almost looks like it is going round in circles)
Are these definitions part of some kind of agent health check?
Thanks!
↧
vulscan.exe is Causing UAC Prompt after Login
After deploying an updated agent configuration to some Windows systems, I get the following UAC prompt:
Why is this? I'm not even sure which logs would help; there's also nothing apparent in Event Viewer.
↧
How can I query landesk inventory to determine if IIS is installed on our Windows Servers?
We are running Landesk v9.60 on the Core. Our deployed agents are still running v9.5sp2 due to the new "AMT features" included in the v9.60 agent. Our Windows Servers however, are running the landesk v9.60 agent. I am being asked to query landesk to find out which servers have IIS running. Does anyone know how to do this? If the answer is to use Software License Monitoring, then could you explain how to enable this only on our servers?
If there a a quick query I could run, that would be best. I haven't come up with a reliable query to gather this information.
↧