Dashboards is a new feature in LDMS 2016 that replaces the old charts in LDMS9.6 and older. This feature utilizes SmartVue and other tools to generate reports for your LDMS 2016 Console. These new reports can be arranged however you see fit and allow you to make some interesting combinations.

Please do not delete this task.

However due to SmartVue being a dependency for some of these reports you may not always see report data from some of these reports. If that's the case then you'd want to make sure that your SmartVue task is still running. By default with LDMS 2016 SmartVue will be configured to run and you'll see a task for it in your Scheduled Tasks.

In the event that this task is deleted or removed, it's quite simple to recreate it and get your reports back up and running as expected. To do this simply navigate to Configure.. > SmartVue Configuration > Scheduler and define a schedule. Once you click OK it will recreate the task and you'll see it pop up again in your list of public tasks.

For more information on SmartVue please consult the following document: SmartVue - FAQ's and Troubleshooting

For more on the Dashboard editor please consult: https://help.landesk.com/

Problem

• Web Console timing out, not connecting, or being very slow
• An error of HttpException (0x80004005): Request timed out - (ignores executionTimeout)

Cause

This kind of issue is typically occurs when a server-side code function or macro executes for a period of time longer than the maximum timeout period allowed for server-side code execution.

This can be caused by multiple things :

-Too many users logging into the web console and overloading the worker processes, causing timeouts and big slowdowns on the web console and in extreme cases unusable

-A windows update slightly changing the .net framework in a unknown way , requiring the.net to be re-registered

-A slow network connection to the core server from the administrators computer

Resolutions

• To Re-register .net
• To increase the query time out for the console and web console
• And Decreasing/Managing load on worker processes associated with the web console
  

How to Re-register .net

.NET 4.0 (32-bit systems)

To Re-register the ASP.NET 4.0 components. Please reference Microsoft KB 2015129for details, or a brief summary follows:

1. Open a command prompt with administrative privileges on the core server
2. Change directory to
   • 32-bit Windows:
     %windir%\Microsoft.NET\Framework\v4.0.30319
   • 64-bit Windows:
     %windir%\Microsoft.NET\Framework64\v4.0.30319
3. Re-register the components:
   aspnet_regiis.exe /iru
4. Reset the IIS services:
   Iisreset

.NET 4.5 on Windows 8 and Windows Server 2012

  The Aspnet_regiis.exe is not used for installing and uninstalling ASP.NET 4.5 on Windows 8 anymore. ASP.NET 4.5 is a Windows component and can  be installed and uninstalled just like any other Windows component:

1. Run the following command from an administrative command prompt: dism /online /enable-feature /featurename:IIS-ASPNET45
2. On Windows 8 client computers, turn on "IIS-ASPNET45" in "Turn Windows Features On/Off" under "Internet Information Services >> World Wide Web Services >> Application Development Features >> ASP.NET 4.5".
3. On Windows Server 2012 computers, enable "IIS-ASPNET45" using Server Manager, under "Web Server (IIS) >> Web Server >>Application Development >> ASP.NET 4.5".

How to increase the query time out for the console and web console

You can increase the query time out in the console and web console using this article :

http://community.landesk.com/support/docs/DOC-1593

Decreasing/Managing load on worker processes associated with the web console

Finally to decrease the load on the worker processes which for the remote console, you can set them to automatically 'recycle' so that the memory , cache etc. associated with these processes will automatically be cleared and new process be created in their place.

Here are some article on the process of recycling associated with the IIS application web pools

http://technet.microsoft.com/en-us/library/cc753179%28v=ws.10%29.aspx

In this example I am going to use the elapsed time option, this way you will know exactly when the application pool gets reset as opposed to every time a certain memory level is reached which can be very sporadic.

Under IIS manager , navigate to the application pools window pane, via the left column.

Right click the LDAppWeb, where the remote console application resides, and click on recycling…

Notice the default time interval for this application is 1740 minutes, change this to 120 minutes and the worker processes associated with this application pool will refresh ' recycle' every 120 minutes. This should relive pressure on the main web console.

This method can also be manually used instead of performing an iisreset cmd, as this will reset only the applications associated with the web console as opposed to the entire IIS infrastructure.

1. To do this , right click the LDAppWeb, located in the application pools window in the IIS and click recycle. This force the application pool to 'restart' at that moment in time. This can be used in times of urgency to relieve the load on the worker process immediately

Description

Real-time Inventory and Monitoring enabled you to retrieve current real-time information from your client machines such as CPU, memory and network usage. Real-time Inventory is also used by Inspector to display information. Inspector requires both the Baseline Components as well as the Extended Components.

Note: If baseline and extended components are not enabled you will see the following state notifications when attempting to use the Inspector: Real time inventory and monitoring not configured on the device or Unable to contact the device.

Enabling Real-Time Inventory and Monitoring

From the console navigate to Tools > Configuration > Agent Configuration. Double click the agent configuration that you want to enable real-time inventory and monitoring on. Within the agent configuration 'Start' screen check the option for Baseline Components as well as Extended Components option under Real-time Inventory and Monitoring. Save the agent configuration. Deploy the agent configuration to your client machines.

Additional information on agent deployment can be found here: Ivanti Endpoint Manager and Endpoint Security - Agent Deployment Landing Page.

Problem

Some EPM-related services do not appear to be running on the core server, and may appear in the alerts from Window Server Manager. The following three are the most common ones.

• LANDesk(R) SAM Data Service (Default Startup Type is Automatic)
• Managed Planet Task Listener (Default Startup Type is Automatic)
• LANDESK Script Scheduler (Default Startup Type is Manual)

Cause

• LANDesk(R) SAM Data Service only starts when needed by the Office 365 connector in workspaces. More details are introduced in this document.
• Managed Planet Task Listener in particular is not started and is only used with certain reports inside LANDesk Data Analytics. It will start and pool the database for information as needed, Having it stopped is normal, but it should be set to automatic so when it is called it can start as needed. More Details.
• LANDESK Script Scheduler is responsible for running discovery services collector scripts when they are scheduled to run. By default it is not running. unless Discovery Services is installed.

Problem

When attempting to create a new query, you can only view the root attribute "Computer"  from the Machine components in the New Query dialog box, and it cannot be expanded, whether on the core server or a remote console.

Cause

This issue may occur when the display language of the operating system is different from the language of Ivanti EPM, causing inconsistencies in the EPM database. In the above example, The EPM Console is in Chinese and the OS is in English.

Solution

Run CoreDBUtil.exe and Build components.

Problem:

Some users are experiencing issues with the remote console not launching the window correctly after logging in. Sometimes it wont be visible, only part of the window will show, and the minimize/maximize buttons don't seem to be responsive.

Cause:

The windows console uses a 3rd party UI library called VIBlend. VIBlend has a known issue causing this behavior. Ivanti is currently working on removing VIBlend from the console.

Solution / Workaround:

This issue has been filed as a defect (ID 296147). For a temporary workaround, hover your mouse over the LANDesk icon on the task bar and once the preview window/thumbnail preview shows above the icon, right-click the preview window and select Restore. That is usually enough to get the remote console to pull up and center on the screen.

Other users have seen success by opening the task manager and using the the window options when right clicking the process like so:

The long term resolution will be the removal of VIBlend from the windows console. However, this is a major architecture change for the console and doesn't currently have an ETA.

Also See:After logging in to the Console the Console shows in the task bar but the Console window never appears.

Purpose:

Network Mapping is designed to help you understand your companies network. This may or may not be an accurate representation of your environment but will help you determine what is on the network and the bandwidth.

**Note**

THIS IS A NEW FEATURE AND ASK THAT ALL FEEDBACK IS SENT TO SUPPORT TO HELP BUILD A BETTER MAPPING TOOL.

This is using our multicast system and some Access points have Access Point Isolation (AP Isolation)

Prerequisites:

• This is only available on 2018.1
• CSEP is enabled on he subnet (will be covered in the process portion)
• At least one 2018.1 agent on the subnet

Process:

Agent Settings

By default the agent settings for network mapping are turned on. There is not much here other than:

• changing the Route Target- This will send the route info from the client to the target to the core. This could be the core or any other device on the network.
• Frequency- This is how often the route occurs

CSEP

Under the Self-electing subnet services choose the network mapping and in the subnet trees to the right, right click on a subnet and enable.

Network Map

The map will show different layouts based on the traceroute

You will see different colors for the line and this shows the response time of the ping. Green is good response time, yellow is some latency and red is big latency.

Lastly you will be able to drill down and have ability to RC, review provisioning and looking at inventory. You will also see the type of OS for that machine and it's ip.

This network map uses multicast to determine the Rep for the subnet but that rep will perform the traceroute. This route is for the subnet and devices the core knows about within that subnet will be added to the map. This will not tell you devices that are not managed but are in that subnet. This is designed to show you what your network looks like for the devices managed by you the Ivanti admin; this will include agentless scanned devices. The drill down is real time but the latency check is done during the route check which is 7 days by default as you saw but can be changed. This means the map will change as often as your end-users moving around from wired to wireless and vice versa.

Problem

"Invalid Product License"

"The LANDESK product license you're using to access Ivanti Web Management Console is invalid."

Cause

Com+ objects stopped

Core server not activated or hasn't been activated since renewing licenses

Solution

Verify if you can login to the core console first. If you can login, continue on. If you get a licensing error when logging in, try activating the core server first.

Start the COM+ objects

The COM+ objects are used to access certain information within the database. If either of the COM+ objects (LANDesk, LANDesk1) stops running, you can run into issues with remote control, software distribution, provisioning, and webconsole. Basically, if it needs to pull information from the database through IIS, it will fail unless both LANDesk and LANDesk1 are running.

1. Click on your start menu and type Component Services
2. Click through to Computers>My Computer>COM+ Applications
3. Right click each of the LANDesk COM+ applications and choose start

If you get any errors while starting the COM+ objects, please rebuild them: How to rebuild the LANDesk COM+ Objects

Activate the core server

1. Click on your start menu and type Core Server Activation
2. Enter your entitlement credentials
   • This was sent to your company contact when you purchased the product. If you don't know your credentials, reach out to support.
3. Click Activate

The following documents will be helpful if you run into activation errors:

Issue: Unable to Build Core Server Activation File

Troubleshooting Core Server Activation

Description

"Object reference not set to an instance of an object" Error when clicking on tasks - all devices or failed devices in the console.

Applies to 9.0 SP2 cores.

Cause

A bug in the console code.

Resolution

apply the patch following the instructions in the Readme.txt.

Install the following LD90-SP2-MCP_SD-2011-0217 and LD90-SP2-MCP_CONS-2011-0217(the console is needed with the SD patch)

LANDESK Management Suite 9.0 Monthly Component Patches (pre SP3 only)

The Agent Status is obtained from the agent using the following method:

1. ICMP Ping. The IP address from the database is used to determine if ANY device at that address will pong. This does not guarantee that the device requested is that device that ponged, just that something responded from that address.
2. Remote Control Connection. We try to connect to the RC agent using the IP address from the database. If the inventory scan doesn't show that RC was installed, we do not attempt this connection. This does not guarantee that the device requested is the device we connected to, just that the device has an RC client on it that we can connect.
3. CBA8 Ping. This uses a TCPIP connection and receives an XML document from the device. This is the most accurate mechanism. The XML document contains the DeviceID (if it returns anything). The Device ID is verified against the database to make sure that it matches with the device. This method will fallback on a failure to using the DeviceName and letting DNS determine where the machine is. This guarantees the device is the correct device.

This process has been updated and is now multithreaded in LDMS 2016. This allows the console to perform much more smoothly when navigating the network view.

Problem: When trying to do backup on 64bit Core Server getting error:

Error saving file path c:\windows\system32\cba\pds.exe that is associated with Shadow Copy path \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy20\windows\system32\cba\pds.exe. The system cannot find the path specified.

Cause: The pds.exe is stored in C:\Windows\SysWOW64\cba\pds.exe instead of c:\windows\system32\cba\pds.exe on 64bit machines.

It is pretty much the same as having Program Files (for 64 bit programs) and Program Files (x86) (for 32 bit programs). It is designed to be invisible to the service, which is why it thinks it's in a different place than it really is.

This is working how Windows intends for a 32 bit service to work.

Resolution: You can make a link to the "c:\Windows\SysWOW64\cba"

C:\Windows\System32>mklink /d cba c:\Windows\SysWOW64\cba

C:\Windows\System32>dir *cba*
Volume in drive C has no label.
Volume Serial Number is 4CD7-E8DF

Directory of C:\Windows\System32

17/12/2009  09:41    <SYMLINKD>     cba [c:\Windows\SysWOW64\cba]
19/01/2008  09:02           350.208 mmcbase.dll
               1 File(s)        350.208 bytes
               1 Dir(s)  10.079.297.536 bytes free

Description

Installing Remote Consoles has taken a step forward with LDMS 9.0 in that the Remote Consoles can now be configured into a Distribution Package.  The LANDesk Software.msi has been designed so that a silent, automated installation of the LANDesk Console is possible.

The software used to be copied to the server in the ManagementSuite\Install\Media folder during the Core Server installation.  This software is no longer copied to the server.  Instead, the installation source can be extract from LANDeskSoftware9.zip and can be copied to the Preferred Package server or where ever Distribution Packages are stored.

Only a Run from source Delivery Method (requires a UNC share) is documented and supported.  A download from source from UNC or HTTP has not been tested.

LDMS 9.0 Remote Console Deployment

1. Copy the software for each Prerequisite package to the UNC share.

2. Extract the LANDeskSoftware9.zip installer to a folder and place this folder on the UNC Share.

3. Create a Distribution Package for each prerequisite.  Make sure to configure Detection.  They must be UNC based in order to be dependent packages of the LANDesk Remote Console package so that a "Run from source" Delivery Method can be used. They must also be public packages in order to be available as a Dependent package.

   1. Creating a Distribution Package for Windows Installer 3.1 (no dependency)

   2. Use the following article as a template for creating a Microsoft .net Framework version 3.5 sp1 Distribution package. Creating a Distribution Package for Microsoft .NET Framework Version 2.0 Redistributable Package (x86)

4. Create an Executable Distribution Package

   1. Name the package LANDesk 9.0 Remote Console.

   2. Make Setup.exe the primary file. Located in the LANDesk sub-folder in the extracted install files.

5. Add the following command line after the command lines that are generated by the Distribution package:
     
   

   setup.exe [SC=][ST=]/silent[SC=LANDeskSoftware][ST=MSI]/q CORESERVER=YOUR_CORE_SERVER CONSOLE_ONLY=1 SILENT_INSTALL=1 LDINSTALLTYPE=2 LDLANG=ENU

    

   The CORESERVER parameter is not required, environments with multiple Core Servers may leave it blank.
6. Add both the Windows Installer 3.1 and the .NET 3.5 sp1 packages as Dependent packages.

7. Create a new Policy Delivery Method that is set to Use run from source and set to be Always listed for distribution. This can most easily be done by cloning and modifying an existing Delivery Method.

   1. Go to Tools | Distribution | Delivery Methods.

   2. Expand Public Delivery Methods and highlight Policy.

   3. Right click on Always listed for distribution and choose clone.

   4. Double-click on the new cloned delivery method to bring up the properties.

   5. Rename it to Always listed for distribution - Run From Source.

   6. Under Network usage select Use run from source to deploy the files.

   7. Click Save to close the Delivery Method.

8. Create a Scheduled Task and a use the newly created Distribution Package and Delivery Method.

9. Target the LANDesk users' workstations and start the Task.

10. On the LANDesk workstation, open the Software Distribution Portal.  The LANDesk 9.0 Remote Console is now available to the LANDesk user.

     

    Important!Once a Service Pack is released (it is always required to install the Service Pack on the Remote Console.  Applying the Service Pack to the Core Server, then installing the Remote Console, does not mean the Remote Console is installed with the Service Pack already.  The Service Pack must be applied.

Resolution:

Basic Tenets of Role Based Administration!

In this article I wanted to introduce the new format for Role Based Administration (RBA).  At first glance, it may seem that RBA can be exasperatingly complex.  There is basic information, when understood, that will make creating Roles and assigning responsibilities much easier.

1st Rule of Fight Club... I mean RBA!!

The first rule of RBA is to understand the structure.  This structure is as follows:

1. Authentications contain Groups.

2. Groups are assigned permissions (Group Permissions).

3. Roles are applied to Group Permissions.

4. And Scopes are applied to Roles.

When you can grasp this rule, the rest of RBA should be a lot easier to manage.

But I Still Have More Questions!?!

The rest of this article is designed to do the following:

• Re-iterate basic RBA Structure.
• Answer some initial questions.
• Provide links to Additional RBA information and training

Lets go back over the #1 Rule. (with a tiny bit more)

In LDMS 9.0, Role Based Administration follows a natural order of "Containment". Authentications contain Groups. Groups are assigned permissions (Group Permissions). Roles are applied to Group Permissions. And Scopes are applied to Roles.   You can configure Roles 3 different ways   Role Name Rights Scopes Role 1 - Permissions are set but has no Scope. Yes No Role 2 - Scopes are set but has no Permissions. No Yes Role 3 - Both Permissions and Scopes are set. Yes Yes

Some Frequent Questions:

Question 1: In LDMS 8.8 I gave users access to LANDesk functions by adding them to the LANDesk Management Suite Group.  When I do this with LDMS 9.0 my users cannot log in, why is that?

Answer 1:LDMS 9.0 gave Login rights to the LANDesk Administrators group only.  In LDMS 9.0 there are three default groups created by the LANDesk installation.

These groups are:

• LANDesk Administrators
• LANDesk Management Suite
• LANDesk Script Writers

BY DEFAULT:Onlythe LANDesk Administratorsgroup has the right to login to the Console. 

The "Management Suite" and "Script Writers group" provide different levels of NTFS access to the LDMAIN share required for other groups to login to the console.  . 

The following table to shows the 3 Local Groups and their DEFAULT Console login access and NTFS permissions for the 5 LANDesk shares.

Question 2: I've added groups to group permissions and assigned them roles but they can't they log in.  Why?

Answer 2: When logging in to the 32bit Console, part of the Authentication process checks to see if the account has rights to mount the LDMAIN share on the core.  If the user's group does not have this right, then the login will fail.  Web Console login does not check this but many features will not work correctly.

A quick way to fix this is to add the Group to the LANDesk Managment Suite Group on the Core server. 

DO NOT add them to the LANDesk Administrators Group because this will give them full administrative rights!!

Question 3: Why does the Users tool look so different in LDMS 9.0 compared to previous versions?

Answer 3: With the introduction of LDMS 9.0 there were three major changes to the Users tool and RBA.  This necessitated changes to the interface.

The changes are:

1. LANDesk changed how roles were assigned from an "Individual" to a "Group" based control over rights and scopes.
2. The Users tool has been enhanced to allow LANDesk administrators the ability to give groups more granular rights.
3. Integration with additional Directory Services as authentication sources allows for less duplication of groups and their applied rights.

Question 4: Why can't I modify user permissions in the All Users section?

Answer 4: In 8.8 all rights were assigned through the All Users area.  In 9.0 the All Users area only shows what users have logged in and what their respective Permissions, Roles, and Scopes are.  You cannot change the settings for individual users in LDMS 9.0, those changes can only be applied to groups.

Question 5: I've added groups to group permissions and assigned them roles but their users haven't shown up in the All Users section.  Why?

Answer 5: With LDMS 9.0 most users will not show up in the All Users area until they have logged into the 32bit or Web Console for the first time.

Question 6: Are there any additional reference materials for Role Based Administration in LDMS 9.0?

Answer 6: Here are some great Documents and Training Videos by Rex Moffit, one of our RBA Engineers.

1. Getting Started with LDMS 9.0 RBA Document

2. Simple RBA Training Video
3. Advanced RBA Training Video
4. Teams Training Video

All These Articles came from the following Community Article by Rex Moffit:

http://community.landesk.com/support/docs/DOC-7473

AND Once More, this time with Feeling!!!

In LDMS 9.0, Role Based Administration follows a natural order of "Containment". Authentications contain Groups. Groups are assigned permissions (Group Permissions). Roles are applied to Group Permissions. And Scopes are applied to Roles.

Cause

Resolution

Solution 1 - Bypassing the Proxy (Recommended)

1. Disable "Automatically detect settings" for the IE Proxy settings for the user configured for the LANDesk Com+ Application Identity and any other LANDesk user that may not be able to authenticate to the proxy.
   
   
2. Enable the proxy using the manual settings. 
   1. Check the box for "Use a proxy server for you LAN".
      
      
   2. Check the box for "Bypass proxy server for local addresses."
      
      
      
      
   3. Click Advanced.
      
      
   4. Add Exceptions for each of the following items:
      Core Server Name
      Core Server FQDN
      Core Server IP
      Localhost IP
      
      For example, the settings for a Core named vm88.mydomain.com with an IP of 10.1.1.1 would be:
      
      vm88; vm88.mydomain.com; 10.1.1.1; 127.0.0.1
      
      
      
      
   5. Click OK.
      
      
   6. Click Apply.
      
      
   7. Cick OK.

Solution 2 - Configuring the Proxy to Correctly Authenticate

LANDesk has no information on this other than that we are attempting to hit the following site and proxy authentication is failing:

https://CoreServer/landesk/managementsuite/core/ssl/information/databaseinformation.asmx

1. Change the Com+ Application Identity to a User That Can Authenticate on the Proxy.
   
   - OR -
   
   
2. Have the Administrator of the proxy server configure the Proxy to properly authenticate the user configured for the LANDesk Com+ Application Identity. If the administrator is unsure as to how to do this, then use Solution 1 - Bypass proxy server.

The purpose of this article is to connect to a off core SQL Server without using LANDesk technology to ensure database connectivity. A connection will be created from the LDMS core server to the SQL server using Microsoft’s SQLCMD.exe tool. SQL activity monitor will be used to monitor the connection watching for the connection to drop. If the connection drops it can be concluded that there is an issue with network connectivity between SQL and the Core that will need to be resolved before further troubleshooting can be done.

Tools Needed

Microsoft SQL Server Command Line Query Utility SQL 2008

Microsoft SQL Server 2008 Command Line Utilities

The SQLCMD utility allows users to connect to, send Transact-SQL batches from, and output rowset information from SQL Server 7.0, SQL Server 2000, SQL Server 2005, and SQL Server 2008 instances. The bcp utility bulk copies data between an instance of Microsoft SQL Server 2008 and a data file in a user-specified format. The bcp utility can be used to import large numbers of new rows into SQL Server tables or to export data out of tables into data files.

Note:

This component requires both Windows Installer 4.5 and Microsoft SQL Server Native Client

Microsoft SQL Server 2008 Feature Pack, October 2008 link

Microsoft SQL Server 2008 Command Line Utilities

X86 Package(SqlCmdLnUtils.msi) - 7234 KB
X64 Package (SqlCmdLnUtils.msi) - 12212 KB
IA64 Package(SqlCmdLnUtils.msi) - 16515 KB

Microsoft SQL Server 2008 Native Client

X86 Package (sqlncli.msi) - 4549 KB
X64 Package (sqlncli.msi) - 7963 KB
IA64 Package (sqlncli.msi) - 11112 KB

Steps for testing

Core Side

1. Install SqlCmdln Utility on the core server.
2. Open a command prompt.
3. Change the directory to \Program Files\Microsoft SQL Server\100\Tools\Binn
4. Enter the following command string: sqlcmd.exe -S SQLServerName -d DatabaseName -U Username -P Password (example: sqlcmd.exe -S SQL005 -d LDDB -U sa -P Password1 )

If the connection is successful you will see a >1 on your screen.

For a full list of switches for SqlCmd refer to this MSDN article.

SQL Server Side

1. Open SQL Management Studio and connect to the SQL server in the Object Explorer window.
2. Expand the Management tree then open the activity monitor. Locate the connection opened by the SQLCMD application.

At this point you will want to view the activity monitor on the SQL server  to see if the connection has stayed up. Viewing the activity monitor at the end of the day or the next day will determine if there have been any disconects. SQL command line utility will not reconnect if there is a drop either by SQL or network. The application name(SQLCMD) is listed in application column of Activity Monitor so it is easy to identify the sqlcmd connection.

From within the LANDesk Console one of the more useful features is the ability to right click a machine and perform administrative tasks.

Some of these tasks are:

Request an inventory scan

Wake up a machine

Shut down a machine

Request a Security scan

When one of these options is selected the LANDesk console make a call to IIS and passes the command line parameters to the core.secure/corerequest.asmx page.

The URL for this page on the core server is:

http://localhost/landesk/managementsuite/core/core.secure/corerequest.asmx

This page is seen here being accessed from the core server.

Each command requires a client side identifier, this can be the Machine GUID (found in the registry under HKLM\Software\Landesk\Common API) or the machines IP address.

If the right click commands fail to run, check the following.

1.  Can theCoreRequest page be browsed from the Console running the commands?

http://[core server name]/landesk/managementsuite/core/core.secure/corerequest.asmx

2.  Verify that the command is being sent from the core server.

On the core server under the \\[Your Core Server]\LDMAIN share the raxfer.log file will store the attempt to run the remote execute.

<block>Thu, 19 Mar 2009 10:20:56 4724 388 Performing remote execute, target 10.16.228.214:9594, hash 5b5c5c77</block>

3. Verify that the command was recieved on the client.  In C:\Program Files\LANDesk\Shared Files\servicehost.log the command line parameters will be displayed.

<block>

Thu, 19 Mar 2009 10:36:14 2608: Exec: Exec: Launch request <"C:\Program Files\LANDesk\LDClient\vulscan.exe" /id=7 /run ldiscn32.exe /NTT=slc-smith-88:5007 /S="slc-smith-88" /I=HTTP://slc-smith-88/LDLogon/ldappl3.ldz /NOUI> (sync 0, timeout 300)

</block

Problem:

Possible resolutions:

1. If the 32-bit Core Console cannot be loaded then contact licensing to correct the license file. After correcting the licensing information, reactivate the core server.
2. Check the c:\windows\Temp directory. If there are a lot of .tmp files then:
   1. Open services.msc and stop the IIS admin service and the dependent services
   2. Delete all the files in the temp directory
   3. Run iisreset

Note: Running a directory at the command prompt may be necessary to determine that this folder is empty. Several problems have happened when opening the folder in Windows Explorer and it contains 65,000+ files.

Note: Sometimes the temp directory is not at C:\Windows\Temp. This is dependent on the OS configuration. Alternative options include C:\WinNT\Temp. The best way to find the correct directory is to open a command prompt and run:

cd %windir%\temp

or select Start -> Run and run:

%windir%\temp

Please check with particular care for the presence of any additional Temp folders that you may have defined in your environment. Not erasing the correct temp folder will result in failure of the resolution of your issue.

========================================
  To Create a Column Set
  ========================================
  1. Click Tools | Administration | Column Set Configuration
  2. Right click My Column Set and click New Column Set...
  3. In the Column Configuration dialog, enter a name for the new column set
  4. Select inventory attributes from the list and add them to the Columns list by clicking Add to columns. Remember to select attributes that will help you identify the devices in the device list or returned by the query
  5. (Optional) You can customize how and where the columns appear in the network view by directly editing a component's heading, alias, and sort order fields; or by removing or moving the selected component up or down in the list with the available buttons
  6. (Optional) You can specify more precise qualifying data for software components. Select the software component, click the Qualify button, and then select a primary key value from the list of available values
  7. Click OK to save the column set

========================================
  To Apply a Column Set
  ========================================
  1. Click and drag the column set into the network view on the right or drag over the device group on the left

NOTE: Some inventory items may have more than 1 result. If that's the case duplicate devices may show in the console to represent each entry.

For more information, see page 31-33 of theThe specified item was not found.

***NOTE*** At this time you are not able to set custom column sets for the scheduled tasks tool.

Selecting "manage local users and groups" on a device returns no information

One resolution for this issue is to ensure that the ASP.NET account has read permissions on the Inetpub folder on the LANDesk Core Server.

***Following is more troubleshooting information***

Troubleshooting and log files

Console calls a core webservice to contact CBA and run \ldclient\localaccount.exe on client to perform the local user query or modification.

1- Console.exe.log

Checking console log is a good start, it will record the detail error information when 'Manage local users and groups' window get blank. Most common cause for this issue is wrong IIS permission and directory security setting, console will log the detail http error like "Server Unavailable"...

Console log path: Core or Addition console
\Program Files\LANDesk\ManagementSuite\Console.exe.log

2- Web service access

A. Please confirm following URL can be access from core server or additional console,

http://<corename>/landesk/managementsuite/core/core.secure/LDRemoteManageAccount.asmx

***Replace <corename> by your coreserver host name***

If get any HTTP error here, please check IIS log as well and get HTTP error code at the end of log item,as following,

2010-01-18 22:36:08 W3SVC1 192.168.100.32 POST /landesk/managementsuite/core/core.secure/LDRemoteManageAccount.asmx - 80 - 192.168.100.32Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.42) 401 5 0

IIS log path: Core
\WINDOWS\system32\LogFiles\W3SVC1

B. HTTP Error code and resolutions

If access LDRemoteManageAccount.asmx failed,please go IIS manager-Default web site-Default web site-landesk-managementsuite-core-core.secure

HTTP 401 5 0
- Right click core.secure and properties,Directory Security tab, Authentication and access control, ensure only 'Integrated Windows authentication' was checked.

HTTP 500 0 0
A. Right click core.secure and properties,Virtual directory tab, confirm the setting like this screen shot,

B. Right click core.secure and Permissions, the default permission should be assigned as following,
Full Control: Administrators,LANDesk Management Suite,SYSTEM
Read&Execute/List Folder Contents/Read: ASPNET,NETWORK SERVICE

C. Identity setting for Application pools - LDAppmain, default identity should be NETWORK SERVICE, change it to LOCAL SYSTEM for test purpose.

Run IISRESET and try again,

Note: This should be used only for testing, Microsoft recommends that AppPools run as Network Service. If this resolves the issue, it usually signifies that the Network Service does not have proper rights to objects in IIS, can be either NTFS or IIS permissions.

3- Client

If console.exe.log have no error and only log message like "call webservice to get local account information",  LDRemoteManageAccount.asmx also can be opened successful, it might caused by network traffic blocking or client side issue.

A. Confirm CBA service can be access from core, the binocular icon display correctly in console network view. if not, check following,
- LANDesk Management Agent service is started,TCP&UDP 9595 is listening on client.
- Browse http://<client_name/IP>:9595 from core can open web page correctly.if not, check client firewall and network security setting to see any policy block the traffic.

B. Check following log for client side issue.

Log path: Client
C:\Program Files\LANDesk\Shared Files\residentagent.log
C:\Program Files\LANDesk\Shared Files\Servciehost.log
C:\Program Files\LANDesk\LDClient\localaccount.exe.log

***Attachment LocalUser_client_log.txt is a success log on client***