a machine goes into the Pending Unmanaged folder, it is because the

machine did not send in a full inventory scan to the core.

There are 2 solutions:

1.

Repush agent to the machine. Make sure that the option "Perform full

inventory scan during installation" is selected in the Agent

Configuration.

2.  Force a full inventory scan on the client using the "/f" and "/sync" switches.

Note:  Delete any left over devices in pending unmanaged devices.

=================================================================

Create a Full Inventory Scan Task (If a device is not in inventory yet

your managed script must point directly to the path of the LDISCN32.EXE file

=================================================================

1) In the 32bit Console go to Tools>Distribution>Managed Scripts

2) Right click on My Scripts and choose New Custom Script

3) Name the script something referring to Inventory-Scan-Full

4) Delete what is in the script

5) Add the following to the script and save it:

https://community.landesk.com/support/MACHINES_WIN

;--- assumes that ldappl3.ini is in same dir as the .exe

REMEXEC1=C:\Program Files\LANDesk\LDClient\LDISCN32.EXE /NTT=%server%:5007 /S="%server%" /I=HTTP://%server%/ldlogon/ldappl3.ldz /NOUI /NOCD /F /Sync

6) Right click the script and click on schedule</div>

</div>

Problem

While installing the LANDesk agent, the installation process fails while installing the LANDesk Power Management component. The installation halts while executing the ClientSideEnableWOL.vbs script.

Cause

Corrupted Windows Management Instrumentation (WMI) engine on the target machine.

Resolution

The script in question (ClientSideEnableWOL.vbs) leverages the WMI technology to enable necessary settings on the target machine. Follow these steps in order to repair WMI:

1) Download Microsoft's WMIDiag utility from this location: http://www.microsoft.com/download/en/details.aspx?id=7684

2) Execute the WMIDiag utility on the affected machine

3) Attempt to install the LANDesk Agent once again.

Applies To

LANDesk Management Suite 8.8

LANDesk Management Suite 9.0

Description: If it is determined that a local scheduler task should be removed from client computers it can be done through a script run as a scheduled task in the LANDesk Management Suite 32 bit console.

Resolution:

Create a Query

1) In the 32 bit console right click on My queries and click New Query

2) Under Machine Components go to Computer | Device Name

3) Click Exists and click Insert

4) Click the button labeled Select Columns

5) Under Machine Components go to Computer | LANDesk Management | Local Scheduler | Scheduled Tasks

6) Click on Handle and click the button labeled >>

7) Click on Executable Path and click the button labeled >>

8) Name the query "Local Scheduler Handles" and click Save

9) Run the query and find the Handle number for all of the local scheduler tasks you want to delete

Note: The default Handle number for Vulscan.exe (security and patch) is 555 and the default Handle number for ldiscn32.exe (inventory scan) is 777

Creating the script to delete the local scheduler tasks

1) In the 32 bit console go to Tools | Distribution | Manage Scripts

2) Right click on my scripts and click New Custom Script

3) Name the script and click OK

4) Select all and delete it

5) Paste the following into the script

[MACHINES]

REMEXEC0=<qt/>%LDMS_CLIENT_DIR%\LocalSch.exe<qt/> /del /taskID=HandleID

6) Change HandleID to the handle number you found in the query - The script in this example will delete the default security scan task

7) Save the script

8) Right click on the script and click Schedule

9) Drag computers into the task and start it

Description

How to create a self-contained agent package to be installed by client devices.

Resolution

1. Open the LANDesk Management Suite console.
2. Go to Tools | Configuration | Agent Configuration.
3. Configure the agent settings according to your environment needs.
4. Click on 'Save'.
5. Right-click on the newly-configured agent, select 'Create self-contained client installation package'
6. Save the exe file on a network share accessible by users.
7. From the client devices, run the executable that was created above. Note - There will be two executables created one with status and one without, these will determine what will be shown on the client screen during install.

Agent Deployment for Ivanti Endpoint Manager and Endpoint Security

General Information

•   Standard Push:The agent files are located on the core server and distributed via a push task. The credentials used in the Scheduler configuration on the core server are critical for this type of distribution.

•     Self-Contained Executable: Agent files are compiled into a completely self-contained executable that is portable. This method is efficient and helps with a lot of network configurations however the executable does not get updated when the configuration changes or when files are updated by patches or new releases. It is recommended to keep these executables in a central location and perhaps date them as well so that they can be rebuilt as needed. Two self-contained executables are created for this option one with status (shows GUI to the user) and one without.

•     Advance Agent: The primary purpose of this agent deployment method is to control the amount of bandwidth used during agent install. However, the design has many other uses. The agent is broken up into two files (and MSI and an EXE). The MSI will install a temporary service on the client where it will gradually stream down the main executable and install the agent. The temporary service is removed. Since the temporary service comes in MSI form this design also makes it favorable for deployment using an Active Directory login script. (Note: Including security definitions with the agent can make the primary executable very large and greatly increase agent download/install times)

•      Wscfg32.exe: This is an executable located on the core server in the ldlogon sub-folder, by default located (C:\Program Files\LANDesk\ManagementSuite\ldlogon). When executed on a client, it will pull the settings in a default windows configuration and launch an agent install window. Changes can be made to the configuration before starting the agent install.

     Other Operating System Information: Macintosh and Linux/Unix agents will work somewhat different than Windows based ones. For details on those agents please check their component landing pages.

Supported Platforms and Compatibility Matrix for LANDesk Management Suite

General Troubleshooting Recommendations

The LANDESK agent (just like any other program) can be affected by Anti-virus, Spyware, and other blocking programs. Closing or suspending such programs may help with agent installation.  When right-clicking on an agent two of the options will be "Schedule agent deployment" and "Schedule update to agent settings". The difference between these two is that the update will not deploy any files and only make changes to when scan run etc. If a new feature is added to the configuration or removed then a full agent deployment will be required.  If an error occurs during the creation of the agent (advance agent or self-contained) a log file is generated. Typically the agent configuration was told to include a certain file and the process either couldn't find the file or didn't have access to it.

Issue:

After the agent installation is complete, network connectivity to the workstation or server is lost.

Description:

In Windows Server 2008 and later versions,  the Windows Firewall service is an integral part of the operating system's network stack. As such, Microsoft no longer recommends stopping or disabling the service under any circumstances, and this is now an unsupported configuration. When the Windows agent is installed, it needs to make a number of changes to the Windows Firewall. To make these changes, the agent first enables the firewall service, and then disables it once the changes have been made. The problem we see is disabling the service will cause a number of network-related problems, including the following:

• The server will stop responding to ping requests.
• You will be disconnected from, and unable to connect to, the server via RDP.
• You will be unable to connect to shares on the server.

Although network operations initiated from that server will succeed for the most part, it will appear to other machines as though the server has been disconnected from the network.

Resolution:

Use at your own risk. These commands are provided as is, and are not supported by Ivanti. Please test thoroughly prior to use in a production environment.

Use the following commands in a batch file to properly enable and stop the Windows Firewall service, then properly disable the service again once installation in complete.

 

Enable, start, and turn off firewall:

sc config MpsSvc start= auto

net start MpsSvc

netsh advfirewall set domainprofile state off

netsh advfirewall set privateprofile state off

netsh advfirewall set publicprofile state off

Stop and disable Firewall:

net stop MpsSvc

sc config MpsSvc start= disabled

Environment

This should work in LDMS 9.5 and 9.6. It is assumed you are running MS SQL and have something like SQL Server Management Studio to run queries.

Problem

When trying to delete an Agent Configuration, a warning occurs indicating it is currently scheduled. The Agent Configuration is unable to be deleted.

Old LDMS Agent can't be deleted because it is currently scheduled.   

Cause

The Agent Configuration exists as part of a scheduled task. While it is associated with a scheduled task, it will be locked and unable to be deleted.

Solution / Workaround

Locate the Scheduled Task and delete it.

If you are unable to locate the Scheduled Task that is associated with the Agent Configuration, the following SQL Query can be ran to get a list of Scheduled Tasks that are utilizing the Agent Configuration. Once the Scheduled Tasks are identified, they can be deleted to release the lock on the Agent Configuration.

Query to show all Scheduled Tasks that correspond with an Agent Configuration

select t.ld_task_idn, t.task_name,tc.ld_Task_config_idn,tc.cfg_name, cc.Name
from LD_TASK t    join LD_TASK_CONFIG tc        on t.LD_TASK_CONFIG_IDN = tc.LD_TASK_CONFIG_IDN    join ClientConfig cc        on tc.CFG_NAME = 'AgentConfig ' + CAST(ClientConfig_idn as nvarchar)   

Query to find Scheduled Tasks for a specific Agent Configuration. In this query replace <INSERT AGENT CONFIG NAME HERE> with the name of the Agent Configuration in desired.

select t.ld_task_idn, t.task_name,tc.ld_Task_config_idn,tc.cfg_name, cc.Name
from LD_TASK t    join LD_TASK_CONFIG tc        on t.LD_TASK_CONFIG_IDN = tc.LD_TASK_CONFIG_IDN    join ClientConfig cc        on tc.CFG_NAME = 'AgentConfig ' + CAST(ClientConfig_idn as nvarchar)
where tc.cfg_name like
(    select '%' + CAST(ClientConfig_idn as varchar) + '%'    from ClientConfig    where name like '%<INSERT AGENT CONFIG NAME HERE>%'
)   

Example: This example shows the query looking for any Scheduled Tasks for our 'Old LDMS Agent' configuration, and shows it is in use by the Scheduled Task called 'Deploy the 2007 Agent'.

Problems/Symptoms:

How to upgrade LANDesk Agents

How to patch LANDesk Agents with Service Packs

Fix:

-Upgrade

Perform a full Agent Push to upgrade an existing Agent to the latest Core version. This can be accomplished by right-clicking on the Agent Configuration name from the Console and selecting 'Schedule'

-Patch

To apply a patch or Service Pack to an Agent, either perform the full Agent install as described above, or install the patch.

To apply a service pack or patch to clients, follow these steps:

1. Update the Core to the latest Service Pack (if deploying a Service Pack).
2. Download updates in Security and Patch Manager to update content.
   1. Click on Download Updates.
   2. Make sure the LANDESK Updates check box is selected.
   3. Click the Update Now button.
   4. Wait for this to finish.
3. Click on the All Items Folder.
   1. Locate the Service pack or patch that you want to upgrade.
   2. Right Click on the Definition and Choose Download now.
   3. Click on all selected Items.
   4. Right click on the "Client" patch and choose download.
   5. Let this Finish.
4. Make sure that the Definition is in the Scan folder.
   1. If the definition has a X or a ? on it it is not in the scan folder and you will need to move it to the Scan folder.
5. Run a Security Scan against client machines.
   1. Click on Create a Task.
   2. Choose Security Scan.
   3. Check the Box that says Scheduled Task.
   4. Click ok.
   5. Drag all the computers into the Scheduled task that was created.
   6. Start the Scheduled Task.
6. Wait for all the computers to Scan.
7. Repair the Service Pack using Patch Manager.
   1. Right click on the Definitions Choose Repair.
   2. Check box that says Scheduled Task.
   3. Click OK.
   4. Drag all the computers into the Scheduled Task.
   5. Start the Scheduled Task.

Alternately, you can apply the Agent Service Pack or patch manually.

• Note: Do not use the Schedule Update feature to upgrade or patch an Agent. Schedule Update only updates settings on an existing Agent. Updating the agent settings performs the following actions:

1) Uninstalls the LANDesk Remote Control Service, LANDesk Targeted Multicast, and LANDesk(R) Software Monitoring Service services.

2) Runs the agent configuration MSI for the specific agent configuration (this is not the full agent install).

3) Reinstalls the LANDesk Remote Control Service, LANDesk Targeted Multicast, and LANDesk(R) Software Monitoring Service services.

4) Runs an inventory scan to ensure changes are reported to the core server.

How To:

This article will guide you through how to change agent settings on devices that already have an agent configuration installed. For instance, you'd like to change the reboot agent setting on several devices without creating an entirely separate agent configuration for that group of devices.

Step by Step:

In this example, we will be creating a Change Agent Settings task to change Reboot settings.

1. In Agent Settings, click on the calendar icon and choose Change settings

2. A Patch and Compliance - change settings task window will appear. Scroll down to Reboot settings.

3. Click on Keep agent's current settings. This will bring up a drop down menu.

4. Choose desired Reboot agent setting, then click Save

5. This creates a Scheduled task

6. Drag and drop the desired device(s) into the Change settings task

7. Right click the task and choose Start now

If you would like to verify the change, you can do the following:

1. After the Change settings task has finished, run an inventory scan on the device

2. After the inventory scan has finished, right click on the device and choose Inventory, or double click on the device to bring up Inventory

3. Expand LANDESK Management then expand Agent settings

4. Click on Reboot settings. In the right hand pane you will see the settings that were just applied with the Change settings task

ENVIRONMENT

LANDESK Management Suite 9.6

DESCRIPTION

Agent Health is a new feature in LANDESK Management 9.6 and will allow you to do the following:

• Add or Remove one of the Agent's component without having to re deploy an agent or an update to the agent
• Ensure that your agent is properly installed and no files are missing or corrupted
• Repair your agent if a file is missing or corrupted
• Modify your components settings to meet the configuration you set in Agent Health
• Update your Agent files, components and settings if it is outdated

HOW IT WORKS

Agent Health is using the vulnerability scanner (vulscan) to check the following on a machine:

• Which components are installed
• How these components are configured
• Are they missing one or more file(s)
• Are the services running properly as required
• Are the files up to date

It will then compare this to the configuration you set in your agent health on the Core and adjust the settings accordingly on the clients.

VIDEO

    Youtube version: LANDESK Agent Health - How to use

BASIC SETUP OF AGENT HEALTH

I. Download the latest updates for Agent Health

Go to Agent Settings and click on the update icon:

Then go to: Updates - Windows - Software Updates - Check LANDESK 9.6 Agent Health and click Download now

You should then see the following in your Patch and Compliance window:

(You can find the Agent Health definitions in View by Vendor - LANDesk Software)

These are the definitions for Agent Health, they contain scripts to either install or uninstall a component like Remote Control or XDD.

II. Create a Query and Scope in order to enable AutoFix on it

In our example, we will create a Query, then a Scope based on this Query.

We will only target our Windows 7 machines for this lab.

In your Network View - Queries - My Queries, New Query

Once your Scope is created, go to Patch and Compliance, into View by vendor, and look for LANDESK Software to find your definitions. You will have to set the AutoFix enabled on the Scope you created earlier for each of the definitions you will be using (see How To Use Autofix in Patch and Compliance Manager)

Once done, you will only have to create and deploy your Agent Health Settings, then launch a Security Scan to have it applied to the machine.

SCENARIO: Install and/or Repair a component via Agent Health

In our example, we will install Remote Control to a machine that doesn't have it.

Go to Agent Settings - All Agent Settings - Agent Health - Right click and New

You will now set the configuration you want for this Agent Health Settings. In our case, we will add the Remote Control component.

I. Deploy your Agent Health settings

Once you have saved your Agent Health settings, you will have to deploy it. To do so, in Agent Settings - Create a task - Change settings

You will have to choose the Agent Health settings you created earlier, in our case: Agent Health - Install Remote Control

After your scheduled task is generated, apply it to the devices / groups / queries you would like, then start the task.

II. Apply your Agent Health settings using Vulscan

Once the task has completed successfully, you will have to run vulscan.exe through a Patch and Compliance Scan or a Security Scan from the machine for example.

When the scan is finished, and the autofix has been applied, you might then be able to see the changes:

You can then test that Remote Control is working on this client:

SCENARIO: Repair a component via Agent Health

If a third party software or a user deleted / modified the Agent files and/or folders, you would have had to troubleshoot until you realize that a file is missing and which one it is, uninstall then reinstall the agent.

This whole process might take at least 1 hour if everything is going perfectly, and could go up to many days if not.

With Agent Health, you will be able to check that your Agent is properly installed and functional. If not, then Vulscan will scan, detect, download and reinstall the missing files.

In our example, we cannot use the Inventory Scanner as the LDISCN32.EXE has been deleted:

I. Deploy your Agent Health settings

We set our Agent Health Settings to check our Base Agent and be sure that our Settings are the right ones (you can modify them as well with Agent Health), then we schedule it to push it to the device:

II. Apply your Agent Health settings using Vulscan

Once you have deployed your settings, and ensured that your Base Agent definition is configured to be AutoFix on a Scope that contains your targeted device, you can then launch a Security Scan on the machine:

After your Security Scan is done and you saw the Base Agent being fixed, you can try again to launch an Inventory Scan:

How to Build a Self Contained Executable for Installing LANDESK Management Suite on a Legacy Operating System

Description

To maintain compatibility with legacy operating systems, a special agent must be created from older code sources.

A LANDESK agent compiled from the older LDMS code branches is what must be used to continue using LANDesk on these legacy Operating Systems. The Whitepaper attached to this article describes how to build/configure the "Legacy Agent".

The LDMS 2016.3 release no longer supports the installation of the agent on Windows XP and Server 2003 systems. Existing agents on Windows XP/2003 will continue to function, but new features will not be available. If you have a large number of Windows XP devices and need to continue installing agents, it is recommended that you use LDMS 2016.0 with SU5. An agent installation can be created and preserved from the previous version, or Windows XP machines can be managed by a previous version of LDMS until they are updated to operating systems supported by Microsoft®.

REFERENCE: https://community.ivanti.com/downloads/Readme/Pages/LD2016.3.html

To create the LANDESK Agent 2016.0 for LDMS 2016.3 that is compatible with Windows XP and/or Windows Server 2003, please perform the following.

1. Set up a Windows Server 2012 R2 server with the same computer name as the new LDMS 2016.3 core server and with the same IP address as the new LDMS 2016.3 core server in an isolated environment.
2. Install LDMS 2016.0* on the Windows Server 2012 R2* created in step 1 above.
3. Install Software Update 5 (SU5)** for LDMS 2016.0 on the Windows Server 2012 R2 created in step 1 above.
4. Create a new LANDESK Agent Configuration agent configuration with a unique name.
5. Create the self-contained LANDESK Agent executable(s).
6. Copy the executable(s) to the new LDMS 2016.3 core server.
7. Run %ldms_home%legacyagent.exe on the new LDMS 2016.3 core server.
   
   
8. Browse to the executable created on the 2016.0 core server.
9. Browse to the location you wish to save the updated self-contained executable.
10. Browse to the most recent file in "C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\certs\*.0" and click "Add".
11. Check the box labeled 'Edit configuration file manually.'
12. After clicking "Update" the following message will appear:
    
13. Browse to the directory stated in this dialog, and locate the agent ini file. In this example you would locate the file called 'Default Windows Configuration.ini'.
14. Edit the file, and locate the line ServerName='core name', and replace 'core name' with your new core's hostname.
15. Next, search for the  "REG45" and add the following line below that.
    

    REG46=HKEY_LOCAL_MACHINE, SOFTWARE\LANDesk\ManagementSuite\WinClient\Vulscan\CommandLine, /NoSelfUpdate, , REG_SZ

16. Click "OK" and the files will be processed and the Legacy Agent will be built in your desired target location.
17. Repeat steps 7-14 for any further Agent Configurations you wish to process.
18. After your legacy agent has been deployed, you will need to create a Change Settings task, and push the correct settings to your legacy agents.
    1. Do not use the option 'Schedule update to agent settings', found in agent configuration, as this will break the legacy agent.
    2. For more information on creating a change settings task, please view the following document:How To: Change Agent Settings

* Download LDMS 2016.0 from here .

** Download Software Update 5 ( SU5 ) for LDMS 2016.0 from here.

Description

During agent installation the client device is presented with a prompt for credentials as seen below:

Cause

The prompt is due to Location Reporting being enabled within the Agent's Inventory Settings. With the release of EPM 2017.3 location reporting can be used on all laptops/tablets, hardware permitting. This requires opt-in on both the Console as well as an opt-in of at least one enrolled user on the client devices themselves in order for GPS coordinates to be sent to the core. The prompt is displayed to fulfill the opt-in requirement on the client side.

Additional

Location Information can be found within the device's inventory record under Mobile Broadband > GPS Location.

Issue

Agent push fails with a return code of 1084.

The job status may state "The agent software was installed successfully", however the overall task status returns "Failed" with a return code of "1084".

Cause

This is typically indicative of a portion of the agent installation failing.   This can be as simple as a single file failing to copy correctly, which will give the overall job a "Failed" status.

One possible cause of this issue is Antivirus software on the client computer incorrectly flagging an Ivanti EPM file as malware and placing it into quarantine.

Resolution

1. The Agent installation is logged in detail in the log file C:\Windows\Temp\WSCFG32.XLG.   Search for "Fail" or "Error" throughout this file.
2. Check the Antivirus GUI or typical quarantine folder for the Antivirus software for the presence of any Ivanti EPM files.   If this occurs, disable the Antivirus software during the Agent Installation or contact the Antivirus vendor to have the false detection resolved.

Landesk Management Suite 2016 (10.0) is using a new service called "Self-electing subnet services" (SESS): https://help.landesk.com/docs/help/en_US/LDMS/10.0/Default.htm#Windows/client-c-self-electing.htm%3FTocPath%3DConfiguration|Agent%2520configuration|_____9

Under some specific circumstances SESS service may cause very high CPU usage in client machines and servers, sometimes intensive multicast network traffic is experienced as well (even if you have not configured your Agents to use Multicast).

Such incorrect behaviour can be identified by checking your Task Manager or Process Manager - you will see Targeted Multicast Client Service Executable (tmcsvc.exe) generating CPU load.

Solution:

Please first check the agent configuration settings for distribution and patch as 'tmcsvc.exe' can be used in multicast and peer-to-peer deployment, so on the agent settings set up for the agent configurations of the clients, you can disable "Attempt peer download" and "Use Multicast" (this can be found in Agent settings -> Distribution and Patch settings -> General settings -> Network Settings).

It will update all the clients at the next daily vulnerability scan run on the clients where this settings is configured.

If the above settings are not used (configured) then SESS can be deactivated in the agent "Client Connectivity Settings" set up on the agent(s) deployed on the clients.

To do that, go to Tools -> Configuration -> Agent Settings and then click  'Client Connectivity' settings and open 'Self-electing subnet services' tab and uncheck box "Enable self-elect subnet service", click 'Save'.
At the next daily vulnerability scan, on each computer having this settings, it will deactivate this option (alternatively you can create a task to deploy updated agent settings to the clients).

Once this is done please check if the the CPU load from tmcsvc.exe has decreased on the agents.

Additional information:

You can also go in the Management Console -> Tools -> Configuration -> Self-electing subnet services -> Select Extended Device Discovery on both LAN/Wireless -> Right-click each subnet and select disable (by default SESS is disabled for wireless networks but enabled for wired networks).

Some additional information on this topic can be find here: Agent 2016 - Targeted Multicast Client Service Executable - tmcsvc.exe very high CPU on all clients/servers

To enable verbose logging for agent push jobs, create the following registry setting on the Core Server:

Using regedit, navigate to  HKEY_LOCAL_MACHINE\SOFTWARE\LANDesk.
Create a new DWORD Value named AgentPushVerboseLog and set the value to 1.

Example:

[HKEY_LOCAL_MACHINE\SOFTWARE\LANDesk]
"AgentPushVerboseLog"=dword:00000001

Also make sure the \LANDesk\ManagementSuite\ScheduledTaskHandler.ini contains the following (if the file does not exist, create it):

[logging]
verbose=true

The verbose logging will be added to the \LANDesk\ManagementSuite\log\ScheduledTaskHandler_(ID).log

NOTE -- On a 64 bit OS, you need to create the registry key here instead: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node

The following list of Agent customizations are things that can be changed in the agent configuration.ini files.  Most of these changes are not available in the GUI and must be done manually.

NOTE:  These changes should not be made without careful consideration and testing.  These changes can have negative effects if they are not tested and carefully evaluated.

SDMCache location

To change the default sdmcache folder directly at the agent installation, you can modify the c:\Program Files\LANDesk\ManagementSuite\ldlogon\NTSTACFG.INI file (on the Core Server):

1.  Edit this file using Notepad or a similiar text editor.
2.  Find the line:

REG00=HKEY_LOCAL_MACHINE, SOFTWARE\Intel\LANDesk\LDWM\Distribution\Multicast\Cache Directory, %DEST%\SDMCache, , REG_SZ

and change it to:

REG00=HKEY_LOCAL_MACHINE, SOFTWARE\Intel\LANDesk\LDWM\Distribution\Multicast\Cache Directory, [MY_PATH], , REG_SZ

Note: [MY_PATH] should be changed to the path you want as cache folder.

3.  Open the console on the Core Server, and from the Agent Configuration tool, click on the 'Rebuild all' icon (approximatively on the middle of the icons bar).

4.  Install the agent on client computer.

Agent install drive location

1. Modify the ntstacfg.in# file.  Search for the system variable %DEST%.

2. In a command line or cmd windows SET DEST = <the new drive location>.

Remote control timeout length

NOTE: In LDMS 9.0 SP2 this configuration option has been added to the Agent GUI options.

To make this change part of the Agent Configuration use these steps listed below.

How to include additional files with Agent install

1.  In order to use the Mergeini.exe tool, create an INI file that contains the additional commands that will be added to the Agent configuration INI file. By making these settings in a separate file, LANDesk® Management Suite patches and services packs can modify or replace the Ntstacfg.in# file without overwriting custom modifications. Place the INI file in the Ldlogon directory. Create the custom INI with the following commands:

[Common Base Agent Post Copy]
FILE150000=MyLogo.bmp, MyLogo.bmp, NOCOPYERROR

2.  Once the INI file has been saved, create a new string value in the registry that contains the full path to the INI file under the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\LANDESK\ManagementSuite\Stamping\Files.

The string name is of your choosing.

Note: If the path name contains a space be sure to use quotes around the full path (i.e "C:\Program Files\LANDesk\mamangementsuite\ldlogon\MyScript.ini").

3.  To import the settings from the INI file to the Ntstacfg.in# file, Stamper.exe needs to be run. Restart the inventory service to run Stamper.exe. Execution of Stamper.exe is part of the inventory service starting.

4.  Build the Agent configuration or run “Rebuild All” to update all existing client configurations.

Increase the SDMCache cleanup time from the default of 14 days

To change the default sdmcache folder directly at the agent installation, you can modify the c:\Program Files\LANDesk\ManagementSuite\ldlogon\NTSTACFG.IN# file (on the Core Server):

1.  Edit this file using Notepad or a similiar text editor.
2.  Find the section titled: [Multicast Post Copy]

Add the following line:

REG99=HKEY_LOCAL_MACHINE, SOFTWARE\Intel\LANDesk\LDWM\Distribution\Multicast\Discard Period, 7776000, , REG_DWORD

3.  Open the console on the Core Server, and from the Agent Configuration tool, click on the 'Rebuild all' icon (approximatively on the middle of the icons bar).

4.  Install the agent on client computer

This setting can also be changed on an existing agent without reinstalling the LANDesk Agent.  To do so, update the registry value shown below:

[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\LDWM\Distribution\Multicast]

Modify "Discard Period"=dword:0002a300 to reflect # of seconds you want the file to stay in cache

After making this change, restart the LANDesk Targeted Multicast Service

Brokerconfig automation (configurebroker.exe)

To automate the creation of Management Gateway certificate generation, please see the following LANDesk Community article:

http://community.landesk.com/support/docs/DOC-1888

Add custom local scheduler tasks to the Agent Install

1.  In order to use the Mergeini.exe tool, create an INI file that contains the additional commands that will be added to the Agent configuration INI file. By making these settings in a separate file, LANDesk® Management Suite patches and services packs can modify or replace the Ntstacfg.in# file without overwriting custom modifications. Place the INI file in the Ldlogon directory. Create the custom INI with the desired commands:

[Policy Management Post Copy]

EXEC10004=%DEST%\LOCALSCH.EXE /taskid=[Your Task ID ex: 7777]/exe="[path:\YourEXEHere.exe" /cmd="[/Your EXE Parameters]" /freq=[Time to repeat in seconds] /start="[Current date/time ex: 06 Jan 2006 16:56:20]"

2.  Once the INI file has been saved, create a new string value in the registry that contains the full path to the INI file under the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\LANDESK\ManagementSuite\Stamping\Files.

The string name is of your choosing.

Note: If the path name contains a space be sure to use quotes around the full p

The list of Local Scheduler parameters and commands can be seen by browsing to \program files\landesk\ldclient\ and running localsch.exe /?.

Change default shortcut parameters (add /F /SYNC to inventory, remove the /showui for vulscan, etc)

PreReq: Download Orca MSI Editor
http://www.technipages.com/download-orca-msi-editor.html

1. Create an Advanced Agent of the Agent you wish to modify.

2. Open the agent MSI file with Orca.  The Agent MSI file will be located in the \ManagementSuite\ldlogon folder and will have the same name as the Agent from the console view.

Go to Custom Action, Sort by Source and Look for the following Target’s and add a /F- like below.

Target One: [LDCLIENT]\LDISCN32.EXE /NTT=LANDESK21:5007 /S="LANDESK21" /I=ldappl3.ini /NOUI /NOCD /SYNC /F-

Target Two: [LDCLIENT]\LOCALSCH.EXE /taskid=777 /exe="[LDCLIENT]\LDIScn32.EXE" /cmd="/NTT=LANDESK21:5007 /S=LANDESK21 /I=HTTP://LANDESK21/ldlogon/ldappl3.ldz /NOUI /F-" /freq=86400 /autodelay=0|60

Target Three: InstallShortcut "[ProgramMenuFolder][PROGRAM_GROUP]" "[INVENTORYSCANSHORTCUT]" "[LDCLIENT]\LDIScn32.exe" "/NTT=LANDESK21:5007 /S=LANDESK21 /I=HTTP://LANDESK21/ldlogon/ldappl3.ldz /V /F-" ""

3.  Save the MSI file and now you can create a Self contained executable, a scheduled task deployment, advanced agent deployment, etc. All work and add the switch correctly.

Environment

LDMS 9.x

Question

What are the agent install logs and where are they located?

Answer

Below is a list of log files and their locations that are related to agent install.

Client side logs are located in the Windows\Temp folder or the %temp% folder (depending on how the task was scheduled to run)

Core Side Logs are located in the \ManagementSuite\logs folder

NOTE -- ScheduledTaskHandler_*.log (* references a taskID and you should be sure that you find the one that corresponds with the agent install task) A good way to do this is to look at the time/date modified for the log.

Description

The following document will explain how to first uninstall and then re-install an agent for an in place upgrade.  You should use this method if you are experiencing issues upgrading your agents from 9.5 to 9.6.  Uninstalling the agent completely and then installing the new version can sometimes fix these issues.

Note:  The inventory for your devices must be up to date, especially the IP and hostname.

Uninstalling the Old Agent

With an in place upgrade, you will typically have older agents reporting to a newer version core.  With this setup, there can be a degradation of functionality.  You will always want your agents version to match your core.  The first thing we need to do is uninstall the old agent.

• Navigate to the following network location: \\core\ldmain\.  Copy the uninstallwinclient.exe to your typical software distribution location.  I use \\core\ldlogon\packages.

• Create a new executable package.  I called mine "Uninstall Agent".
• Specify the location of the uninstallwinclient.exe we copied above.

• In the install/uninstall options section, add /forceclean to the command line.

• Save the package and schedule it.
• Assign the device(s) you want to upgrade and start the task.
• The task will hang on "Installing Package".  This will not update since we are uninstalling the agent.  Give it a good 30 minutes for a group of devices and then cancel the task.  You should find the devices have been restarted from running the uninstaller.

Installing the New Agent

The next steps are simply installing the new agent by scheduling an agent deployment.  We are going to use the existing inventory records to deploy the agent.  You can typically just copy the devices from the previous uninstall task over.

• Right click the agent you want to deploy and select "Schedule agent deployment".
• Drag the devices from the uninstall agent task into this task and start it.

• • Background:
  • How to:
  • Reference:

Background:

Agentless scanning is introduced in LDMS 2016.3. It uses supplied credentials to attempt to run scanner on unmanaged nodes to find them and list them in Console.

The detail information can be found: About Agentless Scanning in LDMS 2016.3

After the agentless scan is properly configured, the default query called "Agentless scanner" will list all the agentless devices.

By default, the agentless inventory scan runs every day. So the query "Agentless scanner" is updated daily. You know which device is on your network and has not installed agent.

How to:

1. Create a new query to list the devices which need to deploy agent. You may use the filter looks like:

"Computer"."Agentless"  =  "1"

"Computer"."OS"."Name"  Not Like  "Server"

"Computer"."OS"."Name"  Not Like  "Embedded"

2. In Agent configuration, Schedule agent deployment.

3. In the Targets, add the query which is created in step 1 to the Targeted queries.

4. You may schedule the task to run repeated daily to deploy the agent automatically (Optional).

5. After the scheduled task run, all the devices in the query have deployed the agent.

Note: After the agent is deployed, it will take some time, likely a day, before the inventory updated on the core. To avoid deploy the agent to the same machine which has deployed the agent, the schedule frequency should not be hourly. You may manually run the deployment task to deploy the agent.

Reference:

Steps To Enable The Agentless Scanner in LDMS 2016.3 and Beyond

How To: Deploy an Agent via PUSH to Windows 10 in LDMS 9.6 SP2

How to Create and Deploy an Advance Agent

Description

The purpose of this document is to provide information on the Agent Watcher. The Agent Watcher allows you to actively monitor devices for selected Ivanti agent services and files. The Agent Watcher restarts agent services that may have been stopped and resets the startup types for services that have been set to automatic. The utility also removes monitored agent files from lists of files to be deleted on reboot, in order to prevent deletion. Additionally, Agent Watcher alerts you when agent services can't be restarted, when agent files have been deleted, and when agent files are scheduled to be deleted on reboot.

You can enable the Agent Watcher within the agent configuration or, at a later time, with a separate Update Agent Settings task. In other words, you don't have to enable Agent Watcher during a device's initial configuration. It can be done at any time directly from the console for one or more managed devices

The Agent Watcher runs under the collector framework on client systems. This agent piece, LDRegWatch.exe is run by collector.exe as needed to let it monitor the system. LDRegWatch will periodically update its copy of the configuration settings stored in its corresponding INI files (e.g. “AgentWatcherSettings_Agent Watcher Settings 1.ini”). It then verifies that what the settings are, are properly applied to the system (i.e. start services and update files). The following depicts the general architecture of the Agent Watcher process:

Port Information

LDregwatch, by default, will use port(s) 53000/53001 as seen within the LDCLIENT\landesk.provider.ldms.collector.startup.xml file. These ports will need to be open on your network to utilize this feature.