Good morning,
I am configuring the LANDesk Management Suite and all related products in our Company and started about half a year ago gathering experience with LANDesk.
However, I am quite at a loss now while configuring the patch management.
Don't get me wrong, the patch management itself works fine as long as we are talking about machines inside the company network.
But as soon as it comes to the Cloud Services Appliance (CSA) it gets tricky.
When a machine is outside our company network it can not download any patches.
I hope the following lines give you some idea what might be the problem:
vulscan.log
Mon, 16 Feb 2015 13:21:38 Download failed unable to get path, error code: 12 file: http://(Coreserver)/ldlogon/Patch/SkypeBusinessSetup_7.1.32.105.msi
Mon, 16 Feb 2015 13:21:38 Failed to download http://(Coreserver)/ldlogon/Patch/SkypeBusinessSetup_7.1.32.105.msi. Error code 12
Mon, 16 Feb 2015 13:21:38 http://(Coreserver)/ldlogon/Patch/SkypeBusinessSetup_7.1.32.105.msi failed
Mon, 16 Feb 2015 13:21:39 ERROR: function EnableProxyHost is no longer supported
Mon, 16 Feb 2015 13:21:39 Download Failure: Error 80004005 downloading http://(Coreserver)/ldlogon/Patch/SkypeBusinessSetup_7.1.32.105.msi
Mon, 16 Feb 2015 13:21:39 Last status: Fehler: Download from http://(Coreserver)/ldlogon/Patch/SkypeBusinessSetup_7.1.32.105.msi failed.
To avoid communication problems I translated the passages above into english but my choice of words might differ sligthly from the original.
Logfile with unmodified language is attached.
More intresting the patch process always fails with the exact same error as shown above.
No matter if I try http share on our NAS, http share on the core server itself or - just for trying it out - UNC share for remote machines.
Always the same error with all patches.
Testmode from Brokerconfig.exe works fine and ends with success from remote machines.
The certificate on remote machine and core server is correct as well.
Downloading a certificate on a remote machine outside the company works and it seems there is no communication problem between CSA, core server and client computers.
I tried the following to find out which component generates the problem:
Checking firewall policies
Our CSA is within a DMZ so I checked the policies again.
External Firewall
From CSA to any allow HTTP, HTTPS, Ping
From any to CSA* allow HTTP, HTTPS
NAT from external IP to DMZ-IP involved here, all ports are still standard port numbers
LANDesk Cloud Services Appliance
Internal Firewall
From CSA to core server allow HTTP, HTTPS, Ping
From CSA to domain controller allow DNS, Ping
From (internal subnet)* to CSA allow all
*includes all servers and clients
Manual access to web shares
No problem here, I can access the patch directory - may it be locally on the core server or on our NAS - in Firefox and Internet Explorer without any problem.
Downloading works fine as well and the paths are correct.
Executing Brokerconfig.exe
Internal and external use of Brokerconfig.exe did not show any errors.
I can connect to the Core internally and to the CSA remotely without any problems.
Checking the CSA
Core certificate is present.
Two CSA certificates are present under Manage LDMG certificates. Any chance to find out which is the correct one to delete the obsolete certificate?
No blocked client certificates.
Firewall: Enabled. Allowed HTTPS, HTTP, DNS tcp+upd, core server IP. Blocked: None.
Users: No locked service user.
Connection Table: Lots of connections.
This however makes me curious (ignore the blackened spaces).
I installed LANDesk 9.6, so how can agents be on 9.5?
The inventory scan shows up version 9.60.0.124 as common base agent...
I hunt this problem for over a week now but I am really running out of options.
Also I searched a lot in different logfiles but without luck.
Either I do not know what error to look after or there are simply no errors in any other logfiles than vulscan.log about this problem.
softmon.log is not helpful.
I checked everything that I could imagine has something to do with the topic.
However I did not find the source neither a solution.
So I hope to find a helpfull hint or an anwser to our problem here.
If nothing helps I will need to set up a second core with similar configuration by hand since I do not want to copy the maybe existing failure.
That would be pretty time consuming and so I hope you people can help me out with this nasty little problem.
Greetings