Issue: Selecting "manage local users and groups" on a device returns no information

Version 8

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6

    Issue

     

    Selecting "manage local users and groups" on a device returns no information

     

     

    Troubleshooting

     

    One resolution for this issue is to ensure that the ASP.NET account has read permissions on the Inetpub folder on the Core Server.

     

    The console calls a core web service to contact CBA and run \ldclient\localaccount.exe on the client to perform the local user query or modification.

     

    Console.exe.log

     

    Checking the console log is a good start.  It will record the detailed error information when the 'Manage local users and groups' window is blank. The most common cause for this issue is wrong IIS permissions and directory security settings.  The console will log a detailed error such as "Server Unavailable"...

     

    Console log path: (On Core or additional console)

     

    \Program Files\LANDesk\ManagementSuite\Console.exe.log

     

     

    Web service access

     

    A. Please confirm the following URL can be accessed from the core server or additional console,

     

    http://<corename>/landesk/managementsuite/core/core.secure/LDRemoteManageAccount.asmx

     

     

    * Replace <corename> by your coreserver hostname

     

    If you get an HTTP error here, please check the IIS log as well and get the HTTP error code at the end of the log item, as follows.

     

     

    2010-01-18 22:36:08 W3SVC1 192.168.100.32 POST /landesk/managementsuite/core/core.secure/LDRemoteManageAccount.asmx - 80 - 192.168.100.32Mozilla/4.0+(compatible;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.42) 401 5 0

     

     

    IIS log path: Core

     

    C:\Inetpub\LogFiles\W3SVC1

     

     

     

    B. HTTP Error code and resolutions

     

    If access to LDRemoteManageAccount.asmx fails, please go to IIS manager - Default web site - Default web site - landesk-managementsuite-core-core.secure

    HTTP 401 5 0

    Right click core.secure and properties,Directory Security tab, Authentication and access control, ensure only 'Integrated Windows authentication' was checked.

    Untitled.png

     

    HTTP 500 0 0

     

    1. Right-click core.secure and properties, Virtual directory tab, and confirm the setting as in this screenshot,
      Untitled2.png
    2. Right-click core.secure and Permissions, the default permission should be assigned as follows,

      Full Control: Administrators, LANDesk Management Suite ,SYSTEM
      Read&Execute/List Folder Contents/Read: ASPNET,NETWORK SERVICE

    3. Identity setting for Application pools - LDAppmain, default identity should be NETWORK SERVICE, change it to LOCAL SYSTEM for test purpose.
      Untitled3.png
    4. Run IISRESET and try again,

     

     

    Note: This should be used only for testing, Microsoft recommends that AppPools run as Network Service. If this resolves the issue, it usually signifies that the Network Service does not have proper rights to objects in IIS, can be either NTFS or IIS permissions.

     

     

    C - Client

     

    If the console.exe.log has no error and only a log message like "call webservice to get local account information",  and LDRemoteManageAccount.asmx also can be opened successfully, it might be caused by network traffic blocking or a client-side issue.

     

    1. Confirm CBA service can be accessed from the core, that the binocular icon displays correctly in the console network view. If not, check the following:
      • LANDesk Management Agent service is started, TCP & UDP 9595 is listening on the client.
      • Browse HTTP://<client_name/IP>:9595 from the core to see if you can open the web page correctly.  If not, check the firewall on the client and network security settings to see any policy is blocking the traffic.

    2. Check the following logs for client-side issues.

      Client Log path:

      C:\Program Files\LANDesk\Shared Files\residentagent.log
      C:\Program Files\LANDesk\Shared Files\Servciehost.log
      C:\Program Files\LANDesk\LDClient\localaccount.exe.log

     

    Attachment LocalUser_client_log.txt shows a successful log on client