Selecting "manage local users and groups" on a device returns no information

Version 6

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6

    Selecting "manage local users and groups" on a device returns no information

    One resolution for this issue is to ensure that the ASP.NET account has read permissions on the Inetpub folder on the LANDesk Core Server.


    ***Following is more troubleshooting information***


    Troubleshooting and log files

    Console calls a core webservice to contact CBA and run \ldclient\localaccount.exe on client to perform the local user query or modification.


    1- Console.exe.log


    Checking console log is a good start, it will record the detail error information when 'Manage local users and groups' window get blank. Most common cause for this issue is wrong IIS permission and directory security setting, console will log the detail http error like "Server Unavailable"...


    Console log path: Core or Addition console
    \Program Files\LANDesk\ManagementSuite\Console.exe.log


    2- Web service access


    A. Please confirm following URL can be access from core server or additional console,


    ***Replace <corename> by your coreserver host name***


    If get any HTTP error here, please check IIS log as well and get HTTP error code at the end of log item,as following,


    2010-01-18 22:36:08 W3SVC1 POST /landesk/managementsuite/core/ - 80 -;+MSIE+6.0;+MS+Web+Services+Client+Protocol+2.0.50727.42) 401 5 0


    IIS log path: Core



    B. HTTP Error code and resolutions


    If access LDRemoteManageAccount.asmx failed,please go IIS manager-Default web site-Default web


    HTTP 401 5 0
    - Right click and properties,Directory Security tab, Authentication and access control, ensure only 'Integrated Windows authentication' was checked.



    HTTP 500 0 0
    A. Right click and properties,Virtual directory tab, confirm the setting like this screen shot,


    B. Right click and Permissions, the default permission should be assigned as following,
    Full Control: Administrators,LANDesk Management Suite,SYSTEM
    Read&Execute/List Folder Contents/Read: ASPNET,NETWORK SERVICE


    C. Identity setting for Application pools - LDAppmain, default identity should be NETWORK SERVICE, change it to LOCAL SYSTEM for test purpose.


    Run IISRESET and try again,


    Note: This should be used only for testing, Microsoft recommends that AppPools run as Network Service. If this resolves the issue, it usually signifies that the Network Service does not have proper rights to objects in IIS, can be either NTFS or IIS permissions.


    3- Client


    If console.exe.log have no error and only log message like "call webservice to get local account information",  LDRemoteManageAccount.asmx also can be opened successful, it might caused by network traffic blocking or client side issue.


    A. Confirm CBA service can be access from core, the binocular icon display correctly in console network view. if not, check following,
    - LANDesk Management Agent service is started,TCP&UDP 9595 is listening on client.
    - Browse http://<client_name/IP>:9595 from core can open web page correctly.if not, check client firewall and network security setting to see any policy block the traffic.

    B. Check following log for client side issue.


    Log path: Client
    C:\Program Files\LANDesk\Shared Files\residentagent.log
    C:\Program Files\LANDesk\Shared Files\Servciehost.log
    C:\Program Files\LANDesk\LDClient\localaccount.exe.log


    ***Attachment LocalUser_client_log.txt is a success log on client***