How To Troubleshoot Policy Sync

Version 15

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.x

    Description

     

    This document is intended to assist in the troubleshooting of the Policy Sync (PolicySync.exe) process on the LANDESK Agent. Policy Sync is the primary method used to deploy both Software Distribution tasks and Patch Manager tasks to client machines. PolicySync.exe communicates with the Core server via HTTP (port 80), and is responsible for pulling down policy tasks that are targeted to the client machine. Also, PolicySync.exe is responsible for running recurring policy tasks on the client machines.

     

    Symptoms

     

    Some symptoms of a failed policy sync could include, but are not limited to:

    1. Tasks in the console are hung with a status of "Client has initiated asynchronous policy execution."
    2. When refreshing Workspace or Portal Manager new packages and links do not appear.
    3. Core server can contact clients, but the client never executes the task.

     

    Diagnose

     

    Reading the PolicySync.exe.log

    • Successful Policy Sync Log examples
      • A successful attempt initiated by a Push Task:

    07/13/2015 15:23:48 INFO  3844:1     RollingLog : Run PolicySync.exe -taskid=1

    07/13/2015 15:23:48 INFO  3844:1     RollingLog : Request: Request policies

    07/13/2015 15:23:49 INFO  3844:1     RollingLog : Request: GetWebResponse ok

    07/13/2015 15:23:49 INFO  3844:1     RollingLog : Request: Has 1 targeted policies

    07/13/2015 15:23:49 INFO  3844:1     RollingLog : HandleRunNow: has 1 run now policies

    07/13/2015 15:23:49 INFO  3844:1     RollingLog : Exit PolicySync.exe with code 0

    07/13/2015 15:23:49 INFO  3804:1     RollingLog : Run PolicySync.exe /enforce

    07/13/2015 15:23:49 INFO  3804:1     RollingLog : EnforcePolicies: check and run RunNow and Reoccurring policies

    07/13/2015 15:24:11 INFO  3804:1     RollingLog : Exit PolicySync.exe with code 0

        

     

      • A successful attempt for a normally scheduled Policy Sync:

    07/13/2015 16:43:15 INFO  2424:1     RollingLog : Run PolicySync.exe

    07/13/2015 16:43:15 INFO  2424:4     RollingLog : LoadLocalPolicyInfo: load local machine

    07/13/2015 16:43:15 INFO  2424:4     RollingLog : LoadLocalPolicyInfo: load user

    07/13/2015 16:43:15 INFO  2424:3     RollingLog : Request: Request policies

    07/13/2015 16:43:19 INFO  2424:3     RollingLog : Request: GetWebResponse ok

    07/13/2015 16:43:19 INFO  2424:3     RollingLog : Request: Has 2 targeted policies

    07/13/2015 16:43:19 INFO  2424:1     RollingLog : RunPolicySync: ProcessRequestedPolicies

    07/13/2015 16:43:19 INFO  2424:1     RollingLog : LoadLocalPolicyInfo: load local machine

    07/13/2015 16:43:19 INFO  2424:1     RollingLog : LoadLocalPolicyInfo: load user

    07/13/2015 16:43:19 INFO  2424:1     RollingLog : HandleRunNow: has 1 run now policies

    07/13/2015 16:43:19 INFO  2424:1     RollingLog : Exit PolicySync.exe with code 0

    07/13/2015 16:43:20 INFO  2836:1     RollingLog : Run PolicySync.exe /enforce

    07/13/2015 16:43:20 INFO  2836:1     RollingLog : EnforcePolicies: check and run RunNow and Reoccurring policies

    07/13/2015 16:43:46 INFO  2836:1     RollingLog : Exit PolicySync.exe with code 0

        

     

    Solutions

     

    Some common solutions are listed below. You can find the one that fits your scenario and follow the steps to try resolving the issue.

     

    Is the problem on the Client or is it on the Core?

     

    The easiest way to determine this is to try running a Policy Sync on multiple clients and see if you get the same error on each client.

    • If only one client is receiving the error it is likely that the problem is localized to that one client machine.
    • If the error is present on all clients when running a Policy Sync the problem is likely to be on the core, or in the connection between the clients and core.

     

    Did the policies download correctly?

     

    If you look on the client machine at C:\Programdata\LANDesk\Policies you should see policy XML and STAT files.

    1. CP.{taskID}.RunNow.{hash}.xml
    2. CP.{taskID}.RunNow.stat

    If those files are not present, the policy likely did not download correctly. Only the .xml file is downloaded, the .stat file is dynamically created and updated by policysync.exe.

     

    Common errors in the C:\ProgramData\LANDesk\Log\PolicySync.exe.log file:

    1. "GetWebResponse failed" or a "(503) Server Unavailable" message appear in PolicySync.exe.log
      1. Check that IIS is running on the core.
      2. Make sure that the LDAppAPM application pool is running on the Core.
      3. Attempt to connect to http://localhost:9592/apmservice/policyrequest.asmx using a browser on the client machine.
        1. Adding port 9592 will force the request through LANDESK's proxyhost.exe application using the client's loopback address. The results of this activity will be written to the proxyhost.log file.
      4. Restart IIS.
    2. "WriteNewPolicies.DownloadPolicyFile: exception-The remote server returned and error: (404) Not Found."
      1. This indicates the Policy XML file that should be located on the core at \Program Files\LANDESK\ManagementSuite\landesk\files\ClientPolicies is not present.
      2. Restart the associated task.
      3. Check Console.exe.log to see if there was an error when saving the task.
      4. Review How to troubleshoot Software Distribution Tasks - Core Side
    3. Request: Signature Verification Failed
      1. Update COM+ objects on the core with a correct Domain User account.
      2. Restart COM+.
      3. More information about this error can be found here:
        Error: "Signature Verification Failed" from PolicySync.exe