How to: Manually Request a Broker Certificate with BrokerConfig.exe

Version 11

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6LANDESK Management Suite 2016.x

    Purpose

    Leveraging the LANDESK Cloud Services Appliance (CSA) is critical for many LANDESK Management Suite administrators. The CSA, once configured properly allows clients on laptops or workstations located off the core servers network, to securely relay vital information from the LDMS client to the core server. This can help administrators keep track of their devices and their location, ensure they are being patched, remotely controlled, and much more.

     

    Once the CSA has been configured properly (For help with this: Quick Gateway (Cloud Service Appliance) Configuration), in order to allow for the client to communicate with the core through the CSA, the broker certificate has to be distributed to the client machines. This document provides step-by-step directions on how to manually request and pull down the broker certificate on to a client machine so that this device can communicate with the core through the CSA.

     

    What is BrokerConfig.exe?

    Windows Client installations include the brokerconfig.exe file. This executable is used to request and obtain the broker certificate from the CSA to client machines. This file can also be helpful in troubleshooting issues with the CSA. This file is located by default in the following location on the client:

    C:\Program Files (x86)\LANDesk\LDClient

     

    Directions

    The following steps will outline how to use this brokerconfig.exe file to request and obtain a broker certificate.

    1. Run BrokerConfig.exe as Admin

    2. Configure CSA Information

    3. Specify Credentials

    4. Test Connection

    5. Request the Broker Certificate

     

    Detailed Instructions

    1. Run BrokerConfig.exe as Admin

    First we'll need to open up the BrokerConfig.exe as an administrator (to avoid potential issues involving rights). To do so:

    -Logon to the client machine as a local administrator

    -Go to C:\Program Files (x86)\LANDesk\LDClient

    runasadmin.png

    -Right-click on BrokerConfig.exe and "Run as administrator"

    brokerconfignocert.PNG

    You should see the above interface- before requesting the certificate, we will need to configure brokerconfig.exe to point to the right CSA device.

     

    2. Configure CSA Information

    -Click the "CSA Information" tab at the top

    configuration.PNG

    -Fill in the fields with the proper CSA name/IP address.

    -Use the same information configured on the core in Configure > Manage Cloud Services Appliance, select the CSA and click Edit. The example below shows what this should look like:

    corecsasettings.PNG

    -(Optional) If you would like to use multiple CSA devices- enter each CSA name with a comma following to separate.

    -(Optional) If using multiple CSAs and you would like to specify the CSA Failover Policy, either select "Use Ordered List" to inherit the ordered list from the agent configuration, or select "Use random" to use a random CSA device to communicate.

    -(Optional) If you use a proxy and would like to override the proxy settings in Internet Explorer, update the proxy settings in the field below.

    -By default the broker request should be set to "Dynamically determine connection route". This is the recommended setting for clients. The other settings are mainly for testing purposes or unique environments.

    -Click Update to finalize changes. This will save the configuration for all future broker requests unless specified otherwise.

     

    3. Specify Credentials

    -Select the "Certificate Request" tab

    -(For on-network clients) No credentials are needed.

    -(For off-network clients) Enter account credentials. The LANDESK user account needs to be a member of the LANDESK Management Suite group but does not need to have a scope or any rights.

     

    4.Test Connection

    After completing the previous steps- using the test feature can help verify the connection/credentials are correct.

    -Test connectivity by clicking the "Test" button.

    -A successful result should show a success at the top of the window, and should look like the following example:

    test connection.PNG

    -If instead a "failure" status is returned, it may indicate a network error or a misconfiguration of the CSA or the brokerconfig settings.

     

    5. Request the Broker Certificate

    Once the brokerconfig.exe has been properly configured and a test completed to verify the connection, you are ready to request the broker certificate. To do so:

    -Click the Send button at the left-center of the interface.

    -After clicking this, you may need to wait for a few seconds for the certificate request to be posted to the CSA/core, processed and the certificate to be pulled down to the client.

    -Once this process has completed successfully, you will receive the following pop-up notification:

    success.PNG

    -You will now note, after re-opening brokerconfig.exe that the interface says "The client certificate is already present."

    successfulhighlight.PNG

    This indicates that the broker request was  successful. Your client should now be fully able to communicate with the CSA.

     

    Troubleshooting Resources

    If any issues are encountered in requesting this certificate, please see the following article:

    How To: Troubleshoot the Cloud Services Appliance (CSA)/Gateway

     

    Related Articles

    Best Known Method for Configuring LANDESK Cloud Service Appliance (former Management Gateway) version 4.2 and newer

    Quick Guide - Gateway (Cloud Service Appliance) Configuration