How To: Distribute Broker Certificates via Script to On-Network Client Machines

Version 5

    Verified Product Versions

    LANDESK Management Suite 9.6

    Purpose

    Leveraging the LANDESK Cloud Services Appliance (CSA) is critical for many LANDESK Management Suite administrators. The CSA, once configured properly allows clients on laptops or workstations located off the core servers network, to securely relay vital information from the LDMS client to the core server. This can help administrators keep track of their devices and their location, ensure they are being patched, remotely controlled, and much more.

     

    Once the CSA has been configured properly (For help with this: Quick Gateway (Cloud Service Appliance) Configuration), in order to allow for the client to communicate with the core through the CSA, the broker certificate has to be distributed to the client machines. This document provides step-by-step directions on how to distribute this certificate to clients by running a script through LANDESK Management Suite.

     

    This script will only work for on-network client devices that can get a direct connection to the core, for devices off the network you will need to use one of the following methods outlined by these documents:

    How to: Manually Request a Broker Certificate with BrokerConfig.exe

    Unattended configuration of client for the Cloud Services Appliance

     

    Directions

    The following steps will outline how to run a script on clients that will pull down the appropriate gateway certificate:

    1. Go to Tools > Distribution > Manage Scripts

    2. Create a scheduled task to run the default "Create Management Gateway Client Certificate" script

    3. Drag and drop client machines to this scheduled task

    4. Start the scheduled task and verify a successful result

     

    Detailed Instructions

    1. Go to Tools > Distribution > Manage Scripts

    -In order to run this script you will need to first open up the LANDESK Management Suite Console.

    -Once in, on the toolbar at the top, click Tools > Distribution > Scheduled Tasks

    Soft_Dist.png

    -In the Manage Scripts pane, select "All Scripts"

    -You should see the default "Create Management Gateway Client Certificate" script

    Capture.PNG

     

    2. Create a scheduled task to run the default "Create Management Gateway Client Certificate" script

    -Right-click the "Create Management Gateway Client Certificate Script" and select "Schedule"

    sched.png

    This will create a scheduled task to run the script without any configuration needed.

    schedtask.PNG

    3. Drag and drop client machines to this scheduled task

    Now that you have created this scheduled task, you need only to run it on the devices to which you want to distribute the certificate. To do so:

    - Go to Network View > Devices and select a device or multiple devices you would like to run the script.

    - Left click and drag to the scheduled task - this will not start the task but rather point the scheduled task to the clients that it will execute the script on once the task is executed.

     

    4. Start the scheduled task and verify a successful result

    Once you have selected the client machines to run the task on, you will need to start the task. To do so:

    SftwDist_run.png

    -Right click on the task

    -Go to "Start now"

    -Click "all"

    -Once you have started the task, the script will begin being deployed to the target machines and executed. You should see the machines move from pending to active.

    -Once the task has completed it will show as successful with a status of "No Error" and a return code of 1201.

    success.PNG

    If you would like to further verify the broker certificate has been distributed successfully to the client, on the client machine go to C:\Program Files (x86)\LANDesk\LDClient, and open BrokerConfig.exe.

    You should see the following:

    successfulhighlight.PNG

    Your client(s) should now be fully able to communicate with the CSA.

     

    Troubleshooting Resources

    If any issues are encountered in requesting this certificate, please see the following article:

    How to: Manually Request a Broker Certificate with BrokerConfig.exe

    How To: Troubleshoot the Cloud Services Appliance (CSA)/Gateway

     

    Related Articles

    Best Known Method for Configuring LANDESK Cloud Service Appliance (former Management Gateway) version 4.2 and newer

    Quick Guide - Gateway (Cloud Service Appliance) Configuration