This document will detail the sequence of events related to file hashing and the overall file download process in Ivanti EPM. Understanding the processes associated to how client side functions decipher the information being presented will allow for a more direct approach to troubleshooting and a speedy resolution. The information contained in this document is intended for the advanced LANDESK Administrator but is comprehensible and advantageous for administrators at all levels to be aware of. This document outlines all pertinent core server processes, IIS web services and the relative SQL database actions related to file hashing.
Here are some known issues you may encounter if you are experiencing download issues:
- Error 105: General download failure
- Error 16442: Failed to download and hash all additional files
- File Hash Flow Chart
- What is the Purpose of File Hashing in Ivanti EPM Software Distribution?
- Core Server
File Hash Flow Chart
Note: Please click to enlarge all images
What is the Purpose of File Hashing in Ivanti EPM Software Distribution?
A file hash is a data value consisting of a fixed length of characters for unique identification. It's a widely used in cryptography designed to resist modifications to the original data structure in efforts to maintain the integrity of the file.
Where are the hash values stored?
The hash values for files in a package are contained in the Package_Files_Hash database table, HASH column. This table includes the primary file and any additional files included in your package. The Data Type for the HASH column is nvarchar.
To view these values, connect to your SQL Database Server, open Microsoft SQL Server Management Studio, connect to your Ivanti EPM database and run the following SQL statement:
select * from Package_Files_Hash
The execution of this statement will display the contents of the Package_Files_Hash table.
How do I view the Hash of a Specific Package?
A Software Distribution package contains section for two (2) types of files, Primary and Additional. The first thing you will need to do is identify the Package ID of the desired Software Distribution package.
|Primary Package File||Additional package Files|
The Package_IDN is the database identifier and is equal to the Package ID in the distribution package. To view the Package ID, from the Ivanti Endpoint Manager console navigate to the following location:
Tools | Distribution | Distribution Packages
Select (highlight) the desired package, right-click and select Info. An exportable item information interface will be displayed and will contain an ID box. This is your package ID.
Please take note, Package ID = 4
Now that the package ID (Package_IDN) has been identified, run the following SQL statement to identify the Package_Files_Hash_IDN associated to the desired package:
In this example, I'm using the Package ID from the PXE Representative Deployment package.
select * from Package where Package_IDN = 4
Please take note, Package_Files_Hash_IDN = 3
Now that we have all information required to isolate the hash value of the PXE Representative Deployment package (Package_IDN = 4) you can now run the following SQL statement to identify the hash value of the primary file:
select * from Package_Files_Hash where Package_Files_Hah_IDN = 3
This will present you with the hash value of the primary file in your package.
The Package_Files_Hash_IDN value for the additional files is stored in the Package_Files database table. The Package_IDN for your package will be used as the identifier to locate your additional file(s) Package_Files_Hash_IDN value.
To get the Package_Files_Hash_IDN for the additional files, run the following SQL statement:
select * from Package_Files where Package_IDN = 4
Please take note, Package_Files_Hash_IDN = 4 and Package_Files_Hash_IDN = 5 are the identifiers for the two (2) additional files contained in your package. Now you can go back to the Package_Files_Hash table to view the hash value associated to those two (2) files.
Now that you have the identifier to isolate the hash value of your additional files, please run the following SQL statement to view the hash value of the additional files for the PXE Representative Package.
select * from Package_ Files_Hash where Package_Files_Hash_IDN = 4 or Package_Files_Hash_IDN = 5
Now that the details are outlined you can create one (1) SQL script to display all of the above-listed information by running the following statement using only the Package_IDN value:
declare @PackageId int SET @PackageId = 4 select p.PACKAGE_IDN, p.NAME, p.LastSavedDate, pfh.FULL_PATH, pfh.PACKAGE_FILES_HASH_IDN, pfh.FILE_SIZE,pfh.HASH from Package p, PACKAGE_FILES_HASH pfh where p.PACKAGE_IDN = @PackageId and (pfh.PACKAGE_FILES_HASH_IDN = p.PACKAGE_FILES_HASH_IDN or pfh.PACKAGE_FILES_HASH_IDN in (select package_files_hash_idn from package_files where PACKAGE_IDN = @PackageId) )
When does the hash value get created and updated?
Upon initial creation of a Software Distribution package, the package will contain a NULL hash value. You can expect to see a BLANK (empty string value) hash value in the database if you execute the "Reset package hash" option from the package. There are two (2) controlling processes responsible for hash calculations on the core server:
PolicyTaskHandler.exe and SchedPkgUpdate.exe
The PolicyTaskhandler process will perform a hash calculation upon task execution if the package hash is NULL or BLANK and will write the hash value to the database. In the event you modify a file in an existing package for a previously hashed file and reset the package hash, this will clear the value from the database leaving it BLANK.
Download Location Options
This document will outline three (3) network options for you to enable in efforts to minimize the bandwidth constraints on your network; Peer, Preferred Server, Source. These network options are located in the following location:
Tools | Configuration | Agent Settings | Distribution and Patch settings | Network settings
If you enable all 3 options, the downloader will check for the file in the following order; If the file is found in location (I), location (II) or (III) will not be checked:
- Preferred Server
A peer refers to a client device on the same broadcast domain of the client requesting the file. When the peer network option is enabled, the LANDESK downloader performs a discovery utilizing the LANDESK Targeted Multicast service (tmcsvc.exe) asking "Does any device on my subnet have the file I need"? The discovery request will contain the structure of the desired file. If a device replies to the request a file download from the peer will occur. This process is referred to as Subnet Aware Downloading (SAD).
Note: In order for the peer to offer a cached file to another client on its subnet/broadcast domain, the file must be distributed by Ivanti EPM, By default, the files will be cached in the SDMCACHE directory on the client. Manually copying files into the sdmcache directory does not "cache" the files.
To view all files currently cached by Ivanti EPM on your client and their expiration date, execute the following command from an Administrator command prompt after changing directories to LDClient:
tmcsvc.exe /f | more > output.txt
A preferred server can be thought of as a file repository. It's simply a device in your environment more proximal (in the sense of location) to a subset of devices than the Ivanti EPM core server. A preferred server does not have to actually be a "server" and does not have to be managed by Ivanti EPM (an agent is not required). For more information on preferred server packaging and troubleshooting please reference the following articles:
When the preferred server network option is enabled, the downloader will check for the existence of a file with the same name on the available preferred server(s). The component using the downloader (Software Distribution) will provide the hash of the file and the downloader will compare the hash provided to the file hash contained on the preferred server. If there is a match the file will be retrieved. A hash value will only be contained on the preferred server if the files were replicated over via Ivanti EPM Content Replication. If content Replication was not used, the downloader will download the entire file, calculate the hash and compare the hash it has to the hash found in the database.
Example (File replicated via Ivanti Content Replication):
File destination path: \\server\share\test\test_file.txt
Hash file location: \\server\share\test\LDHashDir\test_file.txt.hash.xml
Example (Without Ivanti Content Replication):
File destination path: \\server\share\test\test_file.txt
Hash file location: Package_Files_Hash DB table
When selecting the source network option, the downloader will be allowed to traverse your network back to the network path specified in your package (primary and additional files) in efforts to download the file. In this event, the hash is written to the Ivanti EPM database and will not be pulled from a preferred server or peer.
Note: A troubleshooting tool that will assist you in testing the download abilities from the Peer, Preferred Server or Source is PEDownloader.exe. More information related to the use of this tool can be found in the following location:
In order for the targeted device to be able to perform a file download, it must first gather information from the core to know what information is contained in the package. The client policy xml file (CP.TaskId.RunNow.xml for non-portal tasks and CP.TaskId.xml for portal tasks) will contain all pertinent information related to the job being sent to the client.
For more detailed information on how the core publishes information to IIS and how clients retrieve this information from IIS please reference the following articles: