How to Verify the Correct Preferred Server is Being Used by an Agent

Version 6

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    Description

       Preferred Servers are a popular option when looking to minimize network traffic during deployment tasks. Preferred Servers can provide files over both UNC and HTTP shares, however, it is not a requirement that the Preferred Server have IIS for clients to get files from an HTTP address. When the Ivanti Agent is looking for a file on the Preferred Server it will automatically translate the path between UNC and HTTP.

       For example, if a distribution package lists the source file location as "http://server/share/file.exe", the agent will try to hit "http://preferredserver/share/file.exe" and if it fails to get the file through that method, it will try again with a UNC path "\\preferredserver\share\file.exe" without any extra configuration. However, it is important to remember that this auto-translation only happens when the Agent is trying to download from a Preferred Server. It will not do this when trying to download from a Source.

     

       When running Software Distribution, Patching, or Provisioning tasks the Ivanti agent will automatically run down a list of four locations it is allowed to download files from:

    1. Verify if the file is already downloaded in the SDMCache.
    2. Peers devices on the same multicast domain.
    3. Preferred Servers.
    4. Source.

     

      When an agent requests available preferred servers from the core it may write that information into a PreferredServers.dat file, or it may also write it into the verbose logging for the task making the request. When that request is made, the client does not send its identifying information to the core server. Instead, it sends a blank SOAP request, and whatever the IP address that IIS sees the request come from is what the list of servers is based on. This can lead to complications in NAT environments where the agents talk to the Core Server through a NAT connection as the NAT IP may be the address seen by IIS and responded to, instead of the client's IP.

     

    Solution

     

    Where to look to ensure you are downloading from the Preferred Server

    Ivanti logs where we are downloading files from in multiple places the following files will help you determine where your files are downloading from. The following client-side logs will help determine where files are downloading from.

     

    C:\Program Files (x86)\LANDesk\LDClient\CurrentDownload.log

     

    After enabling XTrace the following logs become more verbose: How To: Enable XTrace Diagnostic Logging for the Ivanti EPM Core and Clients

    Software Distribution: C:\Program Files (x86)\LANDesk\LDClient\Data\sdclient_task###.log

    Patch Manager: C:\ProgramData\LANDesk\Log\Vulscan.log

    Provisioning: C:\ProgramData\LANDesk\Log\MapToPreferredHandler.log

     

    Verifying you are receiving the correct Preferred Servers

     

      Sometimes necessary to make a manual request to the PreferredServer.asmx web service outside of a task for troubleshooting purposes. Below is an explanation of how to do this using a popular web development tool called Postman. You can download Postman on Windows and MacOS as an extension for the Chrome browser, or from the Postman website as a stand-alone tool. The following instructions assume you have already downloaded Postman to the machine.

     

    1. In PostMan, next to the URL field at the top of the tab change the Type from "GET" to "POST"
      2017-04-06_12-28-54.gif
    2. In the URL field enter: http://CoreNameOrIP/landesk/managementsuite/core/PreferredServer/PreferredServer.asmx
      2017-04-06_12-32-11.png
    3. Go to the Body tab. Select the "raw" radio button.
      2017-04-06_12-34-19-1.gif
    4. To the right of "raw" click on the drop down arrow by "Text", select "XML (text/xml)".
      2017-04-06_12-41-05.gif
    5. Copy and paste the following into the text field (Do not change anything, as the servers response will be based off of the requesting machine's IP, not the content of the request, but the request does have the be properly formatted):
      <?xml version="1.0" encoding="utf-16"?>
      <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
      <soap:Body>
      <GetPreferredServers xmlns="http://tempuri.org/" />
      </soap:Body>
      </soap:Envelope>
    6. Click the blue "Send" button.
      2017-04-06_12-50-32.gif
    7. Once you click the Send button, you will receive a response with the preferred servers for that device listed. You will need to verify this against your Preferred Server configuration to ensure you have the servers you are expecting to receive.