Preferred Servers are a popular option when looking to minimize network traffic during deployment tasks. Preferred Servers can provide files over both UNC and HTTP shares, however, it is not a requirement that the Preferred Server have IIS for clients to get files from an HTTP address. When the Ivanti Agent is looking for a file on the Preferred Server it will automatically translate the path between UNC and HTTP.
For example, if a distribution package lists the source file location as "http://server/share/file.exe", the agent will try to hit "http://preferredserver/share/file.exe" and if it fails to get the file through that method, it will try again with a UNC path "\\preferredserver\share\file.exe" without any extra configuration. However, it is important to remember that this auto-translation only happens when the Agent is trying to download from a Preferred Server. It will not do this when trying to download from a Source.
When running Software Distribution, Patching, or Provisioning tasks the Ivanti agent will automatically run down a list of four locations it is allowed to download files from:
- Verify if the file is already downloaded in the SDMCache.
- Peers devices on the same multicast domain.
- Preferred Servers.
When an agent requests available preferred servers from the core it may write that information into a PreferredServers.dat file, or it may also write it into the verbose logging for the task making the request. When that request is made, the client does not send its identifying information to the core server. Instead, it sends a blank SOAP request, and whatever the IP address that IIS sees the request come from is what the list of servers is based on. This can lead to complications in NAT environments where the agents talk to the Core Server through a NAT connection as the NAT IP may be the address seen by IIS and responded to, instead of the client's IP.
Where to look to ensure you are downloading from the Preferred Server
Ivanti logs where we are downloading files from in multiple places the following files will help you determine where your files are downloading from. The following client-side logs will help determine where files are downloading from.
C:\Program Files (x86)\LANDesk\LDClient\CurrentDownload.log
After enabling XTrace the following logs become more verbose: How To: Enable XTrace Diagnostic Logging for the Ivanti EPM Core and Clients
Software Distribution: C:\Program Files (x86)\LANDesk\LDClient\Data\sdclient_task###.log
Patch Manager: C:\ProgramData\LANDesk\Log\Vulscan.log
Verifying you are receiving the correct Preferred Servers
Sometimes necessary to make a manual request to the PreferredServer.asmx web service outside of a task for troubleshooting purposes. For customers on 2018.1 and later versions there are two options, if using an older version of EPM you will need to use method #2.
Method #1 - Core Server Browser (EPM 2018.1 and later)
This method makes use of new functionality in the Preferred Server web service.
- On the Core Server, open a browser and navigate to the following location:
- Select the "GetPreferredServersForAddresses" option.
- Enter the IP address of the device whose Preferred Servers needs to be confirmed.
- Click Invoke.
- Review results.
Method #2 - Using Postman (All Versions)
Below is an explanation of how to do this using a popular web development tool called Postman. You can download Postman on Windows and MacOS as an extension for the Chrome browser, or from the Postman website as a stand-alone tool. The following instructions assume you have already downloaded Postman to the machine whose preferred servers list needs to be validated.
- In PostMan, next to the URL field at the top of the tab change the Type from "GET" to "POST"
- In the URL field enter: http://CoreNameOrIP/landesk/managementsuite/core/PreferredServer/PreferredServer.asmx
- Go to the Body tab. Select the "raw" radio button.
- To the right of "raw" click on the drop down arrow by "Text", select "XML (text/xml)".
- Copy and paste the following into the text field (Do not change anything, as the servers response will be based off of the requesting machine's IP, not the content of the request, but the request does have the be properly formatted):
<?xml version="1.0" encoding="utf-16"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<GetPreferredServers xmlns="http://tempuri.org/" />
- Click the blue "Send" button.
- Once you click the Send button, you will receive a response with the preferred servers for that device listed. You will need to verify this against your Preferred Server configuration to ensure you have the servers you are expecting to receive.