Unable to discover exchange devices in the Ivanti console.

Version 4

    Verified Product Versions

    Endpoint Manager 2016.x

    Purpose:

     

    This document will go over how to create a certificate in case the core installation did not create it for different reasons. This will allow you to successfully discover devices handled by your exchange server and add them to your managed devices.

     

    Prerequisites:

     

    Have a 2016.3+ core, mobility for IOS and Android is not required to be fully configured but it is recommended.

     

    Process:

     

    Cause

      • When you enter the info in the Configure>Device Discovery>Exchange Active Sync section you will test the connection and then apply, this will sync with your exchange server:
      • The issue is when you go to discover devices. When you click on discover now or schedule a discover you see nothing happen. Normally this would be fine since there is no confirmation popup but there is no error message either. After sometime there is no devices coming in and can confirm it didn't work. Check the log command.services.exe.log for a failure with the commands and pointing to 'LANDesk_CommandsWS' in the log. This means there is a problem with The creation of the EAS certificate during installation.
      • The logs will show something similar:
        WARN 4764:6 Service : Failure processing commands: System.ServiceModel.Security.MessageSecurityException: Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'LANDesk_CommandsWS' but the remote endpoint provided DNS claim 'TestServer'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'TestServer' as the Identity property of EndpointAddress when creating channel proxy.

     

    Resolution

    To resolve the cert error after installing SU2, the customer must:

     

    1. Launch a command prompt with administrative rights.
    2. Go to:
      C:\ProgramData\LANDesk\ManagementSuite\Install\10.1\Data\10.1.2.1-SU\bin\Resources (Or install location for LANDesk.Common.RunMethod.exe)
    3. Run the following command line to remove the incorrect certificate:
      LANDesk.Common.RunMethod.exe assemblyFile="LANDESK.Install.Common.Actions.dll" class="CertificateActions" Method="RemoveCertificate" CommandLine="My;LocalMachine;CN=LANDesk_CommandsWS;OU=CORENAME;;false"
      • Change CORENAME to your core server hostname
    4. Open the Certificate Manager for the Local computer.
      1. Open Run and type in MMC.
      2. Click File <- 'Add\Remove Snap-in...'
      3. Locate Certificates and click Add.
      4. Select Computer Account.
      5. Leave Local computer selected and click Finish, and then OK.
    5. Expand Personal, click Certificates, and verify the LANDesk_CommandsWS certificate is not present.
    6. Back in the command prompt, run the following command line to create a proper certificate:
      LANDesk.Common.RunMethod.exe assemblyFile="LANDesk.Install.Common.Actions.dll" class="CertificateActions" Method="CreateCertificate" commandLine="BouncyCastle;SHA256;My;LocalMachine;LANDesk_CommandsWS;CORENAME"
      • Change CORENAME to your core server hostname
    7. Back in Certificate Manager, refresh the screen and verify the LANDesk_CommandsWS cert is present in the certificate cache.
    8. Reset IIS
    9. Restart the LANDesk Command Service in Windows Services.

     

    You will want to reopen your console and attempt the discovery. No message will confirm the discovery but should see new devices show in your network tree or under the mobile devices. The scan file will show it was pulled from Exchange. You can now deploy the Ivanti agent if you want to apply MDM settings and manage it completely.