Differences between Management Gateway Connections using BrokerConfig or the Remote Control Service.

Version 6

    Verified Product Versions

    LANDESK Management Suite 9.5LANDESK Management Suite 9.6

    This article has been written to clarify the two main areas that control information flow and control through the gateway.


    On an agent that is able to use the gateway, the applications that we need to differentiate from are:

    1. BrokerConfig.exe and its settings.
    2. Remote Control Service (issuser.exe) and its settings.

    Broker Configuration - BrokerConfig.exe

    C:\Program Files\LANDesk\LDClient\BrokerConfig.exe

    Picture of the Connection Settings: Dynamic, Direct to Core, Direct to Gateway



    The settings in Broker Config control the communication states for processes such as Inventory (LDISCN32), Policy Based Software Distribution (policy.sync), and Security Scan (VULSCAN).  These settings do not control the Remote Control service's state of Direct or Gateway Mode.


    "Dynamically determine connection route" is the preferred method for 99% of the client configurations and it is not recommended to change this settings except for testing purposes.


    Push and Pull software distribution tasks to both HTTP and UNC packages both on the Core and on an off core server were all tested and working regardless of the settings above, however you may experience issues if BrokerConfig is set to "Connect using the Management Gateway" on the client, AND the client is on the local network depending on your network security and architecture.


    Remote Control Service - (issuser.exe)

    C:\Program Files\LANDesk\LDClient\BrokerConfig.exe


    Picture of the two modes of Remote Control:

    Direct Mode



    Gateway mode.



    These settings can only be changed manually.  The current LANDesk agent does not have the capability to automatically detect the appropriate mode and switch.  The community has referenced a script on www.droppedpackets.org which can be used for this capability.


    Here's a link, so you can research this as an option:



    The usual agent installation includes a remote control icon in the taskbar with which you can bring up issuser and switch between Direct and Gateway modes.  If you don't show the Remote Control icon on your client machine's taskbar, you can change the mode with this registry entry.


    HKLM\SOFTWARE\Intel\LANDesk\WUSER32, Gateway Mode, 0=Direct Mode, 1=Gateway Mode


    If a client machine is on the network and their remote control service is set to Gateway Mode, then a normal remote control request from the Core will fail to connect to the client.  On the Core server, if you try "Remote through the Management Gateway", you may get a successfull connection to the machine but this varies depending on the network architecture and security settings of the environment.