4 Replies Latest reply on Jan 25, 2008 4:34 PM by carlilek

    Policy deployment failure

    Apprentice

       

      Guess what, guys, it's me again...

       

       

       

       

       

      OK, I'm trying to do a policy deployment to various computers on various networks. It works fine on machines that are on the same network as the core. Unfortunately, that's not really the machines I need to reach. When I make the policy available to machines on outside networks, they fail with this log.!file:///C:/DOCUME1/carlilek/LOCALS1/Temp/moz-screenshot.jpg!

       

      Thu, 17 Jan 2008 11:20:55 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:20:56 Performing TCP connection with a timeout of 2500 milliseconds
      Thu, 17 Jan 2008 11:21:00 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:01 Failed to start a session with CORE.FQDN.ORG (6)
      Thu, 17 Jan 2008 11:21:01 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:01 Response for '/8.7SP4Agent.exe' on 'outside.web.server:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:21:01 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:03 Performing TCP connection with a timeout of 2500 milliseconds
      Thu, 17 Jan 2008 11:21:06 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:08 Failed to start a session with CORE.FQDN.ORG (6)
      Thu, 17 Jan 2008 11:21:08 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:08 Response for '/8.7SP4Agent.exe' on 'outside.web.server:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:21:10 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:12 Download information for http://LANDesk.Gateway@gateway.inside.ip/ldlogon/FileLists/taskmanifest.CORE.FQDN.ORG.59.11.ini//LANDesk.Gateway@gateway.inside.ip/ldlogon/FileLists/taskmanifest.CORE.FQDN.ORG.59.11.ini : 88 bytes in 0:00:01.187 seconds, bandwidth 0.0724 kb/s
      Thu, 17 Jan 2008 11:21:12 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:14 Performing TCP connection with a timeout of 2500 milliseconds
      Thu, 17 Jan 2008 11:21:17 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:19 Failed to start a session with CORE.FQDN.ORG (6)
      Thu, 17 Jan 2008 11:21:19 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:19 Response for '/8.7SP4Agent.exe' on 'outside.web.server:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:21:19 Response for '/8.7SP4Agent.exe' on 'outside.web.server:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:21:21 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:22 Performing TCP connection with a timeout of 2500 milliseconds
      Thu, 17 Jan 2008 11:21:26 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:28 Failed to start a session with CORE.FQDN.ORG (6)
      Thu, 17 Jan 2008 11:21:28 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:28 Response for '/guest/Repository/atreboot.bat' on 'alternative.outside.webserver:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:21:28 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:29 Performing TCP connection with a timeout of 2500 milliseconds
      Thu, 17 Jan 2008 11:21:33 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:34 Failed to start a session with CORE.FQDN.ORG (6)
      Thu, 17 Jan 2008 11:21:34 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:35 Response for '/guest/Repository/atreboot.bat' on 'alternative.outside.webserver:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:21:37 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:39 Download information for http://LANDesk.Gateway@gateway.inside.ip/ldlogon/FileLists/taskmanifest.CORE.FQDN.ORG.57.10.ini//LANDesk.Gateway@gateway.inside.ip/ldlogon/FileLists/taskmanifest.CORE.FQDN.ORG.57.10.ini : 102 bytes in 0:00:01.204 seconds, bandwidth 0.0827 kb/s
      Thu, 17 Jan 2008 11:21:39 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:41 Performing TCP connection with a timeout of 2500 milliseconds
      Thu, 17 Jan 2008 11:21:44 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:46 Failed to start a session with CORE.FQDN.ORG (6)
      Thu, 17 Jan 2008 11:21:46 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:46 Response for '/guest/Repository/atreboot.bat' on 'alternative.outside.webserver:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:21:46 Response for '/guest/Repository/atreboot.bat' on 'alternative.outside.webserver:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:21:51 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:52 Performing TCP connection with a timeout of 2500 milliseconds
      Thu, 17 Jan 2008 11:21:56 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:57 Failed to start a session with CORE.FQDN.ORG (6)
      Thu, 17 Jan 2008 11:21:57 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:57 Response for '/reboot.bat' on 'outside.web.server:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:21:57 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:21:59 Performing TCP connection with a timeout of 2500 milliseconds
      Thu, 17 Jan 2008 11:22:02 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:22:04 Failed to start a session with CORE.FQDN.ORG (6)
      Thu, 17 Jan 2008 11:22:04 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:22:04 Response for '/reboot.bat' on 'outside.web.server:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:22:06 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:22:09 Download information for http://LANDesk.Gateway@gateway.inside.ip/ldlogon/FileLists/taskmanifest.CORE.FQDN.ORG.55.9.ini//LANDesk.Gateway@gateway.inside.ip/ldlogon/FileLists/taskmanifest.CORE.FQDN.ORG.55.9.ini : 83 bytes in 0:00:01.187 seconds, bandwidth 0.0683 kb/s
      Thu, 17 Jan 2008 11:22:09 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:22:10 Performing TCP connection with a timeout of 2500 milliseconds
      Thu, 17 Jan 2008 11:22:14 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:22:15 Failed to start a session with CORE.FQDN.ORG (6)
      Thu, 17 Jan 2008 11:22:15 Performing TCP connection with a timeout of -1 milliseconds
      Thu, 17 Jan 2008 11:22:15 Response for '/reboot.bat' on 'outside.web.server:80' was not a successful http request (503)
      Thu, 17 Jan 2008 11:22:16 Response for '/reboot.bat' on 'outside.web.server:80' was not a successful http request (503)

       

       

       

       

      Here's the setup:

       

       

      My core is on my inside lan and is not available outside the firewall. My management gateway is on both the inside lan and the dmz, and port 443 is open to the outside. The outside.web.server referenced above is on the dmz, and port 80 is open to the outside. I have put my packages (in this case, a couple of .bat files and the .exe of the landesk agent installer) on the outside.web.server and configured  the various distribution packages to point to that. Oneof the packages is on a separate web server, also available to the outside (just checking my sanity, there)

       

       

      I have tested that the outside.web.server is available to the outside network computers, and that they can download the packages.  I can use management gateway remote control to reach these computers, and they are set in brokerconfig to Connect using the Management Gateway. One odd thing I noticed is that in the line about "Download information for blahblahblab.ini" (the only successful line in that log), the Management Gateway's real inside address is referenced, not its NATted external ip or even its real dmz address. The core and the gateway both know what the external ip is, so I'm not sure why that's like that. It's probably a red herring.

       

       

      Anyone have any thoughts? 

       

       

        • 1. Re: Policy deployment failure
          Apprentice

          Here's another strange thing I just noticed. Sometimes it works--with a different package (an .exe this time). Same config, same setup (not the same target computer).

          • 2. Re: Policy deployment failure
            Apprentice

            Well, I'm talking to myself here, but it worked on several computers (on different networks, with different topologies), but it also failed on several computers (different networks, different topologies.) One of the failure computers is completely accessible by the core. The failed computers also can contact the 2 webservers that host the packages. Still, the error that comes up in the log is a 503 http error.

            • 3. Re: Policy deployment failure
              Jared Barneck SupportEmployee

              Check the LDClient\SDMCache to see if the taskmanifest is really downloading all the way or if it is staying as a partial file.

               

              Also are all the machines NOT in gateway only mode? (except for of course gateway machines).

               

              Also, I think it is weird that is says gateway.inside.ip...I haven't seen that.

              • 4. Re: Policy deployment failure
                Apprentice

                They seem to be. All there is in the taskmanifest.blahblahblah.ini file is this.

                 

                 

                 

                FULLPATH=http://web.server.ip/meetingplace/setup.exe

                HASH=uxiqzXBuZ6XWSC234lRBoA==

                 

                The other policy I put out for this computer is pretty much the same (different path, hash)

                 

                 

                 

                 

                 

                Both of these machines are in Gateway mode. However, the other machines that worked were also in Gateway mode. Very odd.