3 Replies Latest reply on Feb 2, 2011 7:54 AM by mercuzio

    LD 9 SP2: SLM and Blocking

    Rookie

      Hi Good Morning Guys,

       

           I need help I'm having problem in justifying Landesk is an accurate management tool for our company. Maybe you can help.

       

           We are using LD 9 SP 2

       

           Problems:

       

           1. In Landesk Software License Monitoring it shows that there are 176 workstations that has an IPMSG application. But when we created a "Blocked application in Patch and Compliance it shows 488 and counting, workstations that is affected. In another application it shows that War3.exe has 188 workstation in LD SLM, but on affected computers on patch and compliance it shows that it only has 99 affected computers.

       

           2. In All devices there are still duplicate entries, sometimes LD server cleans up a duplicate entry, but when i monitored 20 duplicate workstation for a month, only 3 were delete. and the other still remains. I have tested changing the services. but still failed. I have attached, our configuration in services.

       

           3. When I try to manually run security scan on a workstations. it takes a long time Contacting Server, and sometimes it says Busy and sometimes it fails. Set up is in a local area network same switch with the server. and even when I restarted the server and try scanning again, it produces the same issue.

       

       

       

      Joe Vincent Chavez,

      Client Server Engineer

      Coca-Cola Bottlers Philippines

        • 1. Re: LD 9 SP2: SLM and Blocking
          mercuzio Apprentice

          Hi, i try to answer:

           

          1)SLM and security scan are 2 different process and the sympotms you describe are a bit general: workstations do scan regularly? file identification on bloccked application is coherent with the one on SLM?

           

          2) You configured to remove duplicate devices for MAC ADDRESS matching only so each time you substitute hardware PC to a user maintaining the same hostname you will have a duplicated device not removed because tha MAC is changed but not the name. I suggest to check both options and uncheck "restore old device ID"

           

          3)Is there something wrong with IIS? get a look on Vulscan.log on Documents and Settings\All users\Application data\Vulscan (for XP) there is some informations on issue?

          • 2. Re: LD 9 SP2: SLM and Blocking
            Rookie

            Hi Mercuzio,

             

                 Workstations scan regularly, (Please correct me if I'm Wrong, I assume that when computer restart inventory Scan runs, as well as security Scan). I also created a security scan policy that runs daily an all devices. Yes the file is the same with SLM and block applications.

             

                 Regarding the duplicate devices on management console, I have checked the duplicate devices and found out that they MAC address are still the same, so meaning NIC was not replaced. I have unchecked devices name match, because we usually rename workstation and re deploy it to other users. I tick the restore old device ID, so no new device ID would be generated for the same workstation.

             

             

                 on the third issue, I have this logs, but i keep track of the SQL server and found no issue or downtime. and it is weird, sometime it scans smoothly sometimes it doesn't.

             

             

            Contacting server...
            Tue, 01 Feb 2011 16:07:26 Action SOAPAction: "
            http://tempuri.org/ResolveDeviceID" failed, socket error: 0, SOAPCLIENT_ERROR: 7.  Status code: 500, fault string: Server was unable to process request. ---> The type initializer for 'LANDesk.ManagementSuite.WSVulnerabilityCore.VulCore' threw an exception. ---> [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.
            Invalid connection string attribute
            Last status: Server busy.  Retrying...
              Retrying in 13 seconds...
            Server busy.  Retrying...
            Last status: Retrying in 10 seconds...
            Retrying in 10 seconds...
            Last status: Retrying in 9 seconds...
            Retrying in 9 seconds...
            Last status: Retrying in 8 seconds...
            Retrying in 8 seconds...
            Last status: Retrying in 7 seconds...
            Retrying in 7 seconds...
            Last status: Retrying in 6 seconds...
            Retrying in 6 seconds...
            Last status: Retrying in 5 seconds...
            Retrying in 5 seconds...
            Last status: Retrying in 4 seconds...
            Retrying in 4 seconds...
            Last status: Retrying in 3 seconds...
            Retrying in 3 seconds...
            Last status: Retrying in 2 seconds...
            Retrying in 2 seconds...
            Last status: Retrying in 1 seconds...
            Retrying in 1 seconds...
            Last status:

            Contacting server...
            Tue, 01 Feb 2011 16:07:39 Action SOAPAction: "
            http://tempuri.org/ResolveDeviceID" failed, socket error: 0, SOAPCLIENT_ERROR: 7.  Status code: 500, fault string: Server was unable to process request. ---> The type initializer for 'LANDesk.ManagementSuite.WSVulnerabilityCore.VulCore' threw an exception. ---> [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied.
            Invalid connection string attribute
            Last status: Server busy.  Retrying...
              Retrying in 5 seconds...
            Server busy.  Retrying...
            setting _closeButtonShouldKillWorkerThread to false...
            Last status: Canceled
            Done (canceled)
            Canceled
            Failed

            • 3. Re: LD 9 SP2: SLM and Blocking
              mercuzio Apprentice

              Devices do vulscan.exe when they are scheduled on agent configuration Security scan settings it could be at logon or any 12 days it depends on configuration. Do you have any scrrenshot of SLM and Blocked apll discrepancy?

               

              Is the NIC you compare on the network view the only one available? could it be that duplicate configuration looks at another NICS, have you screenshots.

               

              Slowed or failing scans seem to cannot connect to ISS or fail in resolve DeviceID as if database has no records about that client's deviceID; it happened to me when i enabled Restore Old Device ID. I found on client's registry different  DeviceiD i expected to see on the database and client scans was rejected.

               

              I'm not realy helping you but theese are strange behavior to troubleshoot remotely, consider opening a support's ticket for at least one of them