1 of 1 people found this helpful
Please repost or reply with a screenshot of the error. This one is cutoff and hard to see.
Please find below the text with log errors
36:26.046 Using certificate file C:\Program Files\LANDesk\Shared Files\cbaroot\broker\broker.crt and keyfile C:\Program Files\LANDesk\Shared Files\cbaroot\broker\broker.key
36:26.046 Certificate/key loaded. Certificate file "C:\Program Files\LANDesk\Shared Files\cbaroot\broker\broker.crt". Key file "C:\Program Files\LANDesk\Shared Files\cbaroot\broker\broker.key"
36:26.046 Attempting managment gateway connection at host and address ldgateway.izs.it
36:26.046 Starting HTTPS session with host ldgateway.izs.it, proxy "", and proxy user ""
36:26.093 Connecting to address 22.214.171.124
36:26.625 Waiting for link connection to core through managment gateway
36:26.625 Begining link request
36:26.640 HTTPS Request: POST /services/link
36:26.640 Waiting for match response
36:26.640 Waiting for HTTPS response
36:31.703 HTTPS response finished status 404 description Not Found
36:31.750 Connection link not successful. Status 404
It appears that the machine cannot find the gateway. Try turning off the Firewall. (I can't ping your public address) I also am unable to resolve 126.96.36.199 to ldgateway.izs.it so looks like you might have a Name resolution issue too.
In this screenshot, I do not see that you have a user name and password entered. The use that needs to be used is a user that is in the LANDesk Management Suite group on the core server.
Some things to check.
On the Core, did you go to Configure Management gateway and post the certificate to the gateway?
On the client in the C:\Program File\LANDesk\Shared Files\cbaroot\certs, does the existing .0 (Hash file) contain the BrokerIP and BrokerHost information? If not, then copy the .0 file from the core that has this info to the client.
Did you specify the IP Address or Name of the core server for the client when it was installed? To see what is currently set, check the registry on the client: HKLM\Software\Inte\LANDesk\LDWM\ CoreServer String value. Using an IP Address in this field is not supported through the gateway.
When looking at the certificate for 188.8.131.52, it does not currently have this IP address in the Additional Host names section and this is a MUST for the clients to work through the gateway.
Log into the Admin Console (https://ldgateway.izs.it/gsb) and go to the Gateway Service Section and add the public IP Address "184.108.40.206" to the Additional host names section and click Save.
I hope this helps you.
Maybe you are right...
I will explain the name situation. If you ask for ldgateway.izs.it DNS resolve fine, but if you try to make an inverse request this doesn't work,
what i mean is that the dns request and the inverse one are not symmetrical. xxx.company.com -> 220.127.116.11 -> zzz.isp.net instead of xxx.company.com -> 18.104.22.168 -> xxx.company.com
Does core server, when i post a certtificate, ask for the name of public ip ? if yes, no dns will answer in right way because there is no inv in dns configuration.
Infact what i see is that the link below post button, in landesk console, does not contain fqdn but the ip address.
Is it right? If no, is it possible to find a workaround or the only way is to set dns up?
THat Address always uses the Internal IP address to formulate, but has no correlation to the client or how it will request a cert. I think you need to make the changes that Craig suggests above, this is obviously a missing configuration item and so may resolve the biggest part of the problem... I always find it useful for troubleshooting to turn off the firewall so that you can ping the gateway from the client as well.
i performed what Craig wrote with no result. The public ip is not the ip of management gw nic. There is a firewall between. As you can see you can telnet 443 and 80 port from the ouside and from the inside core and gw belong to the same subnet and firewall services on gateway is disable.
So two things...
1. When I do a ping -a to your public IP address it resolves to this: host35-83-static.38-88-b.business.telecomitalia.it I think this could be an issue with Agent Communication for the certificate.
2. You need use a LANDesk account credentials hit send then post your Proxyhost.log file here.
When it works you should have something like this:
2008-03-10 17:28:29(456-2896) proxyhost.exe:127.0.0.1:2674 - - "POST http://servername/landesk/managementsuite/core/core.secure/BrokerCertificateRequest.asmx HTTP/1.1" 200 1545 2259