13 Replies Latest reply on Apr 7, 2008 10:20 AM by PatGmac

    Not authorized to provision device

    Apprentice

      First time trying to provision. 8.7 SP4.

       

       

       

       

      I scheduled a provisioning task, the scheduled machine does show in PXE Prov. in Network view. Verified MAC address is correct. I get the F8 menu when PXE booting, which I understand I shouldn't be getting? After it PXE boots, I get prompted for my credentials which I put in, I get a list of provisioning templates I created, select one and I get the message shown in the attached screenshot. It says "you are not authorized to provision this device. The device is not in your scope". This device is in my scope. 

       

       

       

      The mypxerep.pxeconfig.xml is not getting to my PXE rep so I copied it to the PXE rep manually and put it in the LANDesk\PXE\System folder (is this correct?) and verified the MAC of the target machine is in there but I stil get the F8 menu and the auth errors.

       

       

       

       

       

       

       

       

       

      Thanks for all your help.

        • 1. Re: Not authorized to provision device
          phoffmann SupportEmployee

          Hmm - potentially "silly" question, but is it possible that the client has multiple NIC's?

           

          Normally, the way this sort of thing works is that the client does the PXE stuff (i.e. - TALKS to the PXE rep) - the PXE rep checks the MAC address with the Core in a "Does this guy have an outstanding job" kind of fashion, and then the Core responds.

           

          If the Core says "YES" - it should then say "go forth into a managed boot ... and do X, Y and Z" (so to speak).

           

          If the Core says "NO" - you should see the PXE menu (F8) as normal. So since your client doesn't automatically get shoved into a (provisioning - in this case) boot, I suspect that this might be due to having multiple NIC's which might cause the Core some problems?

           

          Paul Hoffmann

          LANDesk EMEA Technical Lead.

          • 2. Re: Not authorized to provision device
            Apprentice

             

            Thanks for the reply Paul.

             

             

            The machine in question only has 1 NIC. It is a GX270. I verified the MAC address in the computername-pxeconfig.xml is the same the machine displays when it retrieves an IP and the beginning of the PXE boot.

             

             

            You said the PXE rep checks with the core to see if the machine is authorized? Do you know what protocols it is using? Our core server is behind of firewall and we have a "virtual ip" which only passes http to the core and whatever is necessary to send an inventory scan.

             

             

            Thanks.

             

             

            • 3. Re: Not authorized to provision device
              phoffmann SupportEmployee

              It should be talking to the Core via HTTP, as we specifically made the PXE Proxy to be firewall friendly (and router friendly).

               

              By the way - when you press F8, what does is the "default" method (the one that's initially highlighted)?

               

              Paul Hoffmann

              LANDesk EMEA Technical Lead.

              • 4. Re: Not authorized to provision device
                Apprentice

                 

                So the pxeconfig.xml files should reside on the core? I read here that it should be copied down to each pxe rep? I don't see a valid http share to access ldmain/provisioning/targetlist, though I'm not the core admin so I could be wrong?

                 

                 

                F8 menu defaults to local boot.

                 

                 

                Thanks.

                 

                 

                • 5. Re: Not authorized to provision device
                  phoffmann SupportEmployee

                  I'm a bit confused.

                   

                  I've never said that the pxeconfig.xml should be on the Core alone - not quite sure where you took that from my statements.

                   

                  Also there is no such thing as a /ldmain/ equivalent HTTP-share, only a few subdirectories of ldmain are HTTP-shares (in their own right) (There also isn't a "/provisioning/" www-site) - so I'm bit unsure on where you picked up all this stuff from.

                   

                  The pxeconfig.xml is supposed to be living on the PXE-rep, in the (default location) - %program files%\landesk\pxe\system\ - directory. It gets updated by the Core (the Core talks to the PXE-rep's LANDesk agent for this) with a list of machines that should be PXE-booted into provisioning.

                   

                  Paul Hoffmann

                  LANDesk EMEA Technical Lead.

                  • 6. Re: Not authorized to provision device
                    Apprentice

                     

                    Sorry, I read this line a bit quickly - "the PXE rep checks the MAC address with the Core in a "Does this guy have an outstanding job" kind of fashion, and then the Core responds." Then I asked "You said the PXE rep checks with the core to see if the machine is authorized? Do you know what protocols it is using?" and you answered http. This is how I went in that direction. 

                     

                     

                    So that still leaves my issue that the pxeconfig.xml is not getting copied to my pxe rep and copying it manually to the correct location on the pxe rep still doesn't make that machine authorized. Should the file still be named computername.pxeconfig.xml or does it get renamed when it goes to the rep?

                     

                     

                    Thanks again.

                     

                     

                    • 7. Re: Not authorized to provision device
                      Apprentice

                       

                      Update.

                       

                       

                      I just had someone check on another pxe rep at our school (different subnet) and they DO have a pxeconfig.xml on their rep. So apparently it's not getting to my pxe rep.  How would I go about troubleshooting this?

                       

                       

                      • 8. Re: Not authorized to provision device
                        phoffmann SupportEmployee

                        Ah right - that makes sense.

                         

                        So - the behaviour I described is true for OSD (the PXE rep checks with the Core). For provisioning, the Core pushes info to the respect PXE rep (it's really a push FROM the Core to the rep). So first question here would be "is the rep actually registered properly with the Core"? (Check the PXE representatives section - if not, send a full "/F /SYNC" inventory should fix that).

                         

                        Other than that, starting the job alone should be sufficient for the Core to push the file (well - updated file) to the PXE rep ... unless there's something broken on the LANDesk client on the PXE rep? You may potentially want to try out another system (if you have one) just for kicks as a PXE rep.

                         

                        Paul Hoffmann

                        LANDesk EMEA Technical Lead.

                        • 9. Re: Not authorized to provision device
                          Apprentice

                           

                          The rep does show up in Network View/PXE Reps and the core does have a mypxerep.pxeconfig.xml in ldmain\provisioning\targetlists. I have since repdeployed the pxe rep since then because of other updates. I will try another system, if that works, then I will probably try a pxe removal and redeploy.

                           

                           

                          Thanks.

                           

                           

                          • 10. Re: Not authorized to provision device
                            phoffmann SupportEmployee

                            Hmm - we should be pushing this through the CBA, so you should be able to find something in "SERVICEHOST.LOG" on the client's (default path) "C:\Program Files\LANDesk\Shared Files\" directory ... I'm just a bit surprised that this works for most of your org, but not this one client (and there only "doesn't" work insofar as the Core pumping down the XML).

                             

                            Very odd.

                             

                            Will try to have a think, but maybe one of my US colleagues is a bit more awake than me at the moment :).

                             

                            Paul Hoffmann

                            LANDesk EMEA Technical Lead.

                            • 11. Re: Not authorized to provision device
                              Apprentice

                               

                              Bingo. It was user error (me!). My pxe rep is also the machine I use myself with the LANDesk console. In our enviornment, we have to connect to a VPN to be able to access the network the coreserver is on. The VPN give's me a 10.x.x.x address and I'm always on the VPN so my machine record in the DB updated with the IP from the VPN. The Core server can not directly access that 10.x.x.x address. So I disconnected from the VPN, connected to the web console, restarted the provisioning scheduled task and a minute later I got the pxeconfig.xml.

                               

                               

                              I'll confirm Monday when I get back to work if the actual provisioning on the client works (only so much I can do remotely ) which I suspect will at least start the tasks.

                               

                               

                               

                               

                               

                              Thanks for all your help on this. 

                               

                               

                              • 12. Re: Not authorized to provision device
                                phoffmann SupportEmployee

                                Yep - that sounds like that would do it :).

                                 

                                Hope that that's sorted out then ... fingers crossed :).

                                 

                                Paul Hoffmann

                                LANDesk EMEA Technical Lead.

                                • 13. Re: Not authorized to provision device
                                  Apprentice

                                  I'm a little closer. I don't get the F8 menu anymore, it auto selects managed provisioning. But it still boots up to asking for my credentials and says this machine is not authorized.