4 Replies Latest reply on Apr 24, 2012 10:01 AM by joebaggadonuts

    Patching using preferred server




      I have set up a preferred server in a remote location and am trying to get the nodes in this location to download their patches from that preferred server.


      I have created the exact same share on the preffered server and have installed and set up IIS to point to that share. The IP range is also correct and I have replicated all the patches to the share.


      However as you can probably guess, the nodes are still getting the patches from the core and not the preferred server. What could be going wrong?


      I will post any logs/screenshots if requested.



        • 1. Re: Patching using preferred server
          Frank Wils ITSMMVPGroup

          Have you doublechecked the ip ranges in your preferred server configuration? Also, can you access the share on the preferred server with the credentials provided using http and or unc, depending on how you configured the path where clients look for patches? Finally, is the preferredserver.dat in the agent map updated and does it contain the correct server?  Frank

          • 2. Re: Patching using preferred server

            Hi Frank,


            Thanks for the reply.


            I have definitely checked and confirmed that the IP range is correct and I can also connect to the UNC and HTTP paths from the client.


            I'm not sure how to check the preferredserver.dat. Are you able to instruct me on how to do this?



            • 3. Re: Patching using preferred server
              Frank Wils ITSMMVPGroup

              It is a simple .dat file that you can open with notepad to see hwich preferred servers are configured for that device. Also, check the vulscan logs. Running "Vulscan e" will open the map where the logs are located.



              • 4. Re: Patching using preferred server

                I just got the fix to this myself. I spoke to Bryce at LANDesk Support and he got me all setup. I am using Windows 7 pro machines as Preferred Servers and they have IIS 7.5 on them. I have created the appropriate virtual folder for LDLogon and linked it to the Share "LDLogon" on the LDPS. It has the entire Patch folder under LDLogon and that is all replicated at night from the primary replication source.


                   Turns out I needed to ensure that the Anonymous Login was enabled for the Virtual Directory in IIS and then had to adqd the local User "IUSR" to the NTFS permissions (Security Tab) of the share. IUSR needed the standard read, execute and file scan access.


                    Our Patch guy tested it and everything works like it does when we use UNC traffic on our SD packages. Patch Requester contacts the core, gets the assigned list of patches and goes thru one by one, chopping off the core name and sticking the PS name in its place. If the patch is available on the PS it ran - if not, well...