You do have the correct certificates in %programfiles%\landesk\shared files\cbaroot\broker? If so, try running the same inventory command, but with the netbios name of the core server, not the FQDN.
No the clients aren't getting the certificates. I thought that is what the ConfigureBroker.exe was supposed to take care of. Also, I can't get the certificates when I manually run BrokerConfig.exe externally.
The configureBroker created a lng file. You still need to place this in the broker map on the client. When not connected to the core, the ldiscn32 will pick this file up and get the necessary ceritificates.
Right, I have included the lng file in the agent as per http://community.landesk.com/support/docs/DOC-1888 . It does place the LNG file in \landesk\shared files\cbaroot\broker but I don't get certificates. ldiscn32 gives me an error because it cant connect to the core.
Edit- here is the response I get when I run a test from brokerconfig:
00:12.631 Attempting Direct HTTP connection to host landesk:80
00:12.631 Starting HTTP session with host landesk:80, proxy "", and proxy user ""
00:14.887 Unable to resolve host landesk address 255.255.255.255
00:14.887 Direct connection failed 6 Name resolution error
00:14.887 Attempting automatic managment gateway configuration
00:26.805 Auto configuration succeeded
00:26.806 Attempting managment gateway connection at host <Gateway FQDN> and address <External IP Address>
00:26.806 Starting HTTPS session with host <External IP Address>, proxy "", and proxy user ""
00:26.806 Connecting to address <External IP Address>
00:28.222 Error 10061 attempting to connect to host <External IP Address>
00:28.222 Direct connection failed, attempting to find configured proxy
00:28.226 Looking for autoproxy settings using first user who has settings; sid is S-1-5-21-2694639272-131451936-3385145377-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings
00:28.226 Autoproxy settings are enabled, starting search for autoproxy
00:28.232 Sending DHCP query to determine autoproxy
00:34.235 Could not determine autoproxy from DHCP query
00:34.236 Sending DNS queries to determine autoproxy
00:34.236 Could not determine autoproxy from DNS queries
00:34.236 Could not find proxy from autoproxy settings
00:34.236 Looking for autoproxy settings using first user who has settings; sid is S-1-5-21-2694639272-131451936-3385145377-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings
00:34.237 Connection through managment gateway failed 3 IO error
Did you configure the 'additional hostnames' in the gateway section of the Management Gateway to add all internal and external hostnames and IP addresses the Gateway is accessed on (seperated by spaces)?
When you are in your LAN and you run brokerconfig -r from the ldclient map on the workstation, does it receive the brokercertificates?
I have the additional hostnames configured with the internal IP, external IP, and gateway.domain.com. Do I also need to add my cores hostname?
Running brokerconfig -r on the LAN gets certs and puts them in the cbaroot\broker directory. When I run BrokerConfig.exe after this though it still says that it is missing certificates.
If these are Windows 7 boxes, right click on BrokerConfig.exe and use the "Run as Administrator" option, even if logged in as admin.
On the Core, open the Console, (this must be done on the core), go to Configure Services > Managment Gateway and make sure the Cert if posted to the gateway.
Thanks for your reply,
These are Windows 7 boxes, but I have been doing the "Run as Administrator" thing, still fails to retreive certificate.
I went into the Configure->Management Gateway on the core and all of the settings are correct, it tests successfully, and the certis there.
OK, on your core, go to C:\Program Files (x86)\LANDesk\Shared Files\Keys
Copy the .0 file to the ldlogon folder...
See if that helps
I have two .0 files in the Keys directory. One of them (the one with the older timestamp) is already in the ldlogon folder. Should I copy the newer one there as well?
Yes, the internal NIC of the Gateway is on the same subnet as the Core.
I would copy the other .0 file there, not sure which one your core and clients are using.... this is a shot in the dark, but might help, won't hurt.