7 Replies Latest reply on Mar 6, 2014 5:31 PM by stolonation

    Cannot Remote Control Devices with LANDesk Agent outside LAN

    Rookie

      Hey Guys and Gals,

       

      I need a little help here.  We are deploying CSA, and I am running into some challenges. I have most things working, but cannot get remote control up.  Here is a little info about our environment:

       

      1. Core - 9.5 SP1

      2. CSA - Virtual Appliance in DMZ
      3. New Agent Deployed with CSA Information / Configuration

       

      I have devices outside the LAN with new Agent Configuration (Has CSA Configurations).  These devices are able to do the following:

      - Send VulScan information to the Core

      - Receive Policy task from the core (Patching and Software Distribution)

      - Report back inventory to the core

       

      What does work from outside:

      - Cannot get Remote Control to work (with LANDesk Agent)

       

      If I installed the "On Demand Remote Client for Windows" from the CSA portal page to a device w/o an Agent, I can see it just fine in the remote console.  So I do know that remote console is working.  If I try to remote control a device with a LANDesk agent, I can't get it to connect. 

       

      Here are the steps I am doing to remote control a device with LANDesk outside the LAN.

       

      - Make sure device is outside the LAN (the device is completely on the Internet - not on our networi)

      - Verify that device has recently inventoried / check in with core (i kicked up the policy sync period)

      - Select Device in Console - and Select "Remote Control via Management Gateway)

      - Remontol Windows Comes up and ask for Management Gateway Credentials

      - Endless "Searching for a matching connection..."

       

      From the remote device, I have put it both in "Direct Connect Mode" and "Gateway Mode"

       

      So I am not sure what I am doing wrong.  Is there something I need to do at the Core level?  Do I need to "invoke" something on the Remote Device?

       

      Any input would be greatly appreciated.

       

      - Ton

        • 1. Re: Cannot Remote Control Devices with LANDesk Agent outside LAN
          technobabble Apprentice

          The "On-demand Remote Control for Windows" no longer works when downloaded from the CSA. I do not know if this is considered a known bug or just no longer supported.

           

          However, if you create anew LANDesk agent for On-Demand Remote Control using the document found at http://community.landesk.com/support/docs/DOC-30443. This works for us.

          • 2. Re: Cannot Remote Control Devices with LANDesk Agent outside LAN
            Rookie

            Technobabble,

             

            Thank you very much for replying.  I really do appreciate it.  Hopefully I can pick your brain

             

            Ok.. as for the "On-Demand Remote Control for Windows", this does work for us just fine.  When I first try to click on the link I got a 404 error.  I had to follow this document to resolve it:http://community.landesk.com/support/docs/DOC-29460

             

            I plan on using the "On-Demand Remote Control for Windows" button to remote control devices w/o LANDesk agents on them.

             

            I do have a few questions regarding the document you provided and your process. 

            - In your environment, do you have the CSA information baked into your normal Agent Configuration?

            - Do you use that Custom Configuration for both devices with and without LANDesk Agent deployed on the device?

            - If you want to remote control a device outside the LAN, does the user need to visit the CSA "Portal" page first and run the custom agent?

             

            If you can help clarify, it would be greatly appreciated.  My issue might be that I invision the CSA being used in a way it is was not meant to be.

             

            Thanks again.

             

            - Ton

             


            • 3. Re: Cannot Remote Control Devices with LANDesk Agent outside LAN
              stolonation Rookie

              I have identical symptoms to tkhowdee.  CSA up and running and I can send inventory reports to the core from the Internet.  But when I select the device in LDMS console and "Remote Control via managment gateway" and enter credentials I get endless loop "Searching for a matching connection"

               

              Could anyone from Landesk please respond?


              Thanks sincerely

              Garrett

              • 4. Re: Cannot Remote Control Devices with LANDesk Agent outside LAN
                Rookie

                Hey Garrett,

                 

                I finally got it resolved a week or so ago.  I made 3 changes and now I am able to remote control devices outside our network via CSA.

                 

                1.  Trusted Services - I had my appliance hardened to not allow HTTP (port 80).  From what i found out, the remote clients talks on port 80.  So allow Port 80.  When connections are established, it goes to HTTPS (Security > Trusted Services)

                 

                2. Allowed Address - Make sure to allow 192.168.0.0/16.  Most home users are on 192.x.x.x.  So if you deny then, well.. they can't get in.  I hope I am understanding this properly.

                 

                3.  Additonal Host Name on Gateway services Page - Make sure to put the public IP for the CSA box, as well as the FQDN for the server.

                 

                I did all these changes at the same time, and I was able to sucessfully see and remote control devices outside my network.

                 

                I didn't have time to see which change was the exact fix, but well.. it works.  Please report back and let us know if it works for you.

                 

                - Ton

                • 5. Re: Cannot Remote Control Devices with LANDesk Agent outside LAN
                  stolonation Rookie

                  Hi Ton,

                  Still no go.  I'd already done step 1 but tried 2 and 3.

                  Could I compare notes a bit?  We are NAT only (no DMZ) and are using only eth0 on our CSA with a private IP address.  The Cisco firewall port maps from this to a public address.  Our SSL cert is working to the public domain address.

                  In LDMS console I have under "Manage Cloud Services Appliance"

                  CSA tab

                       CSA public name     publichost.domain.com

                       CSA public IP address     <public IP address>      (I've also tried publichost.domain.com)

                  I've tried with and without checking "Use Internal address"

                   

                  I must say the documentation on this product is spotty.  There's oodles of doc's but you read through and come across references to old versions.  I think we're on CSA 4.3 - just bought it couple months ago.

                  Stumped here.  I might try loading 9.5sp2 but other than that Landesk wants $2000 to make one support call - ouch!

                  • 6. Re: Cannot Remote Control Devices with LANDesk Agent outside LAN
                    Rookie

                    Hey.. $2000 for one support call?  I'm in teh wrong business.. I will do it for $1000   I'm just messing. 

                     

                    Here is what I would suggest..

                     

                    We are in DMZ, but we still have a FW. We basically have the same setup as you, but our device is in a protected DMZ.  We are also using a single nic on the CSA.

                     

                    Here is what I woudl confirm.

                     

                    1.  Verify that port 80 and 443 are actaully being forwarded to your CSA device from the firewall.  Check that both the http: and https: lands on your CSA home page.

                     

                    2. As for SSL Cert, we have not put a proper cert on it yet.  We are still using teh self signed cert for now (we will move it to real cert later).

                     

                    3. CSA Tab - I populated both the Public and Internal side:

                    - CSA Public Name - whatever name you have on your DNS

                    - CSA Public IP - the public IP Address for your CSA

                    - Password - well.. the password

                    - Checked Use Internal Address

                    - CSA Internal Name - FQDN for your AD

                    - Internal IP - the private IP Address

                     

                    4.  Agent Configuration - Just want to confirm.  Did you make a new agent after building your CSA stuff?  There are options to make sure the agent has the CSA information, and make sure to push it to your devices.  Look at the "Client Connectivity" under the agent configuration.  You need to make sure to configure the settings there for the endpoint devices.

                     

                    5.  Does remote control work from the on-demand / remote assistant client? 

                     

                    Hopefully that will work out.  If you have any more questions.. i will only charge $800 this time   What a savings!!

                     

                    Either way.. best of luck.  Let me know how it goes.

                     

                    - Ton

                    • 7. Re: Cannot Remote Control Devices with LANDesk Agent outside LAN
                      stolonation Rookie

                      To be fair there was a mixup with our licensing and Landesk/IBM staff have graciously sorted out (thanks!).  So I should be entitled to call for support after all.  I think I'll do that to avoid the trial and error.  Either way I'll let you know but as I'm bit swamped with work it may be next week.  Thanks for your help Ton!