10 Replies Latest reply on Jun 30, 2014 3:13 AM by CRB

    Unable to set Brokerconfig at remote sites (401 and 403)

    Specialist

      I enter username/password and get "Username or Password invalid"

       

      From the remote client I am able to access:

      https://landeskcore/LANDesk/ManagementSuite/Core/core.secure/brokercertificaterequest.asmx

       

       

      If I try to run a test I get:

       

      40:03.549   Attempting Direct HTTP connection to host LANDESKCORE.XXX.company.com:80

      40:03.549   Starting HTTP session with host LANDESKCORE.XXX.company.com:80, proxy "", and proxy user ""

      40:03.554   Connecting to address 10.x.x.x

      40:03.584   Direct connection succeeded

      40:03.584   HTTP Request: POST /landesk/managementsuite/core/core.secure/BrokerCertificateRequest.asmx

      40:03.584   Waiting for HTTP response

      40:03.596   HTTP response finished status 401 description Unauthorized

       

       

       

      u_ex140415.log:

      2014-04-15 23:31:45 10.x.x.x POST /landesk/managementsuite/core/core.secure/BrokerCertificateRequest.asmx - 80 - 192.x.x.x - 401 2 5 46

       

       

      User is domain admin and LDMS Admin.

       

      I have been using : "How to Troubleshoot BrokerConfig and General Gateway Agent Issues" as a guide.

      http://community.landesk.com/support/docs/DOC-2131

       

       

      Something is just not clicking. Any pointers out there would be great

        • 1. Re: Unable to set Brokerconfig at remote sites (401 and 403)
          Specialist

          User is able to create a Cert in the 10.x.x.x

          • 2. Re: Unable to set Brokerconfig at remote sites (401 and 403)
            JoeDrwiega SupportEmployee

            Check on your CSA in the Security section and see if your Firewall is blocking that IP or IP range.

            • 3. Re: Unable to set Brokerconfig at remote sites (401 and 403)
              JonnyB SupportEmployee

              According to the test output, you are getting a direct connection to the core. The direct connection will not work with credentials.  Either remove the credentials, or determine why you are getting a direct connection at the remote site

              • 4. Re: Unable to set Brokerconfig at remote sites (401 and 403)
                Specialist

                Jonbart, is right. You can choose the way of connecting the agent goes to gateway mode directly.

                 

                With client connectivity settings of your gateway agent can be set to, "connect using the cloud services appliance". It doesn't use the broker.config while getting a direct connection.

                 

                If it can't reach the core it will try something like an ldscn32 -r that will look for the CSA as i remember.

                 

                -----

                 

                 

                Her is copy paste of my documentation;

                 

                 

                Making
                an agent that is accessible by the LANDesk Core server when it is not a domain
                object nor connected to the Croda domain.

                 

                 

                 

                 

                 

                True
                the LANDesk management gateway (Cloud Services Appliance) the LANDesk server
                can still access and service the workstations that have a Croda LANDesk agent
                on it even, when they are not connected to the domain or even when they never
                have joined the Croda domain.

                 

                 

                This
                guide is not for the domain workstations because no changes have to be made to
                communicate with the LANDesk server.

                 

                 

                 

                 

                 

                This
                guide will affect non-domain workstations that have to be managed outside our
                domain.

                 

                 

                 

                 

                 

                There
                are multiple configuration changes that have to be made to give access to the
                remote non-domain clients to communicate true the Management Gateway (Cloud
                Services Appliance) to the LANDesk Core server.

                 

                 

                 

                 

                 

                Documents used:

                 

                 

                http://community.landesk.com/support/docs/DOC-1888

                 

                 

                http://community.landesk.com/support/docs/DOC-8412

                 

                 

                 

                 

                 

                Files
                location:

                 

                 

                \\COREx\Package\BrokerConfig

                 

                 

                Password
                sheet…

                 

                 

                 

                 

                 

                Changes
                to be made:

                 

                 

                • Permanent

                 

                 

                1. Account with local access
                  on the LANDesk Core server. Account has only rights to the management suite to
                  ensure it can talk true the gateway with the core.
                2. Brokerconfig.exe has
                  to be copied and has to be authenticated with the local account that is made in
                  step 1.

                 

                 

                 

                 

                Changing when doing
                an update to the Remote agent. (This has
                to be done every time a change is made to the remote agent else it will affect
                the current domain agents.
                )

                 

                 

                1. Changing the LANDesk
                  .ini file to import the brokerconfig.lng to the shared files folder.
                2. Changing the LANDesk
                  .ini file to Remote control access without user intervention.
                3. Make the change
                  available to the agents and check if the agent is reflecting the changes made.

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                  1. Account
                         Account with local access on the LANDesk Core server. Account has only
                         rights to the management suite to ensure it can talk true the gateway with
                         the core.

                 

                 

                 

                The Configure.Broker
                account is made for local access to the LANDesk Core server ( x ). This
                account has rights to LANDesk Broker Config Users & LANDesk Management
                Suite.

                 




                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 




                 

                 

                 

                    1. Brokerconfig.exe
                      has to be copied and has to be authenticated with the local account that is
                      made in step 1.

                 

                 

                 

                Files available
                \\-CORE-\D\Package\BrokerConfig\

                 

                - Copy the configurebroker.exe to the
                C:\Program Files (x86)\LANDesk\ManagementSuite\ on the Landesk Core.

                 

                - Open the exe and fill in the account (
                configure.broker ) and Password and save the exe.

                 


                 

                    • A folder will be
                      created in the C:\Program Files (x86)\LANDesk\ManagementSuite\NoshareLDlogon
                      with a brokerconfig.ing file in it. This file will be used to authenticate the
                      agent off a non-domain workstation. Copy the .ing file to C:\Program Files
                      (x86)\LANDesk\Shared Files\cbaroot\broker and too C:\Program Files (x86)\LANDesk\ManagementSuite\ldlogon\

                 

                 

                 

                    1. Configuring the
                      Landesk .ini file has to be done in a separate file that will merge the
                      NTSTACFG.in# into the NTSTACFG.ini.

                 

                So change have to be made in NTSTACFG.in#

                 

                    • Paste the following
                      under the [common base agent post copy] of the NTSTACFG.in#.

                 



                 

                 

                 

                 


                   
                   

                ;------------------- Set Locally
                    Scheduled tasks --------------------------


                   

                 


                   

                FILE10001=BrokerConfig.lng,
                    %ldms_local_dir%\..\..\Shared Files\cbaroot\broker\BrokerConfig.lng


                   
                   


                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 






                1. Changing the LANDesk
                  .ini file to Remote control access without user intervention. This will be
                  needed for server acces without the lockout possibility.






                •  

                   
                   

                REG5399=HKEY_LOCAL_MACHINE,
                    SOFTWARE\Intel\LANDesk\WUSER32\Gateway, 1, , REG_DWORD


                   
                   


                  Paste
                the following under the [Remote Control Post Copy] of the NTSTACFG.in#.

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                 

                After
                changing the .in# file the inventory service has to be restarted to merge the
                file to the NTSTACFG.ini

                 

                 

                 


                 

                 

                 

                 

                 

                 

                 


                 

                 

                 

                 



                1. Make the change
                  available to the agents and check if the agent is reflecting the changes made

                 

                 

                 

                When right click an agent > advance edit.
                This will show the .ini that is set for the agent.

                 

                 

                 




                • When you need to
                  change one agent you can open the configuration by right click > properties
                  and press save. This will change the revision number and the change you made in
                  the .ini will reflect in advance edit.

                 

                 

                 

                 

                 

                 

                 

                 

                 



                • Option 2 is to press
                  the Rebuild all button, this will rebuild all agent configurations you have
                  made not only the ones in screen.
                • 5. Re: Unable to set Brokerconfig at remote sites (401 and 403)
                  Specialist

                  No Creds entered:

                  43:25.058   Attempting Direct HTTP connection to host LANDESKCORE.xxx.company.com:80

                  43:25.058   Starting HTTP session with host LANDESKCORE.xxx.company.com:80, proxy "", and proxy user ""

                  43:25.062   Connecting to address 10.0.10.45

                  43:25.085   Direct connection succeeded

                  43:25.085   HTTP Request: POST /landesk/managementsuite/core/RemoteControlLogging/RemoteControlLog.asmx

                  43:25.085   Waiting for HTTP response

                  43:25.356   HTTP response finished status 200 description OK

                   

                  Clicking Send:

                   

                  6-24-2014 11-48-30 AM.jpg

                  • 6. Re: Unable to set Brokerconfig at remote sites (401 and 403)
                    JonnyB SupportEmployee

                    Is there an LNG file in use? If so doing the request internally will show invalid credentials.

                    • 7. Re: Unable to set Brokerconfig at remote sites (401 and 403)
                      Specialist

                      English install, no alternate languages selected

                      • 8. Re: Unable to set Brokerconfig at remote sites (401 and 403)
                        Specialist

                        192.168.0.0/16 was in the blocked range

                        added to allowed and restarted CSA.

                         

                        Did not resolve

                         

                        Edit: Disabling the Firewall settings also does not resolve

                        • 10. Re: Unable to set Brokerconfig at remote sites (401 and 403)
                          Specialist

                          Capture04.PNG

                          have you tried using this setting ? When the LANDesk server can resolve the machine as ( in-domain ) it won't use the LNG file as it won't do an inventory scan -R.

                           

                          Try using IP in Gateway information instead of the Hostname

                          Add the brokerconfig to C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker on core