6 Replies Latest reply on May 14, 2014 12:55 PM by firstmidwestbank

    Gateway ?

    Apprentice

      All,

       

      I have a new Gateway appliance setup and I am able to remote control via the internet on-demand without issue.  I am NOT able to get a current LD client to inventory scan, patch scan or remote control via the CSA.  I have a new client installed with the cloud base connection data and this is what I get when I run a test on the test workstation from the internet via brokerconfig.exe -R

       

      Latest Gateway from LD and Core of 9.5 SP2

       

      What am I missing?

       

      Dynamically determine connection route:

       

      24:57.500   Attempting Direct HTTP connection to host FMB-ISLDSV1:80

      24:57.500   Starting HTTP session with host FMB-ISLDSV1:80, proxy "", and proxy user ""

      24:57.640   Connecting to address x.x.x.y < -- this address isn't the CSA, it appears to be wanting to use our web server

      24:57.651   Direct connection succeeded

      24:57.654   HTTP Request: HEAD /ldlogon/lddwnld.dll

      24:57.654   Waiting for HTTP response

      24:57.679   HTTP response finished status 200 description OK

      24:57.681   HTTP Request: POST /landesk/managementsuite/core/RemoteControlLogging/RemoteControlLog.asmx

      24:57.682   Waiting for HTTP response

      24:57.849   HTTP response finished status 302 description Found

       

      Connect using the CSA:

       

      25:49.094   Using certificate file C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.crt and keyfile C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.key

      25:49.124   Certificate/key loaded.  Certificate file "C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.crt".  Key file "C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.key"

      25:49.124   Attempting managment gateway connection at host amber and address 66.77.x.x

      25:49.124   Starting HTTPS session with host amber, proxy "", and proxy user ""

      25:49.125   Connecting to address 66.77.x.x

      25:49.160   SSL Connection failed error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 20

      25:49.161   Direct connection failed, attempting to find configured proxy

      26:12.967   Looking for autoproxy settings using first user who has settings; sid is S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

      26:12.967   Autoproxy settings are enabled, starting search for autoproxy

      26:12.981   Sending DHCP query to determine autoproxy

      26:18.997   Could not determine autoproxy from DHCP query

      26:19       Sending DNS queries to determine autoproxy

      26:19.661   DNS resolved name some.thing.com

      26:19.661   Autoproxy detected in DNS: some.thing.com

      26:19.661   Detected autoproxy path to use: http://some.thing.com:80/wpad.dat

      26:19.661   Starting HTTP session with host some.thing.com:80, proxy "", and proxy user ""

      26:19.662   Connecting to address 66.77.x.x

      26:19.725   HTTP Request: GET /wpad.dat

      26:19.725   Waiting for HTTP response

      26:19.756   HTTP response finished status 200 description OK

      26:21.226   Could not find proxy from autoproxy settings

      26:21.228   Looking for autoproxy settings using first user who has settings; sid is S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

      26:21.229   Connection through managment gateway failed 10 SSL Handshake Error

        • 1. Re: Gateway ?
          JoeDrwiega SupportEmployee

          What are your setting in the LDMS Core: Configure | Manage Cloud Appliances. If it doesnt match the workstation then you need to recreate this file %Programfiles%\LANDesk\Shared Files\cbaroot\broker\broker.conf.xml.

          • 2. Re: Gateway ?
            Apprentice

            Made them the same, rebooted workstation and still no go...

             

             

            - <broker>

             

             

            <proxyCredentials>Og==</proxyCredentials>

             

             

            <proxy />

             

             

            <host>some.where.com</host>

             

             

            <ipaddress>x.x.x.x</ipaddress>

             

             

            <order>0</order>

             

            </broker>

            • 3. Re: Gateway ?
              JoeDrwiega SupportEmployee

              Try rebooting the LANDesk(R) Management Gateway Service on the LDMS Core and rebooting the LANDesk Remote Control Service on the workstation. Then try running the %ProgramFiles%\LANDesk\LDClient\BrokerConfig.exe on the workstation, when you do are you putting the %USERID%@%yourdomain% in the LANDesk User field and your password?

               

              Also you can go to the registry key on the workstation and view what the issuer has: HKLM\SYSTEM\CurrentControlSet\Services\ISSUSER ImagePath and the value could be: "C:\PROGRA~1\LANDesk\LDClient\issuser.exe /b /lx.x.x.x /SERVICE" where the x.x.x.x could be your IP. If so change it to "C:\PROGRA~1\LANDesk\LDClient\issuser.exe" /SERVICE and try it again.

              • 4. Re: Gateway ?
                Apprentice

                Everything seems to be matched up and restarts of things don't seem to work.  When I test via broker I get this-

                 

                SSL Connection failed error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 20

                 

                I can get to https://csa so 443 should be good, right?

                 

                When I save the gateway info on the core, what does it mean when it says My public CSA name does not match teh CSA's certificate CN value?

                • 5. Re: Gateway ?
                  Frank Wils ITSMMVPGroup

                  Did you add all names the Gateway will be reached on to the Gateway Service 'tab' in the CSA webmenu? Add all aliases here, including ip-adresses, seperated by a space.

                   

                  Frank

                  • 6. Re: Gateway ?
                    Apprentice

                    So it turns out it was our name resolution with the core and our domain.  Our domain setup was to resolve unknowns to our website, hence the .11.  Once we changed that I am good to go.

                     

                    Thanks for all your help.