6 Replies Latest reply on May 14, 2014 12:55 PM by firstmidwestbank

    Gateway ?




      I have a new Gateway appliance setup and I am able to remote control via the internet on-demand without issue.  I am NOT able to get a current LD client to inventory scan, patch scan or remote control via the CSA.  I have a new client installed with the cloud base connection data and this is what I get when I run a test on the test workstation from the internet via brokerconfig.exe -R


      Latest Gateway from LD and Core of 9.5 SP2


      What am I missing?


      Dynamically determine connection route:


      24:57.500   Attempting Direct HTTP connection to host FMB-ISLDSV1:80

      24:57.500   Starting HTTP session with host FMB-ISLDSV1:80, proxy "", and proxy user ""

      24:57.640   Connecting to address x.x.x.y < -- this address isn't the CSA, it appears to be wanting to use our web server

      24:57.651   Direct connection succeeded

      24:57.654   HTTP Request: HEAD /ldlogon/lddwnld.dll

      24:57.654   Waiting for HTTP response

      24:57.679   HTTP response finished status 200 description OK

      24:57.681   HTTP Request: POST /landesk/managementsuite/core/RemoteControlLogging/RemoteControlLog.asmx

      24:57.682   Waiting for HTTP response

      24:57.849   HTTP response finished status 302 description Found


      Connect using the CSA:


      25:49.094   Using certificate file C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.crt and keyfile C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.key

      25:49.124   Certificate/key loaded.  Certificate file "C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.crt".  Key file "C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.key"

      25:49.124   Attempting managment gateway connection at host amber and address 66.77.x.x

      25:49.124   Starting HTTPS session with host amber, proxy "", and proxy user ""

      25:49.125   Connecting to address 66.77.x.x

      25:49.160   SSL Connection failed error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 20

      25:49.161   Direct connection failed, attempting to find configured proxy

      26:12.967   Looking for autoproxy settings using first user who has settings; sid is S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

      26:12.967   Autoproxy settings are enabled, starting search for autoproxy

      26:12.981   Sending DHCP query to determine autoproxy

      26:18.997   Could not determine autoproxy from DHCP query

      26:19       Sending DNS queries to determine autoproxy

      26:19.661   DNS resolved name some.thing.com

      26:19.661   Autoproxy detected in DNS: some.thing.com

      26:19.661   Detected autoproxy path to use: http://some.thing.com:80/wpad.dat

      26:19.661   Starting HTTP session with host some.thing.com:80, proxy "", and proxy user ""

      26:19.662   Connecting to address 66.77.x.x

      26:19.725   HTTP Request: GET /wpad.dat

      26:19.725   Waiting for HTTP response

      26:19.756   HTTP response finished status 200 description OK

      26:21.226   Could not find proxy from autoproxy settings

      26:21.228   Looking for autoproxy settings using first user who has settings; sid is S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

      26:21.229   Connection through managment gateway failed 10 SSL Handshake Error

        • 1. Re: Gateway ?
          JoeDrwiega SupportEmployee

          What are your setting in the LDMS Core: Configure | Manage Cloud Appliances. If it doesnt match the workstation then you need to recreate this file %Programfiles%\LANDesk\Shared Files\cbaroot\broker\broker.conf.xml.

          • 2. Re: Gateway ?

            Made them the same, rebooted workstation and still no go...



            - <broker>






            <proxy />












            • 3. Re: Gateway ?
              JoeDrwiega SupportEmployee

              Try rebooting the LANDesk(R) Management Gateway Service on the LDMS Core and rebooting the LANDesk Remote Control Service on the workstation. Then try running the %ProgramFiles%\LANDesk\LDClient\BrokerConfig.exe on the workstation, when you do are you putting the %USERID%@%yourdomain% in the LANDesk User field and your password?


              Also you can go to the registry key on the workstation and view what the issuer has: HKLM\SYSTEM\CurrentControlSet\Services\ISSUSER ImagePath and the value could be: "C:\PROGRA~1\LANDesk\LDClient\issuser.exe /b /lx.x.x.x /SERVICE" where the x.x.x.x could be your IP. If so change it to "C:\PROGRA~1\LANDesk\LDClient\issuser.exe" /SERVICE and try it again.

              • 4. Re: Gateway ?

                Everything seems to be matched up and restarts of things don't seem to work.  When I test via broker I get this-


                SSL Connection failed error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 20


                I can get to https://csa so 443 should be good, right?


                When I save the gateway info on the core, what does it mean when it says My public CSA name does not match teh CSA's certificate CN value?

                • 5. Re: Gateway ?
                  Frank Wils ITSMMVPGroup

                  Did you add all names the Gateway will be reached on to the Gateway Service 'tab' in the CSA webmenu? Add all aliases here, including ip-adresses, seperated by a space.



                  • 6. Re: Gateway ?

                    So it turns out it was our name resolution with the core and our domain.  Our domain setup was to resolve unknowns to our website, hence the .11.  Once we changed that I am good to go.


                    Thanks for all your help.