8 Replies Latest reply on Apr 7, 2015 2:38 PM by mlambert

    Core Sync of Client Connectivity Settings (v9.6 SP1) - certificate and server hostname issues.

    mlambert Apprentice

      We use a sync core to standardize agent configs and agent settings, as well as other common things, to our 6 production cores.  I am currently building out our new 9.6 SP1 environment (planning migration from 9.5 SP2) and I've found a possible issue in the Client Connectivity settings.

       

      On the 9.6 Sync core I built out all the agent settings and agent configs and set up the sync connection to our freshly built Dev core.  Everything seemed to sync properly.  On the Dev core, when attempting to push an agent, the task fails, and when building an agent installer, the console shows an error.  Digging into the logs, i found that the problem was that it couldn't find the certificate file.  I checked the Client Connectivity Settings used by the agent config (both originating from the Sync core) and found that it wanted the cert from the Sync core.  I also noticed that the Core [server] address that it was pointing to was the Sync core FQDN rather than the Dev core that the agent was supposed to be connecting to. 

       

      After discovering this, my workaround plan was going to be sync'ing over the settings and agent configs, clearing the sync target status on the agent configs and then using a core-specific client connectivity setting for each core to include in the agent config.  Unfortunately, when you clear the sync target status on the agent config, the console offers a warning:

                     "Clearing the sync target status will only be temporary if the source core resends this

                     If this item is resent, the changes you have made including clearing

                     sync target status will be overwritten.  Continue?"

       

      Through this, I have also discovered that it won't allow you to delete an item designated as a "default". 

       

      So my questions to the community, is what I've discovered regarding the client connectivity settings a feature or a bug?  Has anyone else run into it and, if so, how did you work around it?

       

      To me it seems somewhat problematic to be able to sync something that isn't able to be used on the target core.  Thoughts?

        • 1. Re: Core Sync of Client Connectivity Settings (v9.6 SP1) - certificate and server hostname issues.
          zman Master

          There are several issues with using Coresync on agents settings/Agents. I have reported this one and case number 00826696 (below). Go into you default Client connectivity | Core Information and make sure the cert is selected. Also, you need to contact support for the latest CP and get some fixes for other Coresync issues.

           

          Description: The hash file (.0) from source core is specified in the agent.ini on target core after copying agent using Copy to core. If the customer attempts to build a self contained agent EXE it will fail indicating that the agent is missing the hash file. After the agent has been successfully copied, there is no agent cert assigned to the configuration by default. You must open the agent configuration's client connectivity settings and select Core information and manually assign the target cores certificate. This will modify the agent.ini and reference the appropriate hash file.

           

          Steps to Duplicate:

          Right click on an agent configuration and select Copy to other cores...

          Select the desired core server and click on Copy content.

           

          Actual result: The agent is successfully copied to the target core but the source core hash is referenced in the agent.ini vs. the target core's hash file. The Target core's certificate does not get associated with the agent configuration unless the customer manually assigns it under the client connectivity settings.

           

          Expected result: After successfully copying an agent configuration to another core the hash file specified in the agent.ini should be the one from the target core by default.

          1 of 1 people found this helpful
          • 2. Re: Core Sync of Client Connectivity Settings (v9.6 SP1) - certificate and server hostname issues.
            mlambert Apprentice

            Hey zman - Thanks for the response. 

            I contacted support on tuesday and their response today was "This has been escalated to Engineering. We do not have a patch for this yet."

             

            They haven't suggested a workaround yet either. 

            • 3. Re: Core Sync of Client Connectivity Settings (v9.6 SP1) - certificate and server hostname issues.
              zman Master

              Also be aware that if you copy to other core Preferred Servers it does NOT copy the password for the user. This will eventually lock out the account you are using for pref server. They indicate that this is working by design since they don't have strong enough encryption to coresync it to the other core (could have heard this incorrectly since my head was on fire). Well that is not entirely correct, and if you change the functionality of an operation that has overly detrimental results, don't document it, and simply say well we did not feel like doing it and hope nobody notices. If a burnt out 52 year old engineer can do it in SQL can't see why they can't. To me this just shows lack of customer focus and understanding, well to be fair lack of.....to us multiple core users (MultiCoreists, One who subscribes to the black arts of Multicoreism). So you will have to create a separate agent setting per core, This will allow you to take part in MultiCore Hoping (MH - Is the the frustrating endeavor of hoping from core to core to complete a simple task)

               

               

              I have suggested to LANDESK that they function in a multi core environment (have them use 4 cores - 3 productions cores and a rollup) in there everyday production environment so they can understand what it is to try and operate this way in the real world, however, I've heard nothing but crickets.  Actually crickets would be cool since they are good luck and rather soothing to listen to in the evening.

              1 of 1 people found this helpful
              • 4. Re: Core Sync of Client Connectivity Settings (v9.6 SP1) - certificate and server hostname issues.
                mlambert Apprentice

                The community keeps emailing me and asking me to update this post and mark it as answered if I have an answer.  The problem is I not really getting anywhere with support.  They have recognized this as an issue and escalated it to engineering but there hasn't been any update.  They aren't offering a work-around so I came up with my own. 

                 

                1) Sync all your agent settings and agent config to remote core. 

                2) On remote core, make a copy the Client Connectivity setting and give it an appropriate name (i.e. NOT BORKED)

                3) Open up the copy and select your local certificate(s).

                4) Make a copy of your agent configuration and name appropriately. 

                5) Open agent copy and select your new client connectivity setting.

                6) Deploy Agents from remote core.

                7) Enjoy working agents and wait a really long time for LANDesk to come up with a fix.

                8) When fix is released, deploy agent settings update based on the default agent sync'd from your central core.

                9) Wipe your brow and say "whew, why couldn't LANDesk have fixed this earlier?"

                 

                I'll come back to update this post if support provides an alternate work-around or maybe even a fix.

                • 5. Re: Core Sync of Client Connectivity Settings (v9.6 SP1) - certificate and server hostname issues.
                  mlambert Apprentice

                  Looks like the new component patch (from January...released in March?) might have a fix for this issue. I'll be testing later today to confirm.

                   

                  https://community.landesk.com/downloads/Readme/Pages/LD96SP1-CP_2015-0114.html


                  233654 Autosync client connectivity needs to use a variable for core name

                  • We convert the corename into an appropriate macro when exporting (but not when saving out the agent behavior file). Restore the macro to its appropriate actual value when importing.
                  • PanelManager.dll
                  • 6. Re: Core Sync of Client Connectivity Settings (v9.6 SP1) - certificate and server hostname issues.
                    mlambert Apprentice

                    Looks like the new component patch (LD96SP1-CP_2015-0114) sorta addresses the issue.  It fixes the %Corename% issue but the core certificate is still problematic if you are using Auto Sync.  You can work around this by not using Auto Sync and instead using the Copy to Other Core(s)... function.  When you copy to another core from the context menu, it leaves the item 'unlocked' instead of making it 'read-only' which happens with Auto Sync.

                     

                    In working with this, I realized that my workaround listed above was more work than it needed to be because you could just disable Auto Sync and use the copy function and just edit it on the other end.


                    ...which means that the only thing this patch actually helps with is saving us the job of editing the core address field.  Oh well.

                    client settings.png

                    PS - you have to install the patch on both your sync core and you target core for this to work.  If you only put it on your sync core, you get either explicit %fqdn% or %corename% variables in the core address field.

                    • 7. Re: Core Sync of Client Connectivity Settings (v9.6 SP1) - certificate and server hostname issues.
                      mlambert Apprentice

                      My ticket was marked "Fix in Future".

                      They have not provided any estimates on when it will be addressed.

                      Not a happy camper!

                      • 8. Re: Core Sync of Client Connectivity Settings (v9.6 SP1) - certificate and server hostname issues.
                        mlambert Apprentice

                        We are a fairly large LD customer (Enterprise Plus, 797100 pts).  Apparently, that entitles us to a Customer Success Manager, who we've recently met.  I alerted him to this issue and received more info today. 

                         

                        According to him, we will see this issue addressed in the next component patch, which will be released "in a month or so".  I am hoping to get my hands on it a little early to test. 

                         

                        zman - have you heard anything back on your end?  I was told that we are the only two folks to have reported the issue and the only reason it made it into the CP was because of our relative size.

                         

                        Also, 9.6 SP2 is slated for release around Interchange.