I found the problem.
At the IIS the Default Web Site was Stopped.
The gateway did his job for a while but meanwhile we have the same error than you and I wonder what has gone wrong.
You found out that the IIS Default web Site was sopped, but can you tell which IIS you're talking about ? Is it the one on the Landesk Core server or is it somewhere else ?
Modify the firewall settings by opening https://gatewayname/gsb
Go to the firewall tab.
Remove 255.255.255.255 then save the settings.
Check the brokerconfig settings on the client to ensure username and password are valid console users.
Have the client send a certificate request.
I had answered to your question already, but it was deleted.
The IIS is at the LanDesk Core server.
I did what you told me but found no entry with 255.255.255.255 allowed. So I disabled the firewall and it works. Whe have another "enterprise" firewall that also specifies the connexions to the core landesk server, so I wonder if we can let work like this...
On the client side I could now ask for a certificate, that I received, could download applications, but I have problems with Remote Control. The Landesk Client is set to Gateway mode, as it always was, but he server seems to see no client that it could connect to...
I'm a little disapointed, cause all that stuff worked just fine a few weeks ago... I really don't know what happened...
Thanks for your helpfull answer.
The remote control problem has been resolved by reinstalling the landesk client (funny).
So I have just one question left:
Do we need the landesk gateway firewall, knowing that we have an external firewall that already controls the connexions to the gateway ?
Only the 443 packets are allowed to communicate with the landesk gateway...
As soon as I enable the gateway firewall, the internet landesk client can no longer communicate with the gateway (error 10060 mentionned at the beginning of the discussion).
So should we find a way to activate the landesk gateway firewall or is it unnecessary ?
I was hoping for an answer for his question as we have the same problem. Users on the outside can't seem to get a certificate with the firewall turned on, but we have an outside firewall as well, so the Gateway doesn't really need one.
So any reason why the Gateway hass/needs to have its internal firewall enabled?
If you have a firewall, then maybe the gateway doesn't need one.
Maybe there are questionable items that share the DMZ with your gateway so you still need one.
That is up to you.