Does your user have the scope for all devices?
Just checked. I am part of the LANDesk Administrators group and I have a scope of All Devices. Another note. The LANDesk server shows up in the list of All devices and is the only one.
What happens when you "run as admin" a inventory scan from the clients? Or even a Security Scan?
When ever I run the inventory scan it never does anything. It just sits there looking like its trying to connect. When I run the Security Scan it looks as if it is downloading definitions, but after a minute it fails. I've run them as administrator with the same results.
Just a little background on our environment. We are pretty secure here and have changed a ton of GPO settings. I suspect that the CBA_anonymous account is having issues. I have given that account 'log on as a service' and 'log on as batch' for the whole domain. Does any one know of any other GPO settings that might affect landesk?
You might need to be sure that the GPO doesn't have cba_anonymous forced to be in the Guest group (happened to my customer) and the account needs to be in the Allow log on locally GPO: Agent Status Icons Suddenly Not Appearing in Console
I saw that article, thanks for sharing it, and tested it out. I'm still having the same issue. Interestingly enough I saw the Security Scan fail saying 'sending scan results to core: CORENAME core could not process data.'
I wish I could copy and paste logs here for you guys to look at them, but with it being a secure system we can't pull data off of.
Silly question but ...
... are you sure the SCANS make it as far as the Core itself?
Turn on "store scans" to be sure. Could be something daft like DNS issues or so (i.e. "clients can't resolve the Core").
Also, running an inventory scan on an affected client with the following switches:
/V /F /SYNC
... might be interesting.
/V -- means verbose ... i.e. "show me the UI". If you have issues resolving / talking to the Core, it'll show up here.
/F -- forces a software scan. Just "being thorough".
/SYNC -- forces a full, non-delta scan (i.e. "send me ALL the data") to ensure you get a full data-set, and not a partial one (i.e. the delta) which might fail with a 2391 message (because there's no record to update in the first place).
Give that a go ... start with the basics? .
Well, I think that we maybe going down the right path. I changed the "Store Scans" setting to '1.' I started the inventory scan and it looks like it finished successfully. I the looked on the core in the "C:\Program Files\LANDesk\ManagementSuite\ldscan\Storage" folder and found my .scn file. Had my client name in it with a bunch of information about it. I also looked more in the folder and found files from as far back as march. Looks like the scans have been getting back to the core server the whole time.
Oddly enough, I think after making those changes the machines have started showing up in the console. Although the names show up there is very little information about them. (e.g. no software or hardware data) Also, as I refresh the console the "Last Scanned" date has been changing. It seems like the dates have moved through April and are now getting close to May. Is there a process that is in charge of reading those .SCN files and imputing them in the database? I wonder if there may be issues with that process.
Thanks for your help phoffmann!
you said you created a new core with version 2016.1. Stupid question, the version from your old core and the new one are the same (Major Version)? If not, did you get an actual license for your 2016.1 core through the licensing team? If the core version didn't match to your activated license the inventory service will not process any scan files and it seems that your core is on that stage. Maybe ist worth a try to check your licenses in the licensing window.
If anything is fine with your license, you should go deeper in troubleshooting the inventory service and check the application eventlog of the core for inventory service errors.
Hope that helps.
So, I looked at my licensing for my new server and I do have licenses for Management Suite 10.1, Patch Manager 10.1, and Security Suite 10.1 that are all set to never expire. However, it looks like my Patch Manager 10.1 Subscription has expired. I might need to get that fixed. We just use Landesk as a 3rd party patching system along side WSUS. So I don't think that I need anything else as far as licensing goes. I think though that the Inventory Scanner is now working . The couple of computers I do have the new agent installed on have reported recent inventories as of today, some have not though.
Your patch subscription having run out will ONLY prevent you from downloading new / up-to-date content. Given the latest WannaCry shenanigans, getting that updated would be a good move so you can get up-to-date content .
However - We won't block you from getting / processing more inventory scans. So that's not going to stop you from processing those.
If you are receiving inventory scans on the Core, but they fail to process, check the Application Event Log for errors from the Inventory Server Service ... it'll usually tell you why it didn't like a particular scan file & rejected it.
Hope that helps a bit .
my fault, you are absolutly right. We had a problem yesterday at our customer where the inventory service throws an error in the eventlog "No valid license for the core" and none of the scans were processed. BUT the reason was another and the error message was misleading. Yesterday we changed the name of the core in the registry from netbios to FQDN for a test and after that, the error occurs and the inventory service stops processing.
Today we changed it back to netbios name and suddenly the servcie starts processing the scan.
Well, I sent an email into Ivanti to get my licensing issues squared away. I hear about that WCry virus last weekend. Luckily, I had disabled SMBv1 back in February. I think that was the main way the virus was spreading itself.
I am now getting clients showing up in my console. I have been getting multiple records of the same computers. I have been uninstalling and reinstalling the agent on the same computer several times. I was trying to uninstall the client and then delete the old records from the management console then reinstall.
I have been having another weird issue of the clients not showing up in Client Access. I currently have it set to auto approve, temporary, while I am testing. I haven't been able to find much info on the inner workings of the Client Access process other then you need to approve the client certificates before they can communicate with the core. Does anyone know of some more detailed KB articles on that?
There's not much to it by and large .
If a client's certificate is NOT approved by the Core, that client can't do much of anything.
- Can't scan for vulnerabilities
- Can't check for policy updates
- MAY have problems updating inventory as well... (if you're using the secure www-service option for inventory).
It's for situations where you either have ... let's call it "unmanaged 3rd parties" in your organisation that somehow get their mitts on your agent, and or "devices get lost" ... at that point, you disable the cert, to make sure that they don't get a "free copy of the latest version of Office that you're up-lifting" for instance.
It's also used with the CSA (Cloud Service Appliance) ... it was just easier to have EVERY client generate a cert upon client-install (so you wouldn't have to do it via script or so), and have teh Core manage the client-certs rather than the CSA itself (quality of life, but that's just a move from WHERE this was managed).
Does that make sense?