7 Replies Latest reply on Aug 3, 2018 5:54 AM by phoffmann

    Agent Deployment fails on different domain clients

    bhavikdesai17 Rookie

      Hi,

      My Ivanti Core Server is in different domain and my clients are in different domain. I have added the domain administrator of client domain as Alternate Credentials in scheduler and restarted the scheduler service but no luck. Also on the client side all ports are open and C$, admin$, file sharing everything is enabled but still when I deploy agent through console I get error 'Unable to contact the specified machine 1087".

       

      Even I am able to access client machine by c$ from Core server.

       

      Please let me know if I am missing something here or anything to be added.

       

      Regards,

      Bhavik

        • 1. Re: Agent Deployment fails on different domain clients
          phoffmann SupportEmployee

          Rather than using a push (which is in effect just an RPC - remote procedure call - where all manner of things can go wrong) -- ensure you either have DNS properly set up (or use IP-s in the paths) and create an advanced agent config.

           

          Then push out the advanced agent via GPO from "the other domain" natively.

           

          See the following articles for info:

           

          Generally speaking, the "pushing the agent via RPC" is a "last straw" that should be used if everythign else fails. It's the least efficient way of deploying agents out (no peer download, no multicasting, no real resilience of any kind).

           

          ===============

          On a somewhat related note (for multi-domain environments):

           

          One thing to *BE* aware of in a multi-domain set up is that your PRIMARY account for the Scheduler service (the one identity it runs as) is the one that gets used to access / calculate package hashes. So make sure that this account *DOES* have access to whatever package share you use as your main repo.

           

          I'd also (strongly) recommend using preferred servers (so you can use alternate credentials if needed) for clients. More info on those can be found here:

          • 2. Re: Agent Deployment fails on different domain clients
            bhavikdesai17 Rookie

            Hi,

             

            I have created a Advance Agent and then manually installing on a client computer which is in different domain but after the Agent is installed when I run Inventory Scan it give me error stating "Inventory server did not respond"

             

            Let me know what I need to check and what am I doing wrong here.

             

            Regards,

            Bhavik

            • 3. Re: Agent Deployment fails on different domain clients
              phoffmann SupportEmployee

              Check your DNS / agent settings.

               

              If the client can't resolve the Core name, you're not going to get very far.

               

              "Inventory server did not respond" translates as "I couldn't REACH it" ... which may be because the service is stopped (unlikely), or resolution didn't work. Hence - don't be afraid to use IP's rather than names if you've got patches of flakey DNS.

               

              This article here will help you -- About Inventory Scanner Switches -- for running inventory scans from command-line so you can try things with different approaches (i.e. - IP, FQDN, etc) and troubleshoot easily without needing to redeploy an agent setting all the time.

              • 4. Re: Agent Deployment fails on different domain clients
                bhavikdesai17 Rookie

                Hi,

                 

                I am not sure where you talking to use IP's rather than hostname. And what setting should I be looking for in Agent settings which will help me to resolve this issue.

                 

                Regards,

                Bhavik

                • 5. Re: Agent Deployment fails on different domain clients
                  phoffmann SupportEmployee

                  It's the Core name. You configure it in the CLIENT CONNECTIVITY agent setting ...

                   

                   

                  <Once you find "one that works", you'll want to re-build the advance agent before you deploy it out via GPO.>

                   

                  ... the reason why I recommended the command-lines is that this allows you to verify whether the string you use there (if you use a shortname - DON'T ... NETBIOS names are a bad idea ... always use full on FQDN's or IP's), you can run the command with various options & verify which will work for you from that "other domain".

                   

                  Your basic command-line for an inventory scan is as follows (inject/replace your server name as needed obviously):

                  LDISCN32.EXE /NTT=%server%:5007 /S="%server%" /I=HTTP://%server%/ldlogon/ldappl3.ldz /V /F /SYNC

                   

                  <Most of these settings are usually included in agent settings, so you're overriding things here for debug-purposes. But that's fine since you're trying to "get it to work" in the first place.>

                   

                  This has also verbosity / UI enabled, so you'll see any errors (i.e. "I can't reach it") as they occur.

                  • 6. Re: Agent Deployment fails on different domain clients
                    bhavikdesai17 Rookie

                    Hi,

                    Thanka you so much for the help.

                    Using IP now i am able to install advanced agent  manually and also able to run Inventory Scan without any error.

                    Now would like to know how can deploy Agent using console schedule task as manually will not be possible for all clients.

                     

                    Please help out with some way using console or any other way

                     

                    Thanks 

                    Bhavik

                    • 7. Re: Agent Deployment fails on different domain clients
                      phoffmann SupportEmployee

                      Re-read my first post - I pointed out various BKM's in how to deploy the agent (Advance Agent) via GPO.

                       

                      That's the best way & much more reliable than an RPC push (that'll "work" if your network is up to it, but since you're having DNS issues, I'd be careful here).

                       

                      The necessary links are already all in this thread.