7 Replies Latest reply on Sep 4, 2012 1:30 PM by AspenSkier

    Policy feedback on LD9

    Apprentice

      Hi, I'm testing an LD 9 core right now (also with Patch Manager, but that's a side issue to this, really). The vast majority of my machines are behind a Management Gateway and are firewalled, which means that push deployments often are not an option. I use policies and policy supported pushes all the time. Under 8.8 SP3, the feedback I got from policies was decent--sometimes machines wouldn't leave the active state, or wouldn't ever sync a policy down, but for the most part it worked. Under LD9, it's much worse.

       

      5 days ago, I created a policy to install Silverlight on my test group of 27 computers. I know that it was not installed on any of those computers before now. On 5 of the machines, LD9 reported that the installation failed, and gave me a return code of 1514 or 1512 (these return codes don't seem to correspond to anything I've been able to find online). 18 reported "The action completed successfully" with a return code of 0. Good. 2 reported "Successfully completed installation of package" with a return code of 16385 (!). 2 merely say "Policy has been made available" with a return code of 1001.

       

      However, 22 are listed as active, 5 are listed as failed. I've cancelled the running of the scheduled task, and they're still sitting there like that. Wha?

       

      Further, if I run a query on silverlight, all 27 show as having it installed.

       

      Using policies with Patch Manager is even worse. I did a test run yesterday, and I have 1 pending, 4 successful (saying "The client does not support batch file packages"), and 22 failed.

       

      On other tests, I've seen the local policy.sync.log reporting no packages available for multiple checks, while on the core, there's a package, sitting there pending, which clearly has never been run on the client computer.

       

      This is all very frustrating to me. Anyone else seeing this sort of issue, or is my core just special again?

        • 1. Re: Policy feedback on LD9
          Expert

          Nope, I've seen it too so no you are not "special".

           

          I am assuming you are using patch manager to deploy silverlight and that you have confirmed that it is downloaded. It also sounds like you are not using auto fix and that you chose to repair with a scheduled task and to create a query.

           

          Try recreating the inventory script (create a copy) action to do a full scan. Add /F to the end of the line and then schedule it to run. Run a full scan followed by a security scan. Log in to one of your test machines and open the deployment console. You should see the policy sync at that time. Run the inventory and security scan again and the machine sould appear in the query. You should also be able to look at the installed software and updates in the enventory of the machine to confirm ath it shows that the patch is not installed and recorded properly in the LANDesk database.

           

          If it continues to fail, check you agent settings and the scan and repair settings and confirm that it is set to run immediately and that the other configurations will allow the install to take place.

           

          Worse case, try cycling the com+ objects or even restart the server. I have had cases where something was stuck and I just couldn't figure out what and a bounce took care of it.

           

          HTH

          • 2. Re: Policy feedback on LD9
            Apprentice

            Actually, I did the silverlight installer by hand. I'll try bouncing the server and see if statuses change. It's just frustrating to have such little visiblity into what's happening on the client side.

            • 3. Re: Policy feedback on LD9
              Expert

              I know what you mean, but you can go through the log files to try to determine what is happening.

               

              As a side note, I have had similar types of problems when deploying patches or apps that LANDesk can deploy via Patch Manager, but that was in 8.8 and pre SP1.

              • 4. Re: Policy feedback on LD9
                Apprentice

                OK, so I just tried it again. For complete disclosure, I'm setting this up as a policy, then changing to a policy supported push. Perhaps that's my problem?

                 

                This time to 18 machines. 1 showed as successful--with the result:

                The selected delivery method and or package(s) require features that are not provided by the agent installed on this target...

                 

                return code 1076.


                The entirety of the log file is:

                Processing package : Repair Group Jan10-test3 1

                 

                17 failed:

                8 with cannot find agent (expected)

                1 (my local computer) Package deployment failed, return code 413

                Log file:

                Processing package : Repair Group Jan10-test3 1
                Tue, 12 Jan 2010 14:29:57 File (http://<core hostname>/landesk/files/ldrunner.exe) is cached locally
                Tue, 12 Jan 2010 14:29:57 ILdDownloading file to C:\Program Files\LANDesk\LDClient\SDMCache\ldlogon\FileLists\taskmanifest.ENS-LDCORE1.38.12.ini, attempt 0
                Tue, 12 Jan 2010 14:29:58 ILdDownloadFile returned 0
                Tue, 12 Jan 2010 14:29:58

                 

                Downloading file http://<core hostname>/landesk/files/ldrunner.exe (5tsU5LsGcbNjpwZ6/KP0mw==, 3)
                Tue, 12 Jan 2010 14:29:58 Downloading file 1 of 1 from 'http://<core hostname>/landesk/files/ldrunner.exe'
                Tue, 12 Jan 2010 14:29:58 LSWD or Executable Client Thread
                Tue, 12 Jan 2010 14:29:58 PackagePath:     [http://<core hostname>/landesk/files/ldrunner.exe]
                Tue, 12 Jan 2010 14:29:58 Processing generic executable
                Tue, 12 Jan 2010 14:30:38 Launched application 'C:\Program Files\LANDesk\LDClient\SDMCache\landesk\files\ldrunner.exe' ('"%LDMS_CLIENT_DIR%\vulscan.exe" /repair "group=<core hostname>1_74" /agentbehavior=-1') result -1917648483
                Tue, 12 Jan 2010 14:30:38 Installation result 8DB5019D
                Tue, 12 Jan 2010 14:30:38 processing of package is complete, result -1917517411 (0x8db5019d - code 413)

                 

                 

                9 with Unspecified error, return code 16389

                 

                The log files for the 9 are identical:

                Processing package : Repair Group Jan10-test3 1
                Tue, 12 Jan 2010 17:30:12 File (http://<core hostname>/landesk/files/ldrunner.exe) is not in cache
                Tue, 12 Jan 2010 17:30:23 processing of package is complete, result -2147467259 (0x80004005 - code 16389)

                 

                Now, these are machines outside my network, so they should be looking for the fqdn, but they're not. They're just looking at the core's hostname in this log entry.

                 

                Very weird stuff. I will retry those 11 machines with a plain push deployment, and report back on the 8 policy only ones.

                • 5. Re: Policy feedback on LD9
                  Expert

                  I'd start with confirming connectivity to and from the devices to the unc share and the http address; or even just to the core in general. It could be a connectivity, DNS or a share permissions related issue. Did you use the http address to the share where the package files are stored or the unc? Is the install using the System account or the logged in user?

                   

                  On the outside, it might be the agent configuration. Maybe try pushing the agent to one of the failed machines and see if there is a change in success.

                  • 6. Re: Policy feedback on LD9
                    Apprentice

                    Yeah, I'm certain that all the clients can get to the http share on the core; like I said, the policies generally seem to deploy at some point, but the feedback on them is abysmal.

                     

                    I did a plain Patch Manager push deployment to the 10 machines that aren't locally firewalled, and those went off OK, other than the windows defender patch not working.

                     

                    I did a plain Patch Manager policy deployment to the 8 firewalled machines. 7 failed on the defender patch, and seemingly didn't try the others, so I did a retry on those 7. As of this morning (8 hours after I restarted the policy), none have checked in for the policy, at least according to Landesk. Just checked one of them, and it says the core doesn't have a policy update--which is plainly not true. I have these agents checking for policy updates every hour.

                    • 7. Re: Policy feedback on LD9
                      Specialist

                      I am just now trying to reuse a known-working provisioning template one some hardwired machines and they all fail the task showing STATUS=FAILED, RETURN CODE=1001, RESULT=POLICY HAS BEEN MADE AVAILABLE.

                       

                      I have been seeing this off and on and it is pretty silly.  Somedays this thing works, other days it doesn't...and whent it doesn't there isn't much of an explanation as to why it won't work.

                       

                      here is some of what is in the provisioning log file on the core server:

                       

                       

                      NFO TemplateFinder  9/4/2012 1:26:11 PM  : No task found. Check task with Done status.

                      ERROR TemplateFinder  9/4/2012 1:26:11 PM  : couldn't find task for computer 1538

                      ERROR ProvisioningService  9/4/2012 1:26:11 PM  : Unable to find template for computer IDN 1538

                      VERBOSE ProvisioningService  9/4/2012 1:26:15 PM  : >>GetTaskXml

                      VERBOSE ProvisioningService  9/4/2012 1:26:15 PM  : GetTaskXML, SIDS:

                      VERBOSE ProvisioningService  9/4/2012 1:26:15 PM  :     MACAddress: 001A4B5D733D

                      VERBOSE ProvisioningService  9/4/2012 1:26:15 PM  :     SerialNumber: CNU7310YTP

                      VERBOSE ProvisioningService  9/4/2012 1:26:15 PM  :     AMT_GUID: CNU7310YTP

                      VERBOSE TemplateFinder  9/4/2012 1:26:15 PM  : >>GetTemplateForServer,computerIDN 950

                      DEBUGGING TemplateFinder  9/4/2012 1:26:15 PM  : >>GetProvisioningTaskForComputer.computerIdn 950

                      INFO TemplateFinder  9/4/2012 1:26:15 PM  : No task found. Check task with Done status.

                      ERROR TemplateFinder  9/4/2012 1:26:15 PM  : couldn't find task for computer 950

                      ERROR ProvisioningService  9/4/2012 1:26:15 PM  : Unable to find template for computer IDN 950

                      VERBOSE ProvisioningService  9/4/2012 1:26:22 PM  : >>GetTaskXml

                      VERBOSE ProvisioningService  9/4/2012 1:26:22 PM  : GetTaskXML, SIDS:

                      VERBOSE ProvisioningService  9/4/2012 1:26:22 PM  :     MACAddress: 001A4B927B2D

                      VERBOSE ProvisioningService  9/4/2012 1:26:22 PM  :     SerialNumber: CNU7300PZJ

                      VERBOSE ProvisioningService  9/4/2012 1:26:22 PM  :     AMT_GUID: CNU7300PZJ

                      VERBOSE TemplateFinder  9/4/2012 1:26:22 PM  : >>GetTemplateForServer,computerIDN 1538

                      DEBUGGING TemplateFinder  9/4/2012 1:26:22 PM  : >>GetProvisioningTaskForComputer.computerIdn 1538

                      INFO TemplateFinder  9/4/2012 1:26:22 PM  : No task found. Check task with Done status.

                      ERROR TemplateFinder  9/4/2012 1:26:22 PM  : couldn't find task for computer 1538

                      ERROR ProvisioningService  9/4/2012 1:26:22 PM  : Unable to find template for computer IDN 1538

                      VERBOSE ProvisioningService  9/4/2012 1:26:30 PM  : >>GetProvisioningBootOption, clientMacAddress=00241D6FEB42

                      VERBOSE TemplateFinder  9/4/2012 1:26:30 PM  : >>GetTemplateForServer,computerIDN 159

                      DEBUGGING TemplateFinder  9/4/2012 1:26:30 PM  : >>GetProvisioningTaskForComputer.computerIdn 159

                      INFO TemplateFinder  9/4/2012 1:26:30 PM  : changeMachineStatus is false

                      ERROR TemplateFinder  9/4/2012 1:26:30 PM  : couldn't find task for computer 159

                      ERROR ProvisioningService  9/4/2012 1:26:30 PM  : Unable to find template for computer IDN 159

                      VERBOSE ProvisioningService  9/4/2012 1:26:30 PM  : <<GetProvisioningBootOption, BootOption=0

                      VERBOSE ProvisioningService  9/4/2012 1:26:30 PM  : >>GetTaskXml

                      VERBOSE ProvisioningService  9/4/2012 1:26:30 PM  : GetTaskXML, SIDS:

                      VERBOSE ProvisioningService  9/4/2012 1:26:30 PM  :     MACAddress: 001A4B5D733D

                      VERBOSE ProvisioningService  9/4/2012 1:26:30 PM  :     SerialNumber: CNU7310YTP

                      VERBOSE ProvisioningService  9/4/2012 1:26:30 PM  :     AMT_GUID: CNU7310YTP

                      VERBOSE TemplateFinder  9/4/2012 1:26:30 PM  : >>GetTemplateForServer,computerIDN 950

                      DEBUGGING TemplateFinder  9/4/2012 1:26:30 PM  : >>GetProvisioningTaskForComputer.computerIdn 950

                      INFO TemplateFinder  9/4/2012 1:26:30 PM  : No task found. Check task with Done status.

                      ERROR TemplateFinder  9/4/2012 1:26:30 PM  : couldn't find task for computer 950

                      ERROR ProvisioningService  9/4/2012 1:26:30 PM  : Unable to find template for computer IDN 950

                      VERBOSE ProvisioningService  9/4/2012 1:26:32 PM  : >>GetTaskXml

                      VERBOSE ProvisioningService  9/4/2012 1:26:32 PM  : GetTaskXML, SIDS:

                      VERBOSE ProvisioningService  9/4/2012 1:26:32 PM  :     MACAddress: 001A4B927B2D

                      VERBOSE ProvisioningService  9/4/2012 1:26:32 PM  :     SerialNumber: CNU7300PZJ

                      VERBOSE ProvisioningService  9/4/2012 1:26:32 PM  :     AMT_GUID: CNU7300PZJ

                      VERBOSE TemplateFinder  9/4/2012 1:26:32 PM  : >>GetTemplateForServer,computerIDN 1538

                      DEBUGGING TemplateFinder  9/4/2012 1:26:32 PM  : >>GetProvisioningTaskForComputer.computerIdn 1538

                      INFO TemplateFinder  9/4/2012 1:26:32 PM  : No task found. Check task with Done status.

                      ERROR TemplateFinder  9/4/2012 1:26:32 PM  : couldn't find task for computer 1538

                      ERROR ProvisioningService  9/4/2012 1:26:32 PM  : Unable to find template for computer IDN 1538

                      VERBOSE ProvisioningService  9/4/2012 1:26:42 PM  : >>GetTaskXml

                      VERBOSE ProvisioningService  9/4/2012 1:26:42 PM  : GetTaskXML, SIDS:

                      VERBOSE ProvisioningService  9/4/2012 1:26:42 PM  :     MACAddress: 001A4B927B2D

                      VERBOSE ProvisioningService  9/4/2012 1:26:42 PM  :     SerialNumber: CNU7300PZJ

                      VERBOSE ProvisioningService  9/4/2012 1:26:42 PM  :     AMT_GUID: CNU7300PZJ

                      VERBOSE TemplateFinder  9/4/2012 1:26:42 PM  : >>GetTemplateForServer,computerIDN 1538

                      DEBUGGING TemplateFinder  9/4/2012 1:26:42 PM  : >>GetProvisioningTaskForComputer.computerIdn 1538

                      INFO TemplateFinder  9/4/2012 1:26:42 PM  : No task found. Check task with Done status.

                      ERROR TemplateFinder  9/4/2012 1:26:42 PM  : couldn't find task for computer 1538

                      ERROR ProvisioningService  9/4/2012 1:26:42 PM  : Unable to find template for computer IDN 1538

                      VERBOSE ProvisioningService  9/4/2012 1:26:46 PM  : >>GetTaskXml

                      VERBOSE ProvisioningService  9/4/2012 1:26:46 PM  : GetTaskXML, SIDS:

                      VERBOSE ProvisioningService  9/4/2012 1:26:46 PM  :     MACAddress: 001A4B5D733D

                      VERBOSE ProvisioningService  9/4/2012 1:26:46 PM  :     SerialNumber: CNU7310YTP

                      VERBOSE ProvisioningService  9/4/2012 1:26:46 PM  :     AMT_GUID: CNU7310YTP

                      VERBOSE TemplateFinder  9/4/2012 1:26:46 PM  : >>GetTemplateForServer,computerIDN 950

                      DEBUGGING TemplateFinder  9/4/2012 1:26:46 PM  : >>GetProvisioningTaskForComputer.computerIdn 950

                      INFO TemplateFinder  9/4/2012 1:26:46 PM  : No task found. Check task with Done status.

                      ERROR TemplateFinder  9/4/2012 1:26:46 PM  : couldn't find task for computer 950

                      ERROR ProvisioningService  9/4/2012 1:26:46 PM  : Unable to find template for computer IDN 950

                       

                      what is interesting is that the serial numbers are not accurate for the machines in this task...something to look at I guess-maybe the server is trying to place the wrong machines into a task?