ATTENTION

───────────────────────────────────────────────────────────
This PowerShell script is not official and is not supported by LANDESK

Please review the Share IT disclaimer here: LANDesk Share IT Disclaimer

───────────────────────────────────────────────────────────

This is a tool intended to help support and LANDESK users to quickly check their Core / Client connectivity

Description

Being able to know whether or not a port is reachable on a client machine from your Core and on the Core from the Client is really important during almost all LANDESK operations.

Here is the list of ports LANDESK uses and the operations related to these ports:

Ports used by LANDesk Management Suite - Full List

Please refer to this article in order to check which port you want to be opened in order to have a feature working.

Download

You can download the script through the following link or download it from the attached document of this article.

Download LDPortsTesting.zip          4 KB - Last edited: 02/12/14

Video

Getting started

• Rights / Requirements

You have to run this script as an Administrator with at least Local Administrator rights.

You have to run the script: Core-LDPortsTesting.ps1 on a Core Server

You have to run the script: Client-LDPortsTesting.ps1 on a Client machine

• Execution Policy Change

As default Security Settings are usually preventing scripts to run on a server, you may see this message:

As this script is not altering any file or folder, you can safely run it by putting Yes or Y   

Here is the link given by Microsoft about the Execution Policies:

• Technet - about_Execution_Policies

In order to check manually if your policies are authorized to run, you can type in a PowerShell window Get-ExecutionPolicy:

You can then modify it by typing Set-ExecutionPolicy Unrestricted which will lead you to the previous prompt:

Here is a Technet article about these commands that may be useful:

• Technet - Usage of ExecutionPolicy commands

    ATTENTION:Please remember to set the Execution Policy back to its default settings when you have finished to run the script

How to use

You will be prompted for the IP address or the hostname of the machine you want to test.

Then you will have to choose between the following:

• TCP
• UDP
• TCP and UDP

Here is what is scanned for each of them.

I.  TCP

From Core to Client - Core-LDPortsTesting

The following ports are being tested with a 1800 ms timeout:

25, 137, 139, 445, 4343, 9535, 9593, 9594, 9595, 9971, 9972, 12174, 16992, 16993, 16994, 33354

From Client to Core - Client-LDPortsTesting

80, 137, 139, 443, 445, 4343, 5007, 9594, 9595, 9982, 12175, 12176, 16992, 16993, 16994, 33354

You can double check what are these ports used for in this document: Ports used by LANDesk Management Suite - Full List

II.  UDP

From Core to Client - Core-LDPortsTesting

The following ports are being tested with a 1800 ms timeout:

68, 1758, 9535, 9595, 33354, 33355, 38293

From Client to Core - Client-LDPortsTesting

67, 69, 1759, 4011, 9535, 9595, 38293

You can double check what are these ports used for in this document: Ports used by LANDesk Management Suite - Full List

III. TCP and UDP

The previous mentionned ports are being tested.

Results

A folder is created with the IP address of the client machine as a name and will contain a TCP and/or UDP folder(s).

The results of the ports testing are sent to a text file within these folders.

Client Side Logfile locations by LANDESK component

For a list of 9.5 Client Side Log locations, see 9.5 LANDesk Client Log file locations for troubleshooting

This document assumes you are running a 64 bit version of Windows.

Alerting

• C:\Program Files (x86)\LANDesk\Shared Files\alert.log
• C:\ProgramData\LANDesk\Log\alertsync.log
• C:\Program Files (x86)\LANDesk\LDClient\lddetectsystem.log
• C:\Program Files (x86)\LANDesk\LDClient\createmonitorroot.log

AMT

• C:\ProgramData\LANDesk\Log\AMTConfig.log

Antivirus (LANDESK)

• C:\ProgramData\LANDeskAV\ldav.log
• C:\ProgramData\LANDeskAV\ldav_scan.log
• C:\ProgramData\LANDeskAV\ldav_update.log
• C:\ProgramData\LANDeskAV\ldav_install.log
• C:\ProgramData\LANDeskAV\msi_install.log

Common Base Agent (CBA)

• C:\Windows\SysWOW64\residentagent.log
• C:\Windows\SysWOW64\serviceHost.log
• C:\ProgramData\LANDesk\Log\fwregister.log

Cloud Services Appliance (CSA)

• C:\Program Files (x86)\LANDesk\Shared Files\proxyhost.log
• C:\Program Files (x86)\LANDesk\LDClient\brokerconfig.log

Endpoint Security

Files within C:\Program Files (x86)\LANDesk\LDClient\HIPS:

• DCM.log (Device Control – Logs Device Information)
• DCMVolumes.log (Device Control – Logs Volume Information)
• ERROR.LOG (Shows Endpoint Security service errors)
• NetworkDetection.log (Shows Network Location Awareness information)
• ShadowCopy.log (Device Control – Shadow copy information)

Files within C:\Documents and Settings\All Users\Application Data\LDSec:

• LDSECSETUP32-HIPS-debug.log (Debug level log for installation)
• LDSECSVC-DCM-debug.log (Debug level log for Device Control)
• LDSECSVC-HIPS-debug.log (Debug level log for HIPS)

For more information on troubleshooting Endpoint Security and logs please see How to troubleshoot LANDesk Device Control

Inventory Scanner

• C:\ProgramData\LANDesk\Log\ldiscn32.log
• C:\Program Files (x86)\LANDesk\LDClient\data\ldiscn32.log
• (This log appears when ldiscn32.exe is run with the "/debug" switch)
• C:\ProgramData\LANDesk\Log\ldiscnupdate.log

Local Scheduler Tasks

• C:\ProgramData\LANDesk\Log\localsch.log
• C:\Program Files (x86)\LANDesk\LDClient\LDSystemEventCapture.log

Macintosh

• \Library\Application Support\LANDesk.log (All Components)

Security and Patch Manager

• C:\ProgramData\vulscan\vulscan.log
• C:\ProgramData\vulscan\vulscan.#.log
• (The vulscan log will roll and create a vulscan.1.log, vulscan.2.log, etc)
• C:\ProgramData\vulScan\softmon.log

Software Distribution

• C:\Program Files (x86)\LANDesk\LDClient\Data\sdclient_task#.log
• C:\ProgramData\LANDesk\Log\sdclient.log
• C:\Program Files (x86)\LANDesk\LDClient\Data\sdclient.log
• C:\ProgramData\LANDesk\Log\tmcsvc.log
• C:\Program Files (x86)\LANDesk\LDClient\data\SDClientTask.[Core-Name].[task#].log
• C:\Program Files (x86)\LANDesk\LDClient\data\[MSI Name].log (created during installation of MSI packages)
• C:\Program Files (x86)\LANDesk\LDClient\CurrentDownloads.log (information regarding whether a file has been downloaded from the source or from a preferred server)

Software Distribution - Policies

• C:\Program Files\LANDesk\LDClient\policy.cgi.log
• C:\Program Files (x86)\LANDesk\LDClient\policy.client.portal.log
• C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.log
• C:\Program Files (x86)\LANDesk\LDClient\policy.sync.log

Software License Monitoring

• C:\Program Files (x86)\LANDesk\LDClient\Data\GatherProducts.log
• C:\Program Files (x86)\LANDesk\LDClient\Data\proddefs\*.xml

LANDESK Management Suite / Security Suite 9.6 Service Pack 1 Release Information

Installation Information

Supported Platforms and Compatibility Matrix for LANDESK Management Suite

General articles about 9.6 SP1

Whats new for LDMS 9.6 Service Pack 1 Software Distribution

Best Known Methods for Mac OS X Provisioning in 9.6 Service Pack 1

New in Patch Manager in 9.6 Service Pack 1 : Autofix and Scan by Scope

Patch Manager 9.6 Service Pack 1 New Permissions Options for Editing and Importing Definitions

LANDESK Antivirus Does Not Re-install If Version Is Current - New in 9.6 Service Pack 1

Updating passwords in DA after 9.6 Service Pack 1 Update

What's new for Inventory 9.6 Service Pack 1

What's new in Provisioning in LDMS 9.6 Service Pack 1

Downloads

LANDESK Management Suite / Security Suite 9.6 Service Pack 1

Client Side Logfile locations by LANDESK component

For More Information...

• For a list of 9.5 Client Side Log Locations, see 9.5 LANDesk Client Log file locations for troubleshooting
• For a list of 9.6 Client Side Log Locations, see LANDESK Management Suite 9.6 Client Log File Locations

Alerting

• C:\Program Files\LANDesk\Shared Files\alert.log
• C:\ProgramData\LANDesk\Log\alertsync.log
• C:\Program Files\LANDesk\LDClient\lddetectsystem.log
• C:\Program Files\LANDesk\LDClient\createmonitorroot.log

AMT

• C:\Program Files\LANDesk\LDClient\amtmon.Log

Antivirus (LANDESK)

• C:\ProgramData\LANDeskAV\ldav.log
• C:\ProgramData\LANDeskAV\ldav_scan.log
• C:\ProgramData\LANDeskAV\ldav_update.log
• C:\ProgramData\LANDeskAV\ldav_install.log
• C:\ProgramData\LANDeskAV\msi_install.log

Common Base Agent (CBA)

• C:\ProgramData\LANDesk\Log\residentagent.log
• C:\ProgramData\LANDesk\Log\servicehost.log
• C:\ProgramData\LANDesk\Log\fwregister.log

Cloud Services Appliance (CSA)

• C:\Program Files\LANDesk\Shared Files\proxyhost.log
• C:\Program Files\LANDesk\LDClient\brokerconfig.log

Endpoint Security

Files within C:\Program Files\LANDesk\LDClient\HIPS:

• DCM.log (Device Control – Logs Device Information)
• DCMVolumes.log (Device Control – Logs Volume Information)
• ERROR.LOG (Shows Endpoint Security service errors)
• NetworkDetection.log (Shows Network Location Awareness information)
• ShadowCopy.log (Device Control – Shadow copy information)

Files within C:\Documents and Settings\All Users\Application Data\LDSec:

• LDSECSETUP32-HIPS-debug.log (Debug level log for installation)
• LDSECSVC-DCM-debug.log (Debug level log for Device Control)
• LDSECSVC-HIPS-debug.log (Debug level log for HIPS)

For more information on troubleshooting Endpoint Security and logs please see Community DOC-9853

Inventory Scanner

• C:\ProgramData\LANDesk\Log\ldiscn32.log
• C:\Program Files\LANDesk\LDClient\data\ldiscn32.log
• (This log appears when ldiscn32.exe is run with the "/debug" switch)
• C:\ProgramData\LANDesk\Log\ldiscnupdate.log

Local Scheduler Tasks

• C:\ProgramData\LANDesk\Log\localsch.log
• C:\Program Files\LANDesk\LDClient\LDSystemEventCapture.log

Macintosh

• \Library\Application Support\LANDesk.log (All Components)

Security and Patch Manager

• C:\ProgramData\LANDesk\Log\vulscan.log
• C:\ProgramData\LANDesk\Log\vulscan.#.log
• (The vulscan log will roll and create a vulscan.1.log, vulscan.2.log, etc)
• C:\ProgramData\vulScan\softmon.log

Software Distribution

• C:\ProgramData\LANDesk\Log\sdclient_task#.log
• C:\ProgramData\LANDesk\Log\sdclient.log
• C:\ProgramData\LANDesk\Log\tmcsvc.log
• C:\Program Files\LANDesk\LDClient\data\SDClientTask.[Core-Name].[task#].log
• C:\Program Files\LANDesk\LDClient\data\[MSI Name].log (created during installation of MSI packages)
• %LDMS_LOCAL_DIR%\..\CurrentDownloads.log (information regarding whether a file has been downloaded from the source or from a preferred server)

Software Distribution - Policies

• C:\Program Files\LANDesk\LDClient\policy.cgi.log
• C:\Program Files\LANDesk\LDClient\policy.client.portal.log
• C:\Program Files\LANDesk\LDClient\policy.client.invoker.log
• C:\Program Files\LANDesk\LDClient\policy.sync.log

Software License Monitoring

• C:\Program Files\LANDesk\LDClient\data\gatherproducts.log
• C:\Program Files\LANDesk\LDClient\data\proddefs\*.xml

Client Side Logfile locations by LANDESK component

For More Information...

For a list of 9.6 SP1 Client Side Log locations, see LANDESK Management Suite 9.6 SP1 Client Log File Locations

For a list of 9.6 Client Side Log locations, see LANDESK Management Suite 9.6 Client Log File Locations

For a list of 9.5 Server Side Log locations, see 9.5 LANDesk Server Log File Locations for Troubleshooting

Alerting

C:\Program Files\ LANDesk\shared files\alert.log

C:\Program Files\LANDesk\LDClient\alertsync.log

C:\Program Files\LANDesk\LDClient\lddetectsystem.log

C:\Program Files\LANDesk\LDClient\createmonitorroot.log

AMT

C:\Program Files\LANDesk\LDClient\amtmon.Log

AntiVirus (LANDesk)

C:\ProgramData\LANDeskAV\ldav.log

C:\ProgramData\LANDeskAV\ldav_scan.log

C:\ProgramData\LANDeskAV\ldav_update.log

C:\ProgramData\LANDeskAV\ldav_install.log

C:\ProgramData\LANDeskAV\msi_install.log

CBA8 logs (Common Base Agent)
C:\Program Files\LANDesk\shared files\residentagent.log
C:\Program Files\LANDesk\shared files\residentagent.old
C:\Program Files\LANDesk\shared files\servicehost.log
C:\Program Files\LANDesk\shared files\servicehost.old

C:\Program Files\LANDesk\LDClient\fwregister.log

Cloud Services Appliance

C:\Program Files\LANDesk\shared files\proxyhost.log

C:\Program Files\LANDesk\LDClient\brokerconfig.log

Endpoint Security

Files within C:\Program Files\LANDesk\LDClient\HIPS:

DCM.log (Device Control – Logs Device Information)

DCMVolumes.log (Device Control – Logs Volume Information)

ERROR.LOG (Shows Endpoint Security service errors)

NetworkDetection.log (Shows Network Location Awareness information)

ShadowCopy.log (Device Control – Shadow copy information)

Files within C:\Documents and Settings\All Users\Application Data\LDSec

LDSECSETUP32-HIPS-debug.log (Debug level log for installation)

LDSECSVC-DCM-debug.log (Debug level log for Device Control)

LDSECSVC-HIPS-debug.log (Debug level log for HIPS)

Files within C:\Documents and Settings\All Users\Application Data\Vulscan

Vulscan.log (logs Endpoint installation, settings changes, etc)

For more information on troubleshooting Endpoint Security and logs please see Community DOC-9853

InventoryScanner

C:\Program Files\LANDesk\LDClient\ldiscn32.log

C:\Program Files\LANDesk\LDClient\data\ldiscn32.log
(This log appears when ldiscn32.exe is run with the "/debug" switch)

C:\Program Files\LANDesk\LDClient\ldiscnupdate.log

Local Scheduler tasks

C:\Program Files\LANDesk\LDClient\localsch.log

C:\Program Files\LANDesk\LDClient\LDSystemEventCapture.log

Macintosh

\Library\Application Support\LANDesk.log (All Components)

Security and Patch Manager
C:\ProgramData\vulScan\vulscan.log

C:\ProgramData\vulScan\vulscan.#.log
(The vulscan log will roll and create a vulscan.1.log, vulscan.2.log, etc)
C:\Program Files\LANDesk\LDClient\vulscan.log

C:\ProgramData\vulScan\softmon.log

Software Distribution
C:\Program Files\LANDesk\LDClient\data\sdclient_task#.log
C:\Program Files\LANDesk\LDClient\data\sdclient.log

C:\Program Files\LANDesk\LDClient\tmcsvc.log

C:\Program Files\LANDesk\LDClient\data\SDClientTask.[Core-Name].[task#].log

C:\Program Files\LANDesk\LDClient\data\[MSI Name].log (created during installation of MSI packages)

%LDMS_LOCAL_DIR%\..\CurrentDownloads.log (information regarding whether a file has been downloaded from the source or from a preferred server)

Software Distribution - Policies

C:\Program Files\LANDesk\LDClient\policy.cgi.log

C:\Program Files\LANDesk\LDClient\policy.client.portal.log

C:\Program Files\LANDesk\LDClient\policy.client.invoker.log

C:\Program Files\LANDesk\LDClient\policy.sync.log

Software License Monitoring
C:\Program Files\LANDesk\LDClient\data\gatherproducts.log
C:\Program Files\LANDesk\LDClient\data\proddefs\*.xml

Check out the links below for product-specific system requirements and supported platform information.

Preparing for LANDesk Management Suite 9.0

LANDESK Management Suite 9.6 Architecture and Prerequisites

Supported Platforms and Compatibility Matrix for LANDesk Management Suite

LANDesk Asset Lifecycle Manager

Asset Lifecycle Manager 4.0/Process Manager 4.7 Frequently Asked Questions

LANDESK is aware of the vulnerabilities discovered with NTP (ntpd) and we are currently working on a patch to address these concerns. At present, NTP has addressed some of the vulnerabilities and is working on addressing the remaining concerns in a later update. We will update this document with further information as we have it. We appreciate your patience.

As updates are available, including any additional information about how this vulnerability affects LANDESK products and progress for any updates or patches, it will be added to this document.

Latest Updates

December 31, 2014 (11:00AM MST)

Initial publication of this document. LANDESK is aware of the vulnerability and is working on an update for the Cloud Services Appliance

How does this affect LANDESK

Affected Product(s)

LANDESK Cloud Service Appliance 4.3

Non-Affected Product(s)

LANDESK Asset Lifecycle Manager

LANDESK Service Desk, including Service Desk as a Service (SDaas)

Mobility products including Wavelink, Avalance on Demand and LANDESK Mobility Management

Shavlik Products

LANDESK Cloud Services Appliance 4.2 (EOL)

More Details

The following outline additional information about affected products, services and updates

External Network(s)

Cloud Services Appliance

All data on the Cloud Services Appliance is encrypted using SHA1. The data that could be exposed through these vulnerabilities will not grant access to usernames, passwords or private keys.

The version of ntpd on the CSA is currently 4.2.4p8

NTPD is not configured to run by default on the LANDESK Cloud Services Appliance (CSA). However it could be enabled independently. One way to check if ntpd is running is to run the following command on the CSA:

ps -A | grep ntpd

At this time, LANDESK recommends that customers disable ntpd until an update is available that addresses these vulnerabilities. LANDESK recommends that customers keep software updated in order to get the latest updates and fixes. More information about EOL for the CSA 4.2 can be found at End of Life for LANDesk® Cloud Services Appliance 4.2

NTP Vulnerability Information

More information about the vulnerabilities and NTP can be found on the following pages:

NTP.org Security Notice (contains information about vulnerabilities, mitigation options and updates)

NIST CVE Information: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296

- LANDESK Support

Issue:

Gather Historical Information task is failing to run.

Following is in the GatherHistory.Details.Log file in the Managmentsuite\Log folder on the Core Server:

09/18/2014 15:12:18 INFO  13352:SaveTrendInfoForVulnerabilitiesAsync : Critical Exception: System.Data.OleDb.OleDbException (0x80040E31): Query timeout expired

   at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method)

   at System.Data.OleDb.OleDbCommand.ExecuteNonQuery()

   at LANDesk.ManagementSuite.Database.Database.ExecuteNonQueryP(String sql, Int32 timeoutSeconds, Object[] parameters)

   at LANDesk.ManagementSuite.Database.Database.ExecuteNonQuery(String sql, Int32 timeoutSeconds, ArrayList oleDbParameters)

   at LANDesk.ManagementSuite.Database.Database.ExecuteNonQuery(String sql)

   at LANDesk.ManagementSuite.PatchBiz.PatchTrend.SaveTrendInfoForVulnerabilities(Int32 removeOldDataDays)

   at LANDesk.ManagementSuite.PatchManagement.ProgressForm. € ()

   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

   at System.Threading.ThreadHelper.ThreadStart() Stack Trace:    at System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method)

   at System.Data.OleDb.OleDbCommand.ExecuteNonQuery()

   at LANDesk.ManagementSuite.Database.Database.ExecuteNonQueryP(String sql, Int32 timeoutSeconds, Object[] parameters)

   at LANDesk.ManagementSuite.Database.Database.ExecuteNonQuery(String sql, Int32 timeoutSeconds, ArrayList oleDbParameters)

   at LANDesk.ManagementSuite.Database.Database.ExecuteNonQuery(String sql)

   at LANDesk.ManagementSuite.PatchBiz.PatchTrend.SaveTrendInfoForVulnerabilities(Int32 removeOldDataDays)

   at LANDesk.ManagementSuite.PatchManagement.ProgressForm. € ()

   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

   at System.Threading.ThreadHelper.ThreadStart()

Solution:

1. Close the LANDESK Console. 

2. Create the "Query Timeout" registry value as a 32-bit DWORD in the following registry key on the Core Server: 

HKLM\SOFTWARE\LANDesk\ManagementSuite\WinConsole 

Create any registry keys that are missing. Set the value to 10000 decimal.

Issue:

How can you move the location of the SDMCACHE folder on clients in Management Suite 9.6?

Solution:

Change the location in the line <CacheDirectory>C:\ProgramData\LANDesk\ManagementSuite\sdmcache</CacheDirectory> in the downloadermulticastconf.xml that is located on the client in C:\ProgramData\LANDESK\TMCDownload folder.

Environment

LANDESK Management Suite 9.0

LANDESK Management Suite 9.5

LANDESK Management Suite 9.6

Problem/Issue/Symptoms

The on line activation process of a LANDESK Management Suite Core server fails.

Causes

The most common causes for this issue are:

1. Lack of http connectivity towards license.landesk.com
2. Missing certificates on the core
3. Missing registry key for the activation URL

Solutions

1) Lack of http connectivity towards license.landesk.com

1.1) Check if your core server is able to communicate with license landesk com, executing a ping license.landesk.com in a command prompt, a public IP address should reply, for instance 204.246.148.180.

1.2 Verify that you can open in a browser the following URL:http://license.landesk.com/authorizationservice/licensing.asmx

1.3) Verify that the proxy options used in your web browser are the same used in your Core Server Activation, if the browser is able to reach the URL just checked.

1.4) Verify that the software and hardware firewalls between your core and the internet allow your core to reach license.landesk.com on the tcp port 80 (http).

1.5) Verify that your %windir%\system32\drivers\etc\hosts file doesn't contain any line referring to license.landesk.com

2) Missing certificates on the core

2.1) In the folder %programfiles(x86)%\LANDesk\Shared Files\keys\. You should find  one file for each of the following extensions: .0, .cer, .crt and .key. If you are running a 32 bit server remove the (x86) part in the path. On a 9.6 Core user the %programfiles% folder instead.

2.2) Verify that the registry key CertName in HKLM\Software\Wow6432Node\LANDesk\ManagementSuite\Setup is pointing to the right certificate name. On a 9.6 core remove the Wow6432Node part from the registry path.

2.3) Verify to have a .0 file with the same name as the one just checked in the folder %programfiles(x86)%\LANDesk\Shared Files\cbaroot\certs\. If you are running a 32 bit server remove the (x86) part in the path. On a 9.6 Core user the %programfiles% folder instead.

2.4) To troubleshoot a missing or deleted certificate follow this article: How to troubleshoot a missing or deleted core certificate.

3) Missing registry key for the activation URL

3.1) Verify the presence of the AuthorizationServiceUrl key in HKLM\Software\Wow6432Node\LANDesk\ManagementSuite. The value of the key (string) must be http://license.landesk.com/authorizationservice/licensing.asmx On a 9.6 core remove the Wow6432Node part from the registry path.

4) Other complementary tasks

4.1) Run the core server activation as an administrator

4.2) Track the activation process with procmon or wireshark to check if the core is really able to communicate with license.landesk.com

4.3) Delete the content of the %temp%, %tmp% and %windir%\temp folders

4.4) Delete all the .txt and .save files in the %programfiles(x86)%\LANDesk\Authorization Files\ folder\. If you are running a 32 bit server remove the (x86) part in the path. On a 9.6 Core user the %programfiles% folder instead.

5) Other resources

5.1) Unable to activate an 8.7 / 8.8 core server online: https://community.landesk.com/docs/DOC-29443

5.2) Manually activating the core server via email: How to Activate the Core Server

5.3) Missing licenses and subscriptions after a major release upgrade: The core server you are connecting to does not appear to have a valid license

Server Side Log file locations by LANDesk component

For a list of 9.5 Client Side Log locatons, see Community Article Doc-28888.

            For a list of 9.6 SP1 Client Side Log locations, see LANDESK Management Suite 9.6 SP1 Client Log File Locations

            For a list of 9.6 Client Side Log locations, see LANDESK Management Suite 9.6 Client Log File Locations

Alerting

\Program Files\LANDesk\ManagementSuite\log\alertdetail.log

\Program Files\LANDesk\ManagementSuite\log\alertname2table.exe.log

\Program Files\LANDesk\ManagementSuite\log\alertrule2xml.exe.log

\Program Files\LANDesk\ManagementSuite\log\alertruleset2table.exe.log

\Program Files\LANDesk\ManagementSuite\log\AlertService.log

\Program Files\LANDesk\ManagementSuite\log\sendemail.log

AMT

\Program Files\LANDesk\ManagementSuite\log\AMTProvMgr2.log

\Program Files\LANDesk\ManagementSuite\log\IPMIRedirectionService.log

\Program Files\LANDesk\ManagementSuite\log\AmtSessionMgrSvc.log

\Program Files\LANDesk\ManagementSuite\log\AmtSessionMgr.log

\Program Files\LANDesk\ManagementSuite\log\IpmiRedirectionService.log

C:\Windows\Temp\ServerSetup.log

C:\Windows\Temp\AMTConfigDll.log

%temp%\AMTConfigDll.log

LANDesk Policy Software Deployment

\Program Files\LANDesk\ManagementSuite\log\apmservice.exe.log

\Program Files\LANDesk\ManagementSuite\log\apmservice.log

\Program Files\LANDesk\ManagementSuite\log\schedpkgupdate.exe.log

\Program Files\LANDesk\ManagementSuite\log\scheduledtaskhandler_#.log

C:\WINDOWS\system32\LogFiles\W3SVC1\exXXXXX.log(NOTE: The location of the IIS logs can be changed in the properties of the Web Site)

C:\inetpub\logs\LogFiles\W3SVC1\u_exXXXXXX.log (on Windows 2008 R2)

LANDesk Software Deployment

\Program Files\LANDesk\ManagementSuite\log\scheduledtaskhandler_#.log

\Program Files\LANDesk\ManagementSuite\log\landesk.scheduler.globalscheduler.exe.log

\Program Files\LANDesk\ManagementSuite\log\landesk.scheduler.globalscheduler.log

\Program Files\LANDesk\ManagementSuite\log\landesk.scheduler.globalscheduler.skeleton.log

\Program Files\LANDesk\ManagementSuite\log\landesk.scheduler.globalscheduler.skeleton.exe.log

\Program Files\LANDesk\ManagementSuite\log\MCC-[xxxxxxxxxxxxxxxxx].log

\Program Files\LANDesk\ManagementSuite\log\MCS-[xxxxxxxxxxxxxxxxx].log

\Program Files\LANDesk\Managementsuite\log\PreferredServerConfig.exe.log

\Program Files\LANDesk\Managementsuite\log\raxfer.log

  Scheduler Service – Queries and LDAP targeted tasks, Recurring scheduled jobs on the core

\Program Files\LANDesk\ManagementSuite\log\schedqry.exe.log

\Program Files\LANDesk\ManagementSuite\log\schedsvc.exe.log

\Program Files\LANDesk\ManagementSuite\log\schedsvc.log

  LANDesk Web Console and Component calls to LANDesk Core Web Services

C:\WINDOWS\system32\LogFiles\W3SVC1\exXXXXX.log(NOTE: The location of the IIS logs can be changed in the properties of the Web Site)

C:\inetpub\logs\LogFiles\W3SVC1\u_exXXXXXX.log (on Windows 2008 R2)

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr#.log

C:\WINDOWS\system32\inetsrv\w3wp.exe.log

LANDesk Process Manager

\Program Files\LANDesk\Process Manager\LaunchApp.log

\Program Files\LANDesk\Process Manager\DatabaseManager\DatabaseManager.log

\Program Files\LANDesk\Process Manager\TaskEngine\[xxxx]Landesk.Workflow.TaskEngine.Internal.log

\Program Files\LANDesk\Process Manager\TaskEngine\LANDesk.Workflow.TaskEngine.Internal.log

\Program Files\LANDesk\Process Manager\LANDesk.Workflow.TaskEngine.log

\Program Files\LANDesk\Process Manager\WorkflowManager\WorkflowManager.log

\Program Files\LANDesk\Process Manager\Web Services\LANDesk.Workflow.ServiceHost\LANDesk.Workflow.ServiceHost.log

\Program Files\LANDesk\ManagementSuite\log\mbsdk.log

\Program Files\LANDesk\ManagementSuite\mbsdkalerthandler.exe.log

LANDesk Provisioning

\Program Files\LANDesk\ManagementSuite\log\prov_schedule.exe.log

\Program Files\LANDesk\ManagementSuite\log\provisioning\provisioning.log

C:\WINDOWS\system32\LogFiles\W3SVC1\exXXXXX.log(NOTE: The location of the IIS logs can be changed in the properties of the Web Site)

C:\inetpub\logs\LogFiles\W3SVC1\u_exXXXXXX.log (on Windows 2008 R2)

LANDesk OS Deployment

\Program Files\LANDesk\ManagementSuite\log\custjob.exe.log

\Program Files\LANDesk\ManagementSuite\log\corewebservices.log

\Program Files\LANDesk\ManagementSuite\log\CJ-OSD-[SCRIPT NAME].log

C:\WINDOWS\system32\LogFiles\W3SVC1\exXXXXX.log(NOTE: The location of the IIS logs can be changed in the properties of the Web Site)

C:\inetpub\logs\LogFiles\W3SVC1\u_exXXXXXX.log (on Windows 2008 R2)

\Program Files\LANDesk\Managementsuite\log\raxfer.log

LANDesk Activation

\Program Files\LANDesk\ManagementSuite\log\landesk.managementsuite.licensing.activatecore.exe.log

\Program Files\LANDesk\ManagementSuite\log\landesk.managementsuite.licensing.usageservice.exe.log

\Program Files\LANDesk\ManagementSuite\log\landesk.managementsuite.licensing.activationservice.exe.log

LANDesk Management Gateway

\Program Files\LANDesk\ManagementSuite\log\BrokerService.log

C:\WINDOWS\system32\LogFiles\W3SVC1\exXXXXX.log(NOTE: The location of the IIS logs can be changed in the properties of the Web Site)

C:\inetpub\logs\LogFiles\W3SVC1\u_exXXXXXX.log (on Windows 2008 R2)

LANDesk 32-bit Console

\Program Files\LANDesk\ManagementSuite\log\console.exe.log

LANDesk Security and Patch Manager

\Program Files\LANDesk\ManagementSuite\log\vaminer.exe.log

C:\WINDOWS\system32\LogFiles\W3SVC1\exXXXXX.log(NOTE: The location of the IIS logs can be changed in the properties of the Web Site)

C:\inetpub\logs\LogFiles\W3SVC1\u_exXXXXXX.log (on Windows 2008 R2)

  LANDesk Antivirus and Spyware

\Program Files\LANDesk\Managementsuite\Ldlogon\antivirus\cab\cab.log

\Program Files\LANDesk\Managementsuite\Ldlogon\antivirus\bases\cab.log

\Program Files\LANDesk\Managementsuite\Ldlogon\spyware\vulscan.log

LANDesk Agent and Advance Agent

\Program Files\LANDesk\Managementsuite\Ldlogon\AdvanceAgent\[Agent Name].exe.log

\Program Files\LANDesk\Managementsuite\log\scheduledtaskhandler_#.log (For Agent Deployment tasks)

\Program Files\LANDesk\Managementsuite\log\cab_#.log

  LANDesk Inventory Server

\Program Files\LANDesk\ManagementSuite\log\LDInv32.exe.log

\Program Files\LANDesk\ManagementSuite\log\LDInv32.log

Windows Application Event Viewer - Most LANDesk Inventory Server errors or exceptions are logged to the Application Log

\Program Files\LANDesk\ManagementSuite\log\LDInv32.exe[xxxx_xxxx].log

(Note:  This is the rolling log and must be manually enabled in Configure | Services | Inventory | Advanced Settings | Use Rolling Log = 1)

  LANDesk Rollup Core

\Program Files\LANDesk\ManagementSuite\log\Rollup_[LinkName].log

NOTE:  Create the following dword value in the registry to log rollup tasks - HKLM\Software\LANDesk\ManagementSuite\Core\rollup log
The DWORD "rollup log" must be lower case and the value must be set to 1.
The log file will be called Rollup_LinkName.log and will be located in the folder where dbrollup.exe was run from.

  LANDesk Remote Control

\Program Files\LANDesk\ManagementSuite\log\console.exe.log

\Program Files\LANDesk\ManagementSuite\log\UserValidatorErrLog.txt

\Program Files\LANDesk\ManagementSuite\log\LANDeskManagementSuite.Information.log

Connection messages.txt – This is the text in the Remote Control Viewer interface

C:\WINDOWS\system32\LogFiles\W3SVC1\exXXXXX.log(NOTE: The location of the IIS logs can be changed in the properties of the Web Site)

C:\inetpub\logs\LogFiles\W3SVC1\u_exXXXXXX.log (on Windows 2008 R2)

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr#.log

C:\WINDOWS\system32\inetsrv\w3wp.exe.log

  Executive Dashboard

\Program Files\LANDesk\Managementsuite\log\dashboardreportservice.exe.log

What are these landing pages for?

The Landing Pages were created as a means for LANDESK users to learn about the different Components in the LANDESK Product Line.  Our desire is for these pages to be a place where you can learn about each component's setup and troubleshooting methods as well as additional actions you can take to get more out of your LANDESK Product.

As more landing pages are created, we will add them to this list.

LANDESK Management Suite

• LANDesk 32-bit Console Landing Page
• LANDesk Agent Deployment Landing Page
• LANDesk Cloud Services Appliance Landing Page
• LANDesk Core Install/Upgrade Landing Page
• LANDesk Data Analytics Landing Page
• LANDesk Database Landing Page
• LANDesk Intel AMT/vPro Landing Page
• LANDesk Inventory Landing Page
• LANDesk Linux/Unix Landing Page
• LANDesk Management Suite Landing Page
• LANDesk Mobile Device Management Landing Page
• LANDesk Provisioning Landing Page
• LANDesk Remote Control Landing Page
• LANDesk Reporting Landing Page
• LANDesk Software Distribution Landing Page
• LANDesk Software License Monitoring (SLM) Landing Page
• LANDesk Systems and Security Landing Page
• LANDesk Web Console Landing Page

LANDESK Security Suite

• LANDesk Antivirus Landing Page
• LANDesk Host Intrusion Prevention (HIPS) Landing Page
• LANDesk Patch and Compliance Landing Page

Asset Lifecycle and Process Manager

• Asset Lifecycle and Process Manager Landing Page

LANDESK Service Desk

• LANDesk Service Desk Administration and CIs Landing Page
• LANDesk Service Desk Calculations Landing Page
• LANDesk Service Desk Documentation Landing Page
• LANDesk Service Desk Knowledge Management Landing Page
• LANDesk Service Desk Pre 7.4 content Landing Page
• LANDesk Service Desk Object Designer Landing Page
• LANDesk Service Desk Process Designer Landing Page
• LANDesk Service Desk Query Design Landing Page
• LANDesk Service Desk Reporting Landing Page
• LANDesk Service Desk Service Catalogue Landing Page
• LANDesk Service Desk Landing Page
• LANDesk Service Desk Web Desk and Self Service Landing Page
• LANDesk Service Desk Window Manager Landing Page

LANDESK is aware of the vulnerability inside of glibc and we are currently finishing the process of reviewing its impact. We will update this document with further information as we have it.  We appreciate your patience.

As updates are available, including any additional information about how this vulnerability affects LANDESK products and progress for any updates or patches, it will be added to this document.

Latest Updates

Resolution of Known Issue -

January 27, 2015 (4:00PM MDT)

LANDESK is currently reviewing the impact of glibc within its suite of products.  We will continue to update this document with the latest information.

What is this vulnerability?

As Per Qualys "During a code audit performed internally at Qualys, we discovered abuffer overflow in the __nss_hostname_digits_dots() function of the GNUC Library (glibc). This bug is reachable both locally and remotely via the gethostbyname*() functions, so we decided to analyze it -- and its impact -- thoroughly, and named this vulnerability "GHOST".

"Our main conclusions are:

- Via gethostbyname() or gethostbyname2(), the overflowed buffer is located in the heap. Via gethostbyname_r() or gethostbyname2_r(), the overflowed buffer is caller-supplied (and may therefore be located in the heap, stack, .data, .bss, etc; however, we have seen no such call in practice).

- At most sizeof(char *) bytes can be overwritten (ie, 4 bytes on 32-bit machines, and 8 bytes on 64-bit machines). Bytes can be overwritten only with digits ('0'...'9'), dots ('.'), and a terminating null character ('\0').

- Despite these limitations, arbitrary code execution can be achieved. As a proof of concept, we developed a full-fledged remote exploit against the Exim mail server, bypassing all existing protections (ASLR, PIE, and NX) on both 32-bit and 64-bit machines. We will publish our exploit as a Metasploit module in the near future.

- The first vulnerable version of the GNU C Library is glibc-2.2, released on November 10, 2000.

- We identified a number of factors that mitigate the impact of this bug. In particular, we discovered that it was fixed on May 21, 2013 (between the releases of glibc-2.17 and glibc-2.18). Unfortunately, it was not recognized as a security threat; as a result, most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example."

For more information please see oss-security - Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow.

How does this affect LANDESK?

Affected Product(s)

This section will be updated as we finish reviewing the impact of this vulnerability.

Non-Affected Product(s)

This section will be updated as we finish reviewing the impact of this vulnerability.

Solution

This section will be updated as we finish reviewing the impact of this vulnerability.

- LANDESK Support

Purpose

LDMS 9.6 introduced additional logging options. These options help manage the size, quantity, and the logged information. Using these options can be beneficial in troubleshooting a variety of issues.

Steps

• Open Registry Editor (regedit.exe)
• Navigate to and select the LogOptions key
  • 32Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\landesk\managementsuite\LogOptions]
  • 64Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\landesk\managementsuite\LogOptions]
• Right click desired REG_DWORD and choose Modify.
  • Set Value data to desired value
    • 0 = Off
    • 1 = On

Additional Options

Individual log options can be overridden by adding the above REG_DWORD to the specific sub-key. For example, if you want to have vulscan keep 12 backups of a log and always write verbose entries into the log you would:

• Open Registry Editor (regedit.exe)
• Navigate to the LogOptions\vulscan.exe key
  • 32Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\landesk\managementsuite\LogOptions\vulscan.exe]
  • 64Bit OS - [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\landesk\managementsuite\LogOptions\vulscan.exe]
• Right click vulscan.exe
  • Select New
  • Select DWORD (32-bit) Value
  • Type the Reg_DWORD logVerbose
  • Right click logVerbose REG_DWORD and choose Modify.
  • Set Value data to 1 (On)
• Repeat for maxBackups and set value to 12

These modifications can be made individually as needed for troubleshooting. However if this is needed on a wider scale, modifying multiple values in multiple registries can be problematic. Below you will find attached Provisioning Templates that will allow you to modify the registries using a scheduled task. By default these templates have the values set to their default value. A copy should be made of the default version so that changes can be reverted easily. These can be further modified to create the logging options for specific sub-keys.

Related Documents

How to enable XTrace Diagnostic logging in LANDesk 9.6 Core and Clients

Environment:

LDMS 9.0, 9.5 & 9.6

Review Date:

17.11.2014

Description:

LDDellOMCI.exe is a client side part of Landesk Agent - OMCI stands for Open Manage Client Interface and this executable checks if the system is OMCI compatible.

OMCI should be usually available on Dell OptiPlex, Dell Precision Workstation and Dell Latitude client systems. Purpose of OMCI is to remotely manage assets, monitor system health etc.

Should you be using a machine(s) where Sophos AV is installed along with an LDMS agent, you may notice issues on those boxes when they try to download Sophos new AV definitions from the Internet. It's because both Sophos and LDDellOMCI use the same port 51234.

Solution:

1. On the client with Sophos AV, open the below file in Notepad:

\Program Files (x86)\LANDesk\LDClient\landesk.provider.collector.startup.xml

2. Go to the following line:

<file name="LDDellOMCI.exe" iomethod="sock" port="51234" />

3. Modify the port number accordingly to your needs.

4. Save the file and reboot the device.

LANDESK is aware of the vulnerability inside of SSL 3.0 and we are currently finishing the process of reviewing its impact. We will update this document with further information as we have it.  We appreciate your patience.

As updates are available, including any additional information about how this vulnerability affects LANDESK products and progress for any updates or patches, it will be added to this document.

Latest Updates

Resolution of Known issue -

November 12, 2014 (12:00PM MDT)

This vulnerability does not affect the LANDESK Cloud Services Appliance.  When disabling SSL 3.0, the Cloud Services Appliance auto-negotiates to the proper protocol level.

October 31, 2014 (12:00PM MDT)

The vulnerability is in the SSL 3.0 protocol.  If you disable this protocol on systems running LANDESK products you will effectively resolve the vulnerability.  Guidance on how to disable SSL 3.0 is available from OS and browser vendors.  Disabling SSL 3.0 on servers running web services in your environment will prevent exposure to those specific services.  You should also disable SSL 3.0 on client machines in your environment to protect them from connecting to services that are still exposed.

After further testing we recommend you be on the latest version of our LANDESK Management Suite which is 9.6 and following the steps listed at How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services.  Disabling this should not affect your experience with the LANDESK Management Suite product as we have the logic built in to negotiate up to the correct level of the TLS protocol.

October 17, 2014 (12:10PM MDT)

LANDESK is currently reviewing the impact that disabling SSL 3.0 in the core server and Cloud Service Appliance has on core functionality.

What is this vulnerability?

As Per US-CERT "The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session. The decryption is done byte by byte and will generate a large number of connections between the client and server.

While SSL 3.0 is an old encryption standard and has generally been replaced by Transport Layer Security (TLS) (which is not vulnerable in this way), most SSL/TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. Even if a client and server both support a version of TLS the SSL/TLS protocol suite allows for protocol version negotiation (being referred to as the “downgrade dance” in other reporting). The POODLE attack leverages the fact that when a secure connection attempt fails, servers will fall back to older protocols such as SSL 3.0. An attacker who can trigger a connection failure can then force the use of SSL 3.0 and attempt the new attack. [1]

Two other conditions must be met to successfully execute the POODLE attack: 1) the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) and 2) the attacker must have visibility of the resulting ciphertext. The most common way to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a whole separate form of attack to establish that level of access.

These conditions make successful exploitation somewhat difficult. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges."

Read More at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 and SSL 3.0 Protocol Vulnerability and POODLE Attack | US-CERT

How does this affect LANDESK?

Affected Product(s)

LANDESK Management Suite / Security Suite 9.0 and later

Non-Affected Product(s)

LANDESK Cloud Services Appliance 4.2 and later

LANDESK Asset Lifecycle Manager

LANDESK Service Desk, including Service Desk as a Service (SDaas)

Mobility products including Wavelink, Avalanche on Demand, and LANDESK Mobility Management

Solution

After further testing we recommend you be on the latest version of our LANDESK Management Suite which is 9.6 and following the steps listed at How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services.  Disabling this should not affect your experience with the LANDESK Management Suite product as we have the logic built in to negotiate up to the correct level of the TLS protocol.

This vulnerability does not affect the LANDESK Cloud Services Appliance.  When disabling SSL 3.0, the Cloud Services Appliance auto-negotiates to the proper protocol level.

- LANDESK Support

Environment

This functionality has been added with Service Pack 1 for LANDESK Management Suite 9.6

Description

This new functionality allows you to gather logs from a client machine from your Core server.

You have many different choices:

• Client side logs
  • Logs regarding a component
  • All logs
• Core side logs
  • Logs regarding a component

In order to use it, from your console, right click on a device, Scheduled tasks and diagnostics

This window gives you a history of the actions that have been performed on the machine, and the possibility to gather the logs you want through the menu.

Some of the logs can also be read within this window and analyzed at the same time, highlighting keywords about successful and failed operations

Gather logs for Support

Once at this step, click on one of the event, then Logs, Client, Get all and zip or pick only the logs you are being asked by the support

     Please put the Case number (with date and/or version) as a title as we get a lot of them everyday.

Once you have this file, please send it to the support through our portal: https://customer.landesk.com

Additional Information

This way of gathering logs eases a lot our troubleshooting steps and can be improved by enabling XTrace logs.

You can follow the following articles to enable the XTrace logs:

How To: Add (or Stop) XTrace + Log Verbose for 1 device in 2-CLICKS from any LDMS Console

How to enable XTrace Diagnostic logging in LANDesk 9.6 Core and Clients

LANDESK Management Suite / Security Suite 9.6

Installation Information

• Supported Platforms and Compatibility Matrix for LANDESK Management Suite
• LANDESK Management Suite 9.6 Architecture - Overview
• Best Known Methods for installing Microsoft SQL Server 2012 for LDMS
• Upgrading Oracle Client to 64-bit (prior to core upgrade)
• Best Known Methods for Installing LANDESK Management Suite 9.6
• Side by side migration from LANDESK Management Suite 9.5 SP2 to 9.6
  

Additional  Information

• LANDESK Management Suite 9.6 Online Help (Help Center)
• LANDESK Management Suite 9.6 Oracle Support
• LANDESK Management Suite 9.6 Readme
  

Download

Download LANDESK Management Suite / Security Suite from the Product Downloads community

General articles about 9.6

• Cloud Service Appliance Failover Mode LDMS 9.6
• Installing SmartVue 1.2
• Best Known Method To Configure Rollup for LDMS 96.pdf
• Best known Method to Configure Fuse
• How to use Reboot Settings
• What's New in LDMS 9.6 Software Distribution
• LDMS 9.6 OS Provisioning - What's New
• Core Upgrade Fails on Database Upgrade
• Console Single Sign-On

This article has been depricated. Please see article http://community.landesk.com/support/docs/DOC-1591.