XTrace for LDMS 9.6 and newer

As of LDMS 9.6 all that is needed to enable XTrace verbose logging on client machines it to modify the following registry keys on the target client machine:

64-bit:

||HKLM|SOFTWARE|Wow6432Node|landesk|managementsuite|LogOptions

32-bit:

||HKLM|SOFTWARE|landesk|managementsuite|LogOptions

To enable the logging options change their value to "1", or back to "0" to disable the verbose logging. The keys you can modify to enable verbose logging are:

• logInfo
• logType
• logVerbose
• logXTrace

Once the logging options are enabled the existing logs for the various components will simply become more verbose instead of a new logs being generated. You will still gather the same logs you would have before.

XTrace for LDMS 9.5 and older

XTrace functionality is in the registry only.

To activate Xtrace manually create any or all of the following registry entries in the following location:

32Bit OS

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Intel\\LANDesk\\XTrace]

64Bit OS

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Intel\\LANDesk\\XTrace]

Note: The registry entries should be a DWORD value with a "Value data" of 1

An executable that can automatically set these registry key values is attached here:

  LDDebugLogEnabler.zip

Note: The executable is not supported by LANDESK but is written independently by Jared Barneck.

The name of the XTrace log is the value name with a .XLG extension. This log file will show up in the same directory as the application that is being traced.

Note: To enable Xtrace for LANDESK Provisioning, the following method can be used:

1. Modify the Provisioning template
2. Add a Wait action as the first action in the OS Deployment section.  (5 to 10 minutes should be enough to make the changes to the registry)
3. Remote control the client and make the appropriate registry changes to turn on Xtrace.
4. After the template has finished, collect the XTRACE logs you have turned on.  These will end with a .XLG extension.

ATTENTION

───────────────────────────────────────────────────────────
This PowerShell script is not official and is not supported by LANDESK

Please review the Share IT disclaimer here: LANDesk Share IT Disclaimer

───────────────────────────────────────────────────────────

This is a tool intended to help support and LANDESK users to quickly check their Core / Client connectivity

Description

Being able to know whether or not a port is reachable on a client machine from your Core and on the Core from the Client is really important during almost all LANDESK operations.

Here is the list of ports LANDESK uses and the operations related to these ports:

Ports used by LANDesk Management Suite - Full List

Please refer to this article in order to check which port you want to be opened in order to have a feature working.

Download

You can download the script through the following link or download it from the attached document of this article.

Download LDPortsTesting.zip          4 KB - Last edited: 02/12/14

Video

Getting started

• Rights / Requirements

You have to run this script as an Administrator with at least Local Administrator rights.

You have to run the script: Core-LDPortsTesting.ps1 on a Core Server

You have to run the script: Client-LDPortsTesting.ps1 on a Client machine

• Execution Policy Change

As default Security Settings are usually preventing scripts to run on a server, you may see this message:

As this script is not altering any file or folder, you can safely run it by putting Yes or Y   

Here is the link given by Microsoft about the Execution Policies:

• Technet - about_Execution_Policies

In order to check manually if your policies are authorized to run, you can type in a PowerShell window Get-ExecutionPolicy:

You can then modify it by typing Set-ExecutionPolicy Unrestricted which will lead you to the previous prompt:

Here is a Technet article about these commands that may be useful:

• Technet - Usage of ExecutionPolicy commands

    ATTENTION:Please remember to set the Execution Policy back to its default settings when you have finished to run the script

How to use

You will be prompted for the IP address or the hostname of the machine you want to test.

Then you will have to choose between the following:

• TCP
• UDP
• TCP and UDP

Here is what is scanned for each of them.

I.  TCP

From Core to Client - Core-LDPortsTesting

The following ports are being tested with a 1800 ms timeout:

25, 137, 139, 445, 4343, 9535, 9593, 9594, 9595, 9971, 9972, 12174, 16992, 16993, 16994, 33354

From Client to Core - Client-LDPortsTesting

80, 137, 139, 443, 445, 4343, 5007, 9594, 9595, 9982, 12175, 12176, 16992, 16993, 16994, 33354

You can double check what are these ports used for in this document: Ports used by LANDesk Management Suite - Full List

II.  UDP

From Core to Client - Core-LDPortsTesting

The following ports are being tested with a 1800 ms timeout:

68, 1758, 9535, 9595, 33354, 33355, 38293

From Client to Core - Client-LDPortsTesting

67, 69, 1759, 4011, 9535, 9595, 38293

You can double check what are these ports used for in this document: Ports used by LANDesk Management Suite - Full List

III. TCP and UDP

The previous mentionned ports are being tested.

Results

A folder is created with the IP address of the client machine as a name and will contain a TCP and/or UDP folder(s).

The results of the ports testing are sent to a text file within these folders.

LANDESK is aware of the vulnerability inside of SSL 3.0 and we are currently finishing the process of reviewing its impact. We will update this document with further information as we have it.  We appreciate your patience.

As updates are available, including any additional information about how this vulnerability affects LANDESK products and progress for any updates or patches, it will be added to this document.

Latest Updates

Resolution of Known issue -

November 12, 2014 (12:00PM MDT)

This vulnerability does not affect the LANDESK Cloud Services Appliance.  When disabling SSL 3.0, the Cloud Services Appliance auto-negotiates to the proper protocol level.

October 31, 2014 (12:00PM MDT)

The vulnerability is in the SSL 3.0 protocol.  If you disable this protocol on systems running LANDESK products you will effectively resolve the vulnerability.  Guidance on how to disable SSL 3.0 is available from OS and browser vendors.  Disabling SSL 3.0 on servers running web services in your environment will prevent exposure to those specific services.  You should also disable SSL 3.0 on client machines in your environment to protect them from connecting to services that are still exposed.

After further testing we recommend you be on the latest version of our LANDESK Management Suite which is 9.6 and following the steps listed at How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services.  Disabling this should not affect your experience with the LANDESK Management Suite product as we have the logic built in to negotiate up to the correct level of the TLS protocol.

October 17, 2014 (12:10PM MDT)

LANDESK is currently reviewing the impact that disabling SSL 3.0 in the core server and Cloud Service Appliance has on core functionality.

What is this vulnerability?

As Per US-CERT "The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session. The decryption is done byte by byte and will generate a large number of connections between the client and server.

While SSL 3.0 is an old encryption standard and has generally been replaced by Transport Layer Security (TLS) (which is not vulnerable in this way), most SSL/TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. Even if a client and server both support a version of TLS the SSL/TLS protocol suite allows for protocol version negotiation (being referred to as the “downgrade dance” in other reporting). The POODLE attack leverages the fact that when a secure connection attempt fails, servers will fall back to older protocols such as SSL 3.0. An attacker who can trigger a connection failure can then force the use of SSL 3.0 and attempt the new attack. [1]

Two other conditions must be met to successfully execute the POODLE attack: 1) the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) and 2) the attacker must have visibility of the resulting ciphertext. The most common way to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a whole separate form of attack to establish that level of access.

These conditions make successful exploitation somewhat difficult. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges."

Read More at http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566 and SSL 3.0 Protocol Vulnerability and POODLE Attack | US-CERT

How does this affect LANDESK?

Affected Product(s)

LANDESK Management Suite / Security Suite 9.0 and later

Non-Affected Product(s)

LANDESK Cloud Services Appliance 4.2 and later

LANDESK Asset Lifecycle Manager

LANDESK Service Desk, including Service Desk as a Service (SDaas)

Mobility products including Wavelink, Avalanche on Demand, and LANDESK Mobility Management

Solution

After further testing we recommend you be on the latest version of our LANDESK Management Suite which is 9.6 and following the steps listed at How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services.  Disabling this should not affect your experience with the LANDESK Management Suite product as we have the logic built in to negotiate up to the correct level of the TLS protocol.

This vulnerability does not affect the LANDESK Cloud Services Appliance.  When disabling SSL 3.0, the Cloud Services Appliance auto-negotiates to the proper protocol level.

- LANDESK Support

Description: Microsoft has an older utility called Windiff.exe that can be used to perform a detailed comparison of a file or the contents of a directory. This can be handy if you need to see if a file is damaged or perhaps directories contain different files than what the date and size show (which can be inaccurate). See screen shot below. The utility can take a while to complete if comparing a large directory.

How to use windiff.exe:

https://support.microsoft.com/en-us/kb/159214

Download for windiff.exe (part of support tools):

http://www.microsoft.com/en-us/download/confirmation.aspx?id=7911

Everyone in any organization needs tools and information from IT to succeed in their work. LANDESK Workspaces empowers the roles within each organization that interact the most with IT data, actions, processes, and tools. A whole new user experience awaits you for interacting with IT when you download this app and have the back end LANDESK solutions configured. Here are some of the roles you can empower using LANDESK Workspaces for:

• End Users – Gain the freedom to access approved applications and services through self-service with a more intuitive experience anywhere, on any device.
• IT Analysts – Experience greater ability to provide one-to-one support for users with all the relevant information about the user’s devices, services and software.
• Asset Managers – Show immediate ROI by identifying and reclaiming unused software licenses. Monitor and manage assets from the moment they’re purchased or leased until they’re retired.

LANDESK Workspaces delivers intuitive, role-driven experiences for end users and IT professionals while unifying data and simplifying processes from multiple IT disciplines including; systems, security, service, asset, and mobility management.

Experience the right information, at the right time, in the right context to take action—all from this one little app!

Additional Information

Workspace July 2015 Update Readme

LANDESK Workspaces

LANDESK Service Desk 7.8.2 - Includes Workspace 2015 July Update

Download

To download the update, please visit the download page at LANDESK Workspace July 2015 Release Download in the Product Downloads area.

Updated Mobile Apps can be downloaded from the appropriate App Store

Android - Google Play

iOS - iTunes

Client Side Logfile locations by LANDESK component

For More Information...

For a list of 9.6 SP1 Client Side Log locations, see LANDESK Management Suite 9.6 SP1 Client Log File Locations

For a list of 9.6 Client Side Log locations, see LANDESK Management Suite 9.6 Client Log File Locations

For a list of 9.5 Server Side Log locations, see 9.5 LANDesk Server Log File Locations for Troubleshooting

Alerting

C:\Program Files\ LANDesk\shared files\alert.log

C:\Program Files\LANDesk\LDClient\alertsync.log

C:\Program Files\LANDesk\LDClient\lddetectsystem.log

C:\Program Files\LANDesk\LDClient\createmonitorroot.log

AMT

C:\Program Files\LANDesk\LDClient\amtmon.Log

AntiVirus (LANDesk)

C:\ProgramData\LANDeskAV\ldav.log

C:\ProgramData\LANDeskAV\ldav_scan.log

C:\ProgramData\LANDeskAV\ldav_update.log

C:\ProgramData\LANDeskAV\ldav_install.log

C:\ProgramData\LANDeskAV\msi_install.log

CBA8 logs (Common Base Agent)
C:\Program Files\LANDesk\shared files\residentagent.log
C:\Program Files\LANDesk\shared files\residentagent.old
C:\Program Files\LANDesk\shared files\servicehost.log
C:\Program Files\LANDesk\shared files\servicehost.old

C:\Program Files\LANDesk\LDClient\fwregister.log

Cloud Services Appliance

C:\Program Files\LANDesk\shared files\proxyhost.log

C:\Program Files\LANDesk\LDClient\brokerconfig.log

Endpoint Security

Files within C:\Program Files\LANDesk\LDClient\HIPS:

DCM.log (Device Control – Logs Device Information)

DCMVolumes.log (Device Control – Logs Volume Information)

ERROR.LOG (Shows Endpoint Security service errors)

NetworkDetection.log (Shows Network Location Awareness information)

ShadowCopy.log (Device Control – Shadow copy information)

Files within C:\Documents and Settings\All Users\Application Data\LDSec

LDSECSETUP32-HIPS-debug.log (Debug level log for installation)

LDSECSVC-DCM-debug.log (Debug level log for Device Control)

LDSECSVC-HIPS-debug.log (Debug level log for HIPS)

Files within C:\Documents and Settings\All Users\Application Data\Vulscan

Vulscan.log (logs Endpoint installation, settings changes, etc)

For more information on troubleshooting Endpoint Security and logs please see Community DOC-9853

InventoryScanner

C:\Program Files\LANDesk\LDClient\ldiscn32.log

C:\Program Files\LANDesk\LDClient\data\ldiscn32.log
(This log appears when ldiscn32.exe is run with the "/debug" switch)

C:\Program Files\LANDesk\LDClient\ldiscnupdate.log

Local Scheduler tasks

C:\Program Files\LANDesk\LDClient\localsch.log

C:\Program Files\LANDesk\LDClient\LDSystemEventCapture.log

Macintosh

\Library\Application Support\LANDesk\LANDesk.log(All Components)

Security and Patch Manager
C:\ProgramData\vulScan\vulscan.log

C:\ProgramData\vulScan\vulscan.#.log
(The vulscan log will roll and create a vulscan.1.log, vulscan.2.log, etc)
C:\Program Files\LANDesk\LDClient\vulscan.log

C:\ProgramData\vulScan\softmon.log

Software Distribution
C:\Program Files\LANDesk\LDClient\data\sdclient_task#.log
C:\Program Files\LANDesk\LDClient\data\sdclient.log

C:\Program Files\LANDesk\LDClient\tmcsvc.log

C:\Program Files\LANDesk\LDClient\data\SDClientTask.[Core-Name].[task#].log

C:\Program Files\LANDesk\LDClient\data\[MSI Name].log (created during installation of MSI packages)

C:\Program Files\LANDesk\LDClient\CurrentDownloads.log (information regarding whether a file has been downloaded from the source or from a preferred server)

Software Distribution - Policies

C:\Program Files\LANDesk\LDClient\policy.cgi.log

C:\Program Files\LANDesk\LDClient\policy.client.portal.log

C:\Program Files\LANDesk\LDClient\policy.client.invoker.log

C:\Program Files\LANDesk\LDClient\policy.sync.log

Software License Monitoring
C:\Program Files\LANDesk\LDClient\data\gatherproducts.log
C:\Program Files\LANDesk\LDClient\data\proddefs\*.xml

Remote Control logs

Please refer to this document here : What log files are used for Remote Control Troubleshooting?

Introduction

LANDESK Management Suite uses a certificate-based authentication model. Device agents authenticate to authorized core servers, preventing unauthorized cores from accessing clients. Each core server has a unique certificate and private key that Management Suite Setup creates when you first install the core or rollup core server. To ensure proper function of the product the proper certificate files need to be located on the core and on the client machines. If the core certificate cannot be located in the core for agent deployment, this is often due to the file not being present on the core.

Certificate File Locations

Core

The following certificate files must be present on the core in \Program Files\LANDesk\Shared Files\Keys:

-<keyname>.key: The .key file is the private key for the core server, and it only resides on the core server. If this key is compromised, the core server and device communications won't be secure. Keep this key secure. For example, don't use e-mail to move it around.

-<keyname>.crt: The .crt file contains the public key for the core server. The .crt file is a viewer-friendly version of the public key that you can view to see more information about the key.

-<hash>.0: The .0 file is a trusted certificate file and has content identical to the .crt file. However, it's named in a manner that lets the computer quickly find the certificate file in a folder that contains many different certificates. The name is a hash (checksum) of the certificate's subject information. To determine the hash filename for a particular certificate, view the <keyname>.crt file. There is a .ini file section [LDMS] in the file. The hash=value pair indicates the <hash> value.

The following is an example of what these files should look like in the the file system from a working core server:

Additionally, this file must be present in \Program Files\LANDesk\ManagementSuite\ldlogon:

-<hash>.0: Each additional core server trusted certificate (<hash>.0) that you want devices to use must be copied to the core server's ldlogon folder.

Clients

The clients must have the following certificate file distributed to the following location depending on client OS:

Windows devices: \Program Files (x86)\LANDesk\Shared Files\cbaroot\certs

Mac devices: /usr/LANDesk/common/cbaroot/certs

-<hash>.0

Common Issues Resulting from Missing Certificate Files

If the aforementioned certificate files are not located in the proper file directory, there can be a number of issues:

-Certificate cannot be selected in agent deployment

-Agents are unable to authenticate

-Etc.

Many of these certificate issues can be resolved simply by verifying the certificate files are in their proper location on both the client and the core.

Additional Helpful Documentation

How to troubleshoot a missing or deleted core certificate.

Description

This document will show you how to backup your database to a .bak file for submission to LANDesk Support using Microsoft SQL Management Studio.

Step 1: In SQL Management Studio right click on your Database and Select Tasks -> Back Up...

Step 2: This screen will come up, hit Remove to clear the default file location.

Step 3: Then click the Add button directly above and select a file name.

Step 4: Then click OK here.

And then zip and upload the file to ftp://ftp.landesk.com/incoming and then email the support technician you are working with with the filename of your zip file so it can be found on the ftp.

Still have questions on how to upload to the ftp site? Click here: http://community.landesk.com/support/docs/DOC-17441

This document outlines the supported platforms for LANDESK Management Suite, including supported clients along with server and database requirements for all supported versions of LANDESK Management Suite.

	Supported:LANDESK Software has successfully tested and validated the operating system (OS) version with LANDESK Software. LANDESK provides full technical support for the LDMS components running on the OS.
	Supported with a patch:LANDESK Software has successfully tested and validated the operating system (OS) version with LANDESK Software. LANDESK provides full technical support for the LDMS components running on the OS, however an additional patch is required to enable support for the OS.
	Legacy: This involves installing an agent from a previous version of LANDESK on the OS and using it with current code. New features are not available and support is not offered for this method of device management.
*	Future Update: This column or row is informational and subject to change until release.

What is the End of Life for LANDESK Products

Please click here be referred to our main website for the most up-to-date product availability and support information for all LANDESK products.

Supported LANDESK Agent - Client Operating Systems

Operating Systems	9.5	9.5 SP1	9.5 SP2	9.5 SP3	9.6	9.6 SP1	9.6 SP2	Future Update*
Mac OS X 10.6.8	0 1	0	5	5	5	9	9	9
Mac OS X 10.7.5	0 1	0	0	0	5	5	9	9
Mac OS X 10.8.5	0 1	0	0	0	0	0	0	5
Mac OS X 10.9.x	9	1	0	0	0	0	0	0
Mac OS X 10.10.x	9	9	9	9	1	0	0	0
Windows 2000 Professional SP4	5	5	5	9	9	9	9	9
Windows XP Professional x32 SP3	0	0	0	0	0	0	0	5
Windows XP Professional x64 SP3	0	0	0	0	0	0	0	5
Windows Vista (32-bit) SP2 or higher	5	5	5	5	5	9	9	9
Windows Vista (64-bit) SP2 or higher	5	5	5	5	5	9	9	9
Windows 7 Professional/Enterprise/Ultimate x32	0	0	0	0	0	0	0	0
Windows 7 Professional/Enterprise/Ultimate x32 SP1	0	0	0	0	0	0	0	0
Windows 7 Professional/Enterprise/Ultimate x64	0	0	0	0	0	0	0	0
Windows 7 Professional/Enterprise/Ultimate x64 SP1	0	0	0	0	0	0	0	0
Windows 8 Professional/Enterprise x32	9	0	0	0	0	0	0	0
Windows 8 Professional/Enterprise x64	0 1	0	0	0	0	0	0	0
Windows 8.1 Professional/Enterprise x64	9	1	0 1	0	0	0	0	0
Windows 8.1 Update 1 Professional/Enterprise x64	9	9	9	0	0	0	0	0
Windows 10	9	9	9	1 1,3	9	9	1 1,4	0

Supported LANDESK Agent - Server Operating Systems

Operating Systems	9.5	9.5 SP1	9.5 SP2	9.5 SP3	9.6	9.6 SP1	9.6 SP2	Future Update*
AIX 6.x x64 (PPC)	9	0 1	0 1	0 1	0 1	0 1	0 1	9
AIX 7.1 x64 (PPC)	9	0 1	0 1	0 1	0 1	0 1	0 1	9
CentOS 5 x32	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
CentOS 5 x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
CentOS 6 x32	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
CentOS 6 x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
CentOS 7 x64	9	9	9	9	9	0 1	0 1	9
HP-UX 11.11v1 / 11.23 PA RISC x64	0 1	0 1	0 1	0 1	9	9	9	9
HP-UX 11.31 PA RISC x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
HP-UX 11.23v2 /11.31 on Itanium x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
Red Hat Enterprise Linux Advanced Platform 5 x32/x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
Red Hat Enterprise Linux 6 x32/x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
Red Hat Enterprise Linux 7 x64	9	9	9	9	9	0 1	0 1	9
Solaris 10 (SPARC64/x86_64) with Update 8 or later	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
Solaris 11 (Sparcx64/x86_64)	9	9	9	9	0 1	0 1	0 1	9
SuSE Linux Enterprise Server 10 x32/x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
SuSE Linux Enterprise Server 11 x64	0 1	0 1	0 1	0 1	0 1	0 1	0 1	9
Windows Server 2003 Standard/Enterprise SP2 x32/x64	0	0	0	0	0	0	0	5
Windows Server 2003 R2/SP2 Standard/Enterprise x32/x64	0	0	0	0	0	0	0	5
Windows Server 2008 Standard/Enterprise SP2 x32/x64	0	0	0	0	0	0	0	9
Windows Server 2008 R2 Standard/Enterprise x64	0	0	0	0	0	0	0	9
Windows Server 2008 R2 Standard/Enterprise x64 SP1	0	0	0	0	0	0	0	9
Windows Server 2012 x64	0 1	0	0	0	0	0	0	9
Windows Server 2012 R2 x64	9	1 1	0 1	0	0	0	0	9
Windows Server 2012 R2 with Update x64	9	9	9	0	0	0	0	9

Supported LANDESK Agent - Embedded Operating Systems

Operating Systems	9.5	9.5 SP1	9.5 SP2	9.5 SP3	9.6	9.6 SP1	9.6 SP2	Future Update*
Windows Embedded Standard/Enterprise 2009	9	9	9	0	0	0	0	9
Windows Embedded Standard/Enterprise 7	9	9	9	0	0	0	0	9
Windows Embedded POSReady 2009	9	9	9	0	0	0	0	9
Windows Embedded POSReady 7	9	9	9	0	0	0	0	9
HP ThinPro	9	9	9	0	0	0	0	9

Supported LANDESK Mobile Operating Systems

Operating Systems	9.5	9.5 SP1	9.5 SP2	9.5 SP3	9.6	9.6 SP1	9.6 SP2	Future Update*
Android	0	0	0	0	0	0	0	0
iOS	0	0	0	0	0	0	0	0
Blackberry OS1	0	0	0	0	0	0	0	0
Windows Mobile 6 or Higher1	0	0	0	0	0	0	0	0

Supported LANDESK Console Operating Systems

Operating Systems	9.5	9.5 SP1	9.5 SP2	9.5 SP3	9.6	9.6 SP1	9.6 SP2	Future Update*
Windows XP SP3	0	0	0	0	0 1	0 1		9
Windows Server 2008 R2 Standard/Enterprise x64	0	0	0	0	0	0	0
Windows Server 2012 x64	9	9	9	0	0	9	9	9
Windows Server 2012 R2 Update 1 x64	9	9	9	0	0	0	0	0
Windows 7 x32 SP1	0	0	0	0	9	9	9	9
Windows 7 x64 SP1	0	0	0	0	0	0	0	0
Windows 8 Professional/Enterprise x64	0	0	0	0	0	0	0	9
Windows 8.1 Professional/Enterprise x64	9	9	0	0	0	9	9	9
Windows 8.1 Update 1 Professional/Enterprise x64	9	9	9	0	0	0	0	0

Supported LANDESK Core Server Operating Systems

Operating Systems	9.5	9.5 SP1	9.5 SP2	9.5 SP3	9.6	9.6 SP1	9.6 SP2	Future Update*
Windows Server 2008 R2 Standard/Enterprise x64 SP1	0	0	0	0	5 1	5 1	5 1	9
Windows Server 2012 R2 Update 1 Standard/Enterprise x64	9	9	9	9	0	0	0	0

Supported LANDESK Core Server Database

Operating Systems	9.5	9.5 SP1	9.5 SP2	9.5 SP3	9.6	9.6 SP1	9.6 SP2	Future Update*
MS SQL Server Express 2005	5	5	5	5	9	9	9	9
MS SQL Server 2008	0	0	0	0	0	0	0	9
MS SQL Server Express 2008	0	0	0	0	0	0	0	9
MS SQL Server 2008 R2	0	0	0	0	0	0	0	9
MS SQL Server 2012	0	0	0	0	0	0	0	0
MS SQL Server 2012 Express	0	0	0	0	0	0	0	0
MS SQL Server 2014	9	9	9	9	0	0	0	0
Oracle Database 11g Release 2 (11.2.0.2)	0	0	0	0	5 1	5 1	5 1	9

LANDESK Management Suite and Cloud Services Appliance Compatibility

Operating Systems	9.5	9.5 SP1	9.5 SP2	9.5 SP3	9.6	9.6 SP1	9.6 SP2	Future Update*
Cloud Services Appliance 4.0	0	0	0	5	9	9	9	9
Cloud Services Appliance 4.2	0	0	0	5	5	9	9	9
Cloud Services Appliance 4.3	0	0	0	0	0	0	0	0
Future Update*	9	9	9	0	9	0	0	0

LANDESK Management Suite and Asset Lifecycle Manager Compatibility

Operating Systems	9.5	9.5 SP1	9.5 SP2	9.5 SP3	9.6	9.6 SP1	9.6 SP2	Future Update*
ALM 5.01	0	0	0	9	9	9	9	9
ALM 5.06	0	0	0	0	0	0	0	0
ALM 6.01	0	0	0	0	0	0	0	0
ALM 6.02	0	0	0	0	0	0	0	0

LANDESK Management Suite and Service Desk Compatibility

Please refer to the following document for the most current information for details on compatibility and integration.

• Service Desk and LDMS Integration Compatibility Matrix

Asset Lifecycle Manager and Service Desk Compatibility

Service Desk Version	ALM 5.01	ALM 5.06	ALM 6.01
Service Desk 7.6 / 7.6.1	0	0	0
Service Desk 7.7.x	0	0	0
Next Version*	5	0	0

LANDESK is excited to provide support for Windows 10 - the latest OS from Microsoft - as a managed client device for both LANDESK Management Suite 9.5 SP3 and 9.6 SP2.

LANDESK Management Suite 9.6 SP2

LDMS 9.6 SP2 provides basic functionality for Windows 10 clients. Full support is available by installing a Component Patch listed below:

Read Me

LD96-CP_BASE-2015-0722 Download

Note: LANDESK Antivirus is not currently supported on Windows 10. More information can be found here: LANDESK Antivirus and Windows 10 Support

LANDESK Management Suite 9.5 SP3

Basic support for Windows 10 clients is available for LDMS 9.5 SP3 with the following patch:

Read Me

LD95-CP_BASE-2015-0812 Download

Basic support includes the following components: Inventory, Remote Control, Patch Management and Software Distribution.

Note: LANDESK Antivirus is not currently supported on Windows 10. More information can be found here: LANDESK Antivirus and Windows 10 Support

LANDESK Management Suite / Security Suite 9.6

Installation Information

• Supported Platforms and Compatibility Matrix for LANDESK Management Suite
• LANDESK Management Suite 9.6 Architecture - Overview
• Best Known Methods for installing Microsoft SQL Server 2012 for LDMS
• Upgrading Oracle Client to 64-bit (prior to core upgrade)
• Best Known Methods for Installing LANDESK Management Suite 9.6
• Side by side migration from LANDESK Management Suite 9.5 SP2 to 9.6
  

Additional  Information

• LANDESK Management Suite 9.6 Online Help (Help Center)
• LANDESK Management Suite 9.6 Oracle Support
• LANDESK Management Suite 9.6 Readme
  

Download

Download LANDESK Management Suite / Security Suite from the Product Downloads community

General articles about 9.6

• Cloud Service Appliance Failover Mode LDMS 9.6
• Installing SmartVue 1.2
• Best Known Method To Configure Rollup for LDMS 96.pdf
• Best known Method to Configure Fuse
• How to use Reboot Settings
• What's New in LDMS 9.6 Software Distribution
• LDMS 9.6 OS Provisioning - What's New
• Core Upgrade Fails on Database Upgrade
• Console Single Sign-On

Occasionally you'll see an error saying to check the application event log or to use the command-line sxstrace.exe tool.

Below is a how-to for using the sxstrace tool. The how-to is copied from Troubleshooting side by side issues using sxstrace - bits and bytes, but I've included the text here in case the link stops working.

How to troubleshoot Side by Side errors using sxstrace?

As the error message suggests let use sxstrace.exe. The usage of sxstrace is pretty easy to understand…

C:\windows\system32>sxstrace

WinSxs Tracing Utility.

Usage: SxsTrace [Options]

Options:

     Trace -logfile:FileName [-nostop]

          Enabling tracing for sxs.

          Tracing log is saved to FileName.

          If -nostop is specified, will not prompt to stop tracing.

     Parse -logfile:FileName -outfile:ParsedFile  [-filter:AppName]

          Translate the raw trace file into a human readable format and save the result to ParsedFile.

          Use -filter option to filter the output.

     Stoptrace

          Stop the trace if it is not stopped before.

Example:

     SxsTrace Trace -logfile:SxsTrace.etl

     SxsTrace Parse -logfile:SxsTrace.etl -outfile:SxsTrace.txt

Collecting sxstrace logs

The command usage message shows us two sample commands and that’s exactly what we’re going to try. Please make sure you’re running an elevated command prompt…

Run the following command…

C:\>SxsTrace Trace -logfile:SxsTrace.etl

Tracing started. Trace will be saved to file SxsTrace.etl.

Press Enter to stop tracing...

So now you’re in tracing mode. Go ahead and run your application which threw the side by side error. Press enter on the command prompt window once you’re done repro’ing the error, this will stop the side by side tracing that’s going on. Once you press enter the ETL trace file will be dumped into the current folder. The dumped trace file is not in human readable format…

Binary output from SxsTrace tool

Parsing sxstrace logs

To make it readable, we’ll need to parse this file using sxstrace tool. Run following command to do that…

C:\>SxsTrace Parse -logfile:SxsTrace.etl -outfile:SxsTrace.txt

Parsing log file SxsTrace.etl...

Parsing finished! Output saved to file SxsTrace.txt.

So now we have a text file as output. Lets open the file and find out what went wrong… Contents are as follows…

Parsed output from sxstrace

Microsoft SQL Server

     Run the following query logged in as 'sa' against the LANDesk database:
     select * from sys.dm_exec_query_stats
     cross apply
     sys.dm_exec_sql_text(sql_handle)
     order by execution_count desc

Oracle

     Login to Web Console Oracle Enterprise Manager
     Click on the Performance Tab
     The Top Working SQL Heading identifies the high load SQL statements

1.) Large Tables in within the LANDesk Management Suite Database suitable for multiple disk block sizes.

In an Oracle environment it is key for each DBA to tune their own environment. However a recommendation we make is to move these tables to a multiple block size tablespaces or a tablespace on a different disk for better IO.

FileInfoInstance: Typically contains several million rows. Is a many relationship to the FileInfo table's one row per software package.

ComputerVulnerability: Typically several million rows. Is a many relationship to the vulnerablilty tables one row vulnerability listing.

History: A history of software contained on computers deleted. Can grow to be very large. Easily truncated without damage to any functioning parts of landesk with exception to the history reports.

Unmodeleddata: All data that is not modeled (or out of the box 'designed' by landesk). This includes all custom registry keys and data forms created. Initially this table is empty and stays that way if no custom data is ever scanned.

AlertLog, AlertHealth, and RCLog also have a potential to grow larger in size although it is less likely that they will.

2.) Turn off AutoShrink

Turn Off AutoShrink! Especially during deployment. As nodes are added, scans will come into the database. Software and Hardware will constantly be added. With plug and play devices such as USB devices a normal now a days, there will be occasion to add and delete devices as well as software popping in and out of the database as people add and remove software from desktop and laptop computers. When Autoshrink is turned on, a sql box can work against itself. Count on 2 Mb of Disk Space and 2 Mb of Memory per Node. Devote that to your LANDesk database and leave it that way for awhile. After things settle down from the initial deployment and the tuning phase begins, if things change and that is too much space on disk, then shrink the files on disk by hand.

3.) AutoUpdate the Statistics

Both Oracle and SQL will automatically update those statistics. Let them do it. We have sometimes seen issue with this though. LANDesk Management Suite has a tendency to change the data in some its tables so often it can sometimes render those statistics useless. If that happens creating a maintenance task in MSSQL to rebuild the indexes will recreate the Statistics. In Oracle, deleting the statistics and recomputing them will fix the problem.

4.) Reindex those frequently changing tables weekly(or as often as needed)

Attached to this document are scripts for reindex the LANDesk Management Suite database. Reindexing is important to keep the database running as smoothly as possible. We recommend running as often as needed in your environment to keep the database running as smoothly as possible. During deployment the database is a constantly changing environment. It may be necessary to reindex as often as every night to get the most out the database. As things level out and deployment comes to an end and the node count within the database begins to stabilize, reindexing may slow down to once a week or less depending on how often inventory scanning and vulnerability scanning occur. It is possible to identify fragmented tables or slow performing tables within the database and perform maintenance only on those tables as well.

Maintenance Plan for SQL Express

SQL Express does not have any maintenance options built in like SQL Standard and SQL Enterprise. You can however work around this by creating scripts with your SQL Express Studio and utilizing the Windows Scheduler to launch tasks. This document will give some suggestions on actions that you can apply to your core server for a database maintenance plan.

Prerequisite

You will need to install the SQL Server Management Studio Express on your core. The following article will explain how to download, install and open the Studio.

http://community.landesk.com/support/docs/DOC-5764

Creating a Database Backup Script

1. Download the attached SQLMaintenance.SQL script and double click on the script. When you double click on the script while on your core with SQL Studio installed, it will open the Studio and you will need to press the execute button ( the ! sign in the menu) or F5.
   
2. Now we can create a script that can be used with the windows scheduler to backup the database automatically. Lets look at the script first so you can make any modifications. Below you will notice that you will need to make a backups folder and a reports folder, you can update the path as needed but make sure you create the folders before proceeding.
   
3. Copy the below code into notepad and after any changes save as SQLBackupScript.SQLat C:\backup scripts
   
   
   exec expressmaint   
   @database      = 'ALL_USER',   
   @optype        = 'DB',   
   @backupfldr    = 'c:\backups',   
   @reportfldr    = 'c:\reports',   
   @verify        = 1,   
   @dbretainunit  = 'days',   
   @dbretainval   = 1,   
   @rptretainunit = 'weeks',   
   @rptretainval  = 1,   
   @report        = 1
   
   
4. Now we will create the .CMD file that will launch our backup script. Open notepad and edit the following script to match your SQL server instance name. Edit the word KENNY and change it to your Core Computer Name. Save this file as SQLRunBackup.CMD

sqlcmd -S KENNY\LDMSDATA -i"c:\backup scripts\userfullbackup.sql" -v DB="ALL_USER" -v BACKUPFOLDER="c:\backups" -v DBRETAINUNIT="days" -v DBRETAINVAL="1"

5. By this time you should have three folders created, C:\Backups, C:\Reports and C:\Backup Scripts. Inside the scripts folder should be two scripts, SQLRunBackup.CMD and SQLBackupScript.SQL (shown below).

Now we can create our Windows scheduled task to launch our Backup of the Database on a weekly basis.

Add a new Scheduled Task and click Next

Browse to the SQLrunBackup.CMD and click Next

Choose Weekly and click Next

Enter the domain administrator username and password for the Core Server.

When the task runs as scheduled you will see folders of your databases in the C:\Backups folder with a full backup of each database inside.

Creating a Database Re-Index Script

Using the tools from the previous exercise we will create a Re-Index Script to run on a schedule. We will run this schedule every Saturday morning at 3am.

1. Download to your C:\Backup Scripts directory the SQLReIndex.SQL and the SQLRunReindex.CMD

2. Edit the SQLRunReindex.CMD file and change the name KENNY to your Core Server name.

3. Using the Windows Scheduled task creation steps from above, create the task to run every Saturday morning at 3am.

Note: If your database for LANDesk is named something other than LDDB, please edit the SQLReIndex.SQLscript and edit the first line only changing LDDB to the name of your LANDesk Database.

For more information about Re-Indexing please view the following article: http://community.landesk.com/support/docs/DOC-4362

Creating a Database Maintenance Script

Using the tools from the first exercise we will create a Maintenance Script to run on a schedule. This Script will run every Friday morning at 3am. This script is created based off the Tuning guide and should be customized for your environment. The tuning guide is located here: http://community.landesk.com/support/docs/DOC-5834

1. Download to your C:\Backup Scripts directory the Note: If your database for LANDesk is named something other than LDDB, please edit the SQLReIndex.SQL script and edit the first line only changing LDDB to the name of your LANDesk Database. SQLTuning.SQL and the SQLRunTuning.CMD

2. Edit the SQLRunTuning.CMD file and change the name KENNY to your Core Server name.

3. Using the Windows Scheduled task creation steps from above, create the task to run every Friday morning at 3am.

The SQL Tuning script will do the following actions:

Deleting Remote Control data older than 90 days

Deleting History older than 90 days

Deleting Patch History older than 90 days

Please remove or add items to the tuning script as needed for your environment.

Note: If your database for LANDesk is named something other than LDDB, please edit the SQLTuning.SQLscript and edit the first line only changing LDDB to the name of your LANDesk Database.

Summary

The complete maintenance plan if you are using will Backup your database with a full backup each week, reindex your tables for efficiency and delete history older than 90 days that may not be of use anymore. If you are using this complete maintenance plan you should have the following items setup on your core server:

1. SQL tools Installed from the Prerequisite: http://community.landesk.com/support/docs/DOC-5764

2. The following drives should exist:

c:\backup

c:\reporting

c:\backup scripts

3. Inside the c:\backup scripts you should have the following files:

SQLBackupScript.SQL

SQLMaintenance.SQL

SQLReindex.SQL

SQLTuning.SQL

SQLRunBackup.CMD

SQLRunReIndex.CMD

SQLRunTuning.CMD

4. Inside Windows Scheduled Tasks you should have 3 tasks pointing to the following files each running on a weekly schedule.

SQLRunBackup.CMD - 3am Sunday

SQLRunReIndex.CMD - 3am Saturday

SQLRunTuning.CMD - 3am Friday

1. Set SQL Recovery Method to Simple.

       OR

  2. Create a new Transaction log and delete the old one from SQL Enterprise Manager.

      OR

  3. Run SQL commands from MS KB#272318 for instructions on shrinking the Transaction Log.

      INF: Shrinking the Transaction Log in SQL Server 2000 with DBCC SHRINKFILE

      When DBCC SHRINKFILE is run, SQL Server 2000 shrinks the log file by removing as many virtual log files as it can to attempt to reach the target size. If the target file size is not reached, SQL Server places dummy log entries in the last virtual log file until the virtual log is filled and moves the head of the log to the beginning of the file. The following actions are then required to complete the shrinking of the transaction log:

        1. You must run a BACKUP LOG statement to free up space by removing the inactive portion of the log.

        2. You must run DBCC SHRINKFILE again with the desired target size until the log file shrinks to the target size.

      The following example demonstrates this with the pubs database and attempts to shrink the pubs_log file to 2 MB:

        1. Run this code:

            DBCC SHRINKFILE(pubs_log, 2)

            NOTE: If the target size is not reached, proceed to the next step.

        2. Run this code if you want to truncate the transaction log and not keep a backup of the transaction log. Truncate_only invalidates your transaction log backup sequence. Take a full backup of your database after you perform backup log with truncate_only:

            BACKUP LOG pubs WITH TRUNCATE_ONLY

            -or-

            Run this code if you want to keep a backup of your transaction log and keep your transaction log backup sequence intact. See SQL Server Books Online topic "BACKUP" for more information:

            BACKUP LOG pubs TO pubslogbackup

        3. Run this code:

            DBCC SHRINKFILE(pubs_log,2)

            The transaction log has now been shrunk to the target size.

SQL Server - FAQ SQL :

First the memory used by the database server depends on the size of memory available in the operating system.

For 32-bit OS it will activate the options of Windows EAP through the boot.ini file to go beyond the limit of 4GB of memory.

http://support.microsoft.com/kb/283037

Depending on the latter refer to the table below for what is the maximum amount of memory available for your SQL server.

Applies to

SQL 2005

SQL 2008

LDMS 9.0

Description

This guide covers the steps required to create a database for LANDesk 9.0 or 9.5 on an existing Microsoft SQL Server. Also outlined is the login creation to be used by the LANDesk core, and what rights and roles are required for new install or Upgrade.

Important: Upgrading a database from 8.7 or 8.8 to 9.0 or 9.5  requires the destination login have sysadmin role during upgrade in order to create a linked server object to communicate with the source database. For those where policy does not allow temporary use of the sysadmin role, a workaround is provided. See the attached document for details.

See attached LDMS90SQLDBQuickStart.pdf

Problems/Symptoms:

Coredbutil.exe fails to run

Coredbutil.exe has insufficient privileges

Cause:

Permissions/User setup incorrectly.

DBO is NOT the owner of the LANDesk Tables.

User is not aliased as DBO.

Fix:

If you have to change the owner of your tables back to dbo use the following script in SQL Query Analyzer.

SELECT 'EXEC sp_changeobjectowner ''' + TABLE_SCHEMA + '.' + TABLE_NAME + ''', dbo' FROM INFORMATION_SCHEMA.TABLES WHERE OBJECTPROPERTY(OBJECT_ID(QUOTENAME(TABLE_SCHEMA) + '.' + QUOTENAME(TABLE_NAME)), 'IsMSShipped') = 0 AND TABLE_TYPE = 'BASE TABLE'

GO

The above script outputs the required command to change your table owner to DBO . Copy the the output and paste it into SQL Query Analyzer and run it.

NOTE:

In addition, it is necessary to change the VIEWS which are owned by the non-DBO owner. Often, the following SQL will need to be run additionally:

EXEC sp_changeobjectowner 'AppSoftware', dbo
EXEC sp_changeobjectowner 'FileInfoAlias', dbo
EXEC sp_changeobjectowner 'VulnerabilityCounts', dbo

NOTE:

The above scripts work for Microsoft* SQL Server* 2000 as well as Microsoft* SQL Server* 2005.