Hello

I am trying to create a CSR on the gateway but I keep getting a Error 500

"The website encountered an error while retrievinghttps://<<corename>>/gsb/ldmgcerts.php/gsb/ldmgcerts.php. It may be down for maintenance or configured incorrectly."

Any ideas on what I may be doing wrong??? I tried adding any alternate names in the additional host section in Gateway Management but that didnt seem to help...

CSA 4.3

LDMS 9.5 SP1

Installed Virutal CSA 4.3 and followed article http://community.landesk.com/support/docs/DOC-29460 to correct the issue with the 404 error about the On-Demand Remote Client. Everything works but when the on-demand remote client is used the remote system does NOT show in the "Remote Control Agents" listed on the CSA.  This would be true because the default On-Demand RC Client does not conatined the source files for HTML5.

RDP to Core Server

- opened Console

- went to Configure / Manage Cloud Services Appliances

- Clicked on TAB "Remote Control Agent"

- Created CSA Agent with RC settings that enabled HTML5 RC.

I manually excuted the CSA Agent on remote system and filled out the ID Code 1 / ID Code 2 sections.  That systems showed in the CSA under HTML Agents and was able to remote control via HTML to that system. SWEET!

I took my CSA Agent and put it in place of the On-Demand Agent "http://community.landesk.com/support/docs/DOC-29460" and tried again on remote system. As long as you fill out  ID Code 1 / ID Code 2 sections  you can Remote via HTML. 

Soooooo, how do I modify that CSA Agent to autopass switches to populate the ID Code fields. Less work the user has to do the better, I just want the user to click the Install Now button the CSA and away it goes.

This would really be the ideal on-demand agent for helping users without having to install the remote viewer when I am at home or at remote locations.

Thoughts???

I'm trying to publish LANDesk CSA gateway in a ISA 2006 server, and to publish it ISA server requires a SSL listener using a certificate to stablish the internal link with CSA. I don't know how to export the CSA certificate, Is there any procedure to export CSA certificates to be installed in the ISA 2006 server?

Any help will be greatly appreciated.

Thanks.

I am curious if any one else has experienced this issue.  I have tried it on both the 4.2 and 4.3 version of the gateway connected to 9.5 SP1 cores.  I have applied the latest patch for the Mac agent that gives Mavericks functionality.

Our Macs are mostly Lion and Mountain Lion.  PC's work fine through the gateway.  I don't think it is an issue with the client switching modes since it doesn't work when manually switching to gateway mode.  They also will not send inventory scans when outside the network.  The certificate test in Management Gateway app comes back OK.  The deployment portal does work for installing software when the Mac is outside the network.

What is happening is when I try to connect to a Mac through the gateway web page, it will pull up the login page and then immediately revert back to the login page after entering valid credentials.  I am using integrated security on the agent.  When I try to connect to it from the remote control viewer pointed to the gateway, it gives me "receive failed: 4.  you do not have rights to connect to remote computer."

I am working with LD support on this, but wanted to see if anyone in the community had experienced this and was able to resolve it without LD support.

Question

Is there any benefit to having a backup cloud device, or can two devices be used simultaneously at the same time

Thanks

Steve

All,

I have a new Gateway appliance setup and I am able to remote control via the internet on-demand without issue.  I am NOT able to get a current LD client to inventory scan, patch scan or remote control via the CSA.  I have a new client installed with the cloud base connection data and this is what I get when I run a test on the test workstation from the internet via brokerconfig.exe -R

Latest Gateway from LD and Core of 9.5 SP2

What am I missing?

Dynamically determine connection route:

24:57.500   Attempting Direct HTTP connection to host FMB-ISLDSV1:80

24:57.500   Starting HTTP session with host FMB-ISLDSV1:80, proxy "", and proxy user ""

24:57.640   Connecting to address x.x.x.y< -- this address isn't the CSA, it appears to be wanting to use our web server

24:57.651   Direct connection succeeded

24:57.654   HTTP Request: HEAD /ldlogon/lddwnld.dll

24:57.654   Waiting for HTTP response

24:57.679   HTTP response finished status 200 description OK

24:57.681   HTTP Request: POST /landesk/managementsuite/core/RemoteControlLogging/RemoteControlLog.asmx

24:57.682   Waiting for HTTP response

24:57.849   HTTP response finished status 302 description Found

Connect using the CSA:

25:49.094   Using certificate file C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.crt and keyfile C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.key

25:49.124   Certificate/key loaded.  Certificate file "C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.crt".  Key file "C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.key"

25:49.124   Attempting managment gateway connection at host amber and address 66.77.x.x

25:49.124   Starting HTTPS session with host amber, proxy "", and proxy user ""

25:49.125   Connecting to address 66.77.x.x

25:49.160   SSL Connection failed error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 20

25:49.161   Direct connection failed, attempting to find configured proxy

26:12.967   Looking for autoproxy settings using first user who has settings; sid is S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

26:12.967   Autoproxy settings are enabled, starting search for autoproxy

26:12.981   Sending DHCP query to determine autoproxy

26:18.997   Could not determine autoproxy from DHCP query

26:19       Sending DNS queries to determine autoproxy

26:19.661   DNS resolved name some.thing.com

26:19.661   Autoproxy detected in DNS: some.thing.com

26:19.661   Detected autoproxy path to use: http://some.thing.com:80/wpad.dat

26:19.661   Starting HTTP session with host some.thing.com:80, proxy "", and proxy user ""

26:19.662   Connecting to address 66.77.x.x

26:19.725   HTTP Request: GET /wpad.dat

26:19.725   Waiting for HTTP response

26:19.756   HTTP response finished status 200 description OK

26:21.226   Could not find proxy from autoproxy settings

26:21.228   Looking for autoproxy settings using first user who has settings; sid is S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

26:21.229   Connection through managment gateway failed 10 SSL Handshake Error

I am curious if any one else has experienced this issue.  I have tried it on both the 4.2 and 4.3 version of the gateway connected to 9.5 SP1 cores.  I have applied the latest patch for the Mac agent that gives Mavericks functionality.

Our Macs are mostly Lion and Mountain Lion.  PC's work fine through the gateway.  I don't think it is an issue with the client switching modes since it doesn't work when manually switching to gateway mode.  They also will not send inventory scans when outside the network.  The certificate test in Management Gateway app comes back OK.  The deployment portal does work for installing software when the Mac is outside the network.

What is happening is when I try to connect to a Mac through the gateway web page, it will pull up the login page and then immediately revert back to the login page after entering valid credentials.  I am using integrated security on the agent.  When I try to connect to it from the remote control viewer pointed to the gateway, it gives me "receive failed: 4.  you do not have rights to connect to remote computer."

I am working with LD support on this, but wanted to see if anyone in the community had experienced this and was able to resolve it without LD support.

Question

Is there any benefit to having a backup cloud device, or can two devices be used simultaneously at the same time

Thanks

Steve

Hello,

I currently have a LDMS 8.8 SP4 and LMS 9.0 SP3 cores that are both connecting fine to a Cloud Services Appliance using a proxy server.

I've recently started configuring a LDMS 9.5 SP2 core and I cannot get it to connect to the CSA when I put my proxy settings (identical to the other two, same vlans, etc.).

The BrokerService.log states:

Unable to create tunnel to [my CSA internal DNS name] 3 (Proxy: [my proxy server]:8080, ProxyUser: )

Anyone else experiencing the same?

PS>As soon as I remove the "use internal address" setting in the CSA config screen from the core, it can connect fine (I guess that you really don't need 2 connections for the gateway as it seems that if you don't select the "user internal address" checkbox, the core will communicate with the CSA via the external CSA connection).

I have a test LANDesk 9.5 SP1 core setup and have posted the certificate to our LANDesk Cloud Services Appliance.

The computer is able to do automatic gateway switching and I am able to connect to via LANDesk Gateway or HTML5 for remote control but Inventory Scans and Policies are not working over the LANDesk gateway.

The computer has a broker certificate (I ran brokerconfig -R) and broker.crt, broker.cer and broker.key are present.

broker.conf.xml is probably configured with public IP address and hostname of our LANDesk Gateway appliance.

When I attempt to run an inventory scan or policy scan I get host not found. It doesnt appear to be switching to the LANDesk gatway for communication outside our network.

Any ideas?

We use a DNS name for our clients and that has worked well since we implemented it. However we recently changed out public IP address, following that we updated the Gateway and Management Gateway section in the Console, so everything appears to be correct now.

We are still having issues though, the cert on our users machine still shows the old IP address in the BrokerIP area and the Brokerconfig Gateway Information tab still shows the wrong IP. Users seem to be able to come back in through the gateway, but our attempts to remote control Gateway machines doens't seem to be working.

Did I miss a configuration I was supposed to change? Is there something I can push/policy out to force the clients to update to this new IP?

Thanks all.

Brendan

Hey Guys and Gals,

I need a little help here.  We are deploying CSA, and I am running into some challenges. I have most things working, but cannot get remote control up.  Here is a little info about our environment:

1. Core - 9.5 SP1

2. CSA - Virtual Appliance in DMZ
3. New Agent Deployed with CSA Information / Configuration

I have devices outside the LAN with new Agent Configuration (Has CSA Configurations).  These devices are able to do the following:

- Send VulScan information to the Core

- Receive Policy task from the core (Patching and Software Distribution)

- Report back inventory to the core

What does work from outside:

- Cannot get Remote Control to work (with LANDesk Agent)

If I installed the "On Demand Remote Client for Windows" from the CSA portal page to a device w/o an Agent, I can see it just fine in the remote console.  So I do know that remote console is working.  If I try to remote control a device with a LANDesk agent, I can't get it to connect. 

Here are the steps I am doing to remote control a device with LANDesk outside the LAN.

- Make sure device is outside the LAN (the device is completely on the Internet - not on our networi)

- Verify that device has recently inventoried / check in with core (i kicked up the policy sync period)

- Select Device in Console - and Select "Remote Control via Management Gateway)

- Remontol Windows Comes up and ask for Management Gateway Credentials

- Endless "Searching for a matching connection..."

From the remote device, I have put it both in "Direct Connect Mode" and "Gateway Mode"

So I am not sure what I am doing wrong.  Is there something I need to do at the Core level?  Do I need to "invoke" something on the Remote Device?

Any input would be greatly appreciated.

- Ton

Hello,

All of a sudden whenever I try to download a certificate I am receiving a "failed to retrieve certificate" error.  We are on 9.5 SP2.  This now occurs on all workstations.  Before everything worked fine.  I haven't changed the agent executable. Any advice is appreciated!

Below are my steps:

1.   1. Typically after installing the agent as an administrator I run the test by pressing the TEST button below

22  2. On site, you don’t need to add a Landesk User or Password but I tried with and without and it still failed.  I also tried this process off on multiple networks that all worked before.

4.   3. I click SEND and the BrokerConfig screen below just hangs for about 5 minutes then I receive a “Failed to Retrieve Certificate” error

5.       If I check the Brokerconfig.log it shows a “Error decodeding name value pair on line 48427852 name= value= error=Value not found in name=value pair” and “BrokerConfig Started with 1st param:  no params”

6. 

Has anyone seen this before?

Clients are reporting in via the gateway OK but are unable to be remote controlled because they never appear in the client list.

If you run a test using BrokerConfig it is successful

If you use the On Demand Remote Control all is OK

Core side:

BrokerService.log

URL not in whitelist /landesk/managementsuite/core/RemoteControlLogging/RemoteControlLog.asmx. Does the client has valid certificate signed by the core?

Error loading Authority files C:\Program Files (x86)\LANDesk\ManagementSuite\brokerreq\remote.05FC.8D0F201FF74B50C.csr:No CA files found for requestC:\Program Files (x86)\LANDesk\ManagementSuite\brokerreq\remote.05FC.8D0F201FF74B50C.csr

Client side:

brokerconfig.log

Error decodeding name value pair on line 58782540 name= value= error=Value not found in name=value pair

iisuser.log

Remote control action: 0þa  Initiated from  by user , Security Type: Integrated

Unable to load C:\PROGRA~2\LANDesk\LDClient\jscript.v55

Failed to create instance of jscript ActiveX control.

rcgui.log

connect() failed with WSAError 10061

IMPORTANT - PLEASE SEE ATTACTHED JPGs

It shows that we have two cores. I think this is not helping the scenario.

This is because our old core was ver8.8 sp3 with an oracle db. All the data could not be transferred.

Our new core is 9.5 sp1

The clients get both .0 file (Not sure why)

The Agent configuration is set to use the new certificate only.

Finally anyone with an old agent 8.8 can connect.

When 9.5 was installed this all worked!

Many thanks in advance

Hey all,

We are looking for a secure way to RDP into computers per HIPAA.  Can I use LD gateway to do this?  Has anyone done this?  How secure is it?

Under RDP - Advanced tab - Settings

Server name I place our gateway in there. Logon Method is "Allow me to select later"" I uncheck all options.   I try to connected and the gateway login comes up and I put in my creds, but an error pops up "You computer can't connect to the remote computer because the Remote Desktop Gateway server's certificate has expired or has been revoked"

Do I need to add a network certificate to the gateway?

Let me know if I'm way off.

Thanks

the CSA seems to be vulnerable to this attack.

tested with

https://www.ssllabs.com/ssltest/

I enter username/password and get "Username or Password invalid"

From the remote client I am able to access:

https://landeskcore/LANDesk/ManagementSuite/Core/core.secure/brokercertificaterequest.asmx

If I try to run a test I get:

40:03.549   Attempting Direct HTTP connection to host LANDESKCORE.XXX.company.com:80

40:03.549   Starting HTTP session with host LANDESKCORE.XXX.company.com:80, proxy "", and proxy user ""

40:03.554   Connecting to address 10.x.x.x

40:03.584   Direct connection succeeded

40:03.584   HTTP Request: POST /landesk/managementsuite/core/core.secure/BrokerCertificateRequest.asmx

40:03.584   Waiting for HTTP response

40:03.596   HTTP response finished status 401 description Unauthorized

u_ex140415.log:

2014-04-15 23:31:45 10.x.x.x POST /landesk/managementsuite/core/core.secure/BrokerCertificateRequest.asmx - 80 - 192.x.x.x - 401 2 5 46

User is domain admin and LDMS Admin.

I have been using : "How to Troubleshoot BrokerConfig and General Gateway Agent Issues" as a guide.

http://community.landesk.com/support/docs/DOC-2131

Something is just not clicking. Any pointers out there would be great

i have 2 updates i can't seem to apply on my CSA.

anyone else have this problem?

i have rebooted numerous times and tried

additionally i see the following error on the same page:

PHP Warning: Cannot open '/usr/LANDesk/broker/webroot/browscap.ini' for reading in Unknown on line 0

but i've seen that during other updates and they seem to have applied.

bug: while applying updates it redirects you to:

      https://hostname/gsb/datetime.php/gsb/datetime.php

Hello

I am trying to create a CSR on the gateway but I keep getting a Error 500

"The website encountered an error while retrievinghttps://<<corename>>/gsb/ldmgcerts.php/gsb/ldmgcerts.php. It may be down for maintenance or configured incorrectly."

Any ideas on what I may be doing wrong??? I tried adding any alternate names in the additional host section in Gateway Management but that didnt seem to help...

All,

I have a new Gateway appliance setup and I am able to remote control via the internet on-demand without issue.  I am NOT able to get a current LD client to inventory scan, patch scan or remote control via the CSA.  I have a new client installed with the cloud base connection data and this is what I get when I run a test on the test workstation from the internet via brokerconfig.exe -R

Latest Gateway from LD and Core of 9.5 SP2

What am I missing?

Dynamically determine connection route:

24:57.500   Attempting Direct HTTP connection to host FMB-ISLDSV1:80

24:57.500   Starting HTTP session with host FMB-ISLDSV1:80, proxy "", and proxy user ""

24:57.640   Connecting to address x.x.x.y< -- this address isn't the CSA, it appears to be wanting to use our web server

24:57.651   Direct connection succeeded

24:57.654   HTTP Request: HEAD /ldlogon/lddwnld.dll

24:57.654   Waiting for HTTP response

24:57.679   HTTP response finished status 200 description OK

24:57.681   HTTP Request: POST /landesk/managementsuite/core/RemoteControlLogging/RemoteControlLog.asmx

24:57.682   Waiting for HTTP response

24:57.849   HTTP response finished status 302 description Found

Connect using the CSA:

25:49.094   Using certificate file C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.crt and keyfile C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.key

25:49.124   Certificate/key loaded.  Certificate file "C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.crt".  Key file "C:\Program Files (x86)\LANDesk\Shared Files\cbaroot\broker\broker.key"

25:49.124   Attempting managment gateway connection at host amber and address 66.77.x.x

25:49.124   Starting HTTPS session with host amber, proxy "", and proxy user ""

25:49.125   Connecting to address 66.77.x.x

25:49.160   SSL Connection failed error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca 20

25:49.161   Direct connection failed, attempting to find configured proxy

26:12.967   Looking for autoproxy settings using first user who has settings; sid is S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

26:12.967   Autoproxy settings are enabled, starting search for autoproxy

26:12.981   Sending DHCP query to determine autoproxy

26:18.997   Could not determine autoproxy from DHCP query

26:19       Sending DNS queries to determine autoproxy

26:19.661   DNS resolved name some.thing.com

26:19.661   Autoproxy detected in DNS: some.thing.com

26:19.661   Detected autoproxy path to use: http://some.thing.com:80/wpad.dat

26:19.661   Starting HTTP session with host some.thing.com:80, proxy "", and proxy user ""

26:19.662   Connecting to address 66.77.x.x

26:19.725   HTTP Request: GET /wpad.dat

26:19.725   Waiting for HTTP response

26:19.756   HTTP response finished status 200 description OK

26:21.226   Could not find proxy from autoproxy settings

26:21.228   Looking for autoproxy settings using first user who has settings; sid is S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

26:21.229   Connection through managment gateway failed 10 SSL Handshake Error