broker certificate request (in-depth) & review landesk management gateway
TRANSCRIPT
Broker Certificate Request (in-depth) & Review
LANDesk Management Gateway
Overview
Basic Management Gateway Design (Review) Common issues and items to check when
troubleshooting or installing the Gateway Tips and Tricks Issues of note In-depth walk through of the Broker Certificate Request
Process
Basic Management Gateway Design
Common Issues and items to check
Initial Gateway Setup:
Common issues and items to check
Initial Gateway Setup:
Common issues and items to check
Core: C:\Program Files\LANDesk\Shared Files\KeysClient: C:\Program Files\LANDesk\Shared Files\cbaroot\certs
Common issues and items to check
Common issues and items to check
Can any LANDesk Client system reach http://GatewayIPAddress at a bare minimum?
Common issues and items to check
Common issues and items to checkSoftware Distribution: (DOC-3105)1. Make sure the client has successfully retrieved a certificate (BrokerConfig).2. The package must be local to the Core Server on an HTTP share, or accessible on an HTTP site on the Internet.3. The Delivery Method must be a Policy, no other delivery methods will work properly.4. HKLM\Software\Intel\LANDesk\LDWM\CoreServer MUST be the hostname of the core server, in rare situations a FQDN will work but an IP address for the core server will never work.
Common issues and items to check
Common issues and items to check Remote Control is separate from Brokerconfig.exe. “Gateway Mode” for
remote control will only post the client to the Gateway for remote control and nothing else.
Test if an outside client (your system) can at least reach the public IP address of the Gateway on http and https.› Reaching https on the IP address is the bare minimum to function
Issue: A remote control viewer cannot see a client that is in “Gateway Mode”. › Answer: Check the “Organization” setting for the user in question and make sure
that it’s configured for the default “*”. Issue: The Gateway Service on the core continually stops.
› Fact: If the Gateway Service cannot establish it’s SSL connections to the core it will shut down.
› Common cause is the incorrect password entered on the core. Resolution: Unlock the service account on the Gateway, set a new password as needed, and re-enter the credentials on the
core.
Tips and Tricks Outbound Connections
› Activation › Checking for Gateway updates › Downloading Gateway updates› SMTP Traffic Port 25: Used to email logs and alerts from the Gateway to the
configured email address. (optional)
Inbound Connections› Port 443: Core and Clients for LDMS usage › Port 80: On-demand remote control agent website access (Optional) › Port 22: SSH access. (Optional)
Tips and Tricks Activation
› The Management Gateway must have port 80 and 443 access to license.landesk.com. Test with this command:
telnet license.landesk.com 80
› The Management Gateway must be able to resolve “license.landesk.com”. There are two possible ways to configure this: Configure the gateway to use a valid and working DNS server Add “license.landesk.com” to the hosts file.
› Note: The hosts file is regenerated whenever network settings are saved. So any manual changes can be overwritten.
Tips and Tricks Updating and Downloading
› The Management Gateway must have port 80 access to the patch servers. Patch.landesk.com Patchec.landesk.com Patchemea.landesk.com
› The patch servers must be resolved by DNS or an entry in the hosts file is needed.
› The patches can be detected using port 443 however, they are downloaded using port 80.
Issues of note: ISO build of the Gateway will run out of space. (debug.log issue)
› http://kbwiki.landesk.com/gurunet/default.aspx?page=article&id=78565
Troubleshooting Gateway Activation. › http://community.landesk.com/support/docs/DOC-2129
Gateway VMWare Edition Information and issues. › http://kbwiki.landesk.com/gurunet/default.aspx?page=article&id=84310
Walkthrough of the Broker Certificate Request Process
