Dear customers and partners,
I am very sorry to announce yet another (albeit small) delay.
We found an issue at the last scheduled test run that could have impact on everyone running ExecuteEx and decided to fix this before releasing the product.
Thus the release of DSM 2017 is delayed to Wednesday this week (12/20/2017).
Kind regards
Peter
The boot.wim and boot_x64.wim that ship with LDMS include the Threshold I RTM version of WinPE. There have been two newer releases of WinPE since this version. The current most up to date version is RedStone I / 1607. New versions of WinPE are released every 6 months from Microsoft.
Some hardware such as the Surface Studios require this newer version in order to be PXE booted and provisioned.
Here are the steps to take to upgrade your boot files to a newer version of WinPE:
Step 1:
Download and install the latest version of the Windows ADK (or the version you need) from the below link to get Microsoft's release of the WinPE files that match the specific OS version:
Windows ADK downloads - Windows Hardware Dev Center
Step 2:
Run the Deployment and Imaging Tools Environment as administrator:
Step 3:
Download and run the following script from with-in the Deployment and Imaging Tools Environment CMD box that will prepare your WinPE files from Microsoft with the required modules for LDMS:
Create-WinPE.bat (attached to this document)
Step 4:
Take your prepared boot.wim and boot_x64.wim files from c:\winpe_x86 and c:\winpe_amd64 and copy them to this folder on your core:
Letter:\Program Files\LANDesk\ManagementSuite\landesk\vboot\clean\
*Note - backup the original files that are there incase you need to revert to the version that Ivanti ships with LDMS.
Step 5:
Backup your old production boot files. Create copies of the files located at Letter:\Program Files\LANDesk\ManagementSuite\landesk\vboot and put them some where safe (step 6 will overwrite them). However you must keep a copy of your old boot files here still. Do not simply move them to another location. Step 6 will be looking for these old boot files in order to migrate the HII drivers over to the new boot files, so if you rename them or move them instead of just making a copy of them - that step will not work completely.
Step 6:
On your core server launch an elevated command prompt and run:
This will upgrade your existing LDMS boot.wim and boot_x64.wim to now be RedStone I / 1607.
These updated files will be located at:
Letter:\Program Files\LANDesk\ManagementSuite\landesk\vboot
Additional notes:
- Bitlocker support is added via the Create-WinPE.bat script. (can use manage-bde.exe with-in WinPE)
- PowerShell usage without requiring full path is additionally added.
So I have been searching the community on a document detailing how to install the latest LDMS client console on a Windows 10 box. The compatibility matrix states it is supported, however when you go to install it, you receive a big red X during the installation of Data Analytics. Then if you go into the logs, and after digging for a bit you will find the logs associated with Data Analytics. In that log it states that .Net Framework 4.5 is required for install. Nonetheless, up to this point there was not a way to install the Console without error. I posted a while back (Can't install 9.6 SP1 console on Windows 10 64-bit ) about a workaround with the 9.6 installer detailing that you can update the setup.xml file to bypass the Data Analytics install. I have since figured out how to get Data Analytics to install successfully and thus finish the install. Please see the details below.
Back at the regular Permissions window, select the Users group and then choose the “Allow” check box next to the “Full Control” permission. If you prefer, you can just give your user account full permissions rather than the Users group. To do that, click the Add button, walk through the steps to add your user account to the list, and then give that account the Full Control permission. Whichever method you choose, click OK when you’re done to return to Registry Editor.
I really hope this helps others out there struggling to get this install on a Windows 10 machine. Hopefully now you can move from Windows 7 to Windows 10. Please let me konw if you have any questions or need clarification.
Landesk EPS - LDAV Kaspersky and Windows 10 Fall update 1709.
We are finding that LDAV KAV is not compatible with Windows 10's Fall update (1709).
All clients upgraded to the Fall update have the LDAV/KAV crashing or consuming multiple cores for no apparent reason. It also marks all LDAV clients as "invalid keys or not activated" and when you look the logs, there are literally millions of entries with the same text:
ERROR: Failed to delete Kaspersky Endpoint Security 10 Service Pack 1 Maintenance Release 3
We also tried building Windows 10 1709s from scratch and the behavior is the same.
Anybody else having this problem?
Is this another bug?
Thanks in advance.
Logs Attached
Message was edited by: Aaron Day
Hi,
Everytime when I installed the LDMS 9.0 agent (manually, push or via provisioning) on Windows 7 only there is a folder created in the root system (C:\) called %LOCALAPPDATA%. It's look like a variable wrong coded.
Some people can confirm that?? In that case I will open a call....
Regards
Lionel
Here is a list of all the EM templates and their location. As new ones get posted I'll update this list in this thread.
Landon.
Template Name - Location
Hi I am new the the NextGen Patches, and my first task is to use it for the Meltdown vulnerability.
Unfortunatelly I do not got the correct result, and have no more ideas where to look at.
What I checked so far:
I did read:
Important information on detection logic for the Intel 'Meltdown' security vulnerability
Support for the Intel 'Meltdown' security vulnerability KB4058702
About the New Patch Engine in Ivanti Endpoint Manager
Test-PC:
Windows 10 Enterprise - 1703 with McAfee
Registry-Key for Compatibilty:
was set manually by me (McAfee is not able yet to do it)
Vulnerability and Definition:
- Downloaded by PatchManager (My Focus is on 4056891 for Windows 10 - 1703)
Patch Manger does only find the DETECT Vulnerability:
The Vulscan-Log tells me
that the "Install"-Patch is allready installed???
the "DETECT"-Patch tells me it is'nt?
I also activated - the "Enable security scan debug trace log" but I do not understand these files so far:
Hope you can get me some new tipps.
Kind regards, Marco
These are the known issues of DSM 2017 which we have found internally and their regarding status and think are worth being published here.
History of this document:
| Last updated | By | Comment |
|---|---|---|
| 2018-01-09 | Andreas Fuchs | created |
| 2018-01-10 | Andreas Fuchs | Updated logfile zip |
Link to the Patch Collection for DSM 2017
is not yet available.
Known Issues Status:
| Issue # | Issue | Description | Relevance | Target (not committed) |
|---|---|---|---|---|
| DSI 244325 | Site determination via variable doesn't work during agent installation | If you install a client via OSD or you have a new client and you try to install the DSM client via niagnt32.exe /install /bin /force, the site determination fails if you use a variable. Reproduced behavior: - create a user defined variable in DSMC - create DWORD on the client with this value - install the DSM client via niagnt32.exe /install /bin /force | Only newly created endpoints are affected. Works fine for migrated clients from previous DSM versions (such as 2016.2 R2) | Patch Collection 2017 |
| DSI 233948 | Patches are temporarily missing in the catalog (RM255591) | Only PatchLink is affected | Patch Collection 2017 | |
| RM255426 | PmSync: Catalog import is failing with error "bad allocation" (RM255426) | It was fixed in the last Patch Bundle for 2016.2-R2, now it has to be done for 2017 as well. It affects large environments with 20k + patches | Only Shavlik is affected | Patch Collection 2017 |
| RM255697 | Superseded patches are not deleted after specified amount of time (RM255697) | Affects both Shavlik and PatchLink | Affects both Shavlik and PatchLink | tch Collection 2017 |
| RM255647 | Policy instances of replaced patches that were installed externally remain pending and are installed in every run (RM255647) | Affects both Shavlik and PatchLink | Affects both Shavlik and PatchLink | Patch Collection 2017 |
| Log files are not zipped, but simply discarded | Log files are not zipped, but simply discarded - instead, an empty "zip" folder is created in the main directory | Patch Collection 2017 |
I was wondering what the plans on this new vulnerability?
Hello,
Does anyone by chance have a template for the unattend file for Windows 10?
My OS provisioning template for Windows 10 works all the way up to the Configure Target OS section and then when it reboots, it comes up to setting up the machine for Windows 10. It never fully boots into my image. And if I do go thru the setup steps, after I login, ldprovisioning never seems to pick back up. Even after a reboot.
I have attached what I am using but it seems it never skips the OOBE section after the image deploys.
Hello,
after upgrading agents to 2017.3, when running inventory scan, many computers experience error MBBScanner has stopped working.
Event viewer shows the following:
It has not happened on my test machines. So far I have disabled the Scheduled scan, but this is not a solution.
Thank you for any input or suggestion how to resolve this.
On LD 9.6 SP1 client I'm seeing issues with ISSUSER.exe running at 100% of one core and sometimes faulting.
Once suggestion was to replace the jscript.v55 file, but that has not resolved the issue.
Looking at the application errors in the diagnostic data in inventory I'm seeing the following
So it appears the LIBEAY32MT.dll is where it's faulting at with an exception code of c0000005
Any advice?
When remote controlling windows 10 machines, the response to a click can take 2-3 seconds before anything on the screen changes. Sometimes longer and sometimes it doesn't' do anything at all. Is there a way to fix this?
Hello,
Does anyone by chance have a template for the unattend file for Windows 10?
My OS provisioning template for Windows 10 works all the way up to the Configure Target OS section and then when it reboots, it comes up to setting up the machine for Windows 10. It never fully boots into my image. And if I do go thru the setup steps, after I login, ldprovisioning never seems to pick back up. Even after a reboot.
I have attached what I am using but it seems it never skips the OOBE section after the image deploys.
Hi
We have just downloaded the LANDESK 9.50 on a server. It is still running in trial mode. Im trying to test Distribution packages.
Im distributing a msi package. The destination has the new agent and it appears to be working fine. When I run the task it fails on a return code 105.
Here is an extract of what I see in the "view log file" option.
Processing package : Cisco VOIP Agent
Wed, 10 Apr 2013 10:14:23 File (\\-----\-----\------\-------\-------AgentDesktop.msi) is not in cache
Wed, 10 Apr 2013 10:14:23 Will attempt Peer Download.
Wed, 10 Apr 2013 10:14:23 Will attempt Preferred Server Download.
Wed, 10 Apr 2013 10:14:23 About to call DownloadFiles (1 files) with these settings:
Wed, 10 Apr 2013 10:14:23 m_allowedBandwidthWAN: 100
Wed, 10 Apr 2013 10:14:23 m_allowedBandwidthLAN: 100
Wed, 10 Apr 2013 10:14:23 m_maxDiscoveryThreads: 15
Wed, 10 Apr 2013 10:14:23 m_discardPeriodSeconds: 604800
Wed, 10 Apr 2013 10:14:23 m_preserveDirectoryStructure: 1
Wed, 10 Apr 2013 10:14:23 m_bUseWanBWForPush: 0
Wed, 10 Apr 2013 10:14:23 m_bSynchronize: 0
Wed, 10 Apr 2013 10:14:23 m_downloadControl: AttemptPeer
Wed, 10 Apr 2013 10:14:23 m_preferredServerControl: AttemptPreferredServer
Wed, 10 Apr 2013 10:14:45 processing of package is complete, result -1918107543 (0x8dac0069 - code 105)
Where should I be looking to resolve this and any ideas what my problem might be?
Regards
Mike
We save the registry of our users during logon. We can see that the keys associated with recent files in office are indeed captured by Ivanti Appsense. (personalization Analysis --> edit users registry)
they are stored in the following key:
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Excel\User MRU\ADAL_C8C3012C979E9D2A2CFF145E26C67C833808516F060DEB7E56C71A9F0F3A86E6\File MRU]
"Item 1"="[F00000000][T01D2CB2A602B2170][O00000000]*H:\\"FILENAME"xlsx"
When the user logs on next time, recent files do not show in the office application and the registry setting is not present in the users registry. Other settings are remembered and loaded correctly.
Anyone any ideas? Would be much appreciated!
I was wondering what the plans on this new vulnerability?
I want to deploy an application to some HP thin clients.
These thin clients have a write filter enabled.
If i distribute the application to the thin client it doesn't work unless I first disable the write filter.
When I push the Ivanti Agent out to the thin clients it first disables the write filter, reboots, then installs the Agent before enabling the filter again.
How do I configure the application so it too does this so i can install it on the thin clients?
Thanks.
We have several versions of Acrobat standard and pro installed, that I need to find a quick way to uninstall them. I have not been able to find uninstall script from adobe that would do this, does anyone know of one or how I could use LANDesk to go about doing this? The reason we have to remove is the versions we are using are very old and no longer supported, plus have several security issues.
Thanks
