Troubleshooting Agent Provisioning Here are the key areas to investigate when trying to troubleshoot agent provisioning in your network. • Windows • A...
Troubleshooting Agent Provisioning Here are the key areas to investigate when trying to troubleshoot agent provisioning in your network. • Windows • Assumptions • Check for provisioning support files • Check for connectivity to the K1000 appliance shares • Ping TARGET PC from the KACE K1000 Appliance • Test connectivity to ports 139 and 445 on TARGETPC from the K1000 Appliance • Testing Admin Share & Credentials on your target PC • Method 1 (works well if you cannot easily control the TARGETPC) • Method 2 • Testing for installation • Deploying .Net Framework • New Installation versus Re-provisioning • Commentary • Removing previous installations Method 1 • Removing previous installations Method 2 • When to contact Support
Windows Assumptions • The PC that you are trying to provision is called TARGETPC • Admin PC is called ADMINPC • Your KACE K1000 appliance hostname is called YOURKBOX and is the same name that is listed in the provisioning configuration AND in the Network settings. Please review this FAQ
Check for provisioning support files Provisioning uses files located on a samba share to do the install. • Check for this list of files at \\YOURKBOX\client version.txtdotnetfx.exeagent_remove.batagent_provision.batKNISetup_v11Si lent.msiKInstallerSetupSilent.msiKInstallerSetup.exe • Check that the version.txt file contains the installed version reported at settings->K1000 Agent>Agent Updates from Kace Use this if you are getting error: "The system cannot find the file specified."
Check for connectivity to the K1000 appliance shares Provisioning attempts to run the files from \\YOURKBOX\client 1
• On a TARGETPC open up explorer.exe • Browse to \\YOURKBOX\client. It should automatically connect as "Guest" and you should have readonly access to this share. Make sure yo are trying to connect using the host name you specified earlier. Use this if you are getting error: "The system cannot find the file specified." ERROR: Failed to copy file - /kbox/bin/KBRemoteService.exe NT_STATUS_SHARING_VIOLATION
If you are getting this error when trying to map a drive to the client share: System Error 1240 Has Occurred. The Account Is Not Authorized to Login from This Station RESOLUTION: microsoft network client: digitally sign communications (always) - set to disabled http://support.microsoft.com/kb/224287 Ping TARGET PC from the KACE K1000 appliance • Open up the settings->support->troubleshooting tools • Switch to "edit mode" • Use the ping test to ping the TARGETPC ip address you are using in provisioning Use this if you are getting error:
Test connectivity to ports 139 and 445 on TARGETPC from the K1000 appliance You cannot test this for certain in any other way. The provisioning results will tell you this. Make sure you have "Enable Debug Info:" turned on in the provisioning for detailed results. However, a good way to test this would be telnet from ADMINPC to TARGETPC on ports 139 and 445. e.g. If you see a blank screen then the connection is working
2
If you see an error like then it is not working and you probably need to configure file and print sharing according to the K1000 appliance documentation. Use this if you are getting error:
Testing Admin Share & Credentials on your target PC Method 1 (works well if you cannot easily control the TARGETPC) The K1000 appliance uses a stub called kbrsl (pronounced "kbrizzle") to connect to the admin$ share on your PC. To test if this is working outside of the K1000 appliance do this: Open up computer management Navigate to "Shared Folders\Shares" and check that the "ADMIN$" share is listed On an admin PC download psexec.exe and save it to c: (http://technet.microsoft.com/enus/sysinternals/bb896649.aspx) -- Extract psexec.exe from the tools archive On an admin PC tell psexec to connect to the target PC and issue the command c:\psexec.exe \\TARGETPC -u Domain\username ipconfig /all . This should report back the ipconfig information of the remote machine. Map a drive to that machine and if the folder %systemroot%\temp\kace exists then delete it. Run this command c:\psexec.exe \\TARGETPC -u DOMAIN\username cmd.exe /c mkdir %systemroot%\temp\kace On the TARGETPC Open up computer management Navigate to "Shared Folders\Shares" and check that the "ADMIN$" share is listed From an ADMINPC open file explorer.exe and browse to \\TARGETPC\Admin$ -- you should be prompted to login. Login with the same credentials you are using in the provisioning setup Browse to %systemroot%\temp on that machine (which is likely c:\windows\temp) and attempt to create a flle in the directory.
• On the TARGETPC browse to c:\program files\kace\kbox
3
• Is the updated KBOXClient.exe there? • launch services.msc • Is the "KBOX SMMP Management Service" running? If the installation files are there and the service is running then provisioning was successful. You do not have a provisioning problem, but you might have a check-in problem and should review this FAQ Use this if you are getting errors: ERROR: Failed to copy file - /kbox/bin/KBRemoteService.exe NT_STATUS_SHARING_VIOLATION
Disable or Uninstall Anti-Virus software If you are running an anti-virus software such as McAffee, Symantec, etc., disable it temporarily, then attempt to provision again. Example of an error you might see caused by anti-virus software: ERROR: Failed to copy file - /kbox/bin/KBRemoteService.exe NT_STATUS_SHARING_VIOLATION If disabling still yields the same error, uninstall your anti-virus software temporarily, then test again. If even after that the problem still continues, continue onto the next steps in this article, or search our knowledge base or ITNinja for more specific provisioning issues.
Deploying .Net Framework The agent requires the .Net 1.1 framework. .Net 3.0 and .Net 2.0 are not sufficient. We distribute the .Net runtime for you which ones on all platforms, including 64-bit, except for the following mentioned in this FAQ Provisioning will automatically install this framework if it detects it is needed except on 64-bit platforms. If you have a 64-bit platform then you must check the box "Install .NET 1.1 on x64 Systems:". Please review this FAQ before you deploy to 64-bit platforms.
New Installation versus Re-provisioning Commentary
4
In an efficient environment you should never have to re-provision your PCs. If you are upgrading your KACE K1000 appliance and agent software regularly (i.e. within a few months of each release) then you should have a smooth upgrade path that allows your machines to upgrade themselves. This is facilitated by the "Agent Updates from Kace" (i.e. Settings->K1000 Agent>Agent Updates from Kace) section. . When enabled the agent will be installed as a managed install the next time the PC checks in to the K1000 appliance. However, there may be exceptions when you have to re-provision: • Orphaned agents due to host name change You can often deal with this by creating a temporary DNS name so that agents will connect to the new server • Orphaned agents due to misconfiguration of SSL It is possible to orphan your agents if you mistakenly enable SSL on the K1000 appliance and then disabling it OR if you enable SSL using incorrect host settings and now the agents are looking for a host that does not match the certificate (Note: the 5.1 agent is smart enough to try a last known good connection on port 80) • A machine that is re-imaged. This is not technically a re-provision. Furthermore, it is preferable to deploy the agent as a post-image installation task (after establishing the name of the machine) Removing previous installations Method 1 • Setup a provisioning using the options Removing previous installations Method 2 • Check the TARGETPC for existence of c:\program files\KACE\KBOX • If it exists then stop all K1000 services • Delete this directory and all contents including the config.xml and smmp.conf files (if they exist) • re-provision
When to contact Support If all of the above settings have been checked and passed then please contact technical support. Be prepared to provide the following: • evidence of all the tests • demonstrated attempts at solving the problem including a description of the current roadblocks • log file from a sample provisioning that has the debug log option turned on.
